#mcp-servers

11 posts tagged #mcp-servers.

Put the confirmation gate in the tool, not the UI.

Put the confirmation gate in the tool, not the UI.

A destructive-tool annotation plus a mid-call elicitation request gives you a deterministic human checkpoint that travels with the capability — so a confused or injected instruction can't quietly delete your data, no matter which client is driving.

Three control axes are sitting in the MCP spec. Most teams use one.

Three control axes are sitting in the MCP spec. Most teams use one.

An MCP server exposes resources, tools, and prompts — context the app pulls, actions the model takes, workflows the user invokes. Wiring them to the right controller is how the agent reads your conventions instead of guessing them.

Stop describing your work to the agent. Hand it the diff.

Stop describing your work to the agent. Hand it the diff.

Asking an agent to review what you say you did grades your spin, not your code. A small MCP server that reads the live diff and carries its own rubric grades reality instead.

Half your agent's 'hallucinations' never reached the prompt

Half your agent's 'hallucinations' never reached the prompt

Before you write one more anti-hallucination instruction, split each wrong answer into a retrieval failure and a generation failure. The two need opposite fixes, and no prompt rescues context that was never pulled into scope.

A legitimate MCP server with two trust levels is the exploit

A legitimate MCP server with two trust levels is the exploit

The dangerous MCP server isn't the malicious one — it's the convenient all-in-one that reads untrusted data and holds privileged access to a second system. Scope it, gate the writes, and you close the confused-deputy attack.