8 expert MCP Protocol Fundamentals answers researched from official documentation. Every answer cites authoritative sources you can verify.
MCP is built on JSON-RPC 2.0. All MCP messages follow JSON-RPC 2.0 specification format with jsonrpc, id, method, and params fields. MCP adds stateful sessions and specific transport requirements on top of JSON-RPC 2.0 foundation. This means any JSON-RPC 2.0 client library can be adapted for MCP. The jsonrpc field must always be '2.0'. Example message: {jsonrpc:'2.0', id:1, method:'initialize', params:{protocolVersion:'2025-03-26'}}.
2025-03-26 is the current MCP protocol version as of March 2025. It introduced OAuth 2.1 authorization, streamable HTTP transport, and improved session management. Version format uses date (YYYY-MM-DD) to indicate when specification was released. Clients specify version in initialize request: params:{protocolVersion:'2025-03-26'}. Server responds with same or compatible version. Version incompatibility causes client to disconnect. Always use latest version for new implementations.
Yes, initialization MUST be the first interaction. Client cannot send any other requests before successful initialize exchange. Pattern: Client sends 'initialize' request → Server responds with capabilities → Client can now use tools/resources/prompts. Attempting tools before initialization causes protocol error. Initialization establishes: protocol version agreement, server capabilities, session context. Without it, server doesn't know what client supports. This is enforced by specification using RFC2119 MUST keyword.
MCP supports two transport mechanisms: (1) stdio - Standard input/output, used for local processes, simple piping. (2) HTTP+SSE - HTTP for requests, Server-Sent Events for server-initiated messages, used for remote servers. Also: Streamable HTTP (newer, simpler - single POST endpoint). Choice depends on deployment: stdio for CLI tools/local development, HTTP+SSE or Streamable HTTP for production web services. stdio is simpler to implement, HTTP+SSE scales better. Streamable HTTP combines benefits of both into single endpoint.
Yes, PKCE (Proof Key for Code Exchange) is mandatory for ALL MCP clients when using OAuth 2.1. This includes CLI tools, desktop apps, mobile apps - not just web apps. PKCE protects against authorization code interception attacks. Most MCP clients are 'public clients' (can't keep secrets), so PKCE is required. Implementation: Generate code_verifier (random string), send code_challenge (SHA256 hash) in auth request, send code_verifier in token request. No exceptions - even confidential clients should use PKCE for defense in depth.
Session IDs MUST be: (1) Globally unique - no collisions across all sessions ever, (2) Cryptographically secure - use UUID v4, JWT, or cryptographic hash, (3) Visible ASCII only (0x21-0x7E) - for HTTP header compatibility, (4) Non-deterministic - unpredictable, not sequential. Good: UUID.v4(), crypto.randomUUID(), JWT with random claims. Bad: sequential integers, timestamps, predictable patterns. Security: Prevents session hijacking, fixation attacks. Session ID included in Mcp-Session-Id header for all requests after initialization. Server assigns session ID during initialize response.
Yes, hosts MUST obtain explicit user consent before invoking tools. This is a security requirement - users must know and approve when agents take actions. Pattern: Agent proposes tool call → Host shows UI asking user 'Allow calling send_email?' → User approves → Tool executes. Without consent, agents could silently make API calls, send emails, delete data. Some hosts implement: approve once per session, approve per tool type, approve every invocation. Minimal requirement: User sees what tool will be called. This prevents unauthorized agent actions.
MUST, SHALL, and REQUIRED mean absolute requirement following RFC2119 interpretation. If specification says 'PKCE is mandatory', implementations MUST include it - not optional. Other keywords: SHOULD (recommended but not required), MAY (optional), MUST NOT (prohibited). Example: 'Session IDs MUST be secure' means implementations without secure session IDs are non-compliant. This standardizes interpretation across all MCP implementations. Keywords in ALL CAPS indicate normative requirements. Use these keywords to determine which features are required vs optional when implementing MCP servers.