Jul 7, 2026

How to build an AI chatbot you can manage from Claude (MCP + agent onboarding)

Use the Model Context Protocol to manage your website chatbot from Claude — update knowledge, review conversations, and onboard the agent conversationally.

TUTORIAL12 min readThe Currai team / Engineering

TL;DR: The Model Context Protocol (MCP) lets you expose your chatbot's management functions — update knowledge, review conversations, adjust behavior — as tools an AI assistant like Claude can call. Instead of clicking through a dashboard, you manage the bot conversationally. The win is real; the discipline is treating those tools as a trust boundary with validation and audit.

Most website chatbots are managed through a dashboard: you log in, upload documents, tweak settings, and read transcripts. The Model Context Protocol (MCP) offers a different model — expose those same operations as tools that an AI assistant can call, so you can manage the bot by asking Claude to do it.

This tutorial covers building a chatbot whose management surface is an MCP server, so onboarding and day-to-day operation happen through conversation, and doing it safely.

What MCP gives you here

MCP is an open standard for connecting AI assistants to external tools and data. For a chatbot, an MCP server can expose operations like:

  • Add or update knowledge — ingest a new document or refresh a source.
  • Review conversations — pull recent transcripts or flagged answers.
  • Adjust behavior — update the system prompt, tone, or escalation rules.
  • Check health — see unanswered-question rate, deflection, and errors.

With these as MCP tools, an assistant like Claude can carry out management tasks you describe in plain language, and onboard the agent by walking through setup conversationally.

Step 1: Build the chatbot's core

Start with a standard retrieval chatbot: ingest documentation, retrieve relevant passages, answer from evidence with citations, refuse when unsure, and escalate. None of the MCP work replaces these fundamentals — MCP is the management layer on top. (See how to build an AI FAQ chatbot for the core pipeline.)

Step 2: Define your management operations

List the operations you actually perform on the bot: add a document, remove a source, update the prompt, read flagged conversations, check metrics. These become your MCP tools. Keep each one narrow and well-defined — a tool that "does anything" is impossible to secure or audit.

Step 3: Expose them as an MCP server

Implement an MCP server that presents each operation as a tool with a clear name, description, and typed inputs. The assistant reads these definitions and calls the right tool when you ask. Precise tool descriptions matter: they are how the assistant knows which tool to use and what arguments to pass.

Step 4: Treat MCP tools as a trust boundary

This is the step that separates a demo from something you would run in production. Any tool an assistant can call is a place where a wrong or manipulated instruction could cause damage. So:

  • Validate every input at the tool boundary, not inside the prompt.
  • Scope permissions — read-only tools for review, guarded writes for changes.
  • Require confirmation for destructive actions (deleting a source, changing escalation rules).
  • Audit-log every call — who/what invoked it, with what arguments, and the result.

A prompt is behavioral guidance, not access control. The tool boundary is where safety is enforced.

Step 5: Onboard the agent conversationally

With the MCP tools in place, onboarding becomes a conversation: ask the assistant to ingest your help center, set the tone, define escalation rules, and run a few test questions. Because each step is a tool call, it is inspectable and repeatable — a far cry from clicking through a setup wizard once and forgetting what you configured.

Step 6: Manage day-to-day through Claude

Now routine operations are conversational: "add this new pricing page," "show me conversations where the bot refused yesterday," "tighten the escalation rule for billing." Each maps to an MCP tool call with validation and audit behind it. You keep the dashboard as a fallback, but the fast path is conversation.

Step 7: Trace and evaluate the tool calls

MCP tool calls are actions with consequences, so instrument them. Trace each call — which tool, what arguments, what result — and keep those traces alongside the bot's own conversation traces. When something goes wrong (a source removed by mistake, a prompt change that hurt answers), the trace tells you exactly what happened and when.

Security checklist

  • Every tool input is validated at the boundary.
  • Writes and deletes require confirmation and are scoped by permission.
  • Every tool call is audit-logged with arguments and result.
  • The assistant cannot reach data or actions outside the exposed tools.
  • Destructive operations are reversible or backed up.

How Currai fits

Currai instruments the whole stack: the chatbot's conversation traces and the MCP tool calls that manage it. Wrapping MCP tools with tracing shows every invocation, its arguments, and its result, so a bad management action is visible immediately rather than discovered later. Evals can score the bot's answers before and after a management change, so you know an update helped. See observability for AI agents and turn production traces into better AI, or start tracing.

Frequently asked questions

What is MCP?

The Model Context Protocol is an open standard for connecting AI assistants to external tools and data sources. It lets an assistant like Claude call your functions with typed inputs, which makes it a natural way to expose chatbot management operations.

Why manage a chatbot from Claude instead of a dashboard?

Conversational management is faster for routine tasks and makes onboarding inspectable and repeatable. Each action is a discrete, auditable tool call rather than a series of clicks.

Is it safe to let an AI assistant manage my chatbot?

It is if you treat the MCP tools as a trust boundary: validate every input, scope permissions, require confirmation for destructive actions, and audit-log every call. Safety is enforced at the tool boundary, not in the prompt.

Do I still need a dashboard?

Keep one as a fallback and for tasks that are easier visually. The MCP layer makes the common operations conversational; it does not have to replace every screen.

03

Keep going with nearby topics from the Currai blog.