MCP servers that do one thing well
The MCP servers I trust most are narrow. They do not try to become a second application layer, and they do not hide too much logic behind a friendly tool name. They expose a small set of operations, return structured data, and make the agent ask for permission when the next step has real consequences.
That sounds less exciting than a server that can do everything, but the boring version is easier to debug. When a tool reads a file, searches an index, deploys a project, or checks an API, I want the shape of that action to be obvious from the logs.
Tool design is product design
A good tool contract has a clear verb, a tight input shape, and an output that does not require guesswork. The agent should not need to parse a wall of prose when a list of objects would be safer.
The best MCP interface is not the one that feels magical. It is the one where a human can replay the decision path after the run.
My current checklist
- Make reads and writes separate tools.
- Return IDs and stable URLs whenever possible.
- Keep destructive actions behind explicit confirmation.
- Log enough context to explain what changed.
I still like ambitious agent workflows, but the infrastructure under them should feel small, inspectable, and easy to replace. That is where MCP starts to become practical.