MCP overlooks hard-won lessons from distributed systems

Original Article ↗ Hacker News Discussion ↗

Scope of MCP vs Traditional RPC

  • Many argue MCP is not aiming to be a full distributed-systems/RPC stack but a light “tool discovery + context” layer between agents and tools.
  • Critics counter that, regardless of intent, it will end up in serious enterprise workflows, so classic RPC concerns (typing, tracing, cost attribution, retries, idempotence) must be designed in from day one.

Type Safety, JSON, and Schemas

  • The article’s worries about schemaless JSON and runtime type errors (e.g., timestamps, numeric precision in trading/healthcare) resonate with some, who foresee serious incidents plus opaque LLM-driven failure chains.
  • Others respond that MCP already uses JSON Schema (and TypeScript types) for tools and protocol; well-written clients and servers deterministically validate inputs/outputs before the LLM sees them.
  • There’s a long subthread clarifying that validation happens in conventional code (the MCP host/client), not inside the LLM—though skeptics insist LLM-driven orchestration remains fundamentally unreliable.

SOAP, CORBA, gRPC, and “Lessons Ignored”

  • Some see SOAP/CORBA as cautionary tales: technically rich (IDLs, schemas, language bindings) but over‑complex, brittle, and often non‑interoperable in practice.
  • Others say modern JSON APIs didn’t “forget” those lessons but intentionally rejected that complexity; MCP aligns with the de facto JSON‑over‑HTTP world.
  • gRPC/protobuf, Thrift, Cap’n Proto are cited as better-engineered RPC options that MCP could have reused; supporters reply that MCP’s discovery/runtime nature still requires its own spec even atop those.

Observability, Telemetry, and Cost Tracking

  • The article’s points on distributed tracing, cost attribution, and side‑effect annotations get partial agreement.
  • MCP maintainers and contributors note that telemetry, tool annotations, and cost reporting are either already in the spec or under active discussion, but critics say these are minimum 2025 requirements, not “nice to have later”.

Security, Agentic Risk, and Misuse

  • Security researchers highlight “overly agentic” systems, unfolding prompt injections, and SSRF as real, already-exploited risks; MCP doesn’t mitigate this.
  • Several commenters argue the true danger is using hallucinating LLMs for safety‑critical or financial actions at all; no protocol can fix that.

Simplicity vs Robustness / USB‑C Analogy

  • A recurring theme is “worse is better”: simple, loosely typed JSON protocols win adoption; rich, rigorous systems die.
  • MCP is praised as “good enough and accessible” but criticized as “USB‑C for AI” in the bad sense: a universal plug masking heterogeneous, loosely defined behavior.