What is MCP Resource?

MCP Resource is a read-oriented context primitive exposed by an MCP Server, representing data such as files, records, documents, schemas, repository state, or generated views that an AI application can inspect.

Quick Facts

Specification	Official Specification

How It Works

An MCP Resource gives an AI application access to contextual data without necessarily performing an action. It is useful for exposing documents, file contents, database records, logs, API objects, or synthetic views such as a project summary. A resource should have a stable URI, clear content type, and permission rules. It should not be treated as harmless by default: resource content can include sensitive data or prompt-injection text that may influence downstream model behavior.

Key Characteristics

Read-oriented primitive: exposes context rather than an executable operation
Addressable data: commonly identified by a URI or another stable resource identifier
Typed content: may include text, JSON, binary metadata, schemas, or structured records
Permission-sensitive: should respect user, workspace, tenant, and data classification boundaries
Injection-aware: untrusted resource content must be separated from instructions

Common Use Cases

Providing a coding assistant with read-only access to selected project files
Exposing database schema information without allowing arbitrary queries
Returning a document or knowledge-base page for model grounding
Making logs, metrics summaries, or issue details available as context
Supplying reusable reference data to an agent before tool execution

Example

Loading code...

Frequently Asked Questions

How is an MCP Resource different from an MCP Tool?

A resource is primarily context to read. A tool performs an operation. Reading a document is usually a resource pattern, while creating a ticket or sending a message is a tool pattern.

Can MCP Resources be dynamic?

Yes. A resource can represent generated or computed views, such as a current repository summary, provided the server describes and updates it consistently.

Are MCP Resources safe because they are read-only?

No. Read-only content can still contain secrets, personal data, or prompt-injection instructions. Hosts and agents should treat resource content as data, not trusted instructions.

What metadata should a resource expose?

Useful metadata includes URI, name, MIME type, description, source, freshness, permissions, and any identifiers needed for citation or audit.

Related Tools

MCP Server Directory

Comprehensive directory of MCP (Model Context Protocol) servers, SDKs, clients, and tools. Discover official implementations, community servers, and development resources for building AI-powered applications with Claude and other LLMs.

JSON Formatter

Format, beautify, validate and minify JSON online for free. Features syntax highlighting, tree view, history tracking, and one-click copy. No signup required. 100% client-side processing for privacy.

Markdown Editor

Free online Markdown editor with real-time preview. Write and preview Markdown instantly, export to HTML or download as .md file. Supports tables, code blocks, and all standard Markdown syntax.

Related Terms

MCP

MCP (Model Context Protocol) is an open protocol standard introduced by Anthropic in 2024, enabling standardized connections between AI applications and external tools/data sources through JSON-RPC 2.0 specification, solving the fragmentation problem of AI Agent integration with heterogeneous systems.

Context Engineering

Context Engineering is the process of precisely providing large models with the necessary and only necessary background information to complete a current task in AI-driven applications (such as AI IDEs and Agents) through static rule configuration (like `.cursorrules`), dynamic retrieval (like RAG), and symbolic linking (like `@file`).

RAG

RAG (Retrieval-Augmented Generation) is an AI architecture that enhances large language model outputs by retrieving relevant information from external knowledge bases before generating responses, combining the strengths of information retrieval systems with generative AI to produce more accurate, up-to-date, and verifiable answers.

Prompt Injection

Prompt Injection is a cybersecurity attack specifically targeting applications built on Large Language Models (LLMs). In this attack, a malicious user crafts an input designed to trick the LLM into ignoring its original System Prompt and safety guardrails, forcing it to execute the attacker's hidden instructions instead. This attack exploits a fundamental architectural flaw in current LLMs: the inability to strictly separate 'system control instructions' from 'user input data'.

GitHub MCP Registry Deep Dive: MCP Server Discovery, Security, and Governance [2026]

Explore the GitHub MCP Registry ecosystem for discovering, verifying, and governing MCP servers. Learn about server publishing, security scanning, namespace management, and how the registry shapes the future of AI tool distribution.

2026-04-24

Context Engineering 2.0: From Prompt Tricks to System-Level Context Architecture Design

A deep dive into the Context Engineering 2.0 era and its rule file ecosystem. Master agents.md, instructions.md, and prompts.md best practices. Learn how to design a standardized, system-level context architecture from individual prompts to team-wide standards.

2026-04-22

Context Engineering: 4-Layer Architecture Patterns

Master the 4-layer context engineering architecture—Instruction, Knowledge, Memory, and Orchestration—with production TypeScript code and design patterns.

2026-05-16