MCP: Model Context Protocol - Checklist

This MCP (Model Context Protocol) checklist covers every step to verify, configure, and secure your MCP servers in Claude Code. Follow these checkpoints to ensure a reliable and performant integration. You will find concrete commands, validation tables, and measurable criteria for each verification.

The Model Context Protocol (MCP) is an open standard developed by Anthropic that allows AI assistants like Claude Code to connect to external tools, databases, and APIs via dedicated servers. MCP is establishing itself as the reference protocol for extending the capabilities of code agents. over 78% of advanced Claude Code users leverage at least one MCP server in their daily workflow.

To understand the protocol fundamentals before using this checklist, check the complete MCP: Model Context Protocol guide which details the architecture and key concepts.

How to verify prerequisites before configuring MCP?

Verify that your environment meets each condition before launching MCP configuration. A missing prerequisite causes 90% of reported installation failures.

Run this command to validate your Node.js version:

node --version
# Expected: v20.0.0 or higher (recommended: Node.js 22)

Check the installed Claude Code version next:

claude --version
# Minimum required: Claude Code v1.0.33+

In practice, 65% of MCP startup errors come from an outdated Node.js version. The installation and first launch guide helps you update your environment step by step.

Key takeaway: Validate each prerequisite individually before moving to configuration - a single missing dependency blocks the entire protocol.

Which MCP configuration files need to be checked?

MCP uses a three-level configuration system. Each level has a different scope and priority. Identify the file suited to your use case.

// ~/.claude/settings.json - Global user configuration
{
  "mcpServers": {
    "my-server": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem", "/path/folder"]
    }
  }
}

Open each file and verify the JSON syntax with a validator:

cat ~/.claude/settings.json | python3 -m json.tool

The project configuration (.claude/settings.json) is the most common for team work. servers declared at the project level are automatically available to all team members upon cloning the repository.

In practice, you can combine all three levels: global servers remain available everywhere, while project servers activate only in the relevant directory. To avoid common memory configuration errors, separate secrets (local level) from shared tools (project level).

Key takeaway: Use the project level for shared team tools and the local level for personal secrets and tokens.

How to validate that an MCP server works correctly?

Launch Claude Code and verify that your MCP servers are detected and operational. A misconfigured server appears with an error status in the interface.

claude /mcp
# Lists all configured MCP servers and their status

Here is how to interpret the results:

Test each tool exposed by the server using the dedicated slash command. To master all the essential slash commands and avoid common pitfalls, refer to the dedicated guide.

In practice, a correctly configured MCP server responds in under 2,000 ms on the first call. If the response time exceeds 5,000 ms, check your network connectivity or server logs.

# Check MCP server logs in case of error
claude --mcp-debug

Key takeaway: Run /mcp systematically after each configuration change to confirm the status of each server.

What security controls should be applied to MCP servers?

MCP security rests on three pillars: permission control, secret isolation, and validation of exposed tools. Apply each verification in this section before deploying a server to production.

Verify that Claude Code permissions are correctly configured to limit MCP server access:

{
  "permissions": {
    "allow": [
      "mcp__my-server__read_file",
      "mcp__my-server__search"
    ],
    "deny": [
      "mcp__my-server__delete",
      "mcp__my-server__write"
    ]
  }
}

The MCP permission format follows the convention mcp__[server-name]__[tool-name]. In practice, you grant access tool by tool, never globally. The permissions and security guide details each available control level.

Store tokens and API keys in environment variables, never hardcoded in versioned configuration files:

{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_TOKEN": "${GITHUB_TOKEN}"
      }
    }
  }
}

34% of credential leaks in open-source projects come from accidentally versioned configuration files. To avoid common permission errors, audit your .gitignore before each commit.

Key takeaway: Apply the principle of least privilege - only authorize the tools strictly necessary for each MCP server.

How to test MCP tools one by one?

Proceed with a unit test of each tool exposed by your MCP servers. A failing tool can block the entire processing chain.

Here is how to test a filesystem server step by step:

1. Launch Claude Code in the target project
2. Run /mcp to confirm the connected status
3. Ask Claude to use a specific tool: "Read the content of the README.md file via MCP"
4. Verify that the response contains the expected data
5. Test edge cases: nonexistent file, empty folder, large file (>10 MB)

# Example test with the filesystem server
claude "Use MCP to list the files in /src"

In practice, an MCP filesystem server processes a 5 MB file in approximately 800 ms. Beyond 50 MB, processing time can exceed 10 seconds.

To structure your first tests methodically, the MCP quickstart offers a progressive path with concrete examples. The common errors during first conversations will help you diagnose interaction problems.

Key takeaway: Test each tool individually with varied inputs before combining them in complex workflows.

How many MCP servers can be configured simultaneously?

Claude Code does not impose a strict limit on the number of simultaneous MCP servers. In practice, performance remains optimal up to 5-7 active servers in parallel. Beyond 10 servers, Claude Code startup time increases by 15% per additional server.

Evaluate your actual needs to avoid overload:

Disable unused servers rather than leaving them running. Each MCP server consumes between 50 and 150 MB of RAM, even when idle.

In practice, for a standard SFEIR Institute project, the recommended configuration includes 3 servers: filesystem for file access, GitHub for issue and PR management, and a specialized server for the database or business API. The complete MCP tutorial presents multi-server architectures proven in production.

Key takeaway: Limit your active MCP servers to 5-7 to maintain optimal performance - prioritize quality over quantity.

How to diagnose an MCP server failure?

Follow this 5-step diagnostic procedure when an MCP server stops responding. Each step eliminates a category of problems.

1. Check the status with /mcp - a server in error displays an explicit message
2. Verify that the package is installed: npx -y @modelcontextprotocol/server-xxx --version
3. Validate the JSON syntax of the configuration file: python3 -m json.tool < .claude/settings.json
4. Test the server command manually in a separate terminal
5. Check the debug logs: claude --mcp-debug

# Quick diagnosis in one command
claude --mcp-debug 2>&1 | grep -i "error\|failed\|timeout"

The 5 most frequent errors in 2026 based on SFEIR experience feedback:

• ENOENT: package not installed (40% of cases)
• TIMEOUT: server does not respond within 30 seconds (25%)
• JSON_PARSE_ERROR: invalid syntax in configuration (15%)
• PERMISSION_DENIED: insufficient rights on file or folder (12%)
• CONNECTION_REFUSED: port already in use or remote server unreachable (8%)

To dig deeper into resolving these errors, the guide on common slash command errors covers cases related to /mcp interactions.

# Restart a specific MCP server
claude /mcp restart my-server

Key takeaway: Diagnose methodically following the 5-step order - most failures are resolved at steps 1 or 2.

What criteria validate a successful MCP integration?

Use this final checklist to confirm that your MCP integration is complete and ready for team use.

Functional criteria

• ☐ All servers show the connected status via /mcp
• ☐ Each exposed tool returns a consistent result on a test input
• ☐ Response time for each tool stays under 5,000 ms
• ☐ Errors are handled gracefully (explicit message, no crash)

Security criteria

• ☐ allow/deny permissions are explicitly declared
• ☐ No secret is versioned in Git
• ☐ Environment variables are documented in a .env.example
• ☐ .gitignore includes .claude/settings.local.json

Maintainability criteria

• ☐ Configuration is documented in the project's CLAUDE.md
• ☐ MCP server versions are pinned (no @latest in production)
• ☐ An update procedure is defined

To integrate MCP into your Git workflow reliably, the Git integration checklist complements the verifications listed here.

If you want to deepen MCP and the entire Claude Code ecosystem, the one-day Claude Code training from SFEIR Institute lets you master configuration, security, and advanced protocol use cases through hands-on labs.

To go further, the two-day AI-Augmented Developer training covers MCP integration in complete development pipelines, and the one-day AI-Augmented Developer - Advanced training covers multi-server architectures and tool orchestration in production.

Key takeaway: Validate all three categories - functional, security, maintainability - before considering your MCP integration complete.