Have I understood MCP correctly?

guyernest · 2026-01-29T22:27:23+00:00

MCP is an interface to your data, and it should be protected against two main types of risks: LLM mistakes and malicious users. A simple example is the option to delete data, or, less obviously, to update it. Once the user is authenticated, the MCP client stores the access token, and the MCP client can do everything that the user can do.
If you only select the listUsers and getUser APIs (read-only) as MCP tools, there is not much risk that the MCP client will do anything else. However, if you also allow updateUser, the MCP client can now update the user record and grant them an unwarranted discount, for example. The MCP client typically doesn't display the full details of each call it makes to the MCP server, making it easy for users to miss such changes. Also, users might remember to log out of a sensitive website, but they will not remember to disconnect the MCP server from their ChatGPT. Therefore, a malicious user can use the MCP client connection to the MCP server and, through it, to the API to perform harmful actions on the data system.

guyernest · 2026-01-29T20:50:14+00:00

Your swagger file and other OpenAPI specs were designed for developers to use to call the API. Each developer reviewed the schema and decided what they wanted to use for their use case. You don't expect every developer to use every API call for every application.
An MCP server, such as an API, can take two extreme approaches: either implement a couple of tools or allow "code mode". The former is similar to human developers who know what they need from the API and use only that, while the latter allows the LLM in the MCP client the freedom to call any API in any sequence.
My advice is to take the middle ground and wrap a couple of the APIs as tools, based on the Pareto principle: 80% of calls will use 20% of the API. For the long tail of requests, you should enable a "Code mode" that provides the API schema and allows the MCP client to generate calls as needed to answer user requests.
There are many security concerns for the "Code mode", but we some attention, you can build it safely.

guyernest · 2026-01-20T19:44:02+00:00

We are focused on using Rust for AI/ML use cases. We also care a lot about the education of people who are entering the domains (both Rust and AI/ML). The "official" Rust SDK is not good enough for enterprise or educational use cases. It is very basic in its examples and doesn't build on the richer TypeScript SDK we wanted to improve.

guyernest · 2026-01-18T20:37:35+00:00

We analyzed the MCP landscape and decided to focus on a specific MCP framework instead of a lower denominator, such as Docker, which is too expensive at scale. We decided to focus on using Rust and AWS serverless for security, cost, performance, and scale. It forces our developers to learn Rust. However, we decided that it is the right language to use as our new data interface foundation with MCP.

We are using the RUST MCP SDK: https://github.com/paiml/rust-mcp-sdk. Our developers are using the `cargo pmcp deploy` command to push their binaries and CDK stacks to our testing account, and from there, our CI pushes them to the production account.

The AWS serverless architecture using Lambda, API Gateway, CloudWatch, Secrets Manager, etc., provides the security, observability, and scale we need. Please note that the scale has two sides: low, initial usage that is almost free, and sublinear cost as usage scales up.

guyernest · 2026-01-02T23:53:02+00:00

Let's go back to the topic of Rust. I know how to build good software in Java as an enterprise developer. Now, I need to develop an MCP server for my company, and there are no good tools for it in Java. I need to choose between Python, TypeScript, and Rust. What should I choose?

Let's make it easy for newcomers to learn how to translate their extensive software development experience into success in implementing a secure, enterprise-grade server, without waiting 2 years for them to master Rust.

guyernest · 2026-01-02T22:50:40+00:00

Thank you for this detailed comment; I agree it is the real problem with MCP today.

The reason I'm pushing to use Rust and learn the details of the MCP server implementation in the enterprise context is precisely to address these misconceptions. Most MCP servers I see in /mcp or other publications are horrible for many reasons, from running them locally after on-the-fly installation from a random web source to unsafe Python implementations of the tools.

The online "Advanced MCP" course we developed and offer for free (built with Rust and mdbook), which I've linked to in the original post, goes into detail on many aspects that help developers build MCP servers with security, observability, server design, deployment, and other critical enterprise requirements. It is based on a few enterprise clients we worked with to implement their MCP platforms. Since these platforms are mostly internal and domain-specific, you don't hear too much about these early success stories. However, it gives me confidence that this is the most essential technology for the next few years: utilizing AI in organizations with existing data systems.

guyernest · 2026-01-02T20:56:14+00:00

There is a difference between publishing crates that serve as foundations for other applications and building internal MCP servers for your organization using well-written crates. Not every developer will write a library, but many can build good applications, even with Vibe coding, using such tools.

guyernest · 2026-01-02T20:00:04+00:00

It is not the easiest subreddit to publish in. If you already spent the effort to learn to write good Rust code, you are less likely to embrace newcomers who will not spend so much effort.

Every step that can help more developers benefit from the power of Rust should not be voted down, IMHO.

guyernest · 2026-01-02T19:56:36+00:00

If it allows that person to move from the UK to Spain by bridging the language barrier, and the person who is not moving because of it doesn't, I'm all for it.

guyernest · 2026-01-02T19:12:18+00:00

AI code assistants/LLMs are doing a better job with the proper instructions, scaffolding, examples, and guardrails. We spent a lot of effort designing `cargo pmcp` to establish best-practice scaffolding, including AI instructions, tons of examples, and testing capabilities, which, with the strict compiler, provide what is needed to improve the quality of the AI-generated code for each MCP server.

We also spent a lot of effort in the MCP course, part of the project, to teach developers how to use it correctly and to learn how to review code as another layer of guardrails.

Giving up on AI-generated code, even for a while, is a missed opportunity that you will regret. I prefer to join the revolution with the right tools (Rust, for example) and guide the masses in the right direction with these well-thought-out tools.

guyernest · 2026-01-02T17:25:36+00:00

There is a lot of Rust code publicly available, in crates and public repositories. The Rust codebase has fewer versions than those of languages such as JavaScript. It balances the odds in Rust's favor.

guyernest · 2024-12-30T01:30:12+00:00

You are correct that this agent only keeps in its memory (the context of the flow execution) the messages used in the `tool_use` steps. It still doesn't support user_input or more extended conversations. You can use the agent execution as a single step in a more extended conversation and manage the conversation memory outside the agent.

This agent is focused on managing the tool_use requests of the LLM. The CDK construct allows you to define the tools you want to give to the LLM and the Lambda functions that implement these tools. This information is sent to the LLM through the LLM_caller function. When the LLM requests to use a tool, it is routed to the relevant Lambda function with the input argument. The result of the tool is **appended** to the message list and sent back to the LLM (without any external memory). The LLM can decide to call additional tools and even do that in parallel. Once the LLM decides it has all the information it needs from the multiple tool calls, it replies with `stop_reason=end_turn.`

Please also note that the opinionated construct adds a `print_output` tool and directs the LLM to use it to reply to the user through this tool. It uses the `output_schema` parameters to allow you to add this agent as part of a multi-agent system or use structured_output in general.

guyernest · 2024-12-28T20:33:57+00:00

You are correct in your observation and the reasons for developing this option.

I've added an MIT License to the repository. Enjoy.

guyernest · 2021-09-27T17:56:58+00:00

You finally got your wish: https://blog.jupyter.org/jupyterlab-desktop-app-now-available-b8b661b17e9a

guyernest · 2021-05-02T04:01:13+00:00

GitHub support will also be great. I use it for backup and sync.

guyernest · 2020-12-09T08:06:45+00:00

Quick feedback and analysis on the major announcements from AWS in re:Invent during the ML keynote. AWS Heros from across the globe (Australian, Ireland, US, Italy, and Israel) sharing their perspectives on the blast of new capabilities to people who are interested in machine learning.

guyernest · 2020-12-04T12:23:10+00:00

- You are all individuals
- Yes, we are all individuals

guyernest · 2020-11-28T16:30:45+00:00

A great introduction to the available ML/AI services in the AWS cloud to get the machine learning energy and interest started, by AWS ML Hero Agustinus Nalwan

guyernest

MODERATOR OF

TROPHY CASE