The Token Problem

Loading all MCP tool schemas upfront burns context window every turn

❌ Today: All schemas upfront

~50

tool schemas in every request

Unused

Actually called

Every turn pays for schemas the agent never uses. Most conversations touch 2–3 tools.

✅ Better: Zero tool definitions

0

MCP schemas in context

Free space

Actual work

Agent has exec() + a skill file. Discovers and invokes tools via CLI. No schemas burned per turn.

The Stack

Three layers, clear ownership. Agent doesn't know MCP exists.

🖥️ Clippy

Has exec() + system prompt skill. Shells out to mcp-cli. Knows nothing about MCP.

• UX / conversation • Tool selection via search

↓ exec("mcp-cli search ...")

⚡ mcp-cli

Session lifecycle, format translation, tool invocation. Keeps servers warm. Talks MCP to servers.

• MCP sessions • Registry → config translation • Transparent provisioning

↓ odr mcp list / odr mcp --proxy

🛡️ ODR

Discovery, containment, agent user provisioning, IT policy, audit. Source of truth for what servers exist.

• Server registry • Sandboxed execution • Agent user lifecycle • Enterprise policy

↓ contained (MSIX) / uncontained (MCPB)

📦 MCP Servers

Contained servers run as agent user in separate NT session. Uncontained run as user (dev mode only).

• Tool implementation • Server-side state

What's Built vs. What's Needed

Most of the stack exists. A few integration points to close.

🔍

Server discovery

odr mcp list / odr mcp search — MCP Registry format

ODR

Shipped

🛡️

Containment + provisioning

Agent user in separate NT session, MSIX sandboxing, IT admin controls

ODR

Shipped

⚡

Tool invocation + sessions

MCP JSON-RPC (stdio/SSE), stateful sessions, persistent connections

MCP-CLI

Shipped

🔄

Registry → config translation

Map ODR's MCP Registry JSON to mcp-cli's config format + annotate containment

MCP-CLI

Needed

🤖

Transparent provisioning

Auto-provision agent user on first call to contained server (detect via package_family_name)

MCP-CLI

Needed

📝

Clippy skill file

System prompt telling agent how to use mcp-cli (search, call-tool). No MCP concepts.

CLIPPY

Needed

⚠️ Scope: This covers simple tool calls (request → response). Async tasks, streaming, subscriptions, and MCP prompts/resources are out of scope for v1.

Platform Strategy

Ship fast on Windows, bridge on Mac/Linux, converge on ODR everywhere

Ship Now

Windows: ODR + mcp-cli

✓ ODR handles discovery, containment, policy
✓ mcp-cli handles sessions + lifecycle
✓ Clippy execs mcp-cli via skill file
✓ Sandboxed, auditable, enterprise-ready
✓ Most pieces already built

Bridge → Converge

Mac / Linux

✓ mcp-cli standalone (today)
✓ Same skill file, same CLI interface
✓ mcp-cli manages its own server list
→ ODR cross-platform (future)
→ mcp-cli becomes ODR client everywhere
→ Same security model on all platforms

Clippy doesn't care which platform it's on. Same exec() + same skill file + same mcp-cli interface. Platform differences are hidden below mcp-cli.