# Lab 1: Using Public MCP Servers

**Objective:** Learn to discover, install, configure, and evaluate publicly available MCP servers for use with VS Code and GitHub Copilot.

**Duration:** ~45 minutes

**What You'll Learn:**
- How to find MCP servers in the ecosystem
- How to configure MCP servers in VS Code
- How to test MCP server functionality
- How to evaluate MCP servers for security and quality

## Part 1: Understanding the MCP Ecosystem

The Model Context Protocol has a growing ecosystem of servers. Let's explore where to find them.

### Key MCP Server Repositories

| Repository | Description |
|------------|-------------|
| [modelcontextprotocol/servers](https://github.com/modelcontextprotocol/servers) | Official reference servers from Anthropic |
| [awesome-mcp-servers](https://github.com/punkpeye/awesome-mcp-servers) | Community-curated list |
| [mcp.run](https://mcp.run) | MCP server registry (if available) |

### Popular MCP Servers

| Server | Purpose | Source |
|--------|---------|--------|
| `@modelcontextprotocol/server-filesystem` | File system access | Official |
| `@modelcontextprotocol/server-github` | GitHub API access | Official |
| `@anthropic/server-brave-search` | Web search via Brave | Official |
| `@modelcontextprotocol/server-postgres` | PostgreSQL database | Official |

## Part 2: Configuring MCP Servers in VS Code

VS Code with GitHub Copilot supports MCP servers through the `settings.json` configuration.

### Step 1: Open VS Code Settings

1. Press `Cmd+Shift+P` (macOS) or `Ctrl+Shift+P` (Windows/Linux)
2. Type "Preferences: Open User Settings (JSON)"
3. Press Enter

### Step 2: Add MCP Server Configuration

Add the following to your `settings.json` to configure the filesystem MCP server:

```json
{
  "github.copilot.chat.experimental.mcp.servers": {
    "filesystem": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-filesystem",
        "/path/to/allowed/directory"
      ]
    }
  }
}
```

**Important:** Replace `/path/to/allowed/directory` with the actual path you want the server to access (e.g., your workshop directory).

### Step 3: Restart VS Code

After modifying settings, restart VS Code for the MCP servers to load.

## Challenge 1: Configure the Filesystem Server

**TODO:** Configure the filesystem MCP server to access your workshop directory.

1. Open your VS Code `settings.json`
2. Add the MCP server configuration shown above
3. Set the path to your `MCP-Workshop` directory
4. Restart VS Code

**Verification:** In the GitHub Copilot chat, try asking: "List the files in my workshop directory"

In [None]:
# TODO: After configuring, paste your settings.json MCP configuration here for reference
# (This is just for documentation - the actual config goes in VS Code settings)

mcp_config = {
    "github.copilot.chat.experimental.mcp.servers": {
        "filesystem": {
            "command": "npx",
            "args": [
                "-y",
                "@modelcontextprotocol/server-filesystem",
                # TODO: Replace with your actual path
                "/Users/YOUR_USERNAME/repos/MCP-Workshop"
            ]
        }
    }
}

print("Configuration saved for reference")

## Part 3: Evaluating MCP Server Security

Before using any MCP server, you should evaluate its security. Let's create a checklist.

### Security Evaluation Checklist

Use this checklist when evaluating any MCP server:

| Category | Question | âœ“ |
|----------|----------|---|
| **Source** | Is the source code publicly available? | |
| **Source** | Is it from a reputable organization (Anthropic, Microsoft, etc.)? | |
| **Permissions** | Does it clearly document what it accesses? | |
| **Permissions** | Are permissions limited to what's necessary? | |
| **Activity** | Was it updated in the last 6 months? | |
| **Activity** | Does it have active issue tracking? | |
| **Community** | Does it have positive reviews/stars? | |
| **Community** | Are there reported security issues? | |

## Challenge 2: Evaluate an MCP Server

**TODO:** Evaluate the filesystem MCP server using the checklist above.

Visit: https://github.com/modelcontextprotocol/servers/tree/main/src/filesystem

Fill in your evaluation below:

In [None]:
# TODO: Complete this evaluation

filesystem_server_evaluation = {
    "server_name": "@modelcontextprotocol/server-filesystem",
    "source_url": "https://github.com/modelcontextprotocol/servers",
    
    # TODO: Fill in your answers (True/False or description)
    "source_code_available": None,  # True/False
    "reputable_organization": None,  # True/False - who maintains it?
    "permissions_documented": None,  # True/False
    "minimal_permissions": None,  # True/False - what does it access?
    "recently_updated": None,  # True/False
    "active_issues": None,  # True/False
    "positive_community": None,  # True/False
    "security_concerns": None,  # List any concerns
    
    # Your overall assessment
    "recommendation": None,  # "Safe to use", "Use with caution", "Do not use"
    "notes": ""
}

print("Evaluation template created - fill in the values above")

## Part 4: Testing MCP Servers

Once configured, you should test MCP servers to understand their capabilities.

### Testing the Filesystem Server

In GitHub Copilot Chat, try these prompts:

1. **List files:** "What files are in my workshop directory?"
2. **Read file:** "Show me the contents of README.md"
3. **Search:** "Find all Python files in the Labs folder"

**Observe:**
- What tools does the server expose?
- What are the boundaries of what it can access?
- How does it handle requests outside its allowed directory?

## Challenge 3: Test Server Boundaries

**TODO:** Test the filesystem server's security boundaries.

Try these tests in GitHub Copilot Chat:

1. Ask to read a file **inside** the allowed directory
2. Ask to read a file **outside** the allowed directory (e.g., `/etc/passwd`)
3. Ask to **write** a file (if the server supports it)

Document your findings below:

In [None]:
# TODO: Document your boundary testing results

boundary_test_results = {
    "test_1_inside_directory": {
        "prompt": "",  # What you asked
        "result": "",  # What happened
        "success": None  # True/False - did it work as expected?
    },
    "test_2_outside_directory": {
        "prompt": "",
        "result": "",
        "blocked": None  # True/False - was access blocked?
    },
    "test_3_write_operation": {
        "prompt": "",
        "result": "",
        "notes": ""
    },
    "security_observations": ""
}

print("Document your test results above")

## Part 5: Adding a Second MCP Server (Optional)

If you have a Brave Search API key, you can add a web search server.

### Brave Search MCP Server Configuration

```json
{
  "github.copilot.chat.experimental.mcp.servers": {
    "filesystem": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem", "/path/to/dir"]
    },
    "brave-search": {
      "command": "npx",
      "args": ["-y", "@anthropic/server-brave-search"],
      "env": {
        "BRAVE_API_KEY": "your-brave-api-key"
      }
    }
  }
}
```

## Reference: Claude Code MCP Setup

**Note:** This is provided as a reference. Your instructor will demonstrate this setup.

Claude Code (Anthropic's CLI tool) can also use MCP servers. The configuration is stored in:
- macOS/Linux: `~/.claude/claude_desktop_config.json`
- Windows: `%APPDATA%\Claude\claude_desktop_config.json`

Example configuration:
```json
{
  "mcpServers": {
    "filesystem": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem", "/path"]
    }
  }
}
```

## Lab Summary

In this lab, you learned:

1. **MCP Ecosystem**: Where to find MCP servers and what's available
2. **Configuration**: How to configure MCP servers in VS Code
3. **Security Evaluation**: A systematic approach to evaluating server safety
4. **Boundary Testing**: How to verify server security constraints

### Key Takeaways

- Always evaluate MCP servers before installing them
- Configure minimum necessary permissions
- Test server boundaries to understand access limits
- Keep servers updated for security patches

### Next Lab

In Lab 2, you'll build your own MCP server using FastMCP!