Blog
Notes from the protocol layer.
On MCP, API design for language models, and running AI infrastructure at the edge.
July 2026
Why the Model Context Protocol is the integration layer AI was missing
For two years, connecting an API to an AI assistant meant choosing a side. Each vendor shipped its own plugin manifest, its own auth dance, its own function-calling dialect. Integrations were bespoke, brittle, and duplicated for every model you cared about.
The Model Context Protocol changes the economics. It is a small, boring standard — JSON-RPC 2.0, a handshake, tools/list, tools/call — and boring is exactly what an integration layer should be. Implement it once and every compliant client, from ChatGPT to Claude to the growing ecosystem of open-source agents, can discover and invoke your tools.
AppRamp exists because most teams should not have to implement even that. Your API already has a specification; the protocol server can be compiled from it. What deserves your attention is the part no standard can decide for you: which operations a model should be allowed to call, and on whose budget.
June 2026
Guardrails first: what we refuse to compile
When we compile a specification, we start from the position that a language model is an untrusted caller with excellent manners. It will do what the tool descriptions suggest — including the things you forgot you exposed.
So the compiler defaults are deliberately narrow. Only GET unless you opt in to more. No /admin, no /internal, no /auth paths — ever, under any flag. No deprecated operations, because deprecated endpoints are where old bugs retire. Every exclusion is listed in the import report, so the surface you ship is the surface you reviewed.
The interesting question is never “can we expose this operation?” but “would you write this operation’s name on a form and hand it to a stranger?” If the answer makes you pause, the default should be no. Defaults are the only documentation everyone reads.
May 2026
Metering AI traffic without touching the hot path
Usage limits are only useful if checking them is effectively free. Our rule: the request path may read, but never wait to write.
Limit checks happen before we load your specification — one key read, answered from the edge. Counting happens after the response is already on its way, scheduled onto the runtime’s background work so the caller never pays for it. The counters are eventually consistent by design; a plan limit is a contract about magnitude, not an accounting ledger.
The result is a gateway where a suspended workspace stops instantly, an over-limit workspace is declined in microseconds, and a healthy workspace never notices the bookkeeping at all.