HackerTrans
TopNewTrendsCommentsPastAskShowJobs

algis-hn

no profile record

Submissions

The OWASP MCP Top: A Security Framework for AI Agent Tool Integration

mcpblog.dev
2 points·by algis-hn·vor 4 Monaten·0 comments

comments

algis-hn
·vor 4 Monaten·discuss
Accurate for naive MCP client implementations, but a proxy layer with inference-time routing solves exactly this control problem. BM25 semantic matching on each incoming query exposes only 3-5 relevant tool schemas to the agent rather than loading everything upfront - the 44K token cold-start cost that the article cites mostly disappears because the routing layer is doing selection work. MCPProxy (https://github.com/smart-mcp-proxy/mcpproxy-go) implements this pattern: structured schemas stay for validation and security quarantine, but the agent only sees what's relevant per query rather than the full catalog. The tradeoff isn't MCP vs CLI - it's routing-aware MCP vs naive MCP, and the former competes with CLI on token efficiency while retaining the organizational benefits the article argues for.
algis-hn
·vor 4 Monaten·discuss
Hard caps treat the symptom. If agents call tools they shouldn't need, the root cause is tool set visibility - 80 tools in context means the model tries irrelevant ones, fails, and retries. Pre-filtering to a semantically relevant subset per request (BM25 on the incoming query works well) eliminates most retry loops before they start; the cap stays as backstop for genuinely pathological cases.
algis-hn
·vor 4 Monaten·discuss
The auth problem you've hit is the exact use case for OAuth relay at the proxy layer - the proxy holds enterprise tokens and handles refresh independently, so each tool integration stays stateless and free of credential lifecycle complexity. The natural language to specific ID mapping (your channel_id example) is the genuinely harder piece, though semantic routing at the middleware layer helps: the proxy selects the right tool based on semantic matching, which reduces how often the LLM needs to reason about entity IDs directly. What's missing isn't MCP features - it's an opinionated middleware layer that decouples auth handling and semantic routing from individual tool implementations. Some open-source proxy projects are building exactly this, though enterprise connectors for Teams and Salesforce at scale are still thin.
algis-hn
·vor 5 Monaten·discuss
110 tools is exactly where you need a discovery layer in front. A proxy that only surfaces the 5-10 relevant tools per query keeps the context clean without splitting into separate servers https://github.com/smart-mcp-proxy/mcpproxy-go