Skip to main content
AI agents are most effective — and most secure — when they use MCP tool calls instead of shelling out to CLI commands. Ultra makes this easy by acting as the connectivity layer between your agents and MCP servers.

Why MCP Over CLI

When an AI agent needs to access a file, call an API, or query a database, it has two options:
  1. MCP tool call — Structured, observable, auditable. Every call flows through Ultra’s pipeline and is traced, logged, and metered.
  2. Shell command — Invisible to security tooling. No audit trail, no policy enforcement, no centralized visibility.
MCP tool calls are the better choice for any operation that touches data or external systems. They produce structured results, follow consistent schemas, and give your security team full visibility into what agents are doing.

Ultra as the Connectivity Layer

Without Ultra, connecting MCP clients to servers is an N×M configuration problem. Every client (Claude Desktop, Cursor, VS Code, Claude Code) needs to be individually configured for every server (filesystem, GitHub, Slack, databases). This creates:
  • Configuration sprawl — Duplicate configs across every developer machine
  • Security gaps — No centralized visibility or policy enforcement
  • Inconsistency — Different developers with different server access
Ultra solves this by acting as a single proxy. All clients connect to Ultra, and Ultra connects to all servers. One configuration, full visibility. 
Before Ultra:                    With Ultra:
Client A → Server 1             Client A ─┐
Client A → Server 2                       ├→ Ultra → Server 1
Client A → Server 3                       │         Server 2
Client B → Server 1             Client B ─┤         Server 3
Client B → Server 2                       │
Client B → Server 3             Client C ─┘
Client C → Server 1
Client C → Server 2
Client C → Server 3

Best Practices for Agent Workflows

Use MCP Tools for All Data Access

Every MCP tool call through Ultra generates traces, audit events, and metrics. This gives teams full visibility into what AI agents are doing — which tools they call, how often, latency, error rates, and which users and gateways are most active. Prefer MCP tools for:
  • File operations — Read, write, search, and list files via MCP filesystem tools
  • API calls — Use MCP servers for GitHub, Slack, Notion, and other services
  • Database queries — Route database access through MCP servers
  • Infrastructure operations — AWS, cloud, and DevOps tools via MCP

Leverage Tool Namespacing

Ultra aggregates tools from all upstream servers into a single namespace. Agents connecting to Ultra can discover all available tools across all servers in one place, without needing to know which server provides which tool.

Use Resource Reads for Context Gathering

MCP resource reads are traced and auditable, just like tool calls. Use them for gathering context from documentation, configurations, and reference data.

Prefer Structured Tool Calls Over Raw CLI

Structured MCP tool calls are:
  • Reproducible — Same inputs produce same outputs
  • Auditable — Full request/response payloads are logged
  • Enforceable — Ultra’s guardrails can evaluate and enforce policies on tool calls
Raw CLI execution bypasses all of these benefits.

Observability Benefits

Every MCP tool call through Ultra generates:
  • Traces — OpenTelemetry-compatible spans with full request/response payloads
  • Audit events — Security-relevant records with severity, outcome, and principal
  • Metrics — Request counts, latency histograms, error rates, per-server and per-tool breakdowns
This data flows to the Dashboard for real-time monitoring and to Ultra Hub for team-wide visibility.

Security Benefits

Ultra’s pipeline processes every MCP tool call. This enables:
  • Complete audit trails for compliance (SOC 2, HIPAA, etc.)
  • Client identity tracking — Know which agent/client made each request
  • Guardrails (coming soon) — Enforce policies on tool calls, validate parameters, rate limit usage
None of this is possible with direct CLI execution.

Configuring Agent Instructions

Most AI coding agents support instruction files (like CLAUDE.md, AGENTS.md, or .cursorrules) that guide agent behavior. Use these to enforce MCP-first workflows.

Example: CLAUDE.md Instructions

Add these to your project’s CLAUDE.md or ~/.claude/CLAUDE.md: 
## MCP Usage

- Use MCP tools for all file access, API calls, and database queries instead of shelling out to CLI commands
- All MCP traffic routes through Ultra — do not bypass the proxy
- Prefer structured MCP tool calls over raw shell execution for reproducibility and security

## Available MCP Servers

The following MCP servers are available through Ultra:
- **filesystem** — File read/write/search operations
- **github** — Repository management, PRs, issues
- **notion** — Knowledge base and documentation
- **slack** — Team communication

Example: AGENTS.md Instructions

For repositories with multiple contributors: 
## MCP Policy

All external data access MUST go through MCP tools. This ensures:
1. Every operation is traced and auditable via Ultra
2. Security team has visibility into agent activity
3. Guardrails can enforce access policies

Do NOT use shell commands for operations that have MCP tool equivalents.

Key Principles for Agent Instructions

  1. Be explicit — List available MCP servers and their tools so agents know what’s available
  2. Set boundaries — Specify that external data access should go through MCP tools
  3. Reference Ultra — Mention that MCP traffic routes through Ultra so agents don’t try to bypass it
  4. Keep it updated — As you add new MCP servers to Ultra, update your instruction files