Five AI coding agents, one founder: how I built a secure MCP server in a single evening

Westgate Sentinel Consulting runs on a clear problem statement: M365 and Azure assessments must ship in weeks, not months, with defensible quality. There is no in-house dev team. There is domain experience, a CISM, and a library of PowerShell that already worked but needed orchestration.

So I briefed five AI coding agents on a 21-task plan. By morning there were 20 commits, 13 working tools, and a cross-agent security review that most teams would be proud to show after a full sprint.

This is not a story about AI replacing developers. It is a story about a solo consultant using AI to compete with firms that have far larger headcount.

The problem

The consultancy delivers cyber and infrastructure assessments to SMEs. The core IP is PowerShell that scans Microsoft 365 and Azure, checks against frameworks like Cyber Essentials, and produces structured findings.

The scripts worked in isolation. Each one authenticated on its own. There was no unified interface, no audit trail, no rate limiting. Every engagement meant manual orchestration.

The goal was a Model Context Protocol (MCP) server: one secure, typed surface that any LLM client can call. Certificate-based auth. Tenant isolation. Output redaction so client material never leaks into a model context.

The agents

Claude Code orchestrates: plan, task breakdown, integration. Codex CLI leans on precise diffs and review (read-only by default). Amp Code takes reliable file writes. Cursor Agent handles ugly multi-file refactors. Gemini CLI brings a different security lens (and occasional rate limits, so always have a fallback).

The process (five waves)

Wave 1: Foundation. Shared authentication module. Three Pester tests passing in minutes.

Wave 2: Parallel implementation. Four agents on four scripts while a subagent stood up the TypeScript MCP scaffold with shared services and passing tests. No file collisions.

Wave 3: Tool registration. Thirteen tool registrations plus Entra app automation. Clean compile.

Wave 4: Cross-review. Each agent reviewed someone else's work. Bearer tokens left in the environment. Redaction bypass. Path rules. Wrong env var names. Strict-mode crash paths. Six serious findings, all real.

Wave 5: Fix, verify, vote. Green tests. Five-of-five approval.

The numbers

20 commits, 13 MCP tools, 24 TypeScript service tests, hundreds of PowerShell tests green, six security fixes from cross-review alone, one evening from plan to pull request.

Why it matters

I am not building a SaaS product. I am building speed and quality into engagements. Structured JSON from scripts. Natural-language orchestration through MCP. The edge is faster time to value with more review, not less.

What stuck

Cross-agent review catches real bugs. Parallelism works when files do not overlap. Always have a fallback agent. The orchestrator must own the whole plan. Quantify outcomes: a multi-hour implementation plan executed in one evening with stronger review than manual solo work.

If you are a solo founder or a small consultancy, you need a clear plan, the right agents, and the discipline to make them check each other's work.

---

Richard Stainforth is the founder of Westgate Sentinel Consulting, a cyber and infrastructure consultancy in the UK. CISM. 20 years in the Microsoft ecosystem.