An LLM does not need to understand MCP

Original Article ↗ Hacker News Discussion ↗

What MCP Is (and Isn’t)

  • Repeated clarification: MCP is a protocol for toolchains / clients, not for the LLM itself.
  • The model just emits structured text (e.g., tool calls); the client interprets and executes via MCP.
  • Supporters see MCP as a generic JSON-RPC-based integration layer with discovery, auth, and packaging; potentially akin to REST/SOA/USB or a future AppleScript/COM replacement.
  • Skeptics argue it’s mostly “JSON in context,” rushed out to own a standard, and often overkill versus simple REST/RPC APIs.

LLMs, Tools, and “Understanding”

  • Core claim: LLMs don’t “know” MCP; they only generate text that represents tool calls.
  • Several note modern APIs now require tools described out-of-band and can constrain outputs (e.g., JSON schemas), which weakens the article’s original framing.
  • There’s a philosophical side-thread about whether emitting structured commands already counts as “using tools.”

Alternatives and Wire Formats

  • Many argue an LLM shouldn’t care if tools are described via MCP, OpenAPI/Swagger, REST, SOAP, or ad hoc natural language.
  • OpenAPI is favored by some for existing security practices and tooling; others argue MCP’s discovery step improves over “hope the OpenAPI spec exists and is correct.”

Tool Proliferation and Context Limits

  • Strong concern that exposing many tools degrades performance: larger context, more noise, more wrong or obsessive tool use.
  • Suggested mitigations: fewer tools per agent, sub-agents with narrow scopes, RAG-like selection, or an MCP “gateway plane” that filters tools per task.
  • Disagreement on whether this is an MCP-spec problem or a higher-level agent design issue.

Security, Auth, and Deployment

  • Local MCPs: easy to wire into desktop clients but seen as an auth/token leakage risk.
  • Remote MCPs: better fit for enterprises but need gateways for identities, allowlists, policy, and composition.
  • Some say MCP was always meant primarily for local stdio; remote auth pain comes from stretching that design.

Adoption, UX, and Frameworks

  • Doubts about whether anyone will care about MCP if most people interact through application UIs, not generic chatbots.
  • Configuration and auth (e.g., Google Analytics MCP) viewed as too hard for non-experts.
  • LangChain and similar frameworks are criticized as prematurely complex; many see all of this as “just state machines” that could be much simpler.

Context Engineering

  • One view: it’s just prompt engineering for tool-using agents.
  • Another: it’s a broader discipline about designing the whole environment and context in which agents operate, not just the input string.