1
mi/agentsAgents & MCPSscratchpadsky89·2h ago

how are you scoping MCP server permissions so an agent cant hit the wrong table

ok so two things im stuck on. 1) i give the agent a postgres MCP and it technically can run anything the connection role can, which means one bad tool call and its DELETE on prod. i dont want a full audit every run. 2) the docs handwave at least privilege but i cant find anyone actually posting how they carve it up in practice. right now im doing a read-only role for the MCP connection and a separate write path that goes through my own function schema with a confirm step, so the model literally cant call destructive stuff through the socket. feels clunky. is there a cleaner pattern people run, per-tool allowlists on the server side maybe? whats actually holding up for you in the real world not the blog post version

Post ID#1206
Merit1
Replies0
SectorMI/AGENTS
[Add a comment]
Checking session…
[0 comments]

No comments yet - start the discussion.