Why architecture matters here

Sampling fails on unrestricted server-driven costs, ignored user consent, and audit gaps. Architecture matters because the host must protect user autonomy while enabling agentic servers.

Advertisement

The architecture: every piece explained

The top strip is the request. MCP server wants completion. sampling/createMessage is the JSON-RPC call. Host arbitration checks user consent + policy. Model call executed by host.

The middle row is the params. Model preferences — cost / quality hints. Include context — history, resources. System prompt hint — optional, host may override. Response returned to server.

The lower rows are safety. Trust boundary — server cannot force. Audit logs. Ops — cost, rate, user visibility.

MCP sampling — server requests LLM completion via host + trust boundarylet servers ask hosts to reasonMCP serverwants completionsampling/createMessagerequestHost arbitrationuser consent + policyModel callhost executesModel preferencescost / qualityInclude contexthistory + resourcesSystem prompt hintnot requiredResponseback to serverTrust boundaryserver can't force callAuditwho asked for whatOps — cost + rate + user visibilitypreferincludehintreplygateloglogoperateoperate
MCP sampling flow — server asks, host arbitrates, model responds.
Advertisement

End-to-end flow

End-to-end: server needs to summarize retrieved docs. Sends sampling/createMessage with preferences (fast, cheap). Host asks user's consent (or applies session policy). Model call executes. Response back to server. Audit records the sampling call.