PluginBench
Skill
Review
Audit score 70

langchain4j-mcp-server-patterns

giuseppe-trisciuoglio/developer-kit

How to install langchain4j-mcp-server-patterns

npx skills add https://github.com/giuseppe-trisciuoglio/developer-kit --skill langchain4j-mcp-server-patterns
Claude Code
Cursor
Windsurf
Cline
Full instructions (SKILL.md)

Source of truth, from giuseppe-trisciuoglio/developer-kit.


name: langchain4j-mcp-server-patterns description: Provides LangChain4j patterns for implementing MCP (Model Context Protocol) servers, creating Java AI tools, exposing tool calling capabilities, and integrating MCP clients with AI services. Use when building a Java MCP server, implementing tool calling in Java, connecting LangChain4j to external MCP servers, or securing tool exposure for agent workflows. allowed-tools: Read, Write, Edit, Bash, Glob, Grep, WebFetch

LangChain4j MCP Server Implementation Patterns

Overview

Use this skill to design and implement Model Context Protocol (MCP) integrations with LangChain4j.

The main concerns are:

  • defining a clean tool, resource, and prompt surface
  • choosing the right transport and bootstrap model
  • filtering unsafe capabilities before exposing them to agents or applications

Keep SKILL.md focused on the implementation flow. Use the bundled references for expanded examples and API-level detail.

When to Use

Use this skill when:

  • building a Java MCP server that exposes tools, resources, or prompts
  • integrating LangChain4j with one or more external MCP servers
  • wiring MCP support into a Spring Boot application
  • filtering available tools by tenant, user role, or runtime context
  • adding observability, resilience, and safe failure handling around MCP interactions
  • reviewing an MCP integration for prompt-injection and side-effect risks

Typical trigger phrases include langchain4j mcp, java mcp server, mcp tool provider, spring boot mcp, and connect langchain4j to mcp.

Instructions

1. Design the MCP surface before writing code

Decide what the server should expose:

  • tools for actions with clear inputs and side effects
  • resources for read-only or structured data access
  • prompts only when a reusable template adds real value

Keep names stable, descriptions concrete, and schemas small enough for a client or model to understand quickly.

2. Implement providers with narrow responsibilities

Use separate classes for each concern:

  • tool provider for executable functions
  • resource provider for discoverable and readable data
  • prompt provider for reusable prompt templates

Validate arguments before execution and return clear error messages for invalid input or unavailable dependencies.

3. Choose the transport intentionally

Use:

  • stdio for local integrations, CLI tools, and sidecar processes
  • HTTP or SSE for remote or shared services

Pin external server versions and document how the process is started, authenticated, and monitored.

4. Bridge MCP into LangChain4j carefully

When consuming MCP servers from LangChain4j:

  • initialize clients during application startup
  • cache tool lists only when stale metadata is acceptable
  • filter tools by trust level, environment, or user permissions
  • fail closed for dangerous tools rather than exposing everything by default

5. Add resilience and security controls

At minimum:

  • bound execution time for external calls
  • log server and tool identity for each failure
  • sanitize content returned by external resources before using it downstream
  • isolate privileged tools behind allowlists, qualifiers, or role checks

6. Validate the full workflow

Before shipping:

  • verify tool discovery and invocation with a real MCP client
  • test disconnected or slow server behavior
  • confirm that tool filtering matches the intended authorization model
  • check that prompts and resources do not leak secrets or unsafe instructions

Examples

Example 1: Minimal tool provider and stdio server bootstrap

class WeatherToolProvider implements ToolProvider {

    @Override
    public List<ToolSpecification> listTools() {
        return List.of(
            ToolSpecification.builder()
                .name("get_weather")
                .description("Return the current weather for a city")
                .inputSchema(Map.of(
                    "type", "object",
                    "properties", Map.of(
                        "city", Map.of("type", "string")
                    ),
                    "required", List.of("city")
                ))
                .build()
        );
    }

    @Override
    public String executeTool(String name, String arguments) {
        return weatherService.lookup(arguments);
    }
}

MCPServer server = MCPServer.builder()
    .server(new StdioServer.Builder())
    .addToolProvider(new WeatherToolProvider())
    .build();

server.start();

Use this pattern for local tool execution or a sidecar process started by another application.

Example 2: Expose MCP tools to a LangChain4j AI service with filtering

McpToolProvider toolProvider = McpToolProvider.builder()
    .mcpClients(mcpClients)
    .failIfOneServerFails(false)
    .filter((client, tool) -> !tool.name().startsWith("admin_"))
    .build();

Assistant assistant = AiServices.builder(Assistant.class)
    .chatModel(chatModel)
    .toolProvider(toolProvider)
    .build();

Use this pattern when you want LangChain4j to consume external MCP servers while still enforcing trust boundaries.

Best Practices

  • Keep each tool focused, deterministic, and well-described.
  • Prefer explicit schemas over free-form string arguments.
  • Separate read-only resources from tools with side effects.
  • Filter or disable privileged tools by default.
  • Pin external MCP server packages or container versions.
  • Capture metrics for connection failures, invocation latency, and tool error rates.
  • Store longer protocol details and framework-specific wiring in references/ instead of expanding SKILL.md indefinitely.

Constraints and Warnings

  • External MCP servers are untrusted integration boundaries and may expose malicious or misleading content.
  • Do not forward raw resource content directly into autonomous tool execution without validation.
  • Some LangChain4j and MCP APIs evolve quickly; adapt class names and builders to the versions already used in the project.
  • Long-running or stateful tools need explicit timeout, cancellation, and cleanup behavior.
  • Stdio-based servers require process lifecycle management and robust logging.

References

  • references/examples.md
  • references/api-reference.md

Related Skills

  • prompt-engineering
  • spring-ai
  • clean-architecture

Related skills

More from giuseppe-trisciuoglio/developer-kit and the wider catalog.

SH

shadcn-ui

giuseppe-trisciuoglio/developer-kit

Copy-owned, accessible React components built on Radix UI and Tailwind CSS with form validation and theming.

19k installs
TA

tailwind-css-patterns

giuseppe-trisciuoglio/developer-kit

Utility-first Tailwind CSS patterns for responsive, accessible component styling.

13k installsAudited
UN

unit-test-bean-validation

giuseppe-trisciuoglio/developer-kit

Provides patterns for unit testing Jakarta Bean Validation (JSR-380), including @Valid, @NotNull, @Min, @Max, @Email constraints with Hibernate Validator. Generates custom validator tests, constraint violation assertions, validation groups, and parameterized validation tests. Validates data integrity logic without Spring context. Use when writing validation tests, bean validation tests, or testing custom constraint validators.

2.5k installsAudited
RE

react-patterns

giuseppe-trisciuoglio/developer-kit

Provides comprehensive React 19 patterns for Server Components, Server Actions, useOptimistic, useActionState, useTransition, concurrent features, Suspense boundaries, and TypeScript integration. Generates executable code patterns, validates security for public endpoints, and optimizes performance with React Compiler or manual memoization. Proactively use when building React 19 applications with Next.js App Router, implementing optimistic UI, or optimizing concurrent rendering.

2.3k installsAudited
DR

drizzle-orm-patterns

giuseppe-trisciuoglio/developer-kit

Provides comprehensive Drizzle ORM patterns for schema definition, CRUD operations, relations, queries, transactions, and migrations. Proactively use for any Drizzle ORM development including defining database schemas, writing type-safe queries, implementing relations, managing transactions, and setting up migrations with Drizzle Kit. Supports PostgreSQL, MySQL, SQLite, MSSQL, and CockroachDB.

2.0k installs
NE

nextjs-performance

giuseppe-trisciuoglio/developer-kit

Expert Next.js performance optimization skill covering Core Web Vitals, image/font optimization, caching strategies, streaming, bundle optimization, and Server Components best practices. Use when optimizing Next.js applications for Core Web Vitals (LCP, INP, CLS), implementing next/image and next/font, configuring caching with unstable_cache and revalidateTag, converting Client Components to Server Components, implementing Suspense streaming, or analyzing and reducing bundle size. Supports Next.js 16 + React 19 patterns.

1.9k installsAudited