领域 2:工具设计与 MCP 集成
Domain 2: Tool Design & MCP Integration (18% of the exam)
Domain 2 tests whether you can design tools that Claude selects and calls reliably, and whether you understand the Model Context Protocol (MCP) — the open standard that connects Claude to external systems. This is the second-largest domain after agent design, and it is heavily scenario-based: you will be shown a misbehaving tool setup and asked to pick the fix. The right answers almost always come from a few core principles, so internalize them rather than memorizing trivia.
Blueprint overview
The domain breaks into three areas:
- Designing tools — descriptions,
tool_choice, and structured error returns. - MCP deep dive — the protocol's primitives, configuration (
.mcp.json), and transports. - Investigation workflows — using built-in tools (Grep, Read, etc.) in an incremental, evidence-first way.
Tools: what Claude actually sees
When you pass tools to the Messages API, Claude does not see your implementation. It sees only three fields per tool: name, description, and input_schema (a JSON Schema). These are injected into a system prompt, and from them alone Claude decides whether to call a tool and how to fill its arguments.
This makes the description the selection mechanism. Anthropic's guidance is explicit: "Provide extremely detailed descriptions. This is by far the most important factor in tool performance." A good description is 3–4+ sentences and covers what the tool does, when to use it (and when not to), what each parameter means, and what it does not return.
When the model picks the wrong tool, the fix is rarely "fine-tune" — it is improve the descriptions, disambiguate overlapping tools, or consolidate related operations into one tool with an action enum. Namespacing (github_list_prs, slack_send_message) keeps a growing tool library unambiguous.
tool_choice: controlling whether and which tool runs
The tool_choice parameter governs tool selection:
{"type": "auto"}— default when tools are present; Claude decides whether to call a tool or answer in text.{"type": "any"}— Claude must call one of the tools (but chooses which).{"type": "tool", "name": "..."}— forces a specific tool.{"type": "none"}— prevents any tool call.
Key exam fact: with auto, Claude can interleave reasoning and may or may not call tools; with any or a forced tool, Claude does not emit chain-of-thought before the call by default. Use forced choices for structured-output extraction; use auto for open-ended agents.
Structured errors: keep the agent in the loop
When a tool fails, return the result as a normal tool_result with "is_error": true and a clear, actionable message — do not throw at the API layer. This lets Claude read the error and self-correct (retry with fixed arguments, choose another tool, or ask the user).
Good error messages name what went wrong and how to fix it. Returning an HTTP 500 or an empty result strands the model.
The Messages API tool-use loop and stop_reason
The flow: you send tools → Claude responds with stop_reason: "tool_use" and one or more tool_use content blocks → you execute and send back tool_result blocks in a user message → Claude continues. Always pass tool results back keyed by tool_use_id. When Claude finishes normally the stop_reason is end_turn. Recognizing tool_use as the signal to run the tool is a frequent exam point.
MCP: the three server primitives
MCP is an open standard with a client–server, JSON-RPC 2.0 architecture. A host (Claude Code, Claude Desktop) spawns one client per server. Connections start with an initialize handshake that negotiates a protocolVersion and exchanges capabilities.
Servers expose three primitives — memorize these:
- Tools — executable functions the model invokes to take action (
tools/list,tools/call). Model-controlled. - Resources — read-only data sources that provide context: files, records, schemas (
resources/list,resources/read). Application/user-controlled. - Prompts — reusable templates / slash-command workflows (
prompts/list,prompts/get). User-initiated.
The classic distractor confuses a resource (data you read) with a tool (action you invoke). Discovery is dynamic: every primitive has a */list method, and servers that declare listChanged can push list_changed notifications so clients refetch.*
MCP configuration and transports
In Claude Code, servers are declared in .mcp.json (project scope, checked into the repo and shared with the team), or via claude mcp add at user/local scope. A stdio server entry has a command and args; HTTP servers have a url.
Two transports:
- stdio — local subprocess; the host launches the server and talks over stdin/stdout. Best for local tools and lowest latency.
- Streamable HTTP — remote servers over HTTP, supporting auth (OAuth) and server-sent streaming. Best for hosted, shared, or multi-user servers.
MCP tools appear alongside built-in tools, namespaced by server (e.g. mcp__github__list_prs), so the Module 1 description and selection rules still apply.
Investigation workflows
Built-in tools reward an incremental, evidence-first loop: Grep to locate → Read the specific region → trace references → act. Do not Read whole files blindly or fix before reproducing. The exam favors answers that gather targeted evidence before editing.
Master these principles and Domain 2's scenario questions become predictable: the fix is usually a better description, the right tool_choice, a structured error, or the correct MCP primitive/transport.
考试要点
- ✓Claude only sees three fields per tool: name, description, and input_schema. If a question implies the model "knows" something about your implementation, that is the wrong assumption — only these three fields are visible.
- ✓When the model picks the wrong tool or hallucinates arguments, the exam answer is "improve/disambiguate descriptions" or "consolidate overlapping tools" — never "fine-tune the model" or "add more tools."
- ✓Memorize the four tool_choice values: auto (default with tools), any (must use some tool), tool+name (forces one tool), none (no tools). Forcing a tool or "any" suppresses pre-call chain-of-thought; "auto" allows it.
- ✓Tool failures should be returned as a tool_result with "is_error": true and an actionable message, NOT thrown as an API error. This keeps Claude in the loop so it can self-correct.
- ✓The tool-use loop: stop_reason "tool_use" means run the tool(s), then return tool_result blocks keyed by tool_use_id in a user message. "end_turn" means Claude finished. Know these stop_reason values cold.
- ✓MCP has exactly three SERVER primitives: tools (executable, model-controlled), resources (read-only data, app-controlled), prompts (templates, user-initiated). Sampling and elicitation are CLIENT primitives the server calls back into the host with.
- ✓MCP is client–server over JSON-RPC 2.0 with an initialize/capabilities handshake. The two transports are stdio (local subprocess) and Streamable HTTP (remote, supports OAuth). Pick stdio for local tools, HTTP for shared/hosted servers.
- ✓In Claude Code, project-scope MCP servers live in .mcp.json (committed to the repo so the team shares them). MCP tools are namespaced like mcp__<server>__<tool>, so good descriptions still drive selection.
常见误区
- ✗Writing a one-line tool description like "gets weather" — too vague for reliable selection. The exam treats terse descriptions as the root cause of wrong-tool errors; detailed descriptions are the #1 performance lever.
- ✗Exposing many near-duplicate tools (create_pr, review_pr, merge_pr) instead of one consolidated tool with an action enum. Overlapping descriptions force Claude to guess non-deterministically.
- ✗Throwing an HTTP 500 (or returning an empty result) when a tool fails. This strands the model with no recoverable signal; the correct pattern is a tool_result with is_error true and a fix-it message.
- ✗Choosing "fine-tune the model" to fix tool selection. Tool behavior is controlled by descriptions, schemas, and tool_choice — fine-tuning is the wrong, expensive answer the exam plants as a distractor.
- ✗Calling an MCP resource an "action" or treating tools as read-only data. Resources are read-only context (app-controlled); tools are executable actions (model-controlled). Swapping these is the classic MCP distractor.
- ✗Believing MCP requires a proprietary protocol or a specific transport. MCP is an open standard over JSON-RPC 2.0, transport-agnostic across stdio and Streamable HTTP; the data layer is identical regardless of channel.
- ✗Using tool_choice "auto" when you need guaranteed structured output, or forcing a specific tool when you want the model to decide freely. Mismatching tool_choice to the task is a common wrong answer.
- ✗Reading entire files or editing code before reproducing the issue, instead of the Grep → Read → trace → act loop. The exam rewards targeted, evidence-first investigation over blind broad reads.