RSS

MCP Does Not Need Another App Store. It Needs a Control Plane

eugmai861 pts0 comments

MCP Servers Are Easy to Demo and Hard to Operate — Vectoralix

The MCP ecosystem is moving fast.

There are registries, connector catalogs, hosted tools, local servers, open-source examples, and wrappers around almost every popular API. This is useful. Discovery matters. Developers need a way to find tools, connect agents to external systems, and avoid writing everything from scratch.

But I think the MCP conversation is starting to focus too much on the easiest part.

Finding an MCP server is not the hard problem.

The hard problem starts after someone actually depends on one.

A demo MCP server can be impressive in five minutes. It exposes a few tools, connects to a local file, calls an API, or searches some documentation. The agent calls it, the response looks useful, and everyone understands the idea.

Then the real questions begin.

Who owns this server?

Which version is the agent using?

Can we test a tool before changing it?

What happens if the response format changes?

Can we roll back?

Who can call this tool?

Where are the logs?

Which credentials are exposed?

Why did the agent call this tool yesterday?

Can another team member use the same setup?

Can this run outside one developer’s laptop?

That is where the demo ends and operations begin.

Local MCP is great until it becomes team infrastructure

Local MCP servers are a good starting point. They are simple, flexible, and developer-friendly. For personal workflows, that may be enough.

A developer can run a server locally, connect it to an editor or agent, expose a few tools, and move quickly. There is very little ceremony. That is one of the reasons MCP became interesting in the first place.

But local-first workflows have a natural ceiling.

They work well when the user, the machine, the credentials, and the context all belong to the same person. They become harder when the same MCP server is expected to support a team.

For example, imagine an MCP server that exposes internal project knowledge.

At first, it reads a few Markdown files from a repository. Then it expands to API documentation. Then it includes database schema notes, deployment instructions, product decisions, and troubleshooting guides.

One developer can run that locally.

But when five people need it, the setup starts to become fragile. Everyone has slightly different files, slightly different environment variables, slightly different versions, and slightly different client configurations.

The agent may appear to have access to “the same knowledge,” but in practice each person is running a different copy of the system.

That is not infrastructure. That is a collection of personal setups.

Discovery is not lifecycle management

A registry or directory answers one question:

Where can I find an MCP server?

That is an important question, but it is not the same as:

How do I safely operate this MCP server once workflows depend on it?

Those are completely different problems.

A directory helps with discovery.

A connector catalog helps with access to popular services.

A gateway may help centralize traffic and authentication.

A local server helps a developer move quickly.

But production use needs something else: lifecycle management.

That means treating MCP servers less like small scripts and more like controlled interfaces that agents depend on.

The moment an agent can take action through a tool, the MCP server becomes part of the application surface. It is no longer just “context.” It is a boundary where AI behavior meets real systems.

That boundary needs to be managed.

Tool definitions are contracts

One of the easiest mistakes with MCP is treating tool definitions as casual prompts.

A tool name, description, input schema, and output format are not just documentation for the model. They are a contract between the agent and the system.

When that contract changes, behavior can change.

Renaming a tool can break selection.

Changing a description can change when the model decides to call it.

Adding optional fields can confuse the agent.

Changing the output shape can break downstream reasoning.

Returning too much data can pollute the context window.

Returning too little data can make the tool useless.

In normal software, we understand this. API changes are reviewed, versioned, tested, deployed, and sometimes rolled back.

MCP tools deserve the same treatment.

Not because every MCP server needs enterprise ceremony, but because agents are sensitive to small changes in their tool surface. A human developer can read a changelog and adjust. An agent may simply start making worse calls.

The missing checklist for real MCP usage

A serious MCP setup eventually needs a boring checklist.

Not exciting. Not magical. Just necessary.

It needs versioned releases, so teams know which tool definitions and instructions are currently active.

It needs a playground or test environment, so changes can be tried before they affect real users or workflows.

It needs request logs,...

server tool agent needs local developer

Related Articles

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

Is AI ruining our skills? Early results are in – and they're not good

Michelangelo1124 ptstools skills during physicians colonoscopies tool

The Anatomy of an AI-Native Org

kiyanwang22 ptstranslated managers business translation language engineering

Apertus – Open Foundation Model for Sovereign AI

T-A16 ptsopen model apertus foundation sovereign fully

How to Earn a Billion Dollars

kingstoned15 ptsmonth become startup growth years billionaire
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.