AZMX AI
GitHub ↗ Download

Technical Analysis · 2026-05-28 · 7 min read

MCP vs OpenAI Plugins

The shift from proprietary cloud-based plugins to a standardized, local-first protocol for AI tool integration.

The industry has pivoted. While OpenAI plugins attempted to extend LLM capabilities via hosted APIs, the Model Context Protocol (MCP) has emerged as the standard for connecting AI agents to local data and tools. The difference is architectural: one is a walled garden of webhooks; the other is an open standard for sovereign agentic workflows.

The Architectural Divide

OpenAI plugins were designed as cloud-to-cloud integrations. To make a plugin work, you had to host a manifest file and an API endpoint on a public server. The LLM would call your API via HTTPS, and your server would return a response. This model assumes the data resides in the cloud and the user is comfortable with third-party intermediaries handling their requests.

MCP (Model Context Protocol) flips this. It is a client-server architecture where the server typically runs locally on the user's machine. The agent (the client) communicates with the MCP server over stdio or HTTP. This allows the AI to interact directly with local files, databases, and internal APIs without exposing them to the public internet.

Comparison Matrix

  • Deployment: Plugins require public hosting; MCP servers run locally or in private networks.
  • Latency: Plugins suffer from multiple network hops; MCP utilizes local IPC or low-latency LAN.
  • Security: Plugins rely on OAuth and API keys over the web; MCP allows for strict local process isolation.
  • Lock-in: Plugins are tied to the OpenAI ecosystem; MCP is provider-agnostic.

Why MCP is the Superior Standard

The primary failure of the plugin model was the friction of deployment. Developers had to manage infrastructure just to give an AI access to a simple local CSV or a private Jira instance. MCP removes this overhead. If you can write a small script that speaks JSON-RPC over stdio, you have an MCP server.

Furthermore, MCP enables the concept of sovereign agents. When the tool definition and the data access layer live on the user's hardware, the user maintains absolute control over what the model can see and execute. This is a critical requirement for enterprise security and privacy-conscious developers.

The Ecosystem Landscape

We see a clear trend in current AI tooling. Projects like Claude Code, Aider, and Cline are leaning heavily into MCP because it allows them to be extensible without owning the integration layer. Similarly, IDE-integrated agents like Cursor and Windsurf are moving toward standardized tool-calling interfaces that mirror the MCP philosophy.

While GitHub Copilot and Tabnine provide deep integration within the VS Code ecosystem, they often rely on proprietary internal protocols. MCP provides a path toward interoperability where a single MCP server for a Postgres database can work across any compatible agent platform.

Implementing MCP in AZMX AI

AZMX AI was built from the ground up to support this shift. Unlike Electron-based wrappers, AZMX is a native Rust application (~7 MB) that treats MCP as a first-class citizen. It supports MCP over both stdio and HTTP, allowing users to attach local servers for everything from filesystem access to complex API orchestrators.

In AZMX, MCP is paired with an approval-gated execution model. When an MCP tool is triggered, the agent cannot simply execute the command; it must present the operation to the user for confirmation. This solves the primary security risk of local tool use: the possibility of an LLM executing rm -rf / via a misconfigured tool. We also implement a strict deny-list that prevents the agent from accessing .env, .ssh, and other credential stores, regardless of what the MCP server permits.

Example: Local Database Access

Under the old plugin model, accessing a local SQLite database required tunneling your local port to the web (e.g., via ngrok) or uploading your data to a cloud provider. With MCP in AZMX AI, the workflow is:

  1. Install a SQLite MCP server locally.
  2. Configure the server path in AZMX.
  3. The agent queries the database via stdio.
  4. The user approves the specific SQL query before it executes.

The Verdict

OpenAI plugins were a necessary experiment in discovering how LLMs could interact with the world, but they were the wrong tool for professional development. They were too slow, too public, and too restrictive. MCP is the correct abstraction because it decouples the model from the tool. It allows you to bring your own key (BYOK) from providers like Anthropic, Google, or Groq, or run fully offline via Ollama, while maintaining a consistent interface for your tools.

For those building sovereign workflows, the choice is clear: prioritize MCP-compatible tooling. Whether you are using a lightweight native client like AZMX or a full IDE, the ability to run local, gated, and provider-agnostic tools is the only way to scale AI agency without sacrificing security. For more on our security model, visit /security or get started at /download.

One window. The whole loop.

Download AZMX AI More posts