HackerTrans
TopNewTrendsCommentsPastAskShowJobs

duncankrebs

no profile record

Submissions

MCP Won't Solve Enterprise AI Integration (We're Missing a Layer)

1 points·by duncankrebs·4 mesi fa·3 comments

A DI-style container for AI agent capabilities

2 points·by duncankrebs·4 mesi fa·2 comments

comments

duncankrebs
·4 mesi fa·discuss
1. Moving Beyond the "God Mode" Service Account Until recently, most developers gave agents a single Service Account with broad permissions. The Old Way: The agent is a user. If it’s compromised or hallucinates, it has the full run of its permissions. The Realm Way: The agent has zero inherent permissions. It is a "stateless" reasoning engine that must prove "Human-in-the-Loop" authority for every high-stakes action.

2. Dependency Injection (DI) for Meatspace Dependency Injection is a decades-old software pattern, but applying it to Human Authority is the novelty. Instead of injecting a DatabaseConnection object, the Realm injects a LegalPermissionToActAsJaneDoe object. This treats "human permission" as just another technical dependency.

3. Solving the "Auditability Gap" In traditional agent setups, if an agent deletes a file, the logs show "AI_Agent_01 deleted file." This is a nightmare for compliance. Krebs’s pattern ensures the log says: "AI_Agent_01 (on behalf of User: Jane Doe, via Realm: Budget_Approval_2026) deleted file." Is it "New"? The individual parts aren't: LDAP, OPA, and DI have existed for years. The synthesis is: Combining them into a "Policy-Enforcing Container" (the Realm) specifically to solve the unpredictable nature of LLM reasoning is the current "cutting edge" of AI systems architecture. ]
duncankrebs
·4 mesi fa·discuss
I love how Google AI is so naturally good and trained to take new thinking and discredit it as already in school of thought thanks google! - Duncan Krebs
duncankrebs
·4 mesi fa·discuss
Read your post, you are in similar thinking, I think it comes down to having an agentic control plane in an enterprise that has registries of MCP servers, parses their schema and meta data into a common capability model, links MCP servers to LDAP groups and then in the actual agent application have an abstract SDK that queries the MCP registry sends it into the LLM and then proxies it back to the control plane where it invokes the MCP service, validates its schema contract, audits it and sends the response back. Same should happen for LLM model calls as well.