GitHub

🔌 Model Context Protocol (MCP)

Understanding the Model Context Protocol and how ProofScan monitors it

What is MCP?

The Model Context Protocol (MCP) is an open standard that enables AI applications to connect to external data sources, tools, and services. It provides a universal way for AI models to interact with the world beyond their training data.

🎯 Key Benefits of MCP
  • Standardization: One protocol for all integrations
  • Security: Controlled access to resources
  • Flexibility: Works with any AI system and data source
  • Transparency: All communications are auditable

Protocol Basics

MCP is built on JSON-RPC 2.0, a lightweight remote procedure call protocol. All communications follow this standard format.

Message Types

1. Requests

Client sends a request to the server:

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tools/list",
  "params": {}
}

2. Responses

Server replies with a response:

{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {
    "tools": [...]
  }
}

3. Notifications

One-way messages (no response expected):

{
  "jsonrpc": "2.0",
  "method": "notifications/message",
  "params": {
    "level": "info",
    "message": "Task completed"
  }
}

4. Errors

Error responses when something goes wrong:

{
  "jsonrpc": "2.0",
  "id": 1,
  "error": {
    "code": -32601,
    "message": "Method not found"
  }
}

Core MCP Methods

Initialization

Establish connection and exchange capabilities:

  • initialize - Exchange protocol versions and capabilities
  • initialized - Confirm initialization complete

Resource Discovery

Discover available resources and tools:

  • tools/list - List all available tools
  • resources/list - List available resources
  • prompts/list - List available prompts

Tool Execution

Execute tools and retrieve results:

  • tools/call - Execute a specific tool

Resource Access

Read data from resources:

  • resources/read - Read resource content
  • resources/subscribe - Subscribe to resource updates

Notifications

Asynchronous event notifications:

  • notifications/message - Log messages
  • notifications/progress - Progress updates
  • notifications/resources/updated - Resource change events

Transport Layers

MCP supports multiple transport mechanisms:

1. stdio (Standard Input/Output)

Communication via process stdin/stdout:

  • Most common for local development
  • Simple process spawning
  • No network configuration needed
# Example stdio connector
pfscan connectors add \
  --id local-server \
  --stdio "node server.js"

2. SSE (Server-Sent Events)

HTTP-based streaming for server-to-client messages:

  • Ideal for remote servers
  • Works through firewalls
  • Standard HTTP(S) transport
# Example SSE connector
pfscan connectors add \
  --id remote-server \
  --sse "https://api.example.com/mcp"

3. WebSocket

Full-duplex bidirectional communication:

  • Real-time bidirectional messaging
  • Lower latency than SSE
  • More complex infrastructure

Connection Lifecycle

Understanding the MCP connection flow:

1. Connection Establishment

Client establishes transport connection with server

Client → [connect] → Server

2. Initialization

Exchange protocol version and capabilities:

Client: initialize
  {
    "protocolVersion": "1.0",
    "capabilities": {...}
  }

Server: result
  {
    "protocolVersion": "1.0",
    "capabilities": {...},
    "serverInfo": {...}
  }

Client: initialized

3. Active Communication

Client and server exchange messages:

Client → tools/list → Server
Client ← result ← Server
Client → tools/call → Server
Client ← result ← Server
...

4. Termination

Clean shutdown of connection:

Client → [disconnect] → Server

How ProofScan Monitors MCP

ProofScan captures all MCP communications transparently:

Capture Points

  • All Requests: Every method call from client to server
  • All Responses: Every result and error response
  • All Notifications: Asynchronous messages in both directions
  • Timing Data: Latency for each request/response pair

What ProofScan Records

{
  "timestamp": "2024-02-17T10:30:45.123Z",
  "session_id": "f2442c9b",
  "connector_id": "myserver",
  "direction": "request",
  "message": {
    "jsonrpc": "2.0",
    "id": 1,
    "method": "tools/call",
    "params": {
      "name": "get_weather",
      "arguments": {"city": "Tokyo"}
    }
  },
  "metadata": {
    "latency_ms": 145,
    "size_bytes": 256
  }
}

Analysis Capabilities

  • View complete message sequences
  • Identify performance bottlenecks
  • Debug protocol issues
  • Generate audit trails
  • Verify correct implementation

A2A (Agent-to-Agent) Protocol

ProofScan also supports monitoring the emerging Agent-to-Agent (A2A) protocol:

What is A2A?

A2A extends MCP concepts to enable direct agent-to-agent communication:

  • Agents can discover and call each other
  • Built on MCP foundations
  • Supports complex multi-agent workflows

A2A-Specific Methods

  • agent/discover - Find available agents
  • agent/call - Invoke another agent
  • agent/subscribe - Subscribe to agent events

Monitoring A2A with ProofScan

# Add an A2A agent connector
pfscan agent add \
  --id research-agent \
  --connector mcp-research

# Monitor A2A communications
pfscan scan start --id research-agent
pfscan view --follow

Best Practices

💡 MCP Implementation Tips
  • Error Handling: Always handle errors gracefully
  • Timeouts: Set appropriate request timeouts
  • Idempotency: Make operations idempotent when possible
  • Logging: Use notifications for important events
  • Versioning: Properly version your MCP implementations

When to Use ProofScan

  • Development: Debug MCP implementations
  • Testing: Verify protocol compliance
  • Production: Monitor live MCP traffic
  • Auditing: Generate compliance records
  • Performance: Identify slow operations

Additional Resources