Wrangling the Wild West of MCP Servers

It’s getting actual out right here.

Ever since I shared how autonomous AI Agents can monitor and heal the community on their very own—sure, that one—I’ve gotten the identical follow-up query in numerous types:

“Okay, Kareem, this all sounds great… but how do I actually build one of these Model Context Protocol (MCP) servers for my product?”

Good information! If your product—like virtually each product on the market—has APIs, then chances are high that you have already got what you want.

Enter: OpenAPI spec

OpenAPI is a pleasant contract on your APIs. You may’ve used it for Swagger docs, SDKs, Postman collections, or that one dusty codegen venture from 2021. But right here’s the twist: What in the event you handed that very same OpenAPI spec to your AI agent?

That’s it. That’s the important thing.

One OpenAPI spec → one MCP Server → one AI-powered, access-controlled gateway to your product.

And no, this isn’t a “12 steps and a DevRel miracle” state of affairs. It’s only a few traces of Python and a FastMCP wrapper round your OpenAPI file. The magic? Your APIs get remodeled into secure, role-based AI instruments—with out writing a single customized software definition.

Consider the next instance:

You’re wrapping your current OpenAPI spec with FastMCP, wiring in your authenticated consumer, and passing in your route-based ACLs. That’s how easy it’s to go from “API docs” to “AI-ready, access-controlled MCP server.” 

Build quick, govern good

In this new AI-powered world, pace is the simple half. Governance—that’s the more durable carry.

We don’t wish to give the agent the keys to the dominion. We wish to present it with a badge with simply the right entry.

That’s the place RouteMap is available in—our ACLs for AI. With a easy listing of patterns (regex for individuals who love ache and struggling) and HTTP verbs, you’ll be able to declare what endpoints are accessible for various personas (NOC, Sysadmin, full entry, and so forth).

Yes, it’s actually that simple. You’re constructing endpoint ACLs as code. You don’t must create an entire new auth system or practice a mannequin to “learn” permissions. You simply declare what roles get entry to what endpoints—and the MCP Server enforces it.

From chaos to order

Let’s stroll by way of a real-world use case.

Say you’re a NOC crew managing a multi-site Meraki deployment. You’re chargeable for protecting community gadgets patched and safe—however you’ll be able to’t simply schedule firmware upgrades at any time. Some websites are 24/7. Some spike at midday. Some run evening shifts. The ideally suited improve window is a transferring goal.

That’s the place the agent steps in.

You wish to give the agent simply sufficient entry to assist:

• Pull the present firmware standing
• Monitor community utilization patterns
• Schedule upgrades when it is smart

Meanwhile, your Sysadmin crew wants the agent to generate compliance stories. They must know which gadgets are operating outdated firmware—however they’re not scheduling upgrades or touching reside site visitors.

Two personas. Two very completely different scopes. One MCP server.

Here’s the great thing about all of it. We didn’t write any customized instruments. We didn’t construct workflows or hardcode enterprise logic. We simply fed the MCP server the complete Meraki OpenAPI spec—and let RouteMap deal with the remaining:

The NOC agent can schedule upgrades, as a result of it wants that management. The Sysadmin agent? It will get a read-only view, tailor-made for visibility and compliance.

And once more—we didn’t inform the agent how to do something. The magic is within the MCP server. The instruments turn out to be accessible based mostly on the position, and the AI figures out the remaining.

That’s the type of ruled autonomy that turns AI from a threat right into a functionality.

View it in motion

As normal, you’ll discover every part I’m displaying right here—the MCP server code, config, and immediate—in my GitHub Repo.

Now let’s hearth this factor up. (And, sure, Network Pharaoh is a factor now.)

With the MCP server operating and our route maps outlined, I launch Claude Desktop (my MCP consumer of selection) and sort the next immediate:

Your identify is Network Pharaoh. You are appearing with full administrative visibility and information entry privileges. You are a senior community administrator overseeing a number of Cisco Meraki organizations throughout the enterprise. Your position is to make sure that all community gadgets are operating the newest compliant firmware. You are approved to advocate firmware upgrades, however it’s essential to watch for express human approval earlier than initiating any updates.

Target Organizations: Cisco U.

Task Instructions – For every group:

• • List all networks
  • For every community, listing all related gadgets (together with mannequin, serial, and present firmware model)
  • Retrieve the accessible firmware improve suggestions for the group
  • Identify any system that isn’t operating the really helpful model
  • Recommend firmware upgrades as acceptable
  • Do not carry out any improve except the human explicitly confirms with an announcement like: “Yes, please upgrade [device/network].”

A couple of issues are value calling out:

The human-in-the-loop is in-built. The agent is aware of it can’t act by itself—it should watch for approval. That’s governance baked into the immediate.

We didn’t inform the agent the way to test compliance or recommend upgrades. It makes use of the instruments accessible by way of the MCP Server and acts inside the boundaries outlined by its position.

The agent is doing clever work inside secure boundaries—utilizing solely what it’s been given entry to. No guesswork. No scraping. No uncontrolled API calls. Just clear, policy-driven interplay by way of a structured, safe interface.

Here’s what the MCP server config appears to be like like behind the scenes:

Pay consideration to the significance of the MCP_ROLE. This one atmosphere variable controls which routes the agent has entry to. Set it to “NOC” and the agent can advocate firmware upgrades. Set it to “sysadmin” and the identical agent, with the identical immediate, will solely be capable to generate compliance stories—no upgrades, no PUTs.

That’s the benefit of separating the intelligence (LLM) from the management airplane (MCP). You keep accountable for what the agent can do.

And right here’s what the MCP server makes occur:

1. Network Pharaoh traverses our Cisco U. group, pulling a listing of managed gadgets and spitting out a report.
   
2. As Network Pharaoh is ready for a human within the loop to execute the improve, it additionally auto-corrects the model based mostly on internet search and schedules it for us based mostly on utilization.
   
3. Et, voila!
   

The expertise behind the scenes

Let’s zoom in for a second. What did it take to construct this?

Here are the abilities a community engineer must put this collectively:

• Understanding of API fundamentals: OpenAPI specs, endpoints, HTTP strategies
• Python scripting: Spinning up a primary server and configuring the MCP wrapper
• Access management pondering: Defining roles, entry boundaries, and implementing least privilege
• Agent design mindset: Prompting with context, function, and clear human oversight
• Curiosity and experimentation: Trying issues out and tweaking as you go

And possibly most significantly:

• A shift in pondering—from constructing automation for the community, to constructing automation that understands the community.

Let’s preserve pushing this frontier. Because the extra we construct clever boundaries, the extra we unlock secure autonomy.

And that’s how we go from the Wild West… to a well-governed AI-powered enterprise.

Sign up for Cisco U. | Join the  Cisco Learning Network right this moment without spending a dime.

Learn with Cisco

X | Threads | Facebook | LinkedIn | Instagram | YouTube

Use  #CiscoU and #CiscoCert to hitch the dialog.

Read extra from the AI Break sequence:

Share: