Ch 2: Architecture — Hosts, Clients & Servers

Ch 2 — Architecture: Hosts, Clients & Servers

The three-layer model, security isolation, 1:N topology, and how it all fits together

Index Under the Hood →

High Level

Click play or press Space to begin...

Step- / 8

AThe Three-Layer ModelHost → Client → Server

laptop

HostThe AI application
you interact with

creates

swap_horiz

ClientProtocol connector
inside the host

connects

dns

ServerExternal process
exposing capabilities

arrow_downward What does the Host actually do?

BThe Host: Orchestrator & GatekeeperClaude Desktop, Cursor, ChatGPT, your custom app

security

SecurityControls consent,
approves tool calls

account_tree

LifecycleCreates/destroys
client instances

merge

AggregationMerges context from
multiple servers

arrow_downward The 1:N topology — one client per server

C1:N TopologyOne host, many clients, many servers

laptop

HostSingle AI app
instance

spawns

swap_horiz

Client 1→ GitHub
MCP Server

swap_horiz

Client 2→ Postgres
MCP Server

swap_horiz

Client 3→ Slack
MCP Server

arrow_downward Security isolation: servers can't see each other

DSecurity IsolationEach server lives in its own sandbox

visibility_off

No Cross-TalkGitHub server can't
see Postgres data

shield

Host ControlsOnly host decides
what to share

gavel

ConsentUser approves
sensitive actions

arrow_downward What does a server actually expose?

EServer CapabilitiesTools, Resources, Prompts — and who controls each

build

ToolsModel-controlled
LLM decides to call

description

ResourcesApp-controlled
host picks context

chat

PromptsUser-controlled
human selects

arrow_downward Real-world example: Cursor with multiple MCP servers

FReal-World Example: CursorHow a real host manages multiple MCP servers

edit_note

Cursor (Host)Reads config, spawns
clients on startup

stdio

code

GitHub ServerLocal process
search, PR, issues

HTTP

cloud

Remote ServerCloud-hosted
company API