HackerTrans
TopNewTrendsCommentsPastAskShowJobs

_enjn

no profile record

comments

_enjn
·3 ay önce·discuss
[dead]
_enjn
·3 ay önce·discuss
[dead]
_enjn
·3 ay önce·discuss
Interesting that you manually mapped GET→resources and POST→tools. We hit the same pattern with ToolMesh.io so often that we built a declarative format for it — DADL, a YAML file that describes the REST API mapping, and the gateway generates the MCP server at runtime. No code, no deployment per API. The boilerplate of wrapping every REST API into an MCP server is probably the biggest adoption blocker right now.
_enjn
·3 ay önce·discuss
The connection lifecycle is one problem, but even with ephemeral connections you still have the authorization gap — MCP has no built-in concept of per-tool, per-user permissions. We ran into this building an MCP aggregator (ToolMesh, Apache 2.0) where 15+ backends connect through a single gateway. Our approach: OpenFGA for fine-grained ReBAC authorization on every tool call, plus an Output Gate that can run e.g. DLP policies before results reach the LLM. The attack surface isn't just about which servers are connected — it's about what each agent is allowed to do with them. https://toolmesh.io
_enjn
·3 ay önce·discuss
[dead]
_enjn
·3 ay önce·discuss
[dead]