A2A Protocol (Agent-to-Agent)
Google's April 2025 agent-to-agent protocol — Agent Cards at /.well-known/agent.json, Task state machine, SSE streaming, complementing MCP (tools) with peer-to-peer agent delegation.
GitHub Apps Architecture
GitHub Apps authenticate in two steps — JWT (10-min) to get an installation token (1-hour). Webhooks carry the installation ID. Apps are scoped to repositories; OAuth Apps are scoped to users. Prefer GitHub Apps for bots and automation.
MCP HTTP Transport Deep Dive
Streamable HTTP (2025-03-26 spec) replaced the old SSE transport. One HTTP endpoint handles everything via POST (send) and GET (receive SSE). Stateless by default — scalable behind load balancers. SSE deprecated mid-2026.
Mcp Registry
The official MCP Registry (registry.modelcontextprotocol.io) is a namespace-verified, community-moderated catalog of MCP servers launched in preview September 2025, governed under the Linux Foundation's Agentic AI Foundation.
MCP Server Development (Python)
Building MCP servers in Python uses FastMCP (now part of the official mcp SDK). Decorator-based API auto-generates JSON Schema from type hints. stdio is the default transport for Claude Desktop/Claude Code integration; streamable-HTTP for production. Tool descriptions are an attack surface — keep them minimal.
Model Context Protocol (MCP)
MCP is the standard for agent-to-tool connectivity — stdio for local, HTTP/SSE for remote, OAuth 2.0 auth, 66% of 1,808 scanned servers had security findings, 30+ CVEs in April 2026.
OAuth 2.0 Dynamic Client Registration (RFC 7591)
RFC 7591 lets OAuth clients register themselves programmatically by POSTing metadata to a /register endpoint — the mechanism that allows generic MCP clients to work with any auth server without pre-configuration.
OAuth 2.0 Server Metadata (RFC 8414)
RFC 8414 defines a discovery endpoint at /.well-known/oauth-authorization-server that lets OAuth clients fetch server endpoints and capabilities automatically — required by MCP 2025-03-26 for dynamic auth configuration.
Tool Design for LLMs
Tool schema design for reliable LLM tool calling — description writes "when/when not to use", enums eliminate string ambiguity, clean return values, and tool routing for 20+ tool sets.