Docs/mcps/README

MCP Integrations

The M×N Problem Solver — One standard integration per external system.


What Is MCP

Model Context Protocol (MCP) is the open standard for connecting AI agents to external data and tools. It solves the M×N integration problem:

  • Without MCP: M models × N tools = M×N custom integrations
  • With MCP: M models × N MCP servers = M+N implementations

Every major AI system (Claude, GPT-4, Gemini, Cursor, Windsurf, Roo) now supports MCP. It is the integration standard.


Why This Section Exists

MCP servers are easy to create poorly. The most common mistake is treating MCP as a thin API wrapper — just exposing existing APIs as tools. This leads to:

  • Too many tools loaded into context (degrading agent reasoning)
  • Tool definitions designed for humans, not agents
  • Missing security controls on tool execution
  • No rate limiting or cost controls

This section provides production-ready MCP integration specs that avoid these mistakes.


MCP Design Principles (OAIES Standard)

1. Design for the Agent, Not the API

The tool name and description must make sense to an LLM reasoning about what to do next — not to a developer reading API docs.

// Wrong — designed for API documentation
{
  "name": "POST /api/v2/issues",
  "description": "Creates a new issue via the REST API"
}

// Correct — designed for agent reasoning
{
  "name": "create_issue",
  "description": "Create a new GitHub issue. Use when you need to report a bug, request a feature, or track work. Requires: title (required), body (optional), labels (optional array)."
}

2. Principle of Least Privilege

Every MCP server must only expose the minimum tools and permissions required. Do not expose delete operations if the agent only needs read access.

3. Avoid Context Bloat

Load tool definitions progressively. Don't register 50 tools at startup. Use categories or lazy loading so only relevant tools are in context.

4. Security First

All tool inputs are untrusted. Validate and sanitize before execution. Apply OAuth 2.1 for production deployments.

5. Every Tool Call Is Audited

All tool invocations (inputs and outputs) must be logged for audit, debugging, and cost tracking.


Available MCP Integrations

Developer Tools

MCP File Primary Use
GitHub github.mcp.md Issues, PRs, code search
GitLab gitlab.mcp.md (Planned) MRs, pipelines, issues
Azure DevOps azure-devops.mcp.md (Planned) Work items, pipelines, repos
Playwright playwright.mcp.md (Planned) Browser automation, testing
Chrome DevTools chrome-devtools.mcp.md (Planned) Performance, debugging

Project Management

MCP Status Primary Use
Jira jira.mcp.md (Planned) Issues, sprints, backlogs
Linear linear.mcp.md (Planned) Issues, projects, cycles
Notion notion.mcp.md (Planned) Docs, databases, pages

Communication

MCP Status Primary Use
Slack slack.mcp.md (Planned) Messages, channels, search
Microsoft Teams teams.mcp.md (Planned) Messages, meetings, files

Infrastructure

MCP Status Primary Use
Filesystem filesystem.mcp.md (Planned) File read/write with path validation
Docker docker.mcp.md (Planned) Container management
PostgreSQL postgres.mcp.md (Planned) Database queries (read-only by default)
Redis redis.mcp.md (Planned) Cache operations
Supabase supabase.mcp.md (Planned) Database + auth + storage

Observability

MCP Status Primary Use
Sentry sentry.mcp.md (Planned) Error tracking, performance
Datadog datadog.mcp.md (Planned) Metrics, logs, traces
Grafana grafana.mcp.md (Planned) Dashboards, alerts
OpenTelemetry opentelemetry.mcp.md (Planned) Traces, metrics, logs

MCP Specification Format

Every MCP in this library follows this specification:

# {Service} MCP Integration

## Purpose
[What this MCP enables an agent to do]

## Security Model
[Authentication method, required permissions, threat model]

## Tool Definitions

### Tool: {tool_name}
**Description:** [Agent-facing description]
**Input schema:**
```json
{
  "property": "type — description"
}

Output: [What the tool returns] Rate limits: [API limits to respect] Errors: [Common errors and handling]

Example Agent Interactions

[Concrete example of agent using this MCP]

Anti-Patterns

[What not to do with this MCP]


---

## Security Considerations for All MCPs

Before deploying any MCP server in production:

- [ ] Authentication: OAuth 2.1 or API key with rotation schedule
- [ ] Authorization: Tool execution restricted by user permissions
- [ ] Input validation: All tool inputs validated (type, length, allowed patterns)
- [ ] Output filtering: Sensitive data stripped from tool responses
- [ ] Rate limiting: Tool calls rate-limited per user/session
- [ ] Audit logging: All tool calls logged with user, inputs, outputs
- [ ] Least privilege: Server can only access what it needs
- [ ] SSRF protection: Outbound calls from MCP server validate destinations

---

## Checklist

For each MCP server you deploy:
- [ ] Tool descriptions are agent-optimized (not API-documentation-style)
- [ ] Maximum 10-15 tools per server (fewer = better agent reasoning)
- [ ] All tool inputs validated before execution
- [ ] OAuth 2.1 authentication implemented
- [ ] Audit logging enabled
- [ ] Rate limiting configured
- [ ] Tested with adversarial inputs (injection, path traversal, SSRF)
- [ ] Documented in your system's architecture