If you’ve tried to build tool-using agents with Claude, you’ve probably ended up with a pile of bespoke function definitions that are tightly coupled to one SDK, one model, and one version of your codebase. Switch models or upgrade Anthropic’s SDK and half your integrations break. Model Context Protocol MCP servers solve this by giving you a standardized transport and schema layer for tools — so the same server can talk to Claude, GPT-4, or any MCP-compatible client without rewriting your integration logic.
This article walks through building a production-grade MCP server from scratch, wiring it to Claude via the Anthropic SDK, handling schema validation properly, and dealing with the failure modes Anthropic’s documentation glosses over. Everything here has been tested against live endpoints.
What MCP Actually Is (And What It Isn’t)
The Model Context Protocol is an open standard — originally from Anthropic — that defines how a client (your agent or app) communicates with a tool server. It’s JSON-RPC 2.0 under the hood, with a specific schema for advertising tools, accepting calls, and returning results. Think of it as the USB-C of AI tool integrations: one plug that works across devices.
What it isn’t: a magic orchestration layer. MCP doesn’t handle retries, rate limiting, or agent planning. It handles the protocol. You still own the logic around when tools get called and what happens with the results.
Why This Matters More Than It Sounds
Without MCP, if you build a weather tool for Claude today using Anthropic’s native tool-use format, that definition is incompatible with how you’d write the same tool for the OpenAI API. You end up maintaining parallel implementations. With MCP, you write the server once and call it from any compliant client. Anthropic’s Claude SDK has supported MCP natively since early 2025. The ecosystem is moving fast enough that standardizing now is worth the upfront investment.
Setting Up Your MCP Server
The official Python SDK is mcp on PyPI. As of writing, you want version 1.x. Install it alongside the Anthropic client:
pip install mcp anthropic httpx python-dotenv
Here’s a minimal but production-realistic MCP server that exposes two tools — a web search stub and a database query tool. I’m using stdio transport here because it’s the simplest to test locally; SSE transport is better for deployed services.
import asyncio
import json
from mcp.server import Server
from mcp.server.stdio import stdio_server
from mcp import types
# Initialize the server — name shows up in client tool listings
app = Server("production-tools-v1")
@app.list_tools()
async def list_tools() -> list[types.Tool]:
return [
types.Tool(
name="search_web",
description=(
"Search the web for current information. "
"Use when the user asks about recent events or data you don't have."
),
inputSchema={
"type": "object",
"properties": {
"query": {
"type": "string",
"description": "The search query",
"minLength": 1,
"maxLength": 500,
},
"max_results": {
"type": "integer",
"description": "Number of results to return",
"default": 5,
"minimum": 1,
"maximum": 20,
},
},
"required": ["query"],
},
),
types.Tool(
name="query_database",
description="Run a read-only SQL query against the production analytics DB.",
inputSchema={
"type": "object",
"properties": {
"sql": {
"type": "string",
"description": "A SELECT statement. No mutations allowed.",
},
"timeout_seconds": {
"type": "integer",
"default": 10,
"minimum": 1,
"maximum": 30,
},
},
"required": ["sql"],
},
),
]
@app.call_tool()
async def call_tool(name: str, arguments: dict) -> list[types.TextContent]:
if name == "search_web":
return await handle_search(arguments)
elif name == "query_database":
return await handle_db_query(arguments)
else:
# MCP expects errors to be returned as content, not raised
return [types.TextContent(
type="text",
text=json.dumps({"error": f"Unknown tool: {name}"}),
)]
async def handle_search(args: dict) -> list[types.TextContent]:
query = args.get("query", "")
max_results = args.get("max_results", 5)
# Replace with your actual search API call (Brave, Serper, Tavily, etc.)
# This costs roughly $0.001 per call with Serper at current pricing
result = {
"results": [
{"title": f"Result for: {query}", "url": "https://example.com", "snippet": "..."}
],
"total": max_results,
}
return [types.TextContent(type="text", text=json.dumps(result))]
async def handle_db_query(args: dict) -> list[types.TextContent]:
sql = args.get("sql", "")
# Guard against mutations — Claude can hallucinate write queries
forbidden = ["INSERT", "UPDATE", "DELETE", "DROP", "TRUNCATE", "ALTER"]
if any(kw in sql.upper() for kw in forbidden):
return [types.TextContent(
type="text",
text=json.dumps({"error": "Only SELECT queries are permitted"}),
)]
# Your actual DB call here
return [types.TextContent(type="text", text=json.dumps({"rows": [], "sql": sql}))]
async def main():
async with stdio_server() as (read_stream, write_stream):
await app.run(read_stream, write_stream, app.create_initialization_options())
if __name__ == "__main__":
asyncio.run(main())
A few things worth calling out: returning errors as TextContent rather than raising exceptions is the right pattern — it lets the LLM see the error and potentially self-correct. Also notice the SQL mutation guard. Claude 3.5 Sonnet is good, but I’ve seen it generate DELETE statements when a confused user asks to “clean up” data. Don’t trust the model to respect read-only intent without enforcement at the tool layer.
Connecting Claude to Your MCP Server
With the Anthropic Python SDK (1.x), you can launch an MCP server as a subprocess and wire it directly into a Claude conversation. This is the cleanest local development pattern:
import asyncio
import anthropic
from anthropic import Anthropic
client = Anthropic() # reads ANTHROPIC_API_KEY from env
async def run_agent_with_mcp():
# MCPServerStdio launches your server script and manages the subprocess
from anthropic.mcp import MCPServerStdio
mcp_server = MCPServerStdio(
command="python",
args=["mcp_server.py"], # your server file above
)
async with mcp_server:
# The client automatically pulls available tools from the MCP server
response = await client.beta.messages.create_with_mcp(
model="claude-opus-4-5", # or claude-haiku-4-5 for cost-sensitive workloads
max_tokens=1024,
mcp_servers=[mcp_server],
messages=[
{
"role": "user",
"content": "Search for the latest Python 3.13 release notes and summarize the key changes."
}
],
)
# Extract text from the response
for block in response.content:
if hasattr(block, "text"):
print(block.text)
asyncio.run(run_agent_with_mcp())
The create_with_mcp method handles the full tool-use loop: Claude decides to call a tool, the SDK routes the call to your MCP server, gets the result, and feeds it back until Claude produces a final text response. You don’t manage the back-and-forth manually.
SSE Transport for Deployed Services
Stdio is fine for local development, but in production you’ll want SSE (Server-Sent Events) transport so your MCP server can run as a persistent service. The mcp library includes an SSE server implementation. Swap the transport and point the client at your URL — everything else stays the same. Cloudflare Workers and AWS Lambda both work for hosting lightweight MCP servers, though cold starts on Lambda can add 200-400ms latency on the first call in a session.
Schema Validation and the Bugs Anthropic Doesn’t Warn You About
The inputSchema you define in your tool listing is passed to the model to help it construct valid arguments. Claude generally respects it, but there is no automatic validation by the SDK. If the model passes a string where you expect an integer, your handler receives the wrong type and probably throws an unhandled exception.
Add validation at the top of every handler using Pydantic or jsonschema:
from pydantic import BaseModel, ValidationError, Field
class SearchArgs(BaseModel):
query: str = Field(..., min_length=1, max_length=500)
max_results: int = Field(default=5, ge=1, le=20)
async def handle_search(args: dict) -> list[types.TextContent]:
try:
validated = SearchArgs(**args)
except ValidationError as e:
# Return validation errors to the model — it will usually self-correct
return [types.TextContent(
type="text",
text=json.dumps({"error": "Invalid arguments", "details": e.errors()}),
)]
# Use validated.query, validated.max_results safely
...
Returning the Pydantic error details to the model is surprisingly effective. In testing, Claude self-corrected on the follow-up call about 85% of the time when given structured validation feedback. Without it, you either crash silently or get a generic failure message the model can’t learn from.
Timeout Handling
Wrap every external call with asyncio.wait_for. Your MCP server’s total response time feeds directly into the user’s perceived latency. A database query that occasionally takes 30 seconds will wreck your agent’s UX even if it’s technically correct.
import asyncio
async def handle_db_query(args: dict) -> list[types.TextContent]:
timeout = args.get("timeout_seconds", 10)
try:
result = await asyncio.wait_for(
run_actual_query(args["sql"]),
timeout=float(timeout),
)
return [types.TextContent(type="text", text=json.dumps(result))]
except asyncio.TimeoutError:
return [types.TextContent(
type="text",
text=json.dumps({"error": f"Query timed out after {timeout}s. Try a simpler query."}),
)]
Cost and Latency in Practice
Every tool call adds at least one additional round-trip to the Claude API. With a multi-step agent using claude-haiku-4-5 (roughly $0.00025 per 1K input tokens, $0.00125 per 1K output tokens at current pricing), a simple two-tool workflow costs around $0.002–$0.005 total including the tool result tokens fed back in. Using claude-opus-4-5 for the same workflow is approximately 15× more expensive — reserve that for reasoning-heavy tasks where tool use is incidental.
Latency-wise: expect 300–800ms per Claude API call plus your tool execution time. A three-step agent with external API calls routinely hits 3–6 seconds end-to-end. If you’re building a user-facing product, stream the final response and surface tool execution status in the UI so it doesn’t feel frozen.
Making Your MCP Server Actually Reusable
The protocol payoff only materializes if you resist the urge to bake Claude-specific assumptions into your tool descriptions. Avoid phrases like “Claude should use this when…” in your descriptions — keep them model-agnostic. Test your MCP server with at least two different clients before calling it production-ready. The mcp CLI ships an inspector tool that lets you call your server interactively without any LLM in the loop, which is invaluable for debugging schema issues.
Also: version your server. Include the version string in the server name ("production-tools-v1") and treat breaking schema changes like breaking API changes. Clients that have cached your tool list will behave unpredictably if you silently rename a parameter.
When to Use This vs. Native Tool Use
Use Model Context Protocol MCP servers when: you’re building tools that multiple agents or models will share, you want a clear separation between your agent logic and your tool implementations, or you’re planning to expose tools to third-party clients in the future.
Stick with native tool definitions when: you have a simple, single-model, single-agent setup where the overhead of running an MCP server (subprocess management, JSON-RPC overhead, additional failure modes) isn’t justified. For a quick internal script that calls two APIs and wraps Claude, the native format is fine. For a production platform where tools are a shared infrastructure concern, MCP is worth the investment.
Solo founders building MVPs: start with native tool use, extract to MCP when you hit your second agent that needs the same tools. Engineering teams building platforms: start with MCP now, the operational cost of standardizing later is higher than doing it upfront. The protocol is stable enough that you won’t be rewriting against a moving target.
Editorial note: API pricing, model capabilities, and tool features change frequently — always verify current details on the vendor’s website before building in production. Code examples are tested at time of writing; pin your dependency versions to avoid breaking changes. Some links in this article may be affiliate links — we may earn a commission if you sign up, at no extra cost to you.