Notes · Engineering

Building MCP Servers for Business Automation in 2026

For two years the interesting question about AI in a business was "what can it say?" In 2026 the interesting question is "what can it safely do?"

What MCP actually is, without the hype

Model Context Protocol is a standard way to hand an AI agent a set of tools and data sources it is allowed to use. Strip away the branding and it is an API contract for agents: here are the actions, here are their inputs, here is what comes back. The useful part is standardization: every agent and every tool now speak the same shape so you stop writing glue for each model.

Why this matters for a real business

A chatbot that can summarize your CRM is a demo. An agent that can read a lead, decide it is qualified, create the deal, and schedule the follow-up — inside the systems you already run — is automation. It is the same model in both cases, but what changed is reach. MCP is what gives an agent that reach in a controlled, inspectable way instead of a pile of brittle scripts.

The hard part is the boundary, not the model

Here is the lesson I keep relearning, and it is the same one the E-EFMP worktaught me: the model is the easy part. The engineering is the boundary around it. Every tool you expose is a thing an agent can do at three in the morning with no human watching. So the real design work is permissions, scopes, dry-run modes, audit logs, and the question "what is the worst this tool can do if the model is wrong?" for every single endpoint. A good MCP server is mostly a careful answer to that question.

What good ones look like

The MCP servers I am proud of share a few traits. Tools are narrow and named for intent, not for the underlying table. Destructive actions require explicit confirmation or a separate elevated scope. Everything the agent does is logged in a form a human can actually read back. And the surface area is small on purpose — fewer tools, each one trustworthy, beats a kitchen sink the agent half-understands.

Where this goes

The businesses that win with this will not be the ones with the smartest model. They will be the ones who modeled their own operations clearly enough that an agent can act on them without breaking anything. That is unglamorous work — state, permissions, honest interfaces — and it is the same work that has mattered the whole time. AI just made it urgent.

I write more about this kind of infrastructure on the Work page, or head back to all notes.