mcp-agent
Apache-2.0 Python framework for building MCP-native agents with composable workflow patterns, full MCP server lifecycle management, durable Temporal execution, agent-as-MCP-server support, and provider plugins for major LLMs.
Open the source and read safety notes before installing.
Safety notes
- mcp-agent manages MCP server lifecycles and can connect agents to filesystem, fetch, browser, SaaS, database, infrastructure, or custom MCP tools depending on configuration.
- Workflow patterns can chain, route, parallelize, evaluate, optimize, pause, resume, and recover agent actions; use explicit approval gates for high-impact tools.
- Agent-as-MCP-server deployment can expose an agent to other MCP clients, so review tool descriptions, permissions, authentication, rate limits, and operator visibility before sharing it.
- Durable workflows can continue after process restarts when backed by Temporal; make cancellation, rollback, retry, and idempotency behavior explicit.
- Do not let example filesystem, fetch, or remote MCP servers become production defaults without narrowing directories, URLs, accounts, and tool scopes.
Privacy notes
- Prompts, instructions, tool arguments, MCP server outputs, workflow state, logs, traces, secrets YAML paths, provider responses, and durable execution history may be visible to model providers, MCP servers, observability systems, or Temporal.
- Keep provider keys, MCP credentials, filesystem paths, customer data, prompt logs, and traces out of committed configs, screenshots, public issues, and shared examples.
- If an agent uses external MCP servers, review each server's data retention, authentication, logging, and third-party data handling separately.
- Durable workflow state and logs can retain user requests, tool results, and intermediate reasoning context longer than a one-shot script.
Prerequisites
- Python 3.10 or newer and a project environment managed with uv, pip, or another Python package manager.
- Model provider credentials for the selected provider, such as OpenAI, Anthropic, Google, Azure, Bedrock, or another supported route.
- Reviewed MCP server configurations for the external tools, resources, and prompts the agent will use.
- A secrets strategy for `mcp_agent.secrets.yaml`, environment variables, provider keys, and remote MCP credentials.
- Temporal infrastructure only if durable execution and workflow recovery are required.
Schema details
- Install type
- cli
- Troubleshooting
- No
- Scope
- Source repo
- Estimated setup
- 15 minutes
- Difficulty
- intermediate
- Pricing
- free
- Disclosure
- editorial
- Application category
- DeveloperApplication
- Operating system
- Cross-platform
Full copyable content
uv add "mcp-agent[openai]"About this resource
Overview
mcp-agent is a Python framework for building applications where MCP is the
primary tool and context layer. It manages MCP server lifecycles, lets agents
attach LLM providers, implements composable agent workflow patterns, and can
scale from simple local agents to durable Temporal-backed workflows.
Use it when a project needs code-first agent orchestration around MCP servers rather than a single hard-coded tool call. It is especially relevant for teams that want explicit Python application code for routing, orchestration, evaluation, optimization, parallel work, human input, durable execution, and agent-as-MCP-server deployment.
Core Capabilities
| Area | mcp-agent Coverage |
|---|---|
| MCP Runtime | Managed MCP server connections, tools, resources, prompts, notifications, OAuth, sampling, elicitation, and roots |
| Agents | Agent definitions with names, instructions, MCP server names, and attached augmented LLM providers |
| Workflow Patterns | Router, orchestrator, evaluator-optimizer, parallel, map-reduce, and other effective-agent patterns |
| Providers | Optional extras for OpenAI, Anthropic, Google, Azure, Bedrock, Cohere, LangChain, CrewAI, and related integrations |
| Durable Execution | Temporal-backed workflows for pause, resume, recovery, and production workflow state |
| Agent Servers | Patterns for exposing agents themselves as MCP servers |
| Observability | Logging, traces, OpenTelemetry dependencies, and workflow visibility surfaces |
Quick Start
Add the package to a Python project:
uv add "mcp-agent[openai]"
Or scaffold a starter project with the CLI:
uvx mcp-agent init
A minimal agent defines the app, chooses MCP servers, and attaches an LLM:
import asyncio
from mcp_agent.app import MCPApp
from mcp_agent.agents.agent import Agent
from mcp_agent.workflows.llm.augmented_llm_openai import OpenAIAugmentedLLM
app = MCPApp(name="hello_world")
async def main():
async with app.run():
agent = Agent(
name="finder",
instruction="Use filesystem and fetch to answer questions.",
server_names=["filesystem", "fetch"],
)
async with agent:
llm = await agent.attach_llm(OpenAIAugmentedLLM)
answer = await llm.generate_str("Summarize README.md in two sentences.")
print(answer)
if __name__ == "__main__":
asyncio.run(main())
MCP Fit
mcp-agent is useful when MCP servers are the primary capability surface for an
agent. Instead of manually starting and wiring each server, the framework
manages the connection lifecycle and makes those tools available to agent
workflow code. The same application can start with local filesystem or fetch
servers, then grow into SaaS, internal API, database, browser, or custom MCP
server integrations.
For production-style workflows, durable execution lets agent work continue across process restarts when backed by Temporal. Agent-as-MCP-server patterns let teams expose a composed agent behind MCP so another client can call it like any other MCP server.
Use Cases
- Build Python agents that use existing MCP servers instead of custom adapters.
- Compose router, orchestrator, evaluator-optimizer, parallel, or map-reduce workflows around MCP tools.
- Wrap a specialized agent as an MCP server for Claude, Cursor, VS Code, or another MCP client.
- Add durable execution to long-running agent workflows with Temporal.
- Prototype MCP-native app patterns before committing to a larger agent platform.
Source Review
Verified on 2026-06-18:
- The upstream README describes
mcp-agentas a composable framework for building effective agents with Model Context Protocol. - The README lists full MCP support, effective agent patterns, durable Temporal agents, agent-as-MCP-server support, and cloud deployment paths.
pyproject.tomllists themcp-agentpackage, Python 3.10+ requirement, Apache-2.0 license file,mcp-agentCLI, and optional provider extras.- PyPI reports the current
mcp-agentpackage metadata. - The docs cover getting started and effective-agent workflow patterns.
Safety and Privacy
Every MCP server attached to an agent is a trust boundary. Review the server's tool descriptions, credentials, network access, filesystem scope, account permissions, and logging before including it in an agent workflow.
For production agents, make retries, cancellation, idempotency, approval gates, rate limits, and rollback behavior explicit. Durable workflow state, traces, logs, prompts, tool results, and provider responses may persist after a process ends, especially with Temporal or observability integrations enabled.
Duplicate Check
Checked current content/mcp/, content/tools/, content/skills/, open pull
requests, and repository-wide content for lastmile-ai/mcp-agent, mcp-agent,
MCP agent framework, Python MCP agent framework, durable MCP agents, Temporal
AI agents, agent-as-MCP-server, and MCP workflow patterns. Existing entries
cover other agent frameworks such as VoltAgent and LiveKit Agents, but no
dedicated mcp-agent entry, exact source URL duplicate, target file, or open
duplicate PR was found.
Source citations
Add this badge to your README
Show that mcp-agent is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/tools/mcp-agent)How it compares
mcp-agent side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | mcp-agent Apache-2.0 Python framework for building MCP-native agents with composable workflow patterns, full MCP server lifecycle management, durable Temporal execution, agent-as-MCP-server support, and provider plugins for major LLMs. Open dossier | Microsoft Agent Framework Microsoft framework for building, orchestrating, and deploying production AI agents and multi-agent workflows across Python and .NET, with workflows, middleware, OpenTelemetry, Foundry hosting, A2A, MCP, and Semantic Kernel migration support. Open dossier | Official MCP Python SDK Official Python SDK for Model Context Protocol clients and servers, published as the `mcp` package on PyPI, with FastMCP server helpers, client support, tools, resources, prompts, stdio, SSE, Streamable HTTP, authentication, elicitation, sampling, logging, and standalone development tools. Open dossier | OpenAI Agents Python SDK Official Python framework for building multi-agent workflows with agents, tools, handoffs, guardrails, sessions, tracing, realtime voice agents, MCP tools, hosted tools, human-in-the-loop flows, and sandbox agents. Open dossier |
|---|---|---|---|---|
| Trust | ||||
| Install risk | Review first | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Category | tools | tools | tools | tools |
| Source | source-backed | source-backed | source-backed | source-backed |
| Author | LastMile AI | Microsoft | Model Context Protocol | OpenAI |
| Added | 2026-06-18 | 2026-06-18 | 2026-06-18 | 2026-06-18 |
| Platforms | CLI | CLI | CLI | CLI |
| Source repo | — | — | — | — |
| Safety notes | ✓mcp-agent manages MCP server lifecycles and can connect agents to filesystem, fetch, browser, SaaS, database, infrastructure, or custom MCP tools depending on configuration. Workflow patterns can chain, route, parallelize, evaluate, optimize, pause, resume, and recover agent actions; use explicit approval gates for high-impact tools. Agent-as-MCP-server deployment can expose an agent to other MCP clients, so review tool descriptions, permissions, authentication, rate limits, and operator visibility before sharing it. Durable workflows can continue after process restarts when backed by Temporal; make cancellation, rollback, retry, and idempotency behavior explicit. Do not let example filesystem, fetch, or remote MCP servers become production defaults without narrowing directories, URLs, accounts, and tool scopes. | ✓Microsoft Agent Framework can orchestrate agents, tools, workflows, middleware, hosting, A2A, MCP, and third-party providers; review each external system before granting access. Production agents need explicit approval gates, retries, cancellation, idempotency, rollback behavior, tool authorization, and human-in-the-loop boundaries. DefaultAzureCredential is convenient for development but can probe multiple credential sources; choose explicit production credentials and managed identity patterns where appropriate. Foundry-hosted agents, cloud workflows, Durable Task, Azure Functions, and A2A/MCP endpoints need authentication, least privilege, network controls, logging policy, and abuse protection. Migration from Semantic Kernel or AutoGen should include behavior parity tests, trace comparison, provider compatibility review, and safety regression checks. | ✓The official Python SDK is a protocol library; risk comes from the tools, resources, prompts, transports, auth flows, and server process you build with it. Validate all tool inputs, enforce caller permissions, bound file and network access, and sanitize errors before returning them to an MCP client. HTTP, SSE, and ASGI deployments need authentication, TLS, CORS review, host/path routing controls, request limits, logging policy, and abuse protection. The upstream README says v2 is alpha; production projects should stay on the stable v1 line unless they intentionally pin and test a pre-release. | ✓Agents can call function tools, hosted tools, MCP tools, realtime tools, and sandbox agents; treat every tool as an API endpoint with explicit authorization, input validation, rate limits, and side-effect controls. Sandbox agents can inspect files, run commands, apply patches, and carry workspace state across longer tasks; restrict workspace scope and require human approval before destructive or high-impact actions. Guardrails are useful runtime checks, but they do not replace permission checks, least-privilege credentials, audit logs, or human review for risky operations. Handoffs and agents-as-tools can delegate work across agents; document which agent owns each tool, decision, retry, rollback, and escalation path. Realtime voice agents and human-in-the-loop flows need clear consent, interruption, recording, and operator takeover behavior. |
| Privacy notes | ✓Prompts, instructions, tool arguments, MCP server outputs, workflow state, logs, traces, secrets YAML paths, provider responses, and durable execution history may be visible to model providers, MCP servers, observability systems, or Temporal. Keep provider keys, MCP credentials, filesystem paths, customer data, prompt logs, and traces out of committed configs, screenshots, public issues, and shared examples. If an agent uses external MCP servers, review each server's data retention, authentication, logging, and third-party data handling separately. Durable workflow state and logs can retain user requests, tool results, and intermediate reasoning context longer than a one-shot script. | ✓Prompts, instructions, tool arguments, tool outputs, workflow state, middleware data, traces, provider responses, logs, credentials, and hosted-agent metadata may contain sensitive user or business data. Do not expose Azure credentials, Foundry project endpoints, model deployment names, API keys, private file paths, customer records, internal documents, or raw exceptions through examples, traces, logs, or support issues. When using third-party providers, A2A agents, MCP servers, observability systems, or cloud hosting, review where data is sent, stored, retained, and governed. If workflows are durable or restartable, define retention and access controls for checkpoints, state stores, trace spans, and replayable execution history. | ✓MCP Python servers may expose local files, application data, tool arguments, tool results, resource contents, prompt templates, authentication state, logs, traces, and errors. Do not leak secrets, customer data, private paths, internal identifiers, token values, or privileged resource contents through schemas, examples, responses, or logs. Document which MCP client, model provider, server process, transport, ASGI layer, and observability system can observe each request. | ✓Prompts, instructions, tool arguments, tool outputs, session history, traces, realtime audio events, sandbox files, logs, provider responses, and errors may contain user or workspace data. Do not expose secrets, tokens, private file paths, customer records, credentials, internal identifiers, or raw exceptions through traces, logs, prompts, tool schemas, or examples. When using MCP servers, hosted tools, Redis sessions, SQL-backed sessions, or observability systems, review each service's retention, access control, and third-party data handling separately. If sandbox agents operate on repositories or user files, define which files can be mounted, modified, committed, uploaded, logged, or returned to the model. |
| Prerequisites |
|
|
|
|
| Install | | | | |
| Config | — | — | — | — |
| Citations | ||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
Featured in
Signals
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.