The Model Context Protocol went from ~2M monthly SDK downloads at launch in November 2024 to 97M/month by March 2026. The public registry grew from 1,200 servers in Q1 2025 to 9,400+ by April. It's now the de facto standard for connecting LLMs to external tools, files, and APIs. The tutorials haven't caught up. Almost every public MCP example shows you one transport, one tool, no tests, and no auth. That's fine for a hello-world. It's not fine for a server you'd actually let an AI agent talk to. Here are the five gotchas I hit while shipping MCP servers for client work, with the patterns I now use everywhere. 1. The SDK doesn't validate tool inputs for you If you register a tool with a Zod schema, you'd assume the SDK enforces it on every invocation. It doesn't — the schema is metadata for the client. The handler still receives whatever the model decides to send. Validate explicitly inside every handler: const ReadFileInputSchema = z . object ({ path : z . string (). min ( 1 ), encoding : z .…