You are debugging a production incident. The stack trace lives in Sentry, the related issue lives in GitHub, and your session so far has been you copying fragments of each into the prompt, one paste at a time, while Claude works from whatever survived your clipboard. Every paste is stale the moment you make it, and Claude cannot follow up on any of it. This is the exact situation MCP exists for: instead of you ferrying data between systems and the agent, the agent reads and acts on those systems directly.
What MCP actually is
The Model Context Protocol is an open standard for connecting AI tools to external systems. An MCP server is a program that exposes tools (and sometimes prompts and resources) over a standard protocol. An MCP client, Claude Code in our case, connects to servers and makes their tools callable inside the agent loop, exactly like the built-in Read or Bash tools. The docs put the trigger condition plainly: connect a server when you find yourself copying data into chat from another tool.
Two transports matter as of July 2026:
- stdio: Claude Code spawns the server as a child process on your machine and talks to it over stdin/stdout. Local, no network, dies with the session. This is how you run servers that need access to your machine, like a browser-automation server.
- HTTP: the server runs remotely, usually operated by the vendor, and Claude Code talks to it over the network, typically with OAuth. This is how you connect to SaaS products like Sentry or Notion without installing anything.
A third transport, SSE, is deprecated per the docs; prefer HTTP where a server offers both.
Every tool a server exposes gets a namespaced name: mcp__<server>__<tool>, so a search_issues tool on a server you named sentry is callable as mcp__sentry__search_issues. That full name is what you use in permission rules and subagent tool lists, which means MCP tools slot into the same trust-tier machinery you configured in 2.1.
One fear you can retire: connecting servers no longer floods your context with tool schemas. Tool search is on by default, so only tool names and short server instructions load at session start, and full tool definitions are pulled in only when Claude actually needs them. The practical limit on how many servers you connect is your attention as an auditor, not your token budget.
In practice: wiring servers
Adding a remote HTTP server is one command. Sentry's official server is the docs' own worked example:
claude mcp add --transport http sentry https://mcp.sentry.dev/mcpThen, inside a session, run /mcp. Servers that answered with 401 or 403 are flagged as needing authentication, and the /mcp panel walks you through the OAuth flow in your browser. Once connected, the panel shows each server's tool count, and re-authentication (when a token expires) happens in the same place.
A local stdio server is the same command with the transport flag and a -- separator:
claude mcp add --transport stdio playwright -- npx @playwright/mcp@latestThe -- matters. Everything before it is Claude Code's own options; everything after it is the command that runs the server, passed through untouched. Forget the separator and Claude Code will try to parse the server's flags as its own, which fails in confusing ways when the server takes options like --port.
Scopes: who else gets this server
Where a server definition lives decides which projects load it and whether your team gets it too. As of July 2026 there are three scopes:
| Scope | Loads in | Shared with team | Stored in |
|---|---|---|---|
| local (default) | current project only | no | ~/.claude.json |
| project | current project only | yes, via .mcp.json in the repo | .mcp.json |
| user | all your projects | no | ~/.claude.json |
Local is the default and the right home for anything with your personal credentials. Project scope (--scope project) writes .mcp.json at the repo root so the whole team gets the server on clone; Claude Code prompts each person for approval before using project-scoped servers, because running a server someone committed to a repo is running someone else's code. User scope (--scope user) is for servers you want everywhere, like a documentation lookup server.
Team-shared configs should never contain secrets. .mcp.json supports environment variable expansion for exactly this reason:
{
"mcpServers": {
"internal-api": {
"type": "http",
"url": "${API_BASE_URL:-https://api.example.com}/mcp",
"headers": {
"Authorization": "Bearer ${INTERNAL_API_KEY}"
}
}
}
}${VAR} expands from the environment, ${VAR:-default} falls back when unset, and expansion works in command, args, env, url, and headers. Each teammate supplies their own key; the config carries none.
Day-to-day management is three commands plus the panel: claude mcp list, claude mcp get <name>, claude mcp remove <name>, and /mcp inside a session for status, auth, and tool counts.
Three servers worth connecting, and why these
Every server below was fetched and checked this month; all three are first-party (built by the vendor whose system they front) and actively maintained as of July 2026.
- Sentry (
https://mcp.sentry.dev/mcp, remote HTTP): production errors in the loop. "Check Sentry for new errors from this release and fix the top one" becomes a single dispatch. - GitHub MCP Server (github/github-mcp-server): issues, PRs, Actions runs, Dependabot alerts. GitHub hosts a remote version at
https://api.githubcopilot.com/mcp/, with a local Go binary as the fallback. Worth having, with a caveat the next section takes seriously: much of what it does, theghCLI also does. - Playwright MCP (microsoft/playwright-mcp, stdio via
npx @playwright/mcp@latest): drives a real browser through accessibility snapshots rather than screenshots. This is the missing verification tool for web work: Claude can open your app and check that the thing it built actually renders.
Where it breaks
The trust boundary is the whole game. Look at the figure again: every tool result crosses from the server into your context window. A server is code you are running (stdio) or a service you are trusting (HTTP), and its outputs become instructions-adjacent text the model reads. The docs are blunt: verify you trust each server before connecting it, and servers that fetch external content carry prompt injection risk, because a malicious page or issue comment can embed text engineered to steer your agent. Treat tool output as untrusted input, keep write-capable permissions off servers that read the open web, and hold this thought: Lesson 3.8 is entirely about this attack class.
Output floods. MCP tools can return enormous payloads. Claude Code warns when a single tool output exceeds 10,000 tokens and caps output at 25,000 tokens by default (tunable via MAX_MCP_OUTPUT_TOKENS). If a server keeps tripping the warning, that is context rot being manufactured in bulk; scope your queries or find a server that paginates.
The wrong default: MCP for everything. Here is the position, and it will annoy the directory-collectors: when a good CLI exists, the CLI usually beats the MCP server. gh covers most of what the GitHub server does, Claude already knows its flags cold, invoking it costs a Bash call instead of resident server instructions, and you compose it with pipes and jq for free. Even Microsoft agrees against its own product: the Playwright MCP README itself notes that coding agents increasingly favor CLI-based workflows because they avoid loading large tool schemas and verbose outputs into context. MCP earns its place in three situations: the system has no usable CLI (most SaaS), the auth is OAuth and you want it handled once (Sentry), or the integration needs state a CLI cannot hold across calls (a live browser session). Default to the CLI; promote to MCP when one of those three is true.
Twelve servers connected at user scope, including three that duplicate gh, one abandoned community server for a database you no longer use, and a web-scraper with write access to your repo.
Every session boots with a dozen sets of server instructions, and you cannot say what half the tools do.
Two or three servers, each with a job a CLI cannot do: Sentry for production errors, Playwright for browser verification. Project scope only where the team needs it, secrets via env expansion.
You have read what each server exposes, and you know which of its tools can write.
Lablab-2-7Wire a real server and make it earn its place
Goal: Connect the Playwright MCP server, use it in a real verification task, and audit what it added to your session.
Prereqs: the agentic-practice repo, Node 18+, Chrome or another Playwright-supported browser installed.
- From the practice repo, add the server at local scope:
claude mcp add --transport stdio playwright -- npx @playwright/mcp@latest - Confirm it registered:
claude mcp listshould showplaywright, andclaude mcp get playwrightshould show the command and stdio transport. - Start a session and run
/mcp. Find the server, note its tool count, and skim the tool names. Ask Claude: "List the playwright MCP tools you can see and what each does." Read the answer; this is the audit step most people skip. - Dispatch a real task that needs a browser: "Using the playwright tools, open https://example.com, take an accessibility snapshot, and tell me the page's main heading and link count." Watch the permission prompts as MCP tools fire for the first time.
- Now the judgment step. Write two or three sentences in
mcp-notes.md: could a CLI have done this task, and what would the equivalent have cost? (For browser state, the honest answer is that a persistent session is genuinely hard to replicate with one-shot commands.) - Remove the server (
claude mcp remove playwright) or keep it deliberately, but decide, and note the decision.
Verify
claude mcp listshowed the server before removal, and/mcpshowed it connected with a nonzero tool count.- The browser task completed with tool calls named
mcp__playwright__...visible in the session. mcp-notes.mdcontains your CLI-vs-MCP judgment for this task and your keep-or-remove decision.
>Troubleshooting
- Server shows as failed in
/mcp: run the server command directly (npx @playwright/mcp@latest) in a terminal and read its error. Usually it is a missing browser; Playwright will tell you the install command it needs. - Claude answers about the page without using MCP tools: it may have used its built-in web fetch instead. Re-dispatch and require the tools by name: "use the mcp__playwright__ tools for this."
- Tool calls hang or return huge snapshots: complex pages can produce large accessibility trees. Point it at a simpler page for the lab; the output-size lesson still lands.
Knowledge check
Knowledge check
Sources
- Connect Claude Code to tools via MCP (transports, scopes, auth, tool search, output limits, injection warning): https://code.claude.com/docs/en/mcp (fetched July 2026)
- Playwright MCP README (install command, MCP-vs-CLI discussion): https://github.com/microsoft/playwright-mcp (fetched July 2026)
- GitHub MCP Server README (remote endpoint, capabilities): https://github.com/github/github-mcp-server (fetched July 2026)
- Sentry MCP repository (maintenance check for the docs' example server): https://github.com/getsentry/sentry-mcp (fetched July 2026)