A Protocol-First Perspective for Collective AI Intelligence
Author: Olivier Vitrac, PhD, HDR | [email protected] | Adservio Version: 0.62.0 Updated: 2025-12-20
- What MCP Really Is
- Common Misconceptions
- Architecture Principles
- RAGIX MCP Implementation
- Complete Tool Reference
- Deployment Topologies
- Hybrid Backends: Stochastic, Deterministic, and Combined
- Collective Intelligence Patterns
- Frequently Asked Questions
- Related Documentation
Model Context Protocol (MCP) is a standardized communication protocol for tool invocation between AI agents and external services. It defines:
- Message formats for tool discovery, invocation, and response
- Schema conventions for parameter and return type descriptions
- Transport mechanisms (stdio, HTTP, WebSocket)
- Error handling semantics
MCP is NOT:
- An orchestration engine
- A reasoning system
- An execution runtime
- A model hosting solution
Think of MCP like HTTP for the web: HTTP doesn't decide what content to serve or how to render itβit only defines how clients and servers communicate. Similarly, MCP doesn't decide which tools to call or how to interpret resultsβit only standardizes the communication interface.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AI Agent (Orchestrator) β
β Reasoning, Planning, Tool Selection, Memory β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
β MCP Protocol
β (JSON-RPC over stdio/HTTP/WS)
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β MCP Server β
β Tool Registry, Schema Exposure β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
β Native Calls
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Backend Services β
β LLMs, Scripts, APIs, Databases, Kernels, Programs β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
| Layer | Responsibility | Examples |
|---|---|---|
| Orchestration | Decides what to do and when | Claude Code, LangChain, custom agents |
| Protocol (MCP) | Standardizes how to communicate | Tool schemas, invocation format |
| Execution | Performs the actual work | Kernels, scripts, LLM calls, APIs |
Key insight: MCP servers can host any combination of backendsβthe protocol doesn't care whether a tool calls an LLM, runs a shell command, queries a database, or performs pure computation.
Reality: MCP is a communication protocol. The AI reasoning happens in the orchestrating agent (e.g., Claude Code), not in MCP itself. MCP servers are passiveβthey expose tools and respond to invocations.
Reality: MCP is transport-agnostic. RAGIX's MCP server runs 100% locally:
- Local Ollama for LLM inference
- Local file system for workspaces
- Local network for security scans
- No external API calls required
Reality: MCP tools can be:
- Stochastic (LLM): Natural language processing, reasoning
- Deterministic (Scripts): AST parsing, metrics computation, network scanning
- Hybrid: LLM-guided tool selection with deterministic execution
RAGIX intentionally uses deterministic kernels for most operationsβensuring reproducibility, auditability, and predictability.
Reality: Orchestration is the agent's responsibility. MCP only provides:
- Tool discovery (
tools/list) - Tool invocation (
tools/call) - Response formatting
The agent decides which tools to call, in what order, with what parameters, and how to interpret results.
Reality: Multiple MCP servers can collaborate:
- Server A: Code analysis tools
- Server B: Security scanning tools
- Server C: Documentation generation
- Server D: External API integrations
The orchestrating agent can connect to multiple servers simultaneously, enabling distributed collective intelligence.
RAGIX's MCP implementation follows sovereign AI principles:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Your Infrastructure β
β βββββββββββββββ βββββββββββββββ βββββββββββββββββββββββ β
β β Ollama β β RAGIX β β Your Code β β
β β (Local LLM)β β MCP Server β β (Sandboxed) β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββββββββββ β
β β β β β
β ββββββββββββββββββ΄βββββββββββββββββββββ β
β β β
β No External Dependencies β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Benefits:
- Data sovereignty: Code never leaves your machine
- Air-gapped operation: Works without internet
- Auditability: Complete command logs with SHA256 verification
- Reproducibility: Deterministic kernels produce identical outputs
RAGIX separates concerns between:
| Component | Nature | Responsibility |
|---|---|---|
| LLM (Ollama) | Stochastic | Reasoning, planning, natural language |
| Kernels | Deterministic | Computation, analysis, scanning |
| MCP Server | Protocol | Tool exposure, invocation routing |
| Agent | Hybrid | Orchestration, memory, tool selection |
Why this matters: LLMs hallucinate. Kernels don't. By isolating computation in deterministic kernels, we get:
- Reproducible audits
- Verifiable results
- Predictable performance
- Testable components
The Kernel-Orchestrated Audit System exemplifies this architecture:
Stage 1: Data Collection Stage 2: Analysis Stage 3: Reporting
βββββββββββββββββββββββ βββββββββββββββββββββββ βββββββββββββββββββββββ
β ast_scan β β stats_summary β β section_executive β
β metrics β βββΆ β hotspots β βββΆ β section_overview β
β dependency β β coupling β β section_recs β
β partition β β dead_code β β report_assemble β
β services β β entropy β βββββββββββββββββββββββ
β timeline β β risk β
βββββββββββββββββββββββ βββββββββββββββββββββββ
Pure extraction Pure computation Pure generation
(no LLM inside) (no LLM inside) (optional LLM)
File: MCP/ragix_mcp_server.py
Framework: FastMCP (Anthropic MCP SDK)
Lines: ~3,600
from mcp.server.fastmcp import FastMCP
mcp = FastMCP(
name="RAGIX",
instructions="RAGIX is a sovereign Unix-RAG development assistant...",
website_url="https://github.com/ovitrac/RAGIX",
)| Category | Count | Purpose |
|---|---|---|
| Core RAGIX | 11 | Unix-RAG reasoning, search, workflows |
| System | 5 | Model management, AST, system info |
| KOAS Base | 4 | Workspace orchestration |
| KOAS Security | 8 | Network discovery, scanning, compliance |
| KOAS Audit | 8 | Code analysis, metrics, risk assessment |
| Utilities | 2 | Logging, health checks |
Environment Variables:
# Core
UNIX_RAG_SANDBOX=/path/to/project # Sandbox root
UNIX_RAG_MODEL=mistral # Ollama model
UNIX_RAG_PROFILE=dev # Safety profile (strict/dev/unsafe)
# MCP
RAGIX_LOG_LEVEL=INFO # Logging verbosity
OLLAMA_NUM_GPU=1 # GPU allocationProfiles:
| Profile | Description | Use Case |
|---|---|---|
strict |
Read-only, maximum safety | Production audits |
dev |
Normal editing, protected destructive ops | Development |
unsafe |
Minimal restrictions | Expert/testing |
Execute single Unix-RAG reasoning step.
# Parameters
prompt: str # Natural language instruction
# Returns
{
"response": "Analysis complete...",
"last_command": {
"command": "grep -rn 'TODO' src/",
"stdout": "...",
"returncode": 0
}
}Quick project structure overview.
# Parameters
max_depth: int = 4 # Directory recursion depth
include_hidden: bool = False # Include dot files
# Returns
[
{"path": "src/main.py", "size": 1245, "ext": ".py"},
{"path": "docs/README.md", "size": 5432, "ext": ".md"}
]Hybrid BM25 + vector search across codebase.
# Parameters
query: str # Search query
k: int = 10 # Number of results
strategy: str = "rrf" # Fusion strategy
# Returns
{
"query": "database connection",
"results": [
{"file": "db.py", "name": "connect", "score": 0.85}
]
}Read file with size limit.
# Parameters
path: str # Relative path within sandbox
max_bytes: int = 65536 # Maximum bytes to readExecute pre-defined multi-step workflow.
# Parameters
template: str # Workflow name
params: Dict[str, str] # Template parametersList available workflow templates.
Get current RAGIX configuration.
Comprehensive system health status.
Retrieve recent command log entries.
Verify command log integrity using SHA256 chain.
Enhanced Unix-RAG step with optional history persistence.
Extract AST symbols from source code.
# Parameters
path: str # File or directory
language: str = "auto" # python, java, typescript, go, cppCompute code metrics (complexity, LOC, maintainability).
List available Ollama models.
Get detailed model information.
Comprehensive system information (CPU, GPU, memory, disk).
Network host discovery.
# Parameters
target: str # IP, CIDR, or hostname
method: str = "ping" # ping, arp, list
timeout: int = 120 # Scan timeout
workspace: str = "" # Auto-created if empty
# Returns
{
"summary": "Found 12 hosts on 192.168.1.0/24",
"hosts": [{"ip": "192.168.1.1", "hostname": "router", "status": "up"}],
"workspace": "/tmp/koas_security_..."
}Port scanning with preset groups.
# Parameters
target: str = "discovered" # Target or "discovered" keyword
ports: str = "common" # common, web, database, admin, top100, full
detect_services: bool = TruePort Presets:
| Preset | Ports | Use Case |
|---|---|---|
common |
21,22,23,25,53,80,110,143,443,445,3306,3389,5432,8080 | Quick scan |
web |
80,443,8000,8080,8443,8888 | Web servers |
database |
1433,1521,3306,5432,6379,27017 | Database servers |
admin |
22,3389,5900,5985,5986 | Remote admin |
top100 |
Top 100 most common | Comprehensive |
full |
1-65535 | Complete (slow) |
SSL/TLS certificate and cipher analysis.
Vulnerability assessment with nuclei templates.
# Parameters
target: str
severity: str = "all" # critical, high, medium, low, all
templates: str = "" # Custom template selectionDNS enumeration and security record analysis (DNSSEC, SPF, DMARC, DKIM).
Compliance checking against security frameworks.
# Parameters
workspace: str
framework: str = "anssi" # anssi, nist, cis
level: str = "standard" # essential, standard, reinforcedNetwork security risk scoring.
Security assessment report generation.
AST scanning and symbol extraction.
# Parameters
project_path: str
language: str = "auto"
include_tests: bool = False
workspace: str = ""Code metrics analysis (cyclomatic complexity, LOC, maintainability).
Complexity and risk hotspot identification.
Dependency graph analysis and cycle detection.
Dead/unused code detection.
Code risk scoring (Service Life perspective).
Code quality compliance checking.
Comprehensive audit report generation.
Initialize audit workspace.
Execute kernel stages with parallelization.
Get workspace status.
Get stage summaries.
List available kernels.
Get generated report.
βββββββββββββββββββββββββββββββββββββββββββ
β Local Machine β
β βββββββββββ ββββββββββββββββββββ β
β β Claude βββββΆβ RAGIX MCP Server β β
β β Code β ββββββββββ¬ββββββββββ β
β βββββββββββ β β
β ββββββββΌβββββββ β
β β Ollama β β
β β (Local LLM) β β
β βββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββ
Use case: Individual developer, full sovereignty.
βββββββββββββββββββββββββββββββββββββββββββ
β Development Server β
β ββββββββββββββββββββββββββββββββββββ β
β β RAGIX MCP Server β β
β β (Shared workspace, GPU access) β β
β ββββββββββββββββ¬ββββββββββββββββββββ β
β β β
β ββββββββΌβββββββ β
β β Ollama β β
β β (70B+ LLM) β β
β βββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββ
β² β² β²
β β β
ββββββ΄ββββ ββββββ΄ββββ ββββββ΄ββββ
β Dev 1 β β Dev 2 β β Dev 3 β
β(Claude)β β(Claude)β β(Custom)β
ββββββββββ ββββββββββ ββββββββββ
Use case: Team sharing expensive GPU resources.
βββββββββββββββββββ βββββββββββββββββββ
β Local Machine β β Remote Server β
β βββββββββββββ β β βββββββββββββ β
β β MCP Local β β β βMCP Remote β β
β β(Security) β β β β (Compute) β β
β βββββββ¬ββββββ β β βββββββ¬ββββββ β
β β β β β β
β βββββββΌββββββ β β βββββββΌββββββ β
β β Ollama β β β β Ollama β β
β β (7B) β β β β (70B+) β β
β βββββββββββββ β β βββββββββββββ β
βββββββββββββββββββ βββββββββββββββββββ
β² β²
β β
βββββββββββββ¬ββββββββββββ
β
βββββββββΌββββββββ
β Orchestrator β
β (Claude Code) β
βββββββββββββββββ
Use case: Sensitive operations local, heavy compute remote.
βββββββββββββββ βββββββββββββββ βββββββββββββββ
β MCP Server Aβ β MCP Server Bβ β MCP Server Cβ
β Code Audit β β Security β β Docs β
ββββββββ¬βββββββ ββββββββ¬βββββββ ββββββββ¬βββββββ
β β β
ββββββββββββββββββΌβββββββββββββββββ
β
βββββββββΌββββββββ
β Orchestrator β
β (Agent) β
βββββββββββββββββ
Use case: Specialized services collaborating.
Behind every MCP tool is an execution backend. These can be:
| Type | Characteristics | RAGIX Examples |
|---|---|---|
| Stochastic (LLM) | Non-deterministic, creative, may hallucinate | ragix_chat, natural language responses |
| Deterministic (Scripts) | Reproducible, predictable, verifiable | Kernels, AST parsing, metrics |
| Hybrid | LLM for planning, scripts for execution | Unix-RAG pattern |
User: "Analyze my codebase for security issues"
ββ Stochastic Approach (Pure LLM) ββββββββββββββββββββββββββ
β β
β LLM reads code β "I think there might be SQL injection" β
β β
β Problems: β
β - May hallucinate vulnerabilities β
β - Different runs give different results β
β - Cannot verify findings β
β - No audit trail β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ Deterministic Approach (RAGIX Kernels) ββββββββββββββββββ
β β
β Kernel executes β "Found SQL injection at db.py:42" β
β β
β Benefits: β
β - Verifiable: Same code β Same findings β
β - Traceable: Exact file, line, pattern β
β - Auditable: SHA256-verified execution log β
β - Testable: Kernel output is unit-testable β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
RAGIX uses LLMs for reasoning and planning, but delegates execution to deterministic tools:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Unix-RAG Agent β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β 1. LLM receives user query β
β 2. LLM reasons about approach (stochastic) β
β 3. LLM selects tools to call (stochastic) β
β 4. Tools execute commands (DETERMINISTIC) β
β 5. LLM interprets results (stochastic) β
β 6. LLM formulates response (stochastic) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Key: Steps 1-3, 5-6 may vary β
β Step 4 is ALWAYS reproducible β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
| Task | Recommended Backend | Rationale |
|---|---|---|
| Code metrics | Deterministic | Must be reproducible |
| Vulnerability scanning | Deterministic | Legal/compliance requirements |
| Natural language summary | Stochastic | Creativity needed |
| Risk interpretation | Hybrid | Numbers from kernel, prose from LLM |
| Report generation | Hybrid | Structure deterministic, narrative LLM |
MCP tools exchange more than text. RAGIX tools communicate:
| Data Type | Examples | Use Case |
|---|---|---|
| Numbers | Risk scores, complexity metrics, compliance % | Quantitative analysis |
| Graphs | Dependency trees, call graphs, AST | Structural analysis |
| Vectors | Embeddings, feature representations | Semantic search |
| Schemas | JSON schemas, type definitions | Interoperability |
| Binary | Images, compiled artifacts | Visual analysis |
Sequential Pipeline:
discover β scan_ports β ssl_check β compliance β report
β β β β β
ββ hosts ββββ΄ββ ports ββββ΄ββ certs βββ΄β score βββ΄ββΆ Final Report
Parallel Execution:
βββΆ ast_scan βββββββ
β β
discover βββΆ metrics ββββββββΌββΆ risk_analysis
β β
βββΆ dependency βββββ
Conditional Branching:
scan_ports βββ¬ββΆ [port 443 open?] ββΆ ssl_check
β
βββΆ [port 3306 open?] ββΆ db_security_check
Multiple RAGIX instances can collaborate:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Orchestrator Agent β
β (Planning, Coordination, Synthesis) β
ββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββ
β
βββββββββββββββββΌββββββββββββββββ
β β β
βΌ βΌ βΌ
βββββββββββββββ βββββββββββββββ βββββββββββββββ
β RAGIX Node 1β β RAGIX Node 2β β RAGIX Node 3β
β Code Audit β β Security β β Docs β
β β β Scanning β β Generation β
βββββββββββββββ βββββββββββββββ βββββββββββββββ
β β β
βββββββββββββββββ΄ββββββββββββββββ
β
βΌ
Unified Assessment
| Pattern | When to Use | RAGIX Support |
|---|---|---|
| Synchronous | Sequential dependencies | Default execution |
| Asynchronous | Independent parallel tasks | koas_run(parallel=True) |
| Streaming | Long-running operations | WebSocket trace |
| Batch | Multiple similar operations | Workflow templates |
Answer: It depends on your orchestrator.
- With Claude Code/Desktop: Yes, MCP provides the standard interface Claude expects
- With custom scripts: No, you can call tools directly
- For interoperability: Yes, MCP enables tool sharing across different agents
Key insight: MCP adds value through standardization, not through functionality. Your tools work the same wayβMCP just makes them accessible to any MCP-compatible agent.
Answer: Absolutely. MCP is model-agnostic:
βββββββββββββββββββ βββββββββββββββββββ
β Claude API β β RAGIX MCP β
β (Commercial) ββββββΆβ (Local Tools) β
βββββββββββββββββββ βββββββββββββββββββ
βββββββββββββββββββ βββββββββββββββββββ
β Ollama β β RAGIX MCP β
β (Sovereign) ββββββΆβ (Same Tools) β
βββββββββββββββββββ βββββββββββββββββββ
The same MCP server works with both. The orchestrating agent chooses which LLM to use for reasoning.
Answer: RAGIX uses multiple strategies:
- Deterministic kernels: Core computation never uses LLM
- Seed control: Ollama supports temperature=0 for deterministic generation
- Logging: SHA256-verified command logs for audit trails
- Workspace isolation: Each run gets a unique workspace
Answer: Yes, through the orchestrating agent:
# Conceptual: Agent connects to multiple servers
code_server = MCPClient("http://localhost:8080") # Code analysis
security_server = MCPClient("http://server2:8080") # Security scanning
docs_server = MCPClient("http://server3:8080") # Documentation
# Agent orchestrates across servers
code_issues = await code_server.call("koas_audit_scan", ...)
vulns = await security_server.call("koas_security_vuln_scan", ...)
report = await docs_server.call("generate_report", code_issues, vulns)Answer:
| Aspect | RAGIX Tools | KOAS Tools |
|---|---|---|
| Scope | General-purpose Unix-RAG | Structured audit/security |
| Execution | Direct shell commands | Kernel orchestration |
| State | Stateless | Workspace-based |
| Output | Raw command results | Simplified summaries |
KOAS tools are opinionated wrappers that make complex multi-step operations accessible to local LLMs through simplified interfaces.
Answer: Use the FastMCP decorator pattern:
from mcp.server.fastmcp import FastMCP
mcp = FastMCP("my_server")
@mcp.tool()
def my_custom_tool(param1: str, param2: int = 10) -> dict:
"""
Tool description for LLM.
Args:
param1: Description of param1
param2: Description with default
Returns:
Dictionary with results
"""
# Your implementation
return {"result": "..."}Answer: Standardized error responses:
{
"error": "Tool execution failed",
"error_type": "KernelExecutionError",
"details": "nmap not found in PATH",
"suggestions": ["Install nmap: sudo apt install nmap"],
"workspace": "/tmp/koas_security_..." # For debugging
}Kernels never raise exceptions to the MCP layerβall errors are caught and formatted.
Answer: Partially. Core functionality requires an LLM, but:
- KOAS kernels: Work without LLM (pure computation)
- AST tools: Work without LLM (static analysis)
- Search: Vector search needs embeddings (requires model)
For full functionality, Ollama (or compatible API) is recommended.
| Document | Description |
|---|---|
| REASONING.md | Reasoning engines: ContractiveReasoner, Reasoning v30 |
| KOAS.md | Kernel-Orchestrated Audit System details |
| ARCHITECTURE.md | Overall RAGIX architecture |
| API_REFERENCE.md | Complete API documentation |
| Document | Description |
|---|---|
| KOAS_MCP_REFERENCE.md | Detailed KOAS MCP tool reference |
| CLI_GUIDE.md | Command-line interface guide |
| AST_GUIDE.md | AST analysis tools |
| PLAYBOOK_GUIDE.md | Workflow playbooks |
| Document | Description |
|---|---|
| RAGIX_TOOLS_INVENTORY.md | Tool component reference |
| WASP_GUIDE.md | WASP integration guide |
| Resource | URL |
|---|---|
| MCP Specification | https://modelcontextprotocol.io/ |
| Ollama | https://ollama.ai/ |
| RAGIX Repository | https://github.com/ovitrac/RAGIX |
RAGIX Core (11 tools)
βββ ragix_chat # Unix-RAG reasoning step
βββ ragix_scan_repo # Project structure scan
βββ ragix_read_file # File reading
βββ ragix_search # Hybrid search
βββ ragix_workflow # Workflow execution
βββ ragix_templates # List workflows
βββ ragix_config # Configuration
βββ ragix_health # Health check
βββ ragix_logs # Log retrieval
βββ ragix_verify_logs # Log verification
βββ ragix_agent_step # Enhanced reasoning step
System (5 tools)
βββ ragix_ast_scan # AST extraction
βββ ragix_ast_metrics # Code metrics
βββ ragix_models_list # Ollama models
βββ ragix_model_info # Model details
βββ ragix_system_info # System information
KOAS Base (6 tools)
βββ koas_init # Initialize workspace
βββ koas_run # Execute stages
βββ koas_status # Workspace status
βββ koas_summary # Stage summaries
βββ koas_list_kernels # Available kernels
βββ koas_report # Get report
KOAS Security (8 tools)
βββ koas_security_discover # Network discovery
βββ koas_security_scan_ports# Port scanning
βββ koas_security_ssl_check # SSL/TLS analysis
βββ koas_security_vuln_scan # Vulnerability assessment
βββ koas_security_dns_check # DNS enumeration
βββ koas_security_compliance# Framework compliance
βββ koas_security_risk # Risk scoring
βββ koas_security_report # Security report
KOAS Audit (8 tools)
βββ koas_audit_scan # AST scanning
βββ koas_audit_metrics # Code metrics
βββ koas_audit_hotspots # Hotspot identification
βββ koas_audit_dependencies # Dependency analysis
βββ koas_audit_dead_code # Dead code detection
βββ koas_audit_risk # Risk scoring
βββ koas_audit_compliance # Quality compliance
βββ koas_audit_report # Audit report
Document Version: 1.0.0 Last Updated: 2025-12-20 Author: Olivier Vitrac, PhD, HDR | [email protected] | Adservio