MCP Server Development
MCP, the Model Context Protocol, is how you give AI agents governed access to your ERP, CRM, finance systems, and internal APIs. Built well, it's a portable integration layer. Built badly, it's a zero-day waiting to happen. We build it well.
Before MCP, every time you wanted an agent to call an internal system you wrote a bespoke integration per model. OpenAI functions. Claude tool schemas. Azure connectors. The model layer changes every six weeks, your integrations rotted at the same pace.
MCP solves this by standardising the interface. An MCP server exposes tools (actions), resources (read-only data), and prompts (re-usable templates) with type-safe schemas. Any MCP-aware client, Claude Desktop, ChatGPT Enterprise, Gemini, custom agents built on LangGraph or n8n, can discover and call them safely.
In 2025 Anthropic, OpenAI, Google, and Microsoft all standardised around it. Gartner now forecasts 40% of enterprise applications will include task-specific AI agents by end of 2026, and Forrester projects 30% of enterprise app vendors will launch their own MCP servers in 2026. MCP is no longer an experiment, it is the integration backbone for the next decade of enterprise AI.
Want to go deeper? Read the pillar piece, The MCP Server Handbook for Enterprise, on Insights.
Hobby-grade MCP servers go up in a weekend. Enterprise ones do not. Here are the gaps we build for from day one.
Agents act on behalf of a user. Your MCP server must carry that identity through, Okta, Entra ID, Azure AD, or whatever your SSO looks like, down to the row level.
Multi-business-unit? Multi-customer? The server has to guarantee that Agent A for Tenant A cannot read Tenant B's data, even under adversarial prompts.
Every tool call, every argument, every result, every user identity. Immutable, queryable, retention-configured. This is what gets you through audit in 2026.
Agents loop. Without rate limits and per-tenant cost caps, one bad prompt can burn your quarter's budget before a human sees the alert.
Typed arguments, typed returns, clear descriptions. Without it, agents hallucinate tool calls and your error logs become unreadable.
Built correctly, the same MCP server serves Claude, ChatGPT, Gemini, and your own hosted models. Built lazily, it locks you to one vendor, defeating half the point of MCP.
Start here
from A$8,000
2-week diagnostic. Inventory the tools agents need to reach, assess auth and identity constraints, and produce an MCP architecture brief with a prioritised server backlog.
Most common
from A$25,000
3–4 weeks end-to-end. One production-grade MCP server for a nominated system, built, secured, deployed to your infrastructure, documented, and handed over with test suite.
Platform
Custom
Multi-server programme. MCP gateway, shared identity & audit, central observability, internal developer portal. For organisations turning MCP into a standing platform capability.
Week 01
Agree the target system, user journeys, and tool list. Design the tool schemas with types, descriptions, and constraints. Agree the auth model.
Week 02
Implement the server. Wire SSO. Instrument logging & metrics. Write integration tests. Red-team with adversarial prompts.
Week 03
Evaluate with real agents against real prompts. Tune. Deploy to staging, then production. Hand over the runbook, dashboards, and alerts.
Week 04
30-day hypercare. Your team onboarded on-call. Documentation and a 60-day roadmap for the next servers in the backlog.
A standardised adapter that exposes tools, resources, and prompts to AI agents, making one integration work across Claude, ChatGPT, Gemini, and any MCP-compatible client. It's the integration backbone for agentic AI.
Public servers often hard-code assumptions about auth, tenancy, and data scope that don't survive enterprise review. Custom servers embed your SSO, permissions, audit, and rate limits, so your security team will actually approve them.
APIs need one integration per consumer. MCP is one interface any MCP-aware agent can call. It turns integrations from a per-vendor build into a reusable platform capability, and insulates you from model-vendor lock-in.
Yes, with engineering care. The 2026 roadmap addresses transport scalability, SSO auth, gateway behaviour, and configuration portability, exactly the gaps enterprises hit. Done right, MCP runs under zero-trust with full audit trails.
SAP, Dynamics, NetSuite, Odoo, ERPNext, Salesforce, HubSpot, internal REST/GraphQL APIs, Postgres, SQL Server, SharePoint, custom workflow engines. If it has an API, it can have an MCP server.
3–4 weeks end-to-end for a well-scoped server. Complex targets (deep ERP, legacy bridges) 6–8 weeks.
Practical walkthroughs from real MCP server engagements, the handbook, and the agent teams they power.
How to build Model Context Protocol servers your security team will actually approve: SSO, audit trails, tenant isolation. The handbook, from an operator shipping MCP.
Read analysisA weekend build: an AI accounting team on OpenClaw + MCP + Xero. Architecture, the agents I stood up, what they can safely do, and where I'd still keep humans in the loop.
Read analysisA walkthrough of connecting Xero to Claude via the Xero MCP server: architecture, auth, what works today, and what to watch before letting AI touch live accounting data.
Read analysis30-minute call. Bring a list of the internal systems you want your agents to reach safely. We'll sketch the shortest path to a shipped, audited, SSO-integrated MCP server on your infrastructure.