Home Exam InfoDomain 02

Tool Design & MCP Integration

How to design tool surfaces, schemas, and MCP servers so Claude selects the right action, passes correct arguments, and recovers gracefully from errors.

Section 01

Study Guide

Long-form notes and references.

This study guide provides a comprehensive synthesis of Domain 2 for the Claude Certified Architect — Foundations exam. The core philosophy of this domain is that a Tool serves as a critical interface between the probabilistic world of the model and the deterministic world of code. High-quality agent performance is determined by how well the tool's name, description, schema, output, and security permissions are engineered.

North Star

A tool is the contract between probabilistic reasoning and deterministic infrastructure — name, description, schema, output, and permissions are all behavioral surface area for the model.

Glossary of Key Terms

Allow-list: A security model where only specifically permitted actions or entities are allowed; more secure than a deny-list.
Async Polling Pattern: A design where a tool returns a job_id for long-running tasks, and the agent polls for completion via a status-check tool.
Capability-Based Security: A security philosophy where access is restricted at the infrastructure / capability level rather than through prompts.
Data Minimization: The practice of returning only the specific fields and data points necessary for the model to complete its current task.
Dynamic Provisioning: Selecting and presenting a subset of available tools to the model based on the specific context of the request.
Idempotency Key: A unique identifier ensuring an operation (like a transaction) is executed only once, even if the request is retried.
is_error: true: An official MCP flag used to signify that a tool execution has failed in a way the model can structurally recognize.
MCP (Model Context Protocol): Anthropic's protocol for defining tools and resources as external services for AI models.
POLA (Principle of Least Authority): A security principle stating a tool should have only the minimum permissions necessary to perform its function.
Schema Constraints: Parameters within a JSON schema (like maxLength or enum) that enforce the shape and type of data the model can provide.
Tool Shadowing: Confusion caused when the model cannot distinguish between tools due to overlapping names or vague descriptions.
Top-K Ranking: A technique of returning only the most relevant K results to maintain context efficiency.
Typed Envelope: A standardized structure for tool outputs that includes status flags, content types, and error categories.

← Previous

Agentic Architecture

Claude Code

Tool Design & MCP Integration

Study Guide

Tool Description as a Mini-Prompt

is_error: true and Structural Failure Signals

Tool Shadowing & Discriminative Naming

Top-K Ranking vs Returning Full Datasets

Idempotent Payment Tool Design

Allow-list vs Deny-list vs Prompt Instruction

API Credentials & Tool Parameters

Dynamic Tool Provisioning

Async Polling for High-Latency Tools

Structural Constraints vs Behavioral Hints

Glossary of Key Terms

Tool Design & MCP Integration

Study Guide

01Tool Description as a Mini-PromptWhy is a tool description considered a “mini-prompt,” and what four questions should it ideally answer?

Tool Description as a Mini-Prompt

02is_error: true and Structural Failure SignalsHow does the `is_error: true` flag in the MCP protocol improve agent reliability?

is_error: true and Structural Failure Signals

03Tool Shadowing & Discriminative NamingWhat is “tool shadowing,” and how can discriminative naming resolve it?

Tool Shadowing & Discriminative Naming

04Top-K Ranking vs Returning Full DatasetsIn the context of tool output, why is Top-K ranking preferred over returning a complete dataset?

Top-K Ranking vs Returning Full Datasets

05Idempotent Payment Tool DesignDescribe the technical implementation of an idempotent tool design for a payment system.

Idempotent Payment Tool Design

06Allow-list vs Deny-list vs Prompt InstructionWhy is an “allow-list” superior to a “deny-list” or a “system prompt instruction” for tool security?

Allow-list vs Deny-list vs Prompt Instruction

07API Credentials & Tool ParametersWhere should API credentials be stored and passed, and why must they be excluded from tool parameters?

API Credentials & Tool Parameters

08Dynamic Tool ProvisioningExplain the concept of “Dynamic Tool Provisioning” and its impact on selection accuracy.

Dynamic Tool Provisioning

09Async Polling for High-Latency ToolsHow should an architect design a tool that interacts with a legacy database with a 15-second latency?

Async Polling for High-Latency Tools

10Structural Constraints vs Behavioral HintsWhat is the difference between a “structural constraint” and a “behavioral hint” in tool design?

Structural Constraints vs Behavioral Hints

Glossary of Key Terms