Anthropic Claude and Model Context Protocol
by Nick Clark | Published April 25, 2026
Anthropic's Model Context Protocol (MCP) defines a server-client architecture for tool integration: Claude Desktop and the Claude API connect to MCP servers that expose capabilities, resources, and prompts. The ecosystem has grown rapidly, with hundreds of community and vendor MCP servers covering filesystems, databases, ticketing systems, CRMs, and specialized domain tools. What MCP standardizes is the wire format for capability exposure. What it does not standardize — and what cross-jurisdiction agent operations increasingly require — is a runtime governance substrate that signs the artifacts an MCP server contributes, sandboxes them before activation, and treats their admissibility as a structurally credentialed event. The spatial-adaptation primitive sits at exactly that layer above MCP.
Claude Platform Reality
Anthropic operates Claude as a foundation-model service accessed through the Claude API, the Claude Desktop client, and a growing set of first-party agent surfaces including the Claude Agent SDK. Around that foundation sits the Model Context Protocol: a JSON-RPC-based protocol that lets external processes — local or remote — advertise tools, resources, and prompts to a Claude client. An MCP server might expose a database query tool, a filesystem read capability, or a specialized API wrapper. Claude Desktop discovers the server, negotiates capabilities, and surfaces the advertised tools to the model during a session.
The technical execution at platform scale is mature. MCP transport is well-defined, capability negotiation is deterministic, and the ecosystem has converged quickly: filesystem servers, Postgres servers, GitHub servers, Slack servers, Linear servers, and dozens of vendor-specific integrations are all reachable through the same protocol surface. Claude Skills extends the picture further, allowing the agent runtime to compose runtime-defined behaviors from reusable skill modules. From the perspective of a developer building a Claude-driven agent, the question of "how do I give the model new capability" has a stable answer: write or install an MCP server, expose tools, and let the agent use them.
That stable answer is sufficient for within-platform development. It is not, by itself, sufficient for agent operations that must withstand structured regulatory scrutiny.
Cross-Authority Gap
MCP and Claude Skills handle within-platform capability composition effectively. They do not, however, address the question that emerges as soon as a Claude-driven agent operates across jurisdictional or sectoral authority boundaries: under whose credential did this capability admit, and what record proves the admission was bounded before any action ran. EU AI Act high-risk-AI scope, FDA-relevant agent operations in clinical-decision-support contexts, defense-AI compliance regimes, and emerging U.S. executive-order obligations all converge on the same structural demand. They want to see a credentialed adaptation event, not just a tool call.
The gap is not a deficiency of MCP — MCP is a transport and capability-negotiation protocol, deliberately scoped to that role. The gap is the absence of a layer above it that treats each MCP server's contribution as a runtime signed artifact, gates activation on sandbox pre-validation, and binds admissibility to a composite credential that includes the operator, the model version, the jurisdiction of operation, and the scope of the work. Without that layer, an agent that loaded a Postgres MCP server in the EU and an FDA-bounded MCP server in the U.S. has no structural record distinguishing the two activations beyond log lines. Log lines are not credentials.
Cross-jurisdiction operators who today rely on MCP carry the entire credentialing burden in bespoke wrapper code. That burden grows linearly with the number of jurisdictions, the number of MCP servers, and the regulatory cadence in each domain.
Adaptation Substrate Above MCP
The spatial-adaptation primitive composes with MCP without replacing it. Each MCP server contributes a credentialed adaptation event: the artifact is signed at the moment of advertisement, the signature binds to the operator and the scope of work, and the artifact passes through a sandbox pre-activation step before the Claude runtime treats any of its tools as admissible. Cross-jurisdiction operations admit through composite admissibility — the runtime checks not only that the MCP server signed correctly, but that its signature composes with the credentials of the calling operator and the regulatory envelope of the current session.
Cascade-deactivation supports rapid revocation. If an MCP server is later determined to have exceeded scope, or if a credential underlying it is rotated or revoked, the spatial-adaptation substrate propagates deactivation across every active session that admitted the artifact, without requiring those sessions to be torn down. Anthropic continues as the credentialed adaptation authority for Claude itself; MCP server publishers continue as authorities for their own artifacts; the substrate is what makes the composition admissible.
Crucially, the developer experience for MCP server authors does not change. The same JSON-RPC capability advertisement that works today continues to work. The signing, sandboxing, and composite admissibility happen at the runtime layer that hosts the Claude agent — they are infrastructure, not protocol modifications.
Where Claude Deployment Is Heading
EU AI Act enforcement is moving from text to practice through 2026. U.S. AI executive-order implementation continues to layer requirements on federal-adjacent agent deployment. Sector-specific obligations in healthcare, finance, and critical infrastructure are arriving on staggered timelines. Each one of these regimes asks the same structural question — credential, scope, record — and each one of them increases the cost of operating a Claude-driven agent without a substrate that answers the question by construction.
Anthropic is well-positioned for this trajectory. The Claude foundation model is already shipped with strong policy alignment; MCP already provides the capability-composition surface; Claude Skills already provides the runtime-adaptation surface. What remains is the credentialed adaptation layer that turns each MCP activation into a structurally admissible event. Organizations operating Claude across jurisdictions today are building this layer themselves, inconsistently, in private code. A standard substrate above MCP gives Anthropic and the broader Claude ecosystem a regulatory-aligned architectural footing for the next phase of deployment.
Closing
MCP is the right protocol for capability composition. Claude Skills is the right surface for runtime adaptation. Neither was designed to be a credentialing substrate, and neither needs to become one. The architectural element that completes the picture — runtime signed artifacts, sandbox pre-activation, composite admissibility, and cascade-deactivation — sits one layer up. Spatial-adaptation provides that layer in a form that keeps Anthropic and MCP server authors in their existing roles while giving cross-jurisdiction operators the structural record their regulators are beginning to require.
