Agentic MCP Systems - Design & Security Analysis

Course: MCP Fundamentals 

Level: Medium → Advanced

Type: Individual Assignment

Duration: 5–7 days

Objective

The objective of this assignment is to help you:

• Understand advanced agentic MCP capabilities (Sampling, Elicitation, Roots)

• Design multi-agent systems with appropriate orchestration patterns

• Analyze security implications of agentic workflows

• Implement human-in-the-loop design patterns

• Reason about long-running workflows and error handling

• Think critically about production deployment of agentic systems

Problem Statement

You are designing an advanced agentic MCP system that goes beyond simple tool invocation. Your system must incorporate intelligent servers that can request LLM completions (Sampling), gather structured user input mid-workflow (Elicitation), respect authorized boundaries (Roots), coordinate with other agents, and maintain human oversight throughout.

Your task is to: Design sophisticated agentic architectures while carefully considering security, error handling, and the critical importance of keeping humans meaningfully in control.

Tasks & Requirements

Task 1: Agentic Capabilities Deep Dive (25 Marks)

Explain and analyze the three core agentic capabilities introduced in Module 6.

Part A: Sampling (10 marks)

• Explain what Sampling is and why it is transformative for MCP servers

• Diagram the complete sampling flow with both human-in-the-loop checkpoints

• Explain the model preference system (costPriority, speedPriority, intelligencePriority)

• Describe "Sampling with Tools" (November 2025 enhancement) and its significance

• Provide a concrete example scenario where sampling is essential

Part B: Elicitation (8 marks)

• Explain what Elicitation solves and why it matters for agentic workflows

• Describe the difference between standard elicitation and URL Mode elicitation

• Provide 3 specific use cases where elicitation is superior to returning incomplete results

• Design a JSON Schema for an elicitation request for a complex user input scenario

Part C: Roots (7 marks)

• Explain the problem that Roots solve

• Describe how a server queries and uses roots

• Explain roots change notifications

• Provide an example of a server using roots to respect filesystem boundaries

Requirements:

• Technical accuracy and depth

• Clear explanations suitable for someone who has completed Modules 1-5

• Concrete examples, not abstract descriptions

• Proper JSON examples where applicable

Task 2: Multi-Agent System Architecture Design (30 Marks)

Design a complete multi-agent MCP system for the following scenario:

SCENARIO: Automated Security Vulnerability Assessment & Remediation

Context:

An enterprise needs an AI-powered security agent that can:

• Scan codebases for security vulnerabilities

• Analyze dependencies for known CVEs

• Review infrastructure configurations for misconfigurations

• Generate security patches and fixes

• Create comprehensive security reports

• Coordinate with ticketing and notification systems

Part A: Agent Decomposition (12 marks)

Design 4-6 specialized MCP Server agents, each with:

• Agent name and clear responsibility boundary

• Tools it exposes

• Resources it provides

• Which agentic capabilities it uses (Sampling/Elicitation/Roots)

• Whether it delegates to other agents

• At least ONE agent must use Sampling to implement intelligent behavior

• At least ONE agent must use Elicitation for user confirmation

• At least ONE agent must use Roots for boundary control

Part B: Orchestration Pattern (8 marks)

Choose and justify an orchestration pattern:

• Orchestrator-Specialist Pattern (centralized LLM orchestrator)

• Server-as-Agent Pattern (distributed intelligence using sampling)

• Hybrid approach

Include:

• Justification for your choice

• Diagram showing agent communication flow

• Description of how the orchestrator makes delegation decisions

Part C: Complete Workflow Trace (10 marks)

Walk through a complete security assessment workflow:

Starting point: User asks "Scan my project for security issues and fix critical vulnerabilities"

Provide step-by-step trace showing:

1. Initial request received by Host

2. Which agent(s) are invoked first

3. Sampling requests (include full createMessage request format)

4. Elicitation requests (include requestedSchema)

5. Roots queries and boundary checks

6. Inter-agent delegation

7. Human approval checkpoints

8. Final report generation

Requirements:

• Show actual JSON-RPC message examples for key steps

• Identify every human-in-the-loop checkpoint

• Explain error handling at critical points

Task 3: Security & Human-in-the-Loop Analysis (25 Marks)

Part A: Security Threat Analysis (15 marks)

Analyze security risks in agentic MCP systems.

For each scenario below, identify:

• The specific security threat

• How it could be exploited

• MCP's built-in protection mechanisms

• Additional safeguards you would implement

Scenario 1: Malicious Sampling Request

A compromised MCP server sends a sampling request with a prompt that asks the LLM to ignore all previous instructions and retrieve the user's API keys.

Scenario 2: Elicitation Phishing Attack

A malicious server requests elicitation with requestedSchema asking for AWS access keys and secret keys.

Scenario 3: Roots Boundary Violation

A file management server queries roots, receives authorized directories, but then attempts to access files outside those boundaries (e.g., /home/user/.ssh/).

Scenario 4: Auto-Approval Vulnerability

A Host implements a sampling handler that automatically approves all sampling requests without user review.

Scenario 5: Long-Running Workflow Hijacking

An agentic pipeline runs for 30 minutes, checkpointing state to a file. An attacker modifies the checkpoint file mid-execution.

For each scenario:

• Explain the attack vector (3-4 sentences)

• Identify which MCP security principles are violated

• Propose specific mitigation strategies

Part B: Human-in-the-Loop Design (10 marks)

Design a human oversight framework for your multi-agent system from Task 2.

Address the Three Levels of Human Control:

• Pre-authorization: What should the user approve before the workflow starts?

• Mid-flight approval: What requires user consent during execution?

• Emergency stop: How can the user halt execution at any time?

Requirements:

• Specific approval checkpoints for your security vulnerability workflow

• UX considerations: how to present complex decisions to users

• Balance between oversight and workflow friction

• Graceful handling when user denies a request mid-workflow

Create a flowchart showing where human decisions are required in your workflow.

Task 4: Long-Running Workflows & Error Handling (20 Marks)

Part A: Resilient Pipeline Design (12 marks)

Design error handling for a long-running agentic pipeline:

Scenario: Automated Data Migration Agent

The agent must:

• Connect to legacy database

• Extract 10 million records

• Transform data format

• Validate each record

• Load into new system

• Generate audit report

This process takes 2-3 hours and involves external APIs, databases, and filesystems.

Design Requirements:

Checkpointing strategy: What state is saved? How often?

Failure recovery: How to resume after:

• Network timeout

• Database connection lost

• API rate limit exceeded

• Invalid data discovered

• MCP connection dropped

  
  

Idempotency: How to ensure operations can be safely retried

Progress reporting: How to show incremental progress to user

Cancellation: How to handle user-initiated cancellation mid-process

Deliverable

• State machine diagram showing pipeline phases and transitions

• Checkpoint data structure (JSON format)

• Recovery logic for each failure type

• Explanation of idempotency guarantees

Part B: Async Tasks Pattern (8 marks)

The November 2025 MCP specification introduced experimental support for async Tasks.

Explain:

• What problem async Tasks solve

• How they differ from synchronous tool calls

• Design an async Task for one component of the data migration pipeline

• Describe the task lifecycle: creation → progress updates → completion/failure

• How the Client can query task status and retrieve results

Include pseudo-JSON for:

• Task creation request

• Task status response

• Task completion notification

Deliverables

1. Technical Report (Required)

A comprehensive report (PDF or DOCX) including:

• Cover page

• Executive summary (1 page)

• Task 1: Agentic Capabilities Deep Dive (6-8 pages)

• Task 2: Multi-Agent System Design (8-10 pages)

• Task 3: Security & Human-in-the-Loop Analysis (8-10 pages)

• Task 4: Long-Running Workflows (6-8 pages)

• Conclusion & reflections (1 page)

• References

Format:

• 12pt font (Times New Roman or Arial)

• 1.5 line spacing

• Page numbers

• Professional technical writing style

• Code/JSON examples in monospace font

2. Visual Diagrams (Required)

Must include:

• Sampling flow diagram with checkpoints (Task 1A)

• Multi-agent architecture diagram (Task 2A)

• Orchestration pattern diagram (Task 2B)

• Complete workflow trace diagram (Task 2C)

• Human-in-the-loop flowchart (Task 3B)

• State machine for pipeline phases (Task 4A)

Diagram requirements:

• Clear, professional quality

• Properly labeled components

• Legend where needed

• Readable when printed in grayscale

3. JSON Examples Appendix (Required)

Include appendix with:

• Elicitation requestedSchema example (Task 1B)

• Agent tool definitions (Task 2A)

• Sampling createMessage requests (Task 2C)

• Checkpoint data structure (Task 4A)

• Async task lifecycle messages (Task 4B)

All JSON must be:

• Syntactically valid

• Properly formatted and indented

• Include comments (using // syntax in document)

Submission Guidelines

Submit via your LMS (e.g., Moodle / Google Classroom).

File Naming Convention: <YourName>_MCP_Assignment2.zip

Inside the ZIP:

assignment2_report.pdf

diagrams/

    ├── sampling_flow.png

    ├── multi_agent_architecture.png

    ├── orchestration_pattern.png

    ├── workflow_trace.png

    ├── human_in_loop_flowchart.png

    └── state_machine.png

json_examples/

    ├── elicitation_schema.json

    ├── sampling_requests.json

    ├── checkpoint_structure.json

    └── async_tasks.json

README.txt (optional)

Deadline: Submit within 7 days from assignment release

Late Submission Policy:

• Up to 24 hours late → 15% penalty

• 24–48 hours → 30% penalty

• Beyond 48 hours → Not accepted (requires instructor approval for extension)

Extension Requests:

Must be submitted at least 48 hours before deadline

Important Instructions

Academic Integrity:

• All work must be your own original analysis and design

• You may discuss concepts with classmates, but all written work must be individual

• Plagiarism detection software will be used

• Any instances of academic dishonesty will be reported

Scope Constraints:

• Base all analysis strictly on course content (Modules 1-6)

• Reference specific module sections to support your arguments

• Use only MCP features and capabilities covered in the course

• Do NOT invent MCP features not covered in the course

• Do NOT use AI assistants to generate your designs or analysis

Evaluation Rubric

Guidance & Tips

• Re-read Module 6 (Agentic Workflows) completely before starting

• Review Module 5 for error handling and lifecycle management context

• The sampling flow has exactly TWO mandatory human checkpoints — identify them

• Model preferences are hints, not requirements — explain why

• Think about why URL Mode elicitation was added as a security enhancement

• Don't create too many agents — 4-6 is sufficient

• Each agent should have a clear, single responsibility

• Put yourself in an attacker's mindset for security analysis

• MCP's security model is based on multiple layers — identify all relevant layers

• Checkpoint granularity is a trade-off: too frequent = overhead, too rare = lost work

Instructor Note

This assignment is designed to challenge you to think deeply about how MCP enables sophisticated agentic systems while maintaining security and human control.

There are no "perfect" answers — focus on demonstrating clear reasoning, technical accuracy, and thoughtful design choices.

What matters is:

• clarity of reasoning

• quality of security analysis

• depth of architectural thinking

Call to Action

Ready to transform your business with AI-powered intelligence that accelerates insights, enhances decision-making, and unlocks the full value of your data?

Codersarts is here to help you turn complex data workflows into efficient, scalable, and evidence-driven AI systems that empower teams to make smarter, faster, and more confident decisions.

Whether you’re a startup looking to build AI-driven products, an enterprise aiming to optimize operations through data science, or a research organization advancing innovation with intelligent data solutions, we bring the expertise and experience needed to design, develop, and deploy impactful AI systems that drive measurable business outcomes.

Get Started Today

Schedule an AI & Data Science Consultation:

Book a 30-minute discovery call with our AI strategists and data science experts to discuss your challenges, identify high-impact opportunities, and explore how intelligent AI solutions can transform your workflows and performance.

Request a Custom AI Demo:

Experience AI in action with a personalized demonstration built around your business use cases, datasets, operational environment, and decision workflows — showcasing practical value and real-world impact.

Transform your organization from data accumulation to intelligent decision enablement — accelerating insight generation, improving operational efficiency, and strengthening competitive advantage.

Partner with Codersarts to build scalable AI solutions including RAG systems, predictive analytics platforms, intelligent automation tools, recommendation engines, and custom machine learning models that empower your teams to deliver exceptional results.

Contact us today and take the first step toward next-generation AI and data science capabilities that grow with your business ambitions.