Most active commenters

    ←back to thread

    MCP is eating the world

    (www.stainless.com)
    335 points emschwartz | 22 comments | 21 Jun 25 16:30 UTC | HN request time: 0.884s | source | bottom
    Show context
    faxmeyourcode ◴[24 Jun 25 16:58 UTC] No.44368295[source]
    Based on the comments here, a lot of folks are assuming the primary users of mcp are the end users connecting their claude/vscode/etc to whatever saas platform they're working on. While this _is_ a huge benefit and super cool to use, imo the main benefit is for things like giving complex tool access to centralized agents. Where the mcp servers allow you to build agents that have the tools to do a sort of "custom deep research."

    We have deployed this internally at work where business users are giving it a list of 20 jira tickets and asking it to summarize or classify them based on some fuzzy contextual reasoning found in the description/comments. It will happly run 50+ tool calls poking around in Jira/confluence and respond in a few seconds what would have taken them hours to do manually. The fact that it uses mcp under the hood is completely irrelevant but it makes our job as builders much much easier.

    replies(7): >>44368648 #>>44368903 #>>44368929 #>>44368954 #>>44369304 #>>44374580 #>>44375982 #
    1. dkdcio ◴[24 Jun 25 17:57 UTC] No.44368903[source]
    Where I struggle conceptually is this works fine without MCP.

    Write a CLI tool that does the same thing (including external service access) and tell any agentic CLI tool (or Cursor or IDE tool) to use the tool. Much simpler, established security models, etc.

    replies(9): >>44369240 #>>44369266 #>>44369268 #>>44369270 #>>44369365 #>>44369912 #>>44371239 #>>44371639 #>>44372125 #
    2. yjp20 ◴[24 Jun 25 18:32 UTC] No.44369240[source]
    This is pretty fair: in claude code, I have the github mcp server installed, but the agent actually prefers to use the CLI. There's also other advantages too, such as incremental discovery of subcommands for more complex CLIs. Certainly agents already don't have a problem using CLIs.

    That said, this doesn't fully work in environments on websites like claude.ai. Perhaps you could have an org-wide Dockerfile or something that opens every time you start a chat which gives it MCP-like capabilities, but that sounds more complicated in many ways than what MCP does. There's also more problems that MCP solves, like with Prompts and Sampling (which are pretty under-used at the moment), and there aren't great analogs for that in the CLI world.

    Also developers like you and I might find it trivial to install CLIs, set up auth, and open an agent locally, but this isn't widely true. As an example, at Stainless we have non-engineer folks who ask questions like "who are the most interesting people who have signed up yesterday", and with the right MCP tools wired to claude.ai, claude actually does an excellent job of answer these kinds of questions, all in the browser. This was all without a doubt possible before MCP, but MCP reduces the friction enough, such that it becomes worth-it/easy-enough to develop these tools.

    replies(2): >>44369381 #>>44371943 #
    3. potatolicious ◴[24 Jun 25 18:33 UTC] No.44369266[source]
    Sure, and MCP is just a standardized way of exposing tools. This is where I feel MCP is both overhyped (waaaaaaay too much LinkedIn influencer hot air) but also genuinely quite useful.

    I've done stuff very much like the above with just regular tool calls through the various LLM APIs, but there are tons of disparate frameworks for how to harness up a tool, how they execute, how they are discovered, etc. None of it is rocket science.

    But the nice thing about having a standard is that it's a well-lit path, but more importantly in the corporate workflow context is that it allows tools to be composed together really easily - often without any coding at all.

    An analyst who has zero coding experience can type in a prompt, click "add" on some MCP tools, and stand up a whole workflow in a minute or two.

    That's pretty cool.

    And yeah, none of it is impossible to implement yourself (nor even very hard!) but standardization has a value in and of itself in terms of lowering barriers to entry.

    replies(1): >>44369342 #
    4. rictic ◴[24 Jun 25 18:34 UTC] No.44369268[source]
    Yes, MCP adds no new fundamental capabilities. What it does is solve an N x M problem, where to hook up a given tool to a given LLM scaffold you have to write specific integration code for that combination of scaffold and tool.

    With MCP that's decoupled, the tool and the software speak a common protocol, and it's one line of configuration to hook the tool up to the LLM. Makes it easy to mix and match, reuse code, etc.

    replies(1): >>44372340 #
    5. chime ◴[24 Jun 25 18:34 UTC] No.44369270[source]
    If the CLI tool does IO with the agentic CLI tool of choice over STDIO, then it's MCP by definition, with the only caveat being that it runs locally on each user's machine instead of a server. For dev-teams, CLI would work but for non-coders, web-apps or Slack-channel with LLM/MCP integration would be better.
    6. what-the-grump ◴[24 Jun 25 18:38 UTC] No.44369342[source]
    xkcd 927, every single time
    replies(1): >>44371573 #
    7. rattray ◴[24 Jun 25 18:39 UTC] No.44369365[source]
    Yeah, CLIs actually often do seem better for agents with access to bash, like Claude Code.

    That said, many "business users" like those referenced above interact more with a web UI, and asking them to audit bash/CLI interactions might not always work well.

    (disclaimer: I work at Stainless; we're actually exploring ways to make MCP servers more "CLI-like" for API use-cases.)

    8. rcarmo ◴[24 Jun 25 18:40 UTC] No.44369381[source]
    What you are actually saying is that you don't have a data platform with reporting and prefer using your own product because you designed your user tier to have an MCP server, which is kind of an ourobouros.
    replies(1): >>44369480 #
    9. rattray ◴[24 Jun 25 18:47 UTC] No.44369480{3}[source]
    Hmm? We have a REST API, CLI, MCP server, and SDKs that all offer the same data/functionality.

    MCP is for AI agents, the CLI is for one-off commands by devs who like to poke at things or CI scripts, the TypeScript SDK is for production software written in TypeScript, etc etc.

    Was there something we're missing from the "data platform"? A SQL interface?

    (I work with yjp20)

    10. zackify ◴[24 Jun 25 19:19 UTC] No.44369912[source]
    The problem with that is it doesn’t work for people who are not technical. Remote mcp is pretty good even if I would have preferred a rest api helper endpoint to support existing apis
    11. hadlock ◴[24 Jun 25 21:25 UTC] No.44371239[source]
    MCP is JDBC for LLM
    12. ◴[24 Jun 25 22:07 UTC] No.44371573{3}[source]
    13. __MatrixMan__ ◴[24 Jun 25 22:17 UTC] No.44371639[source]
    I'll take a CLI over http ten times out of ten. However, I'm skeptical that that's the ideal long term interface because it gives the model too much freedom.

    I want to be the one deciding which CWD to use, which user to run as, whether to see the whole filesystem or to restrict to a chroot, etc.

    So far it hasn't been malicious but I've had a number of cases while using cursor where the model has gotten confused and is now editing repos outside the open workspace.

    Maybe the answer is still a CLI, but I want a standardized interface for equipping that CLI with handcuffs.

    replies(1): >>44372466 #
    14. cpursley ◴[24 Jun 25 22:57 UTC] No.44371943[source]
    Ditto on the postgres MCPs vs the standard pg cli - seems to prefer the cli. Which is fine enough for me.
    15. BeetleB ◴[24 Jun 25 23:20 UTC] No.44372125[source]
    You're thinking like a SW engineer. Instead, think like someone who just happens to know a bit of programming. MCP is much, much easier than tool calling, I think.

    As an example, I wrote a function in Python that, given a query string, executes a command line tool and returns the output. To make it an MCP server, I simply added type annotations to the function definition, and wrote a nice docstring, and added a decorator.

    That's it. And now it works with all providers and all tools that support MCP. No REST APIs, etc needed. Not tied to a particular agentic tool.

    Every time I've written a tool, I've ended up with "Wow, was it really that simple?"

    As for security: If you write your own tool, the security implications are the same.

    replies(2): >>44379214 #>>44384879 #
    16. OJFord ◴[24 Jun 25 23:59 UTC] No.44372340[source]

      tool --help
  man tool
    17. apitman ◴[25 Jun 25 00:18 UTC] No.44372466[source]
    Are there any tools that automate using containers for this?
    replies(1): >>44377576 #
    18. __MatrixMan__ ◴[25 Jun 25 14:13 UTC] No.44377576{3}[source]
    You could just start the MCP server in container I guess, although I suppose that's doing it the manual way.

    That might prevent the model from wandering from the beaten paths, but container escapes are a thing, so if it's not lost but instead malicious then that might not do it. Luckily I don't think we're quite there yet.

    So I think that's a "no".

    QubesOS might work well for this. It's all about making it easy to work with a small pile of VMs under the assumption that at least one is probably compromised and keeping that one compartmentalized. Although I don't know how far that'll get you if you're letting the untrusted thing call the shots.

    At the end of the day you're always going to be able to build better handcuffs by starting with nothing and gradually adding API calls that it needs. Starting with CLI access and then adding restrictions is never going to be as secure, even though it's way more convenient.

    That said, I think you could strike a pretty reasonable balance by just not giving it access to anything but one or two explicitly chosen directories.

    19. brabel ◴[25 Jun 25 16:37 UTC] No.44379214[source]
    You just described how to write a tool the LLM can use. Not MCP!! MCP is basically a tool that runs in a server so can be written in any programming language. Which is also its problem: now each MCP tool requires its own server with all the complications that come with it, including runtime overhead, security model fragmentation, incompatibility…
    replies(1): >>44379448 #
    20. BeetleB ◴[25 Jun 25 16:56 UTC] No.44379448{3}[source]
    > You just described how to write a tool the LLM can use. Not MCP!! MCP is basically a tool that runs in a server so can be written in any programming language.

    It's weird you're saying it's not MCP, when this is precisely what I've done to write several MCP servers.

    You write a function. Wrap it with a decorator, and add another line in __main__, and voila, it's an MCP server.

    > now each MCP tool requires its own server with all the complications that come with it, including runtime overhead, security model fragmentation, incompatibility…

    You can lump multiple tools in a server. Personally, it makes sense to organize them by functionality, though.

    > including runtime overhead, security model fragmentation, incompatibility…

    What incompatibility?

    Runtime overhead is minimal.

    Security - as I said, if you write your own tools, you control it just as you would with the old tool use. Beyond that, yes - you're dependent on the wrapper library's vulnerabilities, as well as the MCP client. Yes, we've introduced one new layer (the wrapper library), but seriously, it's like saying "Oh, you introduced Flask into our flow, that's a security concern!" Eventually, the libraries will be vetted and we'll know which are secure and which aren't.

    replies(1): >>44380645 #
    21. brabel ◴[25 Jun 25 18:48 UTC] No.44380645{4}[source]
    You’re just confused. You can write a tool , or if your framework supports it, the tool can be also a MCP. But llm cares only about tools. Try to learn the underlying mechanics and you will understand the difference.
    22. plausibilitious ◴[26 Jun 25 06:54 UTC] No.44384879[source]
    There is so much accidental complexity in software because people keep reinventing the wheel. I think it might be interesting to do some research for a book on this topic.