Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064

Twitter Facebook-f Pinterest-p Instagram
Reference learning vertical
Track 03 · Applied & Agentic Novice → Intermediate ~8 min

What is the Model Context Protocol?

The open standard that lets AI apps plug into tools and data through one connector — "a USB-C port for AI." Learn the what, the architecture, and how to use it safely, right here on the page.

Module progress
0%

01The problem MCP solves

Remember when every phone and gadget came with its own incompatible charger? Connecting AI to outside software used to be just as messy: every AI model needed its own hand-written "glue code" for every tool or data source it wanted to use. Engineers call this the N×M problem — N models times M tools — and ten of each meant up to a hundred one-off integrations to build and maintain. The Model Context Protocol (MCP) is the shared standard that fixes it. MCP — an open standard Anthropic introduced in late 2024, with major vendors including OpenAI and Google since announcing support — collapses that to N+M: each model and each tool implements the protocol once, and they all interoperate. That's why it's described as "a USB-C port for AI."

ExploreFlip between the two worlds
9
integrations to build

Without a standard, 3 models × 3 tools = 9 separate, non-reusable integrations.

  • MCP is an open standard, not a product — any MCP-aware app can talk to any MCP server.
  • Under the hood it speaks JSON-RPC 2.0 — a simple, standard way for one program to send a request to another and get a reply.
  • Goal: let AI move past frozen training knowledge to use live data and real actions.

02The architecture: host, client, server

MCP is a client–server model with three roles. Tap each to see what it does — notice the host is the consent gatekeeper, and each client keeps a 1:1 connection to a single server so permissions never bleed between tools.

ExploreTap host / client / server
MCP Host (the AI app)
Client A1:1 session
Server · Filesstdio · local
Client B1:1 session
Server · CRM APIHTTP · remote
The AI application

MCP Host

Where the LLM lives and the user interacts — Claude Desktop, Cursor, VS Code, an agent framework. It manages every client, enforces security policy, and is the ultimate arbiter of user consent: it decides what the model may invoke and what data is shared.

03How a session actually runs

Every MCP connection follows a strict lifecycle so both sides agree on capabilities before any data moves. Step through a real handshake — from version negotiation to a tool call and back.

WalkthroughStep or run — watch the messages cross
Client Server initialize initialize ✓ (capabilities) initialized tools/list tools/call (args) result
initialize
Client → Server. "Here's my protocol version & capabilities."
initialize ✓
Server → Client. Confirms version, declares its tools / resources / prompts. Mismatch ends the call.
initialized
Client → Server. "Ready." The operation phase begins.
tools/list
Discovery. Client asks what tools exist; server returns each with a name, description & JSON Schema.
tools/call
Execution. Model invokes a tool with schema-validated arguments — subject to user approval.
result →
Server → Client. Returns a content array; the host feeds it back to the model. Clean shutdown closes the connection.

04What a server exposes: the three primitives

A server advertises its capabilities as primitives. The easy mental model: tools are verbs, resources are nouns, prompts are templates.

ExploreSwitch primitive

Tools — executable actions

Functions the model can invoke to do something in the outside world (subject to user approval). Each has a name, a natural-language description, and a JSON Schema for its inputs. Highest security risk — they can run code.

send_slack_message(channel, message)
execute_sql_query(sql)
create_calendar_event(details)

Resources — read-only context

Data sources the model can read to ground its reasoning — identified by a URI, serving text or binary. They give situational awareness without changing anything.

file://main.py — source file
db://schema — database structure
log://app/today — live log stream

Prompts — reusable templates

Pre-built workflows with placeholders the host fills at runtime. They encode best practices so users don't hand-craft a complex prompt every time.

"Summarize the contents of {resource_uri}."
"Find anomalies in {log_file} between {start} and {end}."

05The big picture

Here's the whole framework on one map — how the architecture, the primitives, the security practices, and the threats they defend against all fit together. Expand any branch to drill in.

Concept mapClick a branch to expand

06Wizard: is your MCP setup safe to ship?

Power comes with risk — research on public MCP servers found a large share carried command-injection flaws. Answer five questions about your setup and get an instant risk read with the specific controls to fix any gaps.

WizardAnswer yes / no
Are all your MCP servers vetted & from a trusted registry?Anyone can publish a server — typosquatted/backdoored ones are a real supply-chain risk.
Do remote servers use OAuth with audience-validated tokens?Stops the 'confused deputy' problem and token-passthrough abuse.
Are tool permissions scoped to least privilege & sandboxed?Over-broad scopes create a huge blast radius if an agent is compromised.
Is there human-in-the-loop approval on destructive actions?Guards against consent fatigue and silent dangerous operations.
Do you validate tool inputs/outputs against injection?Tool descriptions & returned data can carry prompt-injection payloads.

07Check your understanding

TJS Quiz
window.onload=function(){window.print()}<\/scr'+'ipt>'; var w=window.open('','_blank'); if(w){ w.document.write(html); w.document.close(); } } function accentHex(){ var v=getComputedStyle(root).getPropertyValue('--tjq-accent').trim(); return v||'#2095e9'; } function dlCanvas(cv){ var a=document.createElement('a'); a.download=(D.id||'quiz')+'-result.png'; a.href=cv.toDataURL('image/png'); a.click(); } function shareCard(pct,cat){ var cv=$('#tjqCardCv'); if(!cv||!cv.getContext) return; var x=cv.getContext('2d'),W=cv.width,H=cv.height,acc=accentHex(); var g=x.createLinearGradient(0,0,W,H); g.addColorStop(0,'#0E1F40'); g.addColorStop(1,'#10294f'); x.fillStyle=g; x.fillRect(0,0,W,H); x.save(); x.globalAlpha=.16; x.fillStyle=acc; x.beginPath(); x.arc(W*.85,H*.16,160,0,7); x.fill(); x.restore(); x.fillStyle='rgba(255,255,255,.55)'; x.font='600 21px DM Sans, sans-serif'; x.fillText('TJS QUIZ · AI KNOWLEDGE HUB',58,76); x.fillStyle='#fff'; x.font='700 60px Fraunces, serif'; x.fillText(D.topic||'Quiz',56,168); x.fillStyle=acc; x.font='700 28px "Space Mono", monospace'; x.fillText(String(cat||'').toUpperCase(),58,H-150); x.fillStyle='#fff'; x.font='700 104px "Archivo Black", sans-serif'; x.fillText(pct+'%',54,H-52); x.fillStyle='rgba(255,255,255,.55)'; x.font='400 21px DM Sans, sans-serif'; x.fillText('scored on the '+(D.topic||'')+' quiz',58,H-22); x.strokeStyle=acc; x.lineWidth=8; x.strokeRect(0,0,W,H); if(cv.toBlob && navigator.canShare){ cv.toBlob(function(blob){ try{ var file=new File([blob],'quiz-result.png',{type:'image/png'}); if(navigator.canShare({files:[file]})){ navigator.share({files:[file],title:'My quiz result',text:'I scored '+pct+'% ('+cat+') on the '+(D.topic||'')+' quiz.'}).catch(function(){dlCanvas(cv);}); return; } }catch(e){} dlCanvas(cv); }); } else dlCanvas(cv); } function certPrint(pct,cat){ var raw=(($('#tjqCertName')||{}).value)||''; var name=esc(raw.trim()); var ds=new Date().toLocaleDateString(undefined,{year:'numeric',month:'long',day:'numeric'}); var id='TJQ-'+String(Math.floor(Math.random()*1e9)); var acc=accentHex(); var html='Certificate
Certificate of Completion

'+esc(D.topic||'Quiz')+'

This recognizes

'+(name||'—')+'

for completing the assessment at the '+esc(cat)+' level ('+pct+'%).

'+ds+' · TJS AI Knowledge Hub · ID '+id+'

A self-assessment summary recognizing completion of an educational module — not a professional certification.

window.onload=function(){window.print();}<\/scr'+'ipt>'; var w=window.open('','_blank'); if(w){ w.document.write(html); w.document.close(); } } renderStart(); })();

08Take it with you & go deeper

"MCP in 5 minutes" — one-page summary
The whole module distilled to a printable cheat-sheet.
▸ Already on the site — go deeper
Live article

Model Context Protocol — build guide

The hands-on build view from the Agentic AI hub.

Read →
Live article

MCP: 5 essential facts to understand

The fast orientation if you only read one thing.

Read →
Live article

What is MCP security?

The risk landscape and why governance matters.

Read →
▸ Coming next — deeper progression (specced & grounded)
Planned

Build your first MCP server

Implementation walkthrough — primitives, transport, and a working example.

In the pipeline
Planned

MCP authorization & OAuth 2.1

Confused deputy, token passthrough, and the agent-first OAuth pattern.

In the pipeline
Planned

MCP supply-chain & governance

Trusted registries, server signing, and SAST/SCA pipelines.

In the pipeline
Planned

MCP threat model & tool poisoning

Prompt injection via tool descriptions and gateway-level defenses.

In the pipeline

Continue learning

Sources & review

Published by Tech Jacks Solutions · Reviewed June 2026. This lesson explains established concepts and is grounded in the references below; figures shown in the interactives are illustrative and labelled as such.

Model Context Protocol (MCP) — in 5 minutes

Tech Jacks Solutions · AI Knowledge Hub · educational summary

What it is

An open standard Anthropic introduced in late 2024 (with OpenAI & Google since announcing support) that connects AI apps to external tools, data, and workflows — "a USB-C port for AI." It turns the N×M integration problem into N+M using JSON-RPC 2.0.

Architecture

Host — the AI app; enforces policy and is the arbiter of consent. Client — lives in the host; one 1:1 stateful connection per server. Server — wraps a resource (files, DB, SaaS API) and exposes capabilities.

Primitives

Tools (verbs) — executable actions with a JSON-Schema input, run on approval. Resources (nouns) — read-only context via URIs. Prompts — reusable templates with placeholders.

Session flow

initialize → initialize response → initialized → tools/list (discovery) → tools/call (execution, schema-validated, user-approved) → result → shutdown.

Transport

stdio — local subprocess, very low latency, no network port. Streamable HTTP — remote/cloud, multi-client, single endpoint with optional SSE; needs HTTPS + OAuth and Origin validation.

Top governance controls

Vetted servers from a trusted registry (signed, pinned) · Agent-first OAuth 2.1 with audience validation (no token passthrough) · least privilege + sandboxing · human-in-the-loop on destructive actions · input/output validation against injection.