MCP & Tool Discovery#
MCP (Model Context Protocol) is the protocol agents use to connect to Lens Agents. It provides a standardized way for AI agents to discover and use tools, regardless of which framework or model the agent is built with.
What MCP Is#
MCP is an open protocol that defines how AI agents communicate with tool providers. Instead of building custom integrations for every agent framework, a tool provider implements an MCP server once and any MCP-compatible agent can use it.
Key concepts:
- MCP server — exposes tools and resources that agents can use (Lens Agents is an MCP server)
- MCP client — the agent-side component that connects to MCP servers (built into most agent frameworks)
- Tools — discrete actions the agent can take (e.g.,
shell_exec,list_clusters,get_cluster) - Tool discovery — the agent asks the server "what tools do you have?" and gets back a structured list with names, descriptions, and parameter schemas
Why MCP Matters#
MCP is the reason Lens Agents can govern any AI agent, regardless of framework:
- Claude Desktop, Cursor, Claude Code — native MCP clients, connect directly
- LangChain, CrewAI, AutoGen — MCP toolkit/integration available
- Claude Agent SDK — connects via MCP servers configuration
- Any custom agent — if it speaks MCP, it works
One protocol, one integration point, any agent.
How Lens Agents Uses MCP#
Lens Agents as an MCP server#
Lens Agents exposes a governed MCP server that agents connect to. When an agent connects, it discovers tools based on its identity and team permissions.
Tool discovery flow:
- Agent connects to the organization's Lens Agents MCP endpoint
- Agent authenticates — user SSO identity for desktop tools, scoped agent token for external and managed agents
- Agent discovers tools through a standard MCP
tools/listrequest - Lens Agents returns the tools available to that identity — filtered by team, project, and policy
- Agent invokes tools through standard MCP
tools/callrequests - Every tool call passes through the governance chain: authorization, sandbox execution, credential injection, audit
What tools are available#
The tools an agent discovers depend on its team's connections and policies:
| Category | Tools | When available |
|---|---|---|
| Shell | shell_exec, shell_write_file, shell_read_file, shell_edit_file |
Always |
| Kubernetes | list_clusters, get_cluster |
When K8s connections exist |
| AWS | list_aws_connections, get_aws_connection |
When AWS connections exist |
| GitHub | list_github_connections, get_github_connection |
When GitHub connections exist |
| Cost & audit | get_spending_limit_status, get_usage_cost_summary, query_audit_trail |
Always |
| Registry tools | (varies) | When MCP servers are registered |
Governance through MCP#
Every MCP tool call is governed:
- Authorization — the platform checks the agent's identity and team permissions before executing any tool
- Sandbox execution — shell commands run inside an isolated sandbox with network policies enforced
- Credential injection — credentials needed for tool execution are injected by the proxy, never exposed to the agent
- Audit trail — every tool call is recorded with the agent's identity, tool name, parameters, and result
Governance is transparent to the agent. It calls tools through standard MCP. The platform enforces policies behind the scenes.
MCP Server Registry#
Administrators can register additional MCP servers to extend agent capabilities beyond the native integrations. Registered servers' tools are discovered alongside native tools and governed through the same policy engine.
See MCP Server Registry for setup and configuration.
MCP in the Architecture#
Agent (any framework)
│
│ MCP protocol
▼
Lens Agents MCP Server
│
├── Authentication (OIDC / agent token)
├── Authorization (team + project + policy)
├── Tool execution (sandbox, credential injection)
├── Registered MCP servers (upstream tool calls)
└── Audit trail (every action recorded)
For desktop tools and external agents (Mode 1), the agent runs outside the platform and connects via MCP. For managed agents (Mode 2), the agent runs inside the platform and connects to MCP internally.
In both cases, the MCP interface is the same. The governance chain is the same. The audit trail is the same.
Related#
- How Lens Agents works — MCP in the full architecture
- Connections — what agents can access through MCP tools
- Agent types — how different agents connect via MCP
- MCP Server Registry — extending capabilities with additional MCP servers
- External agents — connecting custom agents via MCP