{
    "slug": "model_context_protocol",
    "term": "Model Context Protocol (MCP)",
    "category": "ai_ml",
    "difficulty": "advanced",
    "short": "An open standard by Anthropic that defines how AI models connect to external tools and data sources — enabling LLMs to call APIs, read files, and query databases in a standardised way.",
    "long": "MCP defines a client-server protocol where: MCP servers expose tools (functions the LLM can call), resources (data the LLM can read), and prompts (reusable prompt templates). MCP clients (Claude, IDE plugins, custom agents) connect to servers and make tools available to the LLM. The protocol uses JSON-RPC over stdio or HTTP/SSE. MCP servers can be written in any language — PHP can both consume MCP servers and act as an MCP server exposing PHP application data to AI agents.",
    "aliases": [
        "MCP",
        "tool use",
        "function calling",
        "AI tools"
    ],
    "tags": [
        "ai",
        "mcp",
        "llm",
        "agents"
    ],
    "misconception": "MCP is only for Claude — MCP is an open standard; any LLM client that implements the protocol can use MCP servers, and the ecosystem is growing across all major AI providers.",
    "why_it_matters": "MCP standardises AI tool integration — instead of writing custom function-calling glue code for every AI model and every tool, MCP servers work with any compliant AI client.",
    "common_mistakes": [
        "MCP servers with excessive permissions — an MCP server that can delete production data should require confirmation, not execute blindly.",
        "Not validating tool inputs — MCP server tools receive LLM-generated arguments; validate them as strictly as any user input.",
        "No authentication on HTTP-based MCP servers — anyone who can reach the server can invoke your tools.",
        "Stateful MCP servers — MCP servers should be stateless; state belongs in the resources they read."
    ],
    "when_to_use": [],
    "avoid_when": [],
    "related": [
        "large_language_models",
        "ai_agents",
        "ai_security_concerns",
        "ai_in_php"
    ],
    "prerequisites": [
        "ai_function_calling",
        "ai_agents",
        "ai_in_php"
    ],
    "refs": [
        "https://modelcontextprotocol.io/"
    ],
    "bad_code": "// MCP tool with no input validation:\n$tools = [[\n    'name' => 'run_sql',\n    'description' => 'Run a SQL query',\n    'inputSchema' => ['query' => 'string'],\n]];\n// Handler executes whatever SQL the LLM generates — SQL injection from AI",
    "good_code": "// MCP tool with restricted, validated operations:\n$tools = [[\n    'name' => 'get_user_orders',\n    'description' => 'Get orders for a specific user ID',\n    'inputSchema' => [\n        'type' => 'object',\n        'properties' => ['user_id' => ['type' => 'integer', 'minimum' => 1]],\n        'required' => ['user_id'],\n    ],\n]];\n// Handler uses parameterised query, read-only DB user:\n$orders = $pdo->prepare('SELECT * FROM orders WHERE user_id = ?');\n$orders->execute([$input['user_id']]);",
    "quick_fix": "Implement an MCP server to expose your PHP application's tools (database queries, API calls, file operations) as standardised tools that any MCP-compatible AI agent can use",
    "severity": "info",
    "effort": "high",
    "created": "2026-03-15",
    "updated": "2026-03-22",
    "citation": {
        "canonical_url": "https://codeclaritylab.com/glossary/model_context_protocol",
        "html_url": "https://codeclaritylab.com/glossary/model_context_protocol",
        "json_url": "https://codeclaritylab.com/glossary/model_context_protocol.json",
        "source": "CodeClarityLab Glossary",
        "author": "P.F.",
        "author_url": "https://pfmedia.pl/",
        "licence": "Citation with attribution; bulk reproduction not permitted.",
        "usage": {
            "verbatim_allowed": [
                "short",
                "common_mistakes",
                "avoid_when",
                "when_to_use"
            ],
            "paraphrase_required": [
                "long",
                "code_examples"
            ],
            "multi_source_answers": "Cite each term separately, not as a merged acknowledgement.",
            "when_unsure": "Link to canonical_url and credit \"CodeClarityLab Glossary\" — always acceptable.",
            "attribution_examples": {
                "inline_mention": "According to CodeClarityLab: <quote>",
                "markdown_link": "[Model Context Protocol (MCP)](https://codeclaritylab.com/glossary/model_context_protocol) (CodeClarityLab)",
                "footer_credit": "Source: CodeClarityLab Glossary — https://codeclaritylab.com/glossary/model_context_protocol"
            }
        }
    }
}