Explain the host, client, and server roles in MCP's architecture.

4 minbeginnermcparchitecturehostclientserver

Quick Answer

MCP has three roles. The host is the user-facing application (Claude Desktop, an IDE, a custom agent) that embeds an LLM and orchestrates everything. The host creates and owns one or more MCP clients, and each client maintains a dedicated, stateful, one-to-one connection to a single MCP server. The server is a separate process (or remote service) that exposes tools, resources, and/or prompts. A host talking to three servers (filesystem, GitHub, Slack) runs three separate client instances internally, one per connection, each isolated from the others for security.

Detailed Answer

It's easy to conflate "client" and "host." MCP draws a specific line between them.

The three roles

  • Host: the application the user interacts with — Claude Desktop, Claude Code, a custom chatbot, an IDE plugin. The host holds the LLM, the conversation, and the UI. It decides which servers to connect to. It mediates every permission the user grants.
  • Client: a component living inside the host that speaks MCP to exactly one server. A client is 1:1 with a server connection. It owns that connection's session state, capability negotiation, and message routing. It never talks to any other server.
  • Server: a program exposing tools, resources, and/or prompts through MCP. A server has no idea what host it's connected to, or how many other servers that host also talks to. It only knows its one client.

Why 1:1, not 1:many

Host (Claude Desktop)
 ├── Client A ──(stdio)── Server A (filesystem)
 ├── Client B ──(stdio)── Server B (git)
 └── Client C ──(HTTP)──── Server C (remote Slack MCP server)

Each client-server pair is isolated. This matters for security. A compromised or misbehaving server can only touch the data the host chose to expose through its own client. It can't reach into another server's session or eavesdrop on another connection. The host is the trust boundary. It aggregates results from multiple servers before handing them to the LLM. It's also where user consent for tool calls and data access should be enforced.

Practical shape

In code, this usually means: the host process spawns (or connects to) N server processes/endpoints, and creates N client objects, one per server. Each client independently runs the initialize handshake and independently tracks that server's tools, resources, and prompts.

Related Resources