Mcp

Components (official MCP nomenclature) Host — The user-facing application that embeds the LLM and enforces policy (Claude Desktop, Claude Code, an IDE plugin, etc.). It owns the user, the model, and the trust boundary. Client — A protocol connector that lives inside the Host. One Client per Server, holding a 1:1 stateful session. The Host spawns Clients as needed. Server — The process that exposes capabilities (tools, resources, prompts) over the MCP protocol. Can be local (stdio transport) or remote (Streamable HTTP transport). Authorization Server (AS) — For remote Servers: the OAuth 2.1 issuer of access tokens. May be the Server itself or a separate identity provider. Resource Server (RS) — OAuth role played by the remote MCP Server when it validates bearer tokens on incoming requests. User — The human who approves connections, consents to tool calls, and answers elicitations. LLM — Not technically an MCP component, but the reasoning engine the Host drives; never talks to a Server directly. Phase 1 — Transport & connection Host → Client: Host launches a Client configured for a specific Server (command + args for stdio, or URL for HTTP). Client ↔ Server: Transport established. stdio: Host spawns the Server as a subprocess; JSON-RPC over stdin/stdout. Streamable HTTP: Client opens an HTTPS connection; bidirectional via POST + SSE stream. Phase 2 — Authorization (remote Servers only) MCP uses OAuth 2.1 + PKCE, with Resource Indicators (RFC 8707) and Dynamic Client Registration (RFC 7591). ...