接外 · 用 MCP 把数据和工具接进来Plug In · External Data and Tools via MCP.
你的上下文大多不在项目里 —— 在 Linear 的工单、Figma 的稿、数据库的表、线上的日志里。MCP 让 agent 直接读它们、调它们,不用你来回粘。这是 Cursor 从「写代码」扩到「几乎做任何事」的接口。这一章讲 mcp.json 怎么配、哪些服务器值得接,以及为什么「能接」不等于「该接」。Most of your context isn't in the project — it's in a Linear ticket, a Figma file, a database table, a production log. MCP lets the agent read and call them directly, without you pasting back and forth. This is the interface that stretches Cursor from 'writing code' to 'doing almost anything.' How to configure mcp.json, which servers are worth wiring in, and why 'can connect' isn't 'should connect.'
你的上下文大多不在项目里 —— 在 Linear 的工单、Figma 的稿、数据库的表、线上的日志里。MCP 让 agent 直接读它们、调它们,不用你来回粘。Most of your context isn't in the project — it's in a Linear ticket, a Figma file, a database table, a production log. MCP lets the agent read and call them directly, without you pasting back and forth.这是 Cursor 从「写代码」扩到「几乎做任何事」的接口,也是这本书「元工具」论点最关键的那块:代码库内的活靠索引,代码库外的活靠 MCP。这一章讲 mcp.json 怎么配、哪些服务器值得接、以及为什么「能接」不等于「该接」。This is the interface that stretches Cursor from 'writing code' to 'doing almost anything,' and the keystone of this book's meta-tool claim: work inside the codebase rides the index, work outside it rides MCP. This chapter covers how to configure mcp.json, which servers are worth wiring in, and why 'can connect' isn't 'should connect.'
— I
mcp.json 一配,工具就在它手里Configure mcp.json, and the Tools Are in Its Hands.
接一个 MCP 服务器,就等于给 agent 多发一套它能调的工具。Wiring in an MCP server hands the agent another set of tools it can call.先说省事的路:官方或社区的服务器,直接在 Customize 页 / Marketplace 里一键装,OAuth 当场走完,不用碰 JSON。1注 1Note 1Cursor Docs · MCP —— 两条接入路:从 Customize 页 / Marketplace 一键安装(OAuth 直接走完),或用 JSON 手配:项目级 .cursor/mcp.json、全局 ~/.cursor/mcp.json;支持 stdio / SSE / Streamable HTTP 三种传输。服务器暴露 Tools / Prompts / Resources 等;每次调用默认需审批,可用 MCP allowlist 预授权。截至 2026-07-10。Cursor Docs · MCP — two ways in: one-click install from the Customize page / Marketplace (OAuth handled for you), or JSON by hand: project-level .cursor/mcp.json, global ~/.cursor/mcp.json; transports stdio / SSE / Streamable HTTP. Servers expose Tools / Prompts / Resources; every call needs approval by default, pre-authorizable via an MCP allowlist. As of 2026-07-10.手配则放两处:项目级 .cursor/mcp.json(随仓库走),全局 ~/.cursor/mcp.json。传输有三种:stdio 跑本地命令、SSE 和 Streamable HTTP 接远程(带 OAuth)。服务器把能力暴露成 Tools(可调用的函数)、Prompts、Resources,agent 在 Chat 和 Plan 里按需调用。配一次,它以后自己去取,不用你再贴。下面是一个本地服务器加一个远程服务器:The easy road first: for official or community servers, install with one click from the Customize page / Marketplace — OAuth runs on the spot, no JSON touched.1注 1Note 1Cursor Docs · MCP —— 两条接入路:从 Customize 页 / Marketplace 一键安装(OAuth 直接走完),或用 JSON 手配:项目级 .cursor/mcp.json、全局 ~/.cursor/mcp.json;支持 stdio / SSE / Streamable HTTP 三种传输。服务器暴露 Tools / Prompts / Resources 等;每次调用默认需审批,可用 MCP allowlist 预授权。截至 2026-07-10。Cursor Docs · MCP — two ways in: one-click install from the Customize page / Marketplace (OAuth handled for you), or JSON by hand: project-level .cursor/mcp.json, global ~/.cursor/mcp.json; transports stdio / SSE / Streamable HTTP. Servers expose Tools / Prompts / Resources; every call needs approval by default, pre-authorizable via an MCP allowlist. As of 2026-07-10. Hand-config lives in two places: project-level .cursor/mcp.json (travels with the repo) and global ~/.cursor/mcp.json. Three transports: stdio runs a local command, SSE and Streamable HTTP connect remote (with OAuth). Servers expose capabilities as Tools (callable functions), Prompts, and Resources, and the agent calls them on demand in Chat and Plan. Configure once and it fetches on its own afterward. Here's a local server plus a remote one:
注意密钥那一行用的是 ${env:MY_API_KEY},不是明文 —— 把真实凭证写进 mcp.json 再提交,等于把钥匙挂在仓库里。用环境变量引用,远程的尽量走 OAuth。Note the key line uses ${env:MY_API_KEY}, not a literal — writing a real credential into mcp.json and committing it is hanging the key on the repo. Reference environment variables, and prefer OAuth for remote servers.
— II
它是「几乎做任何事」的接口The Interface to 'Almost Anything'.
代码库内的活靠索引,代码库外的活靠 MCP。Work inside the codebase rides the index; work outside it rides MCP.实际接法:Linear(读写工单)、Figma(取设计稿)、数据库(查表、跑只读查询)、Sentry(拉线上错误)、各种网页 / 文档服务器。接上之后,agent 不再需要你把这些粘进来 —— 它自己去工单里读需求、去数据库里核对字段、去错误平台里定位堆栈。Real wirings: Linear (read/write tickets), Figma (pull designs), a database (query tables, run read-only queries), Sentry (pull production errors), and assorted web / docs servers. Once connected, the agent stops needing you to paste these in — it reads the requirement from the ticket itself, checks a field against the database, locates a stack trace in the error platform.对非编码的活,MCP 是它的数据臂膀:调研时拉一手数据、运维时查状态、写作时取资料。这正是「在一个窗口里干完」能成立的原因之一 —— 不是 Cursor 内置了这些功能,是它能通过 MCP 把你已经在用的系统接进同一个 agent。For non-code work, MCP is its data arm: pull first-hand data while researching, check status during ops, fetch material while writing. This is one reason 'finish it in one window' holds — not that Cursor built these features in, but that it can wire the systems you already use into the same agent through MCP.
— III
能接,不等于该接Can-Connect Isn't Should-Connect.
每接一个服务器,都同时多了一份攻击面、一截上下文膨胀、一个可能误触的工具。2注 2Note 2Model Context Protocol —— MCP 是连接 AI 应用与外部工具 / 数据的开放标准,由 Anthropic 提出,已被多家客户端采用;Cursor 的连接器即基于它。Model Context Protocol — MCP is an open standard for connecting AI apps to external tools / data, introduced by Anthropic and adopted across many clients; Cursor's connectors build on it.Every server you connect also adds an attack surface, a slug of context bloat, and one more tool the model can misfire.2注 2Note 2Model Context Protocol —— MCP 是连接 AI 应用与外部工具 / 数据的开放标准,由 Anthropic 提出,已被多家客户端采用;Cursor 的连接器即基于它。Model Context Protocol — MCP is an open standard for connecting AI apps to external tools / data, introduced by Anthropic and adopted across many clients; Cursor's connectors build on it.默认每次调用都要你审批,可在 permissions.json 预授权一个 allowlist;但权限给得越宽,风险越大。一个 MCP 服务器是在你机器上、用你的凭证跑的外部代码 —— 它能读什么、能写什么,连之前就要看清,给最小的那一份。来路不明、你没法读源码的服务器,别接。Each call needs your approval by default; you can pre-authorize an allowlist in permissions.json — but the wider the permissions, the bigger the risk. An MCP server is external code running on your machine with your credentials — what it can read and write should be clear before you connect, granted at the minimum. A server of unknown provenance whose source you can't read, don't connect.
风险级别Risk level
例子Example
默认策略Default policy
只读Read-only
读文档、读 issue、查只读数据库视图Read docs, read issues, query read-only DB views
默认不接;隔离环境 + 人工确认才考虑Do not connect by default; consider only with isolation + manual confirmation
选择Choice
适合Good for
不适合Bad for
MCP
反复使用、需要实时外部系统、可定义权限的工具Repeated use, live external systems, definable permissions
一次性小材料、来路不明工具One-off small material, unknown tools
直接上传 / @ 文件Direct upload / @ file
稳定文档、离线资料、可版本化材料Stable docs, offline material, versionable data
需要实时状态或写回系统Live state or writing back
浏览器Browser
需要人工登录、视觉检查、一次性网页Human login, visual inspection, one-off web page
需要可重复自动化Repeatable automation
API 脚本
可测试、可审计、固定流程Testable, auditable, fixed workflows
探索性、多工具、多上下文任务Exploratory, multi-tool, multi-context work
判断:只接你这周真用得上的两三个,别把 MCP 目录当装机清单。接得越多,agent 越容易在一堆工具里挑错那个、跑得也越慢 —— MCP 让它能做更多,但不是接得越多越强。The call: connect only the two or three you actually use this week — don't treat the MCP directory as an install checklist. The more you connect, the more the agent picks the wrong tool from the pile and the slower it runs — MCP lets it do more, but more connections isn't more power.团队里,这个判断从「配置」升级成「治理」:3.10 起,管理员把 Team MCP 配一次、放进团队 marketplace,就能分发到 cloud agents、Agents 窗口、IDE、CLI —— 成员一键装已审批的集成,不用各自折腾 server 和凭证。3注 3Note 3Cursor Docs · Plugins / Team marketplaces —— 3.10(2026-06-30)起:管理员把已配置给 Cloud Agents 的 Team MCP servers 放进团队 marketplace,成员即可在 Agents 窗口、IDE、CLI 一键安装已审批的集成,不必各自配 server;加进 marketplace 不等于替所有人安装,管理员仍控制访问与安装模式。截至 2026-07-10。Cursor Docs · Plugins / Team marketplaces — since 3.10 (2026-06-30): admins put the Team MCP servers already configured for Cloud Agents into a team marketplace, and members install the approved integrations in the Agents Window, IDE, and CLI with one click, without configuring servers themselves; listing in the marketplace doesn't install it for everyone — admins still control access and installation modes. As of 2026-07-10.谁来审、放行哪些、给多宽的权限,这些个人版里你替自己做的决定,团队版里得有人明确地替所有人做。On a team, that call upgrades from configuration to governance: since 3.10, an admin configures a Team MCP once, puts it in the team marketplace, and it distributes across cloud agents, the Agents Window, IDE, and CLI — members one-click-install the approved integrations instead of each wrestling with servers and credentials.3注 3Note 3Cursor Docs · Plugins / Team marketplaces —— 3.10(2026-06-30)起:管理员把已配置给 Cloud Agents 的 Team MCP servers 放进团队 marketplace,成员即可在 Agents 窗口、IDE、CLI 一键安装已审批的集成,不必各自配 server;加进 marketplace 不等于替所有人安装,管理员仍控制访问与安装模式。截至 2026-07-10。Cursor Docs · Plugins / Team marketplaces — since 3.10 (2026-06-30): admins put the Team MCP servers already configured for Cloud Agents into a team marketplace, and members install the approved integrations in the Agents Window, IDE, and CLI with one click, without configuring servers themselves; listing in the marketplace doesn't install it for everyone — admins still control access and installation modes. As of 2026-07-10. Who reviews, what gets listed, how wide the permissions go — the decisions you made for yourself on a personal plan now have to be made explicitly for everyone.
来源可信、能读源码或来自官方 marketplace。Source is trusted, source code is readable, or it comes from the official marketplace.
凭证最小权限、可撤销、不过期也能轮换。Credentials are least-privilege, revocable, and rotatable.
第一次只开只读工具,跑一次真实任务后再考虑写入。Enable read-only tools first; consider writes only after one real task.
工具描述清楚,不会让 Agent 误以为能做高风险操作。Tool descriptions are clear and do not invite high-risk behavior.
permissions.json / Run Mode 没有把陌生写入工具全自动放行。permissions.json / Run Mode does not auto-approve unfamiliar write tools.
不要接钱包、交易、支付、生产数据库写权限。Do not connect wallets, trading, payments, or production database write access.
不要接能删除云资源或改 IAM / 权限的云控制台工具。Do not connect tools that can delete cloud resources or change IAM / permissions.
不要接你无法审计源码、权限说明模糊、要求过宽 token 的服务器。Do not connect servers whose source you cannot audit, whose permissions are vague, or whose tokens are too broad.
接一个你真用得上的服务器,再删一个你「以防万一」接的:Wire in one server you'll actually use, then remove one you connected 'just in case':
挑一个你本周真会用的服务器(文档 / 数据库 / Linear 之类),配进 mcp.json。Pick a server you'll genuinely use this week (docs / database / Linear), and add it to mcp.json.
让 agent 做一件必须用到它的任务,确认它先请求了审批。Have the agent do a task that requires it, and confirm it asked for approval first.
检查它给这台服务器开了哪些权限,收到最小;凭证用 ${env:VAR},不写明文。Check which permissions you granted that server, trim to the minimum; reference credentials with ${env:VAR}, no plaintext.
删掉一个你接了却没真用过的服务器。Delete one server you connected but never actually used.
上下文大多不在项目里,
MCP 是去取它的那只手.
Most context isn't in the project;
MCP is the hand that fetches it.
Aklman Library
— 讨论Discussion
讨论Discussion.
评论区初始化中…Initializing comments…
01 / 01
没有匹配结果No matches.
换个关键词,或按 Esc 回到页面Try another keyword, or press Esc to return