intellimetrics Learning
Mastery Module 19 · Agentic Engineering

MCP: Extending Your Agent

Last reviewed

Advanced

What you'll learn

~20 min
  • Explain what MCP servers expose and how transports work
  • Add, inspect, and use an MCP server in your CLI tool
  • Vet a third-party server before connecting it to your codebase

You’re deep in a feature, and you ask your agent: “Summarize the open issues blocking this release.” The agent stalls — it has no way to reach GitHub. You copy-paste issue titles from the browser, paste them in, and repeat. That friction is the exact problem MCP solves. With the GitHub MCP server connected, the same prompt just works — the agent queries the API, reads the issues, and writes the summary.

What MCP is

Model Context Protocol is an open protocol for connecting agents to external tools and data. Anthropic published the original spec, then donated it to the Agentic AI Foundation under the Linux Foundation in December 2025. It is vendor-neutral and community-governed — no single company controls it.

A server exposes three primitives:

PrimitiveWhat it is
ToolsActions the agent can invoke (create PR, run query, send message)
ResourcesData the agent can read (files, API responses, database records)
PromptsPre-built prompt templates the server can contribute

Transports: Local servers run as child processes and communicate over stdio — your machine, no network hop. Remote servers speak HTTP, typically behind an auth layer. Both are supported; your config just points the client at the right endpoint.

As of mid-2026 there are 10,000+ active public MCP servers; the official MCP Registry lists roughly 9,600. Claude Code, Copilot CLI, Cursor, VS Code, Antigravity (agy), and ChatGPT all support MCP. It has become the de-facto standard for agent extensibility.

Hands-on: connect the GitHub MCP server

The GitHub MCP server is the cleanest worked example — official vendor, active maintenance, widely used. The flow below uses Claude Code; the concept is identical for other tools.

Step 1: Get a GitHub token

The server needs a personal access token (classic or fine-grained) with repo scope. Create one at github.com → Settings → Developer settings → Personal access tokens.

Store it in your environment — never hardcode it anywhere:

Terminal window
export GITHUB_TOKEN="ghp_your_token_here"

Add that export to your ~/.bashrc or ~/.zshrc so it persists.

Step 2: Register the server

Claude Code’s mcp add command registers a server. The exact argument syntax varies by transport and server — run claude mcp add --help to see current flags before using it. For the GitHub server (stdio transport, installed via npx) the general pattern is:

Terminal window
claude mcp add --help          # read the current flags first

The command writes an entry into your project-scoped .mcp.json file (see Step 4). You can also edit .mcp.json directly — the file is plain JSON.

💡Official docs are the source of truth

MCP add syntax evolves quickly. Rather than reproducing flags here, check claude mcp add --help and the Claude Code MCP docs for the current invocation.

Step 3: Inspect the connection

Inside a Claude Code session, /mcp lists every connected server and the tools it exposes:

Claude Code — MCP Inspect
/home/user $ claude
>
/home/user $ /mcp
Connected MCP servers: github (stdio) connected Tools: create_issue Create a new GitHub issue create_pull_request Open a pull request get_file_contents Read file contents from a repo list_issues List issues with optional filters search_repositories Search public repositories ... 18 more tools Resources: none Prompts: none
/home/user $ Summarize the open issues labeled 'bug' in this repo and group them by severity label
Querying GitHub for open issues labeled 'bug'... Found 7 open bug issues: Critical (2): #84 — Auth token refresh fails on token expiry #91 — File upload silently drops files over 10 MB High (3): #77 — Search returns stale results after index rebuild #88 — Rate limiter counts OPTIONS requests #93 — Pagination cursor invalid after filter change Medium (2): #79 — Tooltip z-index overlaps modal header #86 — CSV export omits last row if row count is divisible by 100 Recommendation: #84 and #91 are blocking for a release — they affect data integrity and auth.
/home/user $

Notice what happened: no copy-pasting, no browser tab-switching. The agent called the MCP tool, got structured data, and reasoned over it. That’s the leverage.

Step 4: Project-scoped config

When you register a server, Claude Code writes it to .mcp.json in your project root. This file is committed to the repo — your whole team gets the same server configuration without any individual setup.

{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_TOKEN": "${GITHUB_TOKEN}"
      }
    }
  }
}

The ${GITHUB_TOKEN} placeholder is resolved from the environment at runtime. The token never lives in the file — committing secrets into .mcp.json is a critical mistake to avoid (more on this below).

Agent config is shared infrastructure

Treating .mcp.json as a team artifact — versioned, reviewed, documented — is the same discipline as treating your CI config or Dockerfile that way. When you add a new server, open a PR for it. Your teammates deserve to know what their agents can now reach.

Cross-tool parity

MCP support is nearly universal across the major CLI tools. The in-session command and config file location differ:

ToolConfig fileIn-session command
Claude Code.mcp.json (project) or ~/.claude/mcp.json (user)/mcp
Copilot CLI.github/mcp.json (auto-loaded since v1.0.61)/mcp
Antigravity (agy)Managed by agy plugin import or manual config/mcp
Codex CLIconfig.toml (see official docs for current block format)check docs

Antigravity note: agy plugin import gemini migrates Gemini CLI MCP entries into Antigravity’s config. If you have existing remote server configs from Gemini CLI, the key url becomes serverUrl in Antigravity’s format.

The trust problem

Here is the number that should make you pause: a 2026 census of public MCP servers found that roughly 13% rate “high trust” — meaning documented, actively maintained, and reliable. The other 87% range from abandoned experiments to servers with no documentation, unclear data handling, and no security posture.

An MCP server runs with real access to your agent and, through it, to your codebase and credentials. Connecting one is more like installing a dependency with shell access than adding a browser extension. Treat it accordingly.

Vetting checklist

Before connecting any third-party MCP server:

  • Who maintains it? Prefer official vendor servers (GitHub’s own server, Stripe’s own server, etc.) over community forks. Check whether the maintainer is reachable.
  • Is the repo active? Look at commit recency, open issues, and whether bugs get responses. An abandoned repo is a liability.
  • What scopes does it request? Read the server’s documentation and source. A server that needs admin:org when it only claims to “read issues” is a red flag.
  • Where do tokens live? Secrets must go in environment variables and be referenced via ${VAR_NAME} placeholders in config. Never hardcode tokens, API keys, or passwords into .mcp.json — that file gets committed.
  • Does it send data off-machine? Understand whether the server is local-only (stdio, processes files on your machine) or proxies requests through a third-party service. For sensitive codebases, local-only is strongly preferred.
Secrets in .mcp.json

A hardcoded token in .mcp.json will end up in your git history. If the repo is ever public, that token is compromised. Use environment variables exclusively. Most secret-scanning tools (GitHub’s built-in scanner, gitleaks) will catch this in CI — but catching it before the push is better.

Institutional environments

Government and university machines often have policies governing what software can run, what external services can be reached, and what data can leave the network. Before connecting any MCP server on a managed machine, check with your IT or security team. A server that’s fine on a personal laptop may be out of policy on a classified or HIPAA-regulated workstation.

Enterprise roadmap

The 2026 MCP roadmap includes audit trails, SSO-backed authentication, and MCP gateway proxies — centrally managed, policy-enforced registries of approved servers. If you’re in an enterprise environment without these controls yet, treat manual vetting as your gate. Document which servers your team has approved and why.

KNOWLEDGE CHECK

You find a popular MCP server on GitHub with 800 stars. It promises to connect your agent to your company's internal database. What should you check before connecting it?
KNOWLEDGE CHECK

Your .mcp.json needs to pass a GitHub token to the GitHub MCP server. What's the correct approach?
KNOWLEDGE CHECK

What does an MCP server's 'stdio transport' mean in practice?

Key takeaways

  • MCP is vendor-neutral — donated to the Linux Foundation, supported across Claude Code, Copilot, Antigravity, Codex, Cursor, and ChatGPT
  • Three primitives: tools (actions), resources (data), prompts (templates) — a server exposes whichever it implements
  • stdio = local process, HTTP = remote service; local is preferable for sensitive work
  • .mcp.json is team infrastructure — commit it, review it, document what you’ve added and why
  • Only ~13% of public servers rate high trust — vet before connecting, prefer official vendor servers
  • Secrets in env vars only — never hardcode tokens into .mcp.json
  • Institutional machines (gov, university) require a policy check before connecting any external server

Next: Skills and Hooks — teach your agent your team’s conventions once, and it follows them forever.

Search lessons