Lesson 07 · Rapid Prototyping & Integration

Integrating with Messy Enterprise Systems

Legacy APIs, CSV exports of doom, and auth mazes — the week-one data strategy, PII instincts, and the MCP seam that turns the mess into something a model can use.

FDE skill · make the customer's real data usable without waiting for permission you'll never get
🎧 Listen to this lesson · ~10 min · narrated audiobook edition

⏱ ~10 min read · 🎧 10 min listen · ✎ 3 quizzes · 🧪 ~120 min lab

Your Lesson 06 demo ran on data you controlled. The customer's data is nothing like that. It lives in a SOAP API last documented in 2011, a nightly CSV export with three date formats, and a "data warehouse" that is actually someone's Excel macro. This is not the failure case — this is the normal case, and it's a large part of why 95% of enterprise GenAI pilots show no measurable impact.6 The FDE day-to-day is on-site integrations, debugging against the customer's real systems, and data migrations1 — writing production code directly on customer infrastructure.8 The engineers who thrive here aren't the ones who complain the data is dirty. They're the ones with a system for it.

The mess is the job

Every enterprise engagement hits the same four walls: legacy interfaces (SOAP, FTP drops, screen-scraped mainframes), exports of doom (CSVs with inconsistent encodings, duplicated rows, and columns that changed meaning in 2019), inconsistent schemas (three systems, three definitions of "patient"), and auth mazes (VPN → jump box → service account → a ticket queue owned by a team in another country). None of this is exotic — it's the texture of the job.1 The mistake is treating it as a blocker to escalate; the FDE move is to treat it as the terrain to plan around:

WallWhat it looks likeThe FDE move
Legacy interfaceSOAP/XML, FTP drops, no docs, one person who "knows it"Wrap it once behind a thin adapter; befriend the one person
Export of doomMixed date formats, dupes, encoding chaos, silent schema driftProfile → defect log → clean with logged decisions (this lesson's lab)
Inconsistent schemasThree systems disagree on IDs, names, statusesPick a canonical model early; map everything into it
Auth mazeAccess requests measured in weeks, not hoursFile requests day one; build on synthetic data while you wait

Week one: the data-access strategy

Access requests are the longest lead-time item in any engagement, so they go in on day one — before you've decided exactly what you'll build. The week-one ask list: a schema or data dictionary for each source system, a small recent sample export (a hundred rows beats a million), read-only credentials to the least-sensitive system first, the name of each data owner, and the approval path for anything touching sensitive records. Ask for the smallest thing that can possibly be granted quickly — a redacted sample this week is worth more than a full production dump next quarter.

And while you wait, you don't wait: you build against synthetic data shaped like theirs. Take the schema (or even a screenshot of one), have Claude generate realistic fake records — including the defects you expect, because clean synthetic data trains you for a world that doesn't exist. This is a core FDE skill, not a workaround: it decouples your build from their bureaucracy, it's safe to demo to anyone, and it becomes your test fixture forever. You'll use it again as the first step of the Lesson 11 capstone.

One instinct must become reflex before any real data arrives: PII is radioactive until proven otherwise. In Australian health contexts the stakes are explicit — privacy law has strict rules on how health information is collected, used and disclosed7 — but the practical instincts are the same everywhere, and they're yours to hold even when the customer is casual about it. Don't accept data you didn't ask for. Prefer redacted or synthetic samples for development. Keep real data on their infrastructure, not your laptop. And design every interface you build to return the minimum fields the task needs — PII minimization is an engineering property, not a compliance afterthought. (This is practical craft, not legal advice — when in doubt, ask their privacy officer. They exist, and they will love you for asking.)

Why 100 rows? A small sample answers the questions that matter — formats, defects, edge cases, field meanings — while being small enough that a data owner can approve it without a committee. Volume is a production problem; shape is a week-one problem.

MCP: wrap the mess once

Once you can read the data, resist the urge to pipe it straight into a prompt. The durable move is to put a stable seam between the mess and the model — and in 2026 that seam is the Model Context Protocol. MCP is an open standard for connecting AI applications to external systems: you wrap the ugly source once as an MCP server exposing a few clean, well-described tools, and then every MCP client — Claude, your L03 agent, the customer's future apps — can use it without knowing a SOAP endpoint exists.3 This is why Anthropic's own FDE posting lists "MCP servers" first among the technical artifacts FDEs deliver to customers2: the cleaning logic, the canonical schema, and the PII minimization all live in one auditable place instead of being re-implemented in every prompt.

Two things to know beyond the basics. First, the MCP spec bakes in security principles you should honour in every server you ship: user consent, data privacy, and caution around tool behaviour — tools are arbitrary code paths and must be treated accordingly.4 Second, scale: when an agent has access to many MCP tools, loading every tool definition and passing every intermediate result through the model's context gets expensive. Anthropic's answer is code execution with MCP — present servers as code APIs, load tools on demand, and filter large results before they hit the context window, which in their worked example cut a 150,000-token workflow to about 2,000 tokens.5 You don't need that on day one; you need to know it exists before your tool count hits fifty.

Seam, not silver bullet MCP standardizes the interface, not the cleanup. The mess still has to be profiled, cleaned, and mapped — MCP just guarantees you only have to do it once, in one place, with one audit trail.

Data-quality triage: fix, work around, or escalate

Not every defect deserves the same response, and burning a week polishing data nobody queries is how pilots die. Triage every defect with three questions: does it affect the fields my use case actually reads? Is it mechanical (fixable by rule — date formats, casing, dupes) or semantic (two systems genuinely disagree about facts)? And is it mine to fix — or evidence the customer needs to see? Fix mechanical defects in your pipeline and log every decision. Work around defects outside your use case's blast radius — note them, move on. Escalate semantic conflicts and upstream process failures to the data owner with evidence, because silently "fixing" a business-meaning conflict means your system now disagrees with the system of record, and that surfaces in the worst meeting possible. Honest caveat: there's no canonical FDE playbook for this — it's synthesized field practice, and your own logged decisions become your playbook.

The mental model in one line Ask early, fake what's missing, wrap the mess once behind an MCP seam, and triage defects — fix the mechanical, flag the semantic, and never let real PII travel further than the task requires.

🧪 Practical steps: Mess-to-MCP (~120 min)

This lab produces the most reusable portfolio artifact so far: a deliberately messy synthetic dataset, a defect log, a cleaning pipeline with logged decisions, and a working Python MCP server your Lesson 03 triage agent can query end-to-end. Full instructions live in the lab file (labs/0007-mess-to-mcp.md); the shape:

  1. Generate the mess — use Claude (model claude-opus-4-8) to generate a synthetic export for the virtual-care provider: patients.csv, appointments.csv, and triage_notes.json, with deliberate defects — at least three date formats, duplicated patients with variant spellings, mixed schemas across files, and PII-ish fields (fake Medicare-style numbers, phones, addresses).
  2. Profile it — write profile.py (pandas) and document at least 5 defects in defect-log.md: what, where, how many rows, and your triage call (fix / work around / escalate).
  3. Clean itclean.py normalizes dates to ISO-8601, dedupes patients with a stated matching rule, and maps everything to one canonical schema. Every non-obvious choice goes in decisions.md: what you decided, why, what you'd ask the data owner.
  4. Wrap it — build server.py, a small Python MCP server exposing two tools: lookup_patient and get_appointment_history. Responses return only task-minimal fields — no raw identifiers, no addresses.
  5. Connect and prove it — point your Lesson 03 triage agent at the server and capture one end-to-end query (question → tool calls → PII-minimized answer) in demo-transcript.md.
  6. Ship it — everything goes to D:\Projects\FDE-Portfolio\l07-mcp-integration\ with a README telling the story: mess → profile → decisions → seam → working query.

Feedback loop: bring your defect log, decisions file, and demo transcript back to me in chat and I'll review them like a customer's lead engineer would — are the defects real and quantified, are the cleaning decisions defensible and transparent, and would I let this server's responses near a privacy review? This artifact feeds the Lesson 11 capstone engagement directly and is tracked in the course's artifact tracker.

🤖 Get your work reviewed

No chat here — this box replaces it. Copy the prompt into any AI assistant (Claude, ChatGPT, Gemini…), then paste your defect log, decisions file, and demo transcript after it.

You are a customer's lead data engineer reviewing a Forward Deployed Engineer's integration work. They took a deliberately messy synthetic healthcare export (2 CSVs + 1 JSON with inconsistent dates, duplicated patients, mixed schemas, PII-ish fields), profiled it, cleaned it, and wrapped it as a Python MCP server exposing patient-lookup and appointment-history tools, then ran one end-to-end agent query.

Grade each criterion as Strong / Adequate / Missing, with one sentence of evidence:
- Defect-log quality: at least 5 defects, each with location, row counts, and an explicit triage call (fix / work around / escalate) — not vague observations like "dates are inconsistent".
- Cleaning-decision transparency: every non-obvious transformation (dedup matching rule, date disambiguation, schema mapping) is logged with a rationale and a question they'd take to the data owner — nothing silently "fixed".
- PII minimization in tool responses: the MCP tools return only task-minimal fields; identifiers, contact details, and addresses never appear in responses, and the demo transcript proves it.

Be skeptical — hunt for a silent semantic fix that should have been escalated, and for any field in a tool response that the task didn't need. Then ask 2–3 follow-up questions a privacy officer would ask. Finish with the single change that would most improve this integration.

My files follow below.
🧭 Field practice this week

Check yourself — think like an FDE

Scenarios, not recall. Diagnose from the mental model — don't scroll up. Wrong picks stay live.

Scenario A

Week two of a pilot. You've found four issues: (1) dates in three formats in the appointments export, (2) the CRM and the clinical system disagree on which clinician owns 200 patients, (3) inconsistent casing in suburb names, (4) your VPN access request is stuck in a queue with a 4-week SLA. The demo is in three weeks. Which one most threatens the pilot?

Scenario B

Day one on a customer site. The sponsor asks what you need to get started. You know their data lives in an EHR, a billing system, and a homegrown CRM, and that their security team moves slowly. What's the strongest week-one ask?

Scenario C

A helpful ops lead at the virtual-care customer says: "Approvals are slow here — I'll just export the full patient table to a USB stick for you, nobody will mind." You need realistic data this week to make progress. What's the FDE move?

Primary source — read this
The official front door to MCP: what it is, why a standard seam beats point-to-point integrations, and how servers, clients and tools fit together. Pair it with Anthropic's "Code execution with MCP" — the token-efficiency pattern you'll want the moment your tool count grows.
Your one tangible win You can walk into a customer site, file the right data asks on day one, keep building on synthetic data while approvals crawl, and turn their ugliest export into a clean, PII-minimized MCP server that any model or app can use — and your portfolio now contains the working proof: defect log, decision log, server, and an end-to-end agent query.
Questions? Any AI assistant is your teacher. Unsure whether a defect is mechanical or semantic, or how much to redact from an MCP tool response? Paste the relevant section of this lesson into your AI assistant along with your question — and for lab feedback, the review box above has you covered.

Recommended learning

Hand-picked follow-ups. None are required — the primary source above comes first.

References

  1. Per Aspera, "How to Build Your 1st FDE Team" (2025) — FDE day-to-day: on-site integrations, debugging, data migrations, days-to-weeks delivery cycles.
  2. Anthropic, Forward Deployed Engineer, Applied AI — job posting (2026) — "deliver technical artifacts for customers like MCP servers, sub-agents, and agent skills".
  3. Model Context Protocol, Introduction (current) — the open standard for connecting AI applications to external systems.
  4. Model Context Protocol, Specification (rev 2025-11-25) — protocol details plus security and trust-and-safety principles: consent, data privacy, tool caution.
  5. Anthropic, "Code execution with MCP" (2025) — token-efficient MCP: on-demand tool loading, filtering results before context; 150K→2K token example.
  6. Perspective AI, "2026 FDE Hiring Trends: What 1,000 Job Posts Reveal" (2026) — 95% of enterprise GenAI pilots show no measurable impact; deployment is the bottleneck.
  7. Office of the Australian Information Commissioner, Health information and privacy (current) — Australian privacy law's strict rules on collecting, using and disclosing health information.
  8. Gergely Orosz, "What are Forward Deployed Engineers?", The Pragmatic Engineer (2025) — FDEs write code directly on customer infrastructure.