We Built an MCP Server. Here's Why the CLI Matters More.

The ThoughtWorks Technology Radar Volume 32 put "MCP by default" in their Caution ring. Their argument is precise: MCP adds real value for structured tool contracts, OAuth-based authentication boundaries, and governed multi-tenant access. It also introduces what Justin Poehnelt calls an "abstraction tax" — every protocol layer between an agent and an API loses fidelity, and for complex APIs those losses compound.

Simon Willison sharpens it further: "almost everything I might achieve with an MCP can be handled by a CLI tool instead."

We build an open-source cloud security reasoning engine called Stave. We have an MCP server. We also have a CLI. And the CLI is the integration surface that matters. Here's why — and the architectural pattern that made the decision easy.

The abstraction tax in practice

MCP is a protocol. It handles discovery (what tools exist), invocation (call this tool with these parameters), and transport (stdio, SSE, HTTP). For an AI agent that needs to find and use tools dynamically across multiple servers maintained by different teams, this is genuine value. The discovery problem alone justifies the protocol in multi-vendor environments.