ArchitectureDiagram.ai logoArchitectureDiagram.ai
Back to blog

MCP Architecture Diagram: The Complete Visual Guide (2026)

How to draw an MCP (Model Context Protocol) architecture diagram. Learn the core components — hosts, clients, servers, and transports — and generate accurate MCP diagrams from plain English in seconds.

R
Ryan·Senior AI Engineer
·

An MCP architecture diagram visualizes how an AI application connects to external tools and data sources using Anthropic's Model Context Protocol (MCP). Introduced in late 2024, MCP is an open standard that lets LLMs communicate with databases, file systems, APIs, and other services through a unified client/server protocol — replacing the fragmented world of one-off tool integrations with a composable, portable layer.

Diagramming your MCP setup is essential for design reviews, onboarding new engineers, debugging tool-call failures, and communicating the scope of your AI system's capabilities and trust boundaries to security reviewers. This guide covers every component of an MCP architecture, shows the most common deployment patterns, and includes ready-to-use prompt templates for generating accurate MCP diagrams in seconds.

What is MCP and why diagram it?

Before MCP, every AI application that needed external context — reading files, querying a database, calling a REST API — had to implement its own bespoke integration. Tool definitions were duplicated across projects, authentication was handled inconsistently, and moving an integration from one LLM host to another required rewriting everything.

MCP standardizes this. An MCP server exposes a well-defined set of tools, resources, and prompts over a standard transport. Any MCP client — Claude Desktop, Claude Code, a custom AI app, or another agent — can discover and invoke those capabilities without knowing anything about the underlying implementation. The result is an ecosystem of reusable, composable integrations: a GitHub MCP server built by one team can be dropped into any MCP-compatible host.

This composability is exactly what makes MCP architecture worth diagramming. A single AI application might connect to five or ten MCP servers simultaneously, each with its own transport, auth model, and tool namespace. Without a diagram, the scope of what your AI agent can actually do — and what systems it can touch — is invisible.

The core components of an MCP architecture

MCP Host

The MCP host is the AI application that wants to use external capabilities. Common hosts include Claude Desktop (the consumer app), Claude Code (the CLI/agent), and custom AI applications built with the Anthropic SDK or compatible frameworks. The host is responsible for managing one or more MCP client connections, presenting available tools to the LLM, and routing tool-call requests to the correct server.

MCP Client

The MCP client is the protocol layer that lives inside the host. Each client maintains a 1:1 connection with a single MCP server, handling the JSON-RPC message framing, capability negotiation during the initialization handshake, and request/response lifecycle. In most diagrams, the client is shown as an internal component of the host box rather than a standalone service — but it is architecturally distinct and worth labeling to make the protocol boundary explicit.

MCP Servers

MCP servers are the integration layer. Each server wraps one or more external systems and exposes their functionality as three primitive types:

  • Tools: Callable functions with typed input schemas. The LLM invokes tools to take actions — reading a file, running a query, creating a GitHub issue. Tools are the most commonly used MCP primitive.
  • Resources: URI-addressed data that the host can read and inject into context. Think of resources as a structured way to expose documents, database rows, or API responses that the model should read but not necessarily act on.
  • Prompts: Reusable prompt templates exposed by the server. A code review server might expose a "review-pr" prompt template that the host surfaces as a slash command, pre-filling it with relevant context from the server's other capabilities.

Transport layer

MCP supports two transport mechanisms, and your diagram should always make clear which one is in use — they have very different deployment and security implications:

  • stdio: The host spawns the MCP server as a child process and communicates via stdin/ stdout. This is the standard transport for local MCP servers (e.g., filesystem, local database, CLI tools). Simple to deploy, no network port required, inherits the host's OS-level permissions.
  • HTTP + Server-Sent Events (SSE): The MCP server runs as a standalone HTTP service. The client sends requests via HTTP POST and receives streaming responses via SSE. This transport is required for remote MCP servers — shared team services, cloud-hosted integrations, and any server that needs independent scaling or multi-tenant auth.

Tool call flow

The end-to-end flow in an MCP architecture follows this sequence, which your diagram should trace: the user sends a message to the host → the host includes available tool definitions in the LLM prompt → the LLM decides to call a tool and returns a structured tool-call response → the host routes the call to the appropriate MCP client → the client sends a JSON-RPC request to the MCP server → the server executes the underlying action and returns a result → the host injects the result into the next LLM turn → the LLM synthesizes a final response.

Prompt templates for common MCP patterns

Basic MCP setup: Claude Desktop with local servers

"Claude Desktop is the MCP host. It spawns two MCP servers as local child processes over stdio transport: a filesystem MCP server with read/write access to the user's ~/Projects directory, and the official GitHub MCP server authenticated with a personal access token. Claude Desktop maintains one MCP client connection per server. When the user asks a question, Claude can call tools from either server — for example, read_file from the filesystem server or create_issue from the GitHub server. Tool results are returned to Claude and injected into the conversation context."

Enterprise MCP hub: centralized gateway with routing

"A centralized MCP gateway service sits between AI hosts and backend MCP servers. The gateway exposes a single HTTP+SSE endpoint to all internal AI applications. Incoming requests are authenticated via OAuth 2.0 JWT validation and routed to one of five backend MCP servers: Postgres MCP server (read-only analytics DB), Salesforce MCP server, Confluence MCP server, GitHub Enterprise MCP server, and an internal secrets vault MCP server. The gateway enforces per-server RBAC — not all users can access all servers. Each backend server runs as an isolated container. The gateway logs all tool calls to a central audit trail in Splunk. AI applications connect to the gateway over mTLS."

AI coding agent: Claude Code with multiple MCP servers

"Claude Code is the MCP host running as a CLI agent. It connects to three MCP servers over stdio: the filesystem MCP server (full read/write to the project repo), the Supabase MCP server (connected to the project's development Supabase instance — can run SQL, apply migrations, read table schemas, and fetch logs), and the GitHub MCP server (can read issues, create branches, open pull requests, and check CI status). When given a task, Claude Code orchestrates across all three servers: reading the codebase via filesystem tools, checking the DB schema via Supabase tools, and opening a PR via GitHub tools — without leaving the terminal."

Multi-agent MCP orchestration

"An orchestrator agent (Claude claude-opus-4-5) receives a complex research task and spawns three subagents in parallel, each running as a separate Claude claude-sonnet-4-6 instance. Subagent 1 is a web research agent connected to a browser automation MCP server (Playwright-based) and a search MCP server. Subagent 2 is a data analysis agent connected to a Python execution MCP server and a PostgreSQL MCP server. Subagent 3 is a writing agent connected to a filesystem MCP server and a Google Docs MCP server. Each subagent has its own independent set of MCP client connections. The orchestrator communicates with subagents via a message-passing MCP server that it also controls. Final results from all three subagents are aggregated by the orchestrator into a synthesized report written to Google Docs via Subagent 3."

MCP server type reference

Server typeExample serversTypical tools exposed
FilesystemMCP filesystem server (official)read_file, write_file, list_directory, search_files
DatabaseSupabase MCP, Postgres MCP, SQLite MCPexecute_sql, list_tables, apply_migration, get_logs
Version controlGitHub MCP (official), GitLab MCPlist_issues, create_pull_request, get_commit, search_code
Browser automationPlaywright MCP, Puppeteer MCPnavigate, click, screenshot, extract_text, fill_form
Web searchBrave Search MCP, Exa MCP, Tavily MCPsearch, get_page_content, news_search
SaaS / APISlack MCP, Google Drive MCP, Notion MCP, Stripe MCPVaries by service — read/write/search operations on the SaaS data model
Code executionPython sandbox MCP, E2B MCP, Jupyter MCPrun_code, install_package, get_output, list_variables
Memory / knowledgeMemory MCP (official), custom vector-DB MCPcreate_entity, search_knowledge_graph, add_memory, recall

What a good MCP architecture diagram must show

An MCP architecture diagram is more than a list of connected boxes. To be useful for engineering reviews and security audits, it must make the following explicit:

  • Host / client / server separation: These three roles have distinct responsibilities and trust levels. The host controls what the LLM can request; the client enforces the protocol; the server controls what actually happens to external systems. Keep them visually distinct.
  • Transport protocols: Label every connection with its transport — stdio or HTTP+SSE. This determines deployment topology: stdio servers run on the same machine as the host; HTTP servers can be remote and shared.
  • Tool namespacing: When a host connects to multiple MCP servers, tools from different servers can have the same name. Show how tool names are namespaced or prefixed (e.g., filesystem__read_file vs. github__read_file) to avoid ambiguity in the LLM's tool-call decisions.
  • Auth boundaries: Show which credentials each MCP server holds (API keys, OAuth tokens, DB connection strings) and where they are stored. This is the most important security surface in an MCP architecture — a compromised MCP server has access to everything its credentials allow.
  • Capability negotiation: MCP's initialization handshake lets clients and servers advertise what they support. If your diagram covers a multi-version deployment (e.g., some servers on MCP 1.0, some on 1.1), annotate the protocol version per connection.
  • Trust levels and sandboxing: Some MCP servers have destructive capabilities (write to filesystem, execute code, send emails). Annotate servers with read-only vs. read-write access, and show any sandbox boundaries (e.g., a code execution server running inside an isolated container or VM).

Common mistakes in MCP architecture design

MCP is still a young standard and teams are developing best practices in real time. These are the mistakes that show up most often in MCP architecture diagrams — and in production incidents:

  • Connecting too many servers to a single host — each server's full tool list is injected into the LLM context, which can exhaust the context window and degrade tool selection accuracy
  • No auth on HTTP+SSE MCP servers — a remote MCP server without authentication is an unauthenticated API that any process on the network can invoke
  • Mixing prod and dev MCP server targets — a coding agent should connect to a development database MCP server, not production; this boundary must be explicit in the diagram
  • No logging of tool calls — without structured logs of which tools were called with what arguments, debugging agent behavior is nearly impossible
  • Overly broad filesystem access — stdio filesystem servers should be scoped to the minimum required directory, not the user's home folder or entire disk
  • Single monolithic MCP server for all tools — splitting tools across purpose-specific servers makes them easier to version, deploy independently, and grant/revoke access to
  • No graceful degradation when an MCP server is unavailable — the host should handle server disconnects and surface useful errors to the LLM rather than silently failing

Frequently asked questions about MCP architecture diagrams

What is an MCP architecture diagram?

An MCP architecture diagram is an architecture diagram that shows how an AI application (the MCP host) connects to external tools and data sources through the Model Context Protocol. It depicts the MCP hosts, clients, servers, transport connections, tool namespaces, and auth boundaries that make up a complete MCP-enabled AI system. It is the primary documentation artifact for any application built on MCP.

What is the difference between MCP tools, resources, and prompts?

Tools are callable functions — the LLM invokes them to take actions like reading a file or querying a database. Tools are model-controlled: the LLM decides when to call them. Resources are URI-addressed data that the host can read and inject into context — they are application-controlled, not model-controlled. Prompts are reusable prompt templates that the server exposes for the host to surface to the user, typically as slash commands or quick actions. In practice, tools are by far the most commonly used primitive; resources and prompts are used in more specialized workflows. Your architecture diagram should distinguish which primitives each server exposes.

How do I diagram a multi-server MCP setup?

For a multi-server MCP setup, organize your diagram with the host at the center and each MCP server as a separate node connected to the host's client layer. Label each connection with its transport (stdio or HTTP+SSE). Group the tools each server exposes inside its node. Add an auth annotation showing what credentials each server holds. If you have more than four or five servers, consider grouping them by category (filesystem, database, API, code execution) and using a swim-lane layout. For multi-agent setups where each agent has its own MCP connections, see the AI agent architecture diagrams guide for orchestrator/subagent patterns.

Related guides: AI agent architecture diagrams, RAG architecture diagrams, LLM architecture diagrams, and LLM deployment diagrams.

Ready to try it yourself?

Start Creating - Free