MCP Enterprise-Managed Authorization is now stable: IdP-provisioned connector access replaces per-server OAuth consent for Claude, VS Code, and supported servers
June 18, 2026 · via Model Context Protocol
Topic Pillar
Model Context Protocol.The open standard that gives LLMs real tools.
MCP is the protocol that turns an LLM into an agent. It defines how a model discovers tools, calls them, streams results back, and authenticates against your systems. With 1.0 ratified and a remote-server registry of 500+, this is no longer an experimental layer.
● 38 cluster pages· 16 posts· 2 notes· 20 updates
What MCP solves
Before MCP, every team invented their own tool-call protocol. After MCP, you write a server once and any compliant model client can use it — Claude, GPT, local models. The wins compound: one shared auth profile, one discovery handshake, one schema format.
When to build your own server
Build an MCP server when you have a domain-specific tool that needs to be reused across agents — ticketing, billing, internal search. Use a public server when the integration already exists and is curated. Skip MCP entirely for one-off scripts; the protocol overhead is real if you only ever call one tool once.
The cost of an over-loaded registry
Every registered tool adds ~8–12 KB of schema overhead to every API call, plus selection noise that hurts accuracy. Audit your registry: anything not called in the last 30 days, drop from the default load.
16 blog posts
Deep dives on Model Context Protocol (MCP)
MCP
MCP Enterprise-Managed Authorization is stable: how IdP-provisioned connector access replaces per-server OAuth hell
EMA makes the organization IdP the decision-maker for which MCP servers a user can reach. Admins enable connectors once; clients exchange an Identity Assertion JWT for scoped tokens without redirecting every employee through OAuth per server. Anthropic ships it across Claude, Claude Code, and Cowork; VS Code supports it; Okta is the first IdP. Here is the pilot I run before July 28 stateless transport work lands.
Jun 19, 202614 min
Read the post ProductionAgentjacking is real: poisoned Sentry errors can hijack Cursor, Claude Code, and Codex without touching your repo
Tenet Threat Labs injected a fake stack trace through a public Sentry DSN and watched 100+ coding agents execute attacker commands during normal triage. No git write access required. The agent treats the error as ground truth. Here is how I harden observability MCP feeds, scope triage prompts, and block auto-exec on untrusted telemetry.
Jun 17, 202613 min
Read the post ArchitectureYour coding agent has amnesia. Persistent memory is the fix.
Claude Code forgets your architecture, your decisions, and why you ruled things out the moment a session ends. The reliability tax is not tokens, it is re-establishing context every morning. Here is what persistent agent memory actually is, how an open-source engine like Cortex implements it, and how to evaluate a memory layer for your own agents.
May 29, 202611 min
Read the post ProductionYour agent's supply chain is the attack surface now
A poisoned VS Code extension spent eighteen minutes on the marketplace and walked off with Claude Code credentials and MCP configs. The model was never the target. Your agent's supply chain is: the extensions, skills, MCP servers, tool definitions, and keys it is allowed to touch. Here is how I harden all four layers, and the checklist I run on every deployment.
May 27, 202612 min
Read the post MCPMCP just went stateless: what the 2026 spec release candidate changes for your servers
The biggest revision of MCP since 1.0 locked as a release candidate on May 21. The protocol goes stateless, extensions move out of the core, and authorization finally speaks OAuth properly. Most of your servers keep working. Here is what actually changes, what breaks, and the migration I would run in the ten weeks before the final spec lands.
May 26, 202611 min
Read the post Tool DesignYour agents aren't broken, your tools are: three questions to ask before you build one
When an agent misbehaves, almost everyone reaches for the prompt or the model. The fault is usually further down, in a tool that does too much, lies when it fails, or buries the answer in a wall of raw data. An AI tool is not a function. It is a contract the model has to trust. Here are the three questions I run before writing a single line of any tool.
May 25, 202611 min
Read the post Multi-AgentInside Recruiting Atelier: a runnable reference for the primitives of an agentic system
A working open studio that vets duplicates, plans the run, screens, scores, shortlists, and notifies. The whole pipeline lives in roughly ninety lines of supervisor code and a tool registry you can read in one sitting. Here is what is inside, why every piece is there, and what you can copy into your own stack.
May 24, 202614 min
Read the post ArchitectureCode agents vs skill agents: when to give an agent the keyboard and when to give it the toolbox
Two ways to let an agent act in the world. Code agents write fresh code into a sandbox. Skill agents pick from a curated menu. The choice should be made in the kickoff, not the postmortem. Here is the framing I use with clients, the four axes where they diverge, and the hybrid pattern most production systems become.
May 22, 202611 min
Read the post Tool DesignTool registry design for agentic AI: how the wrong registry kills accuracy before the prompt is read
I reviewed a system last month with 47 tools in its registry and a 22 percent wrong-tool-selection rate. The team was about to migrate from Sonnet to Opus to fix it. The prompt was fine. The registry was the bug. This is the audit pattern I run on every client codebase before we change anything else, the seven failure modes I see in production, and the numbers from the cleanup.
May 22, 202612 min
Read the post ArchitectureAI agent vs agentic AI: what the distinction actually means when you ship one
Vendors blur the line because "agentic" sells. The two terms describe different architectures, with different cost shapes, different observability needs, and different scoping conversations. Here is the framing I use with clients and the three-question test for which one your project actually needs.
May 22, 202612 min
Read the post ProductionMCP governance just became a product: what Databricks Unity AI Gateway changes for enterprise agents
Every enterprise MCP deployment I have audited in the last six months has been hand-rolling tool-access policy, payload logging, and per-team cost limits on top of a gateway someone wrote in two days. Databricks just shipped that as a product. Here is what it actually changes, where the gaps still are, and the migration I would run for a Databricks shop.
May 20, 202612 min
Read the post Tool DesignTool descriptions are prompts. Fix the registry, not the agent.
When an agent picks the wrong tool, the registry is broken, not the agent. Three rules I now apply before debugging anything in a multi-tool system: precise names, "when to use" triggers, and a curated load list. Anthropic's new tool-selection telemetry finally puts numbers on what changes accuracy.
May 13, 20269 min
Read the post MCPMCP 1.0 is here. What changes for the servers you already wrote
The protocol stabilised. Most working servers will keep working. Three places the new spec actually requires changes (auth profile, server registry, streaming-response semantics) with diffs from a real migration.
May 1, 20268 min
Read the post Tool DesignTool descriptions are prompts. Stop treating them like docstrings
A docstring tells a developer what a function does. A tool description tells a model when to call it. Different audience, different writing. Six concrete edits that lifted tool-call accuracy.
Apr 8, 20268 min
Read the post MCPWhy every team's first MCP server should be "list-files"
Smallest useful server. Hardest one to mess up. Teaches the protocol without distracting domain logic. The 60-line server we hand to teams during training.
Feb 4, 20267 min
Read the post Tool DesignThe one rule for designing agent tools that actually work
One tool, one purpose. Every tool that does two things will fail you on the third call. I have watched this pattern fail in every team I have trained, and the fix is the same refactor.
Oct 17, 20257 min
Read the post 2 carousel notes
Visual breakdowns on Model Context Protocol (MCP)
20 ship-news updates
Latest in Model Context Protocol (MCP)
Cursor Automations add the /automate skill, five GitHub review triggers, and computer-use demos for always-on cloud agents
June 18, 2026 · via Cursor
Tenet demonstrates Agentjacking: a poisoned Sentry error report hijacks Cursor, Claude Code, and Codex into running attacker code with no repo compromise
June 17, 2026 · via Tenet Security
Cursor makes Auto-review the default run mode: a classifier gate that scales agent autonomy by context instead of a global allow/deny switch
June 11, 2026 · via Cursor
Claude Managed Agents add cron scheduled deployments and vault-stored environment variables for CLI auth
June 9, 2026 · via Anthropic
Codex CLI 0.139.0 adds standalone web search in code mode and preserves oneOf/allOf in MCP tool schemas
June 9, 2026 · via OpenAI
Cursor SDK ships custom tools, nested subagents, JSONL stores, and auto-review for headless local agents
June 4, 2026 · via Cursor
The agent-to-agent layer consolidates: Microsoft Foundry adds A2A support at Build 2026 as the protocol passes 150 organizations
June 2, 2026 · via Microsoft
OpenAI Codex CLI 0.135.0 hardens MCP: per-server OAuth, concurrent read-only tools, and connector schemas that stop breaking
May 28, 2026 · via OpenAI
Enterprise solutions
How Model Context Protocol (MCP) ships in our engagements
The pages below are the buyer-focused, conversion-grade versions of this topic — deliverables, methodology, ROI, security considerations, and CTAs to scope a real engagement.
Solution
Agentic AI Consulting
Designed, built, and handed off — production agentic systems for enterprise teams.
Explore the Agentic AI Consulting solutionSolution
MCP Integration
Custom Model Context Protocol servers that turn your systems into agent tools.
Explore the MCP Integration solutionSolution
AI Systems Engineering Training
Eight-day corporate training programs that take dev teams from AI-assisted coding to production agentic systems.
Explore the AI Systems Engineering Training solutionSolution
Enterprise AI Architecture
Reference architectures for organisations standing up an AI platform — not one agent, but the foundation for many.
Explore the Enterprise AI Architecture solutionSolution
AI Automation for Enterprises
Operational agents that replace manual workflows — triage, support, ERP integration, content pipelines.
Explore the AI Automation for Enterprises solutionFrequently asked
Model Context Protocol (MCP) — the questions teams actually ask
For your team
Train your team on Model Context Protocol (MCP)
Two tracks — one for developers who build agents, one for business teams who use them. Customised to your stack, hands-on from session 1.
See Model Context Protocol (MCP) training tracksBuild with Jigar
Ship your first Model Context Protocol (MCP) system
Architecture design, production implementation on Claude API and MCP, full observability, and a real handoff. Working agents, not slides.
Explore Model Context Protocol (MCP) consultingRelated topic pillars
Adjacent topics to read next
Go deeper on this topic
New breakdowns on this and related agentic AI topics, plus what I am shipping for clients — one email on Thursdays.