Table of Contents
-
- Prologue: Lessons from inspecting 300+ MCP servers
- Problem Census: Why MCP is just a “registry protocol”
- Pain Points: High‑dim params, single‑shot calls, quality chaos
- Ideal Blueprint: A truly LLM‑Native MCP v1.0
- Practical Upgrade Path — no rewrite needed
- Action Checklist for server authors & API teams
- Closing: Patch three gaps, and MCP still matters
1 Prologue
“Tang Shuang: MCP Is a Flawed Protocol” states that they examined 300 servers on mcp.so, ran them locally, and hit a brick wall: ~80 % broke out‑of‑the‑box. Missing params, weird auth, 500s everywhere. The “booming ecosystem” is mostly noise.
Key Takeaways
-
- MCP v0.4 is basically “tool registry + single invoke”. It never defines how an LLM receives the tool list.
- Most servers simply wrap an old SDK, ignoring LLM readability and quality telemetry.
2 Problem Census
| ID | Pain | Symptom | Root Cause |
|---|---|---|---|
| P1 | LLM handshake gap | Clients must stuff system‑prompt or tools by themselves |
Spec blank |
| P2 | Param explosion | Dozens of fields × enums → LLM falls back to defaults | API designed for humans |
| P3 | Single‑shot only | No session ↔ no multi‑step workflow | Narrow scope |
| P4 | Noise in registry | Hello‑World servers drown good ones | No quality signal |
| P5 | Auth zoo | OAuth, keys, JWT all mixed | No standard enum |
3 Pain Points in Depth
3.1 High‑dimensional parameters
LLMs can’t brute‑force combinations. We need layered params: required / recommended / optional, plus runtime follow‑up.
3.2 Single‑shot limitation
Without session_id, patching params or chaining tools is DIY client code, burning tokens.
3.3 Quality & security void
No uptime, latency, success‑rate; auth formats differ. Devs shoulder the risk.
4 Ideal LLM‑Native MCP v1.0
| Module | Design Highlight | Value |
|---|---|---|
| Param priority | priority + examples |
Shrink prompt, raise success |
| Incremental calls | session_id + patch/cancel |
Native multi‑step plans |
| Quality metrics | qos.uptime / latency / success |
Registry can rank, noise fades |
| Unified auth | `auth.type = oauth2 | x-api-key |
5 Upgrade Path
-
- merge
priorityPR; clients ignore unknown keys. - pilot
session_id+patch. - mcp.so runs
mcp-lint, rolls out quality badges. - ship v1.0, one‑year grace period.
- merge
6 Action Checklist
For MCP Server Authors
-
- Add
priority, give two real examples, passmcp-lint≥80. - Implement schema & enum validators.
- Emit
qosmetrics, apply for a green badge.
- Add
For Client / Agent Frameworks
-
- Trim prompt by
priority; trigger clarifying question on unknowns. - Log & cluster failure patterns, patch rules or fine‑tune.
- Trim prompt by
For API / SDK Teams
-
- Design field names LLM‑first (
distance_km). - Treat defaults as recommendations, not must‑use.
- Make errors instructional:
validation_error.missing="distance_km".
- Design field names LLM‑first (
7 Closing
MCP doesn’t need a full rewrite. What it lacks is parameter governance, incremental calls, and quality/security signals. Patch these three boards, and MCP can still become the “USB port for tool‑calling LLMs.”
