The capstone ships one authorized, bounded integration and its operating evidence. A successful chat demo is insufficient: the server must pass capability, security, correctness, failure, packaging, and handover gates.
Select the Workflow
Choose a low-risk task such as searching approved policies, retrieving one catalog item, preparing a quotation draft, or creating a support case draft. Define owner, users, goal, authoritative sources, prohibited actions, data classification, and measurable baseline.
Avoid first projects that transfer money, submit tax/legal records, publish broadly, or make employment, health, credit, or other rights-affecting decisions.
Build the Release Packet
- architecture and trust-boundary diagram;
- versioned tools/resources/prompts;
- strict schemas, authorization, and tenant isolation;
- secrets, egress, logging, retention, and deletion controls;
- deterministic unit/protocol/host tests;
- prompt-injection and abuse tests;
- timeouts, rate limits, idempotency, circuit, and recovery;
- package provenance, changelog, install/rollback/uninstall;
- runbook, alerts, owner, and incident route;
- client acceptance and data-processing authority.
Worked Example
A Faisalabad manufacturer needs sales staff to retrieve approved product facts and prepare quote requests. The MCP server exposes read-only get_product and draft-only prepare_quote_request. Price comes from the catalog; calculation is deterministic; sending and payment are absent.
Tests catch a tenant-filter omission and block launch. After repair, cross-tenant access, traversal, injected product text, duplicate draft, upstream timeout, token revocation, clean install, rollback, and uninstall all pass. The client owns the repository, registry, production identity, and runbook. A limited pilot measures preparation time and correction rate without claiming guaranteed revenue.
Failure Cases to Diagnose
- Generic “business tool” scope: choose one outcome.
- Server owns production admin credentials: use least-privilege client identity.
- Prompt instructions enforce security: move controls to code.
- Only happy path tested: execute abuse and recovery matrix.
- No capability diff on upgrade: review changes before release.
- Client cannot operate without builder: complete ownership and handover.
🇵🇰 Pakistan Angle
Use PKR cost and local support hours, but base business/tax/legal facts on current authorized sources. Minimize CNIC, bank, customer, employee, and export data. Name any foreign processor and obtain authority.
Monetize the outcome ethically: discovery, secure integration, tests, deployment, monitoring, training, and support. Do not promise passive income, “10x” productivity, or error-free autonomy.
Hands-On Exercise
- Define scope, baseline, and prohibited actions.
- Build all ten release-packet sections.
- Run the full acceptance matrix.
- Conduct limited authorized pilot and rollback drill.
- hand over accounts, code, artifacts, and runbook.
Completion Rubric
- Workflow and authority are narrow and explicit.
- Security and tenant boundaries are code-enforced.
- Unit, protocol, host, abuse, and recovery tests pass.
- Package lifecycle and incident response operate.
- Client owns production and removal paths.
- Value claims match measured pilot evidence.
Sources
- MCP — Official TypeScript SDK
- MCP — Security best practices
- OWASP — Application Security Verification Standard
- NIST — Secure Software Development Framework
Key takeaway: ship an MCP integration only when its permissions, tests, recovery, package lifecycle, and client ownership are as complete as its happy-path functionality.