Wednesday, November 05, 2025
Sunday, September 28, 2025
Monday, September 08, 2025
Building MCP Servers: Tool Descriptions + Service Contracts = Dynamic Tool Groups
The Model Context Protocol (MCP) can easily be used to expose APIs and services in the form of MCP tools...i.e. functions/methods that can take input, perform some actions based upon that input, and produce output, without specifying a particular language or runtime.
OSGi Services (and Remote Services) provide a dynamic, flexible, secure environment for microservices, with clear well-established mechanisms for separating service contracts from service implementations.
One way to think of a service contract for large language models (LLMs) is that the service contract can be enhanced to provide LLM-processable metadata for each tool/method/function. Any service contract can still be used by human developers (API consumers), but with tool-specific meta-data/descriptions added, larger service contracts can be also used by any model.
Since service contracts in most languages are sets of functions/methods, the service contract can also be used to represent groupings of MCP tools, or Dynamic MCP ToolGroups. The example on the MCPToolGroups page and on the Bndtools project templates, is a simple example of grouping a set of related functions/methods into a service contract and including MCP tool meta-data (tool and tool param text descriptions).
Monday, August 25, 2025
Building MCP Servers: Dynamic Tool Groups
Currently, adding tools to MCP servers is a static process. i.e. a new tool is designed and implemented, MCP meta-data (descriptions) added via annotations, decorators, or code, the new code is added to the MCP server, things are compiled and started, tested, debugged, etc.
As well, there is currently no mcp concept of tool 'groups'...i.e. multiple tools that are grouped together based upon function, common use case, organization, or discoverability. Most current MCP servers have a flat namespace of tools.
I've created a repo with a small set of classes, based upon the mcp-java-sdk and the mcp-annotations projects, that supports the dynamic adding and removing of tool groups from mcp servers.
In environments with the OSGi service registry, this allows the easy, dynamic, and secure (type safe) adding and removing of OSGi services (and/or remote services) to MCP servers.
Wednesday, August 20, 2025
Building MCP Servers: Alternative Transports
Saturday, August 02, 2025
Building MCP Servers: Preventing AI Monopolies
I recently read an insightful article about using open protocols (MCP in this case) to prevent user context/data lock-in at the AI application layer:
Open Protocols Can Prevent AI Monopolies
In the spirit of this article, I've decided to make an initial code contribution to the MCP java sdk project
Friday, July 11, 2025
Building MCP Servers - part 3: Security
There have been recent reports of critical security vulnerabilities on the mcp-remote project, and the mcp inspector project.
I do not know all the technical details of the exploits, but it appears to me that in both cases it has to do vulnerabilities introduced by the MCP Server implementation. and use of the stdio MCP transport.
I want to emphasize that example described in these two posts
is using mechanisms that are...though heavy usage by commercial server technologies over the past 10 years...not subject to the same sorts of remote vulnerabilities seen by the mcp-remote and mcp-inspector projects.
Also, the flexibility in discovery and distribution provided by the RSA Specification and the RSA implementation used, allows for addressing MCP Server remote tools, or protocol weaknesses, quickly and easily, without having to update the MCP Server or tooling implementation code.