Skip to main content

MCP Integration

TalkOps uses Model Context Protocol (MCP) as the standardized interface between sub-agents and external tools.

Where MCP Fits​

Key Principle: MCP connects sub-agents to TOOLS. A2A connects agents to AGENTS.

A2A vs MCP​

AspectA2A (Agent-to-Agent)MCP (Sub-Agent-to-Tool)
PurposeAgent collaborationTool/data access
StatefulYes (task state)Stateless (request/response)
Used BySupervisor ↔ AgentsSub-agents ↔ MCP Servers
DiscoveryAgent registryTool discovery at runtime

Sub-Agent Lifecycle​

1. INITIALIZATION
   └─ Discover MCP servers, cache tool schemas

2. REQUEST (via A2A)
   └─ Receive task from parent agent

3. TOOL DISCOVERY
   └─ list_tools() → filter by task requirements

4. AUTHORIZATION
   └─ Request task-scoped OAuth token

5. TOOL INVOCATION (MCP)
   └─ Call tool with ephemeral token

6. RESPONSE (via A2A)
   └─ Return results to supervisor

Task-Scoped Tokens​

Sub-agents receive ephemeral tokens that expire after task completion:

Token PropertyValue
ScopeSpecific tool + operation only
ConstraintsLimits from task context
ExpiresTask completion + 30 minutes

This prevents compromised sub-agents from performing unauthorized operations.

Error Handling​

ErrorResponse
Tool Not FoundSuggest alternatives, escalate
Invalid ArgsShow schema, request correction
Auth DeniedRequest approval via supervisor
Connection FailedRetry with backoff (3 attempts)
Rate LimitedQueue, retry after backoff

Security​

ControlImplementation
AuthenticationOAuth 2.0, mTLS per MCP server
AuthorizationTask-scoped tokens, least privilege
AuditEvery tool call logged with context
Token BindingTokens valid only for specified resource

Adding MCP Servers​

mcp_servers:
  - name: custom-mcp
    transport: http
    url: https://mcp-custom.internal:8443
    auth: oauth2

Steps:

  1. Implement MCP server interface
  2. Register with OAuth authorization server
  3. Configure in sub-agent
  4. Grant RBAC permissions