spec v0.1
EN

Examples

Examples by Industry

The same architecture principle in different domains, Real Estate, Payroll, DevOps, CRM, and Support show what MCP-first capabilities look like in practice.

The pattern is always the same: first describe the system’s capabilities, then build interfaces on top. The domain changes, the structure of resources, tools, and risk classes remains identical. The following examples show what MCP-first looks like in concrete terms across different industries.

Real Estate

A classic real estate software thinks in surfaces: project list, contact management, exposé page, email view, reminder modal. MCP-first inverts this, capabilities come first, then the web app as a client on top of the same actions.

Classic

  1. Project list
  2. Contact management
  3. Exposé page
  4. Email view
  5. Reminder modal

MCP-first

  1. projects.list_active
  2. contacts.search_buyers
  3. exposes.generate_download_link
  4. emails.send_project_email
  5. deals.recommend_next_action

The web app calls the same actions as the agent. There is no separate agent logic, the capability layer is the shared core for both.

Tools
  • projects.list_active Low
  • projects.get_context Low
  • contacts.search_buyers Low
  • contacts.get_purchase_profile Low
  • exposes.generate_download_link Medium
  • emails.create_project_draft Medium
  • calendar.find_free_slot Low
  • calendar.create_buyer_meeting Medium
  • reminders.create_follow_up Low
  • emails.send_project_email Critical
  • deals.recommend_next_action Low

Payroll & HR

Payroll systems manage some of the most sensitive data in a company. MCP-first clearly separates what an agent may read, what it may prepare, and what is executed exclusively after explicit approval.

Resources
  • employees.list Low
  • employees.get Medium
  • payroll_runs.list Medium
  • payroll_runs.get Medium
  • documents.list_missing Low
  • absences.list Low
  • contracts.get Medium
Tools
  • employees.create Medium
  • employees.update Medium
  • documents.request_missing Low
  • payroll.validate_run Medium
  • payroll.explain_difference Low
  • payroll.generate_report Medium
  • absences.approve Medium
  • salary.read Restricted
  • payroll.export Critical
  • salary.change Critical

Risk levels at a glance:

  • Low employee.basic.read, master data, unproblematic for the agent
  • Restricted salary.read, only with additional approval, restricted sharing
  • Critical payroll.export, always confirmation, audit event
  • Critical salary.change, step-up auth + four-eyes principle recommended

DevOps

A DevOps control panel manages infrastructure, deployments, and secrets. The risk classes are especially important here: reading logs is harmless, reading secrets is forbidden.

Resources
  • projects.list Low
  • deployments.list Low
  • services.status Low
  • logs.query Medium
  • metrics.get Low
  • secrets.list_metadata Medium
Tools
  • deployments.create High
  • deployments.rollback High
  • services.restart High
  • dns.create_record High
  • ssl.issue_certificate Medium
  • firewall.update_rule Critical
  • secrets.rotate Critical
  • secrets.read Forbidden for AI

Risk levels at a glance:

  • Medium logs.query, autonomous execution permitted, scope limited
  • High deployment.create / rollback, confirmation required
  • Critical secrets.rotate / firewall.update_rule, always step-up auth
  • Forbidden for AI secrets.read, not reachable for agents

CRM & Sales

A sales assistant needs access to contacts, deals, and communication, but not to system permissions, billing, or tenant management. MCP-first ensures the agent sees exactly the capabilities it needs for its assignment.

Resources
  • contacts.list Low
  • contacts.search Low
  • contacts.timeline Low
  • contacts.communication_history Medium
  • companies.get Low
  • deals.list_active Low
Tools
  • contacts.search Low
  • contacts.add_note Low
  • reminders.create Low
  • deals.recommend_next_action Low
  • emails.create_draft Medium
  • calendar.create_event Medium
  • emails.send_external Critical

The agent may create drafts, add notes, recommend next steps, and prepare appointments. External emails are Critical, the human confirms the send, regardless of how unambiguous the context is.

Support

A support agent primarily needs rich read access: ticket history, context data, previous communication. Write actions are limited to drafts and internal notes, until explicit approval.

Resources
  • tickets.list_open Low
  • tickets.get Low
  • tickets.thread Low
  • contacts.get Low
  • contacts.timeline Low
  • emails.thread Medium
  • communications.timeline Low
Tools
  • tickets.get_context Low
  • contacts.search Low
  • tickets.add_internal_note Low
  • emails.create_draft Medium
  • tickets.update_status Medium
  • tickets.assign Medium
  • emails.send_external Critical

The support agent gathers context, suggests responses, and adds internal notes. As soon as a response is to go externally, the same principle applies as everywhere: the human confirms, the agent prepares.