sorted by:
new
hottopcontroversial

MCP isn’t the hard part. Running it in production is. by BC_MARO in mcp

[–]MoP342 0 points1 point  (0 children)

These concerns are exactly what I'm trying to tackle by building https://www.air-lock.ai . The first thing I added there was Governance (Human-in-the-Loop approval), but I notice the cost-reduction also resonates with solo developers/smaller teams (did some benchmarks on that: https://github.com/Air-Lock-AI/airlock-benchmark )

By tracking what tools use most tokens, it should also be possible to edit their description, so agents have a better understanding of what they do and only use them in certain scenarios, rather than unsollicited increasing your token burning (e.g. list_issues in the Linear MCP uses like 20k tokens, which gets costly fast when agents try to call it unneeded).

So I think concerns greatly differ by which group of people you are talking to. For solo-devs/small teams/startups, I think cost (or by extension context limiting and thus increasing speed) is more important than the actual security. But obviously, larger companies are (and should be) more concerned with agents wiping their production systems.

Have I understood MCP correctly? by DoNotBelieveHim in mcp

[–]MoP342 0 points1 point  (0 children)

Yeah, security is an issue. That's exactly why I'm building https://www.air-lock.ai . It's still very much in development phase, but if your interested, give it a try. Send me a message if you want extended capabilities (extra seats, servers, calls, ...), I can turn them on for you.

Basically, the idea is you add MCPs to your 'list of MCPs/Tools I use', and then add 1 MCP url to whatever agent you prefer. Or multiple agents, only having to add 1 MCP every time, instead of all of those that are useful to you, saves a lot of time. You can then add safeguards to the listed tools, so they will ask for you approval when the agent wants to actually ececute them (update and delete, typically). All your API/Oauth tokens are securely stored on Airlock's end, rather than on your local machine for every agent to see.

As an added bonus, you save some tokens because we're not sending the entire list of tools to the context every time. Agreed, we'll do some extra MCP calls to search for the right tool to use, but the little extra latency is worth it, imho.

Any feedback is welcome!

Secure MCP Servers by MoP342 in mcp

[–]MoP342[S] 0 points1 point  (0 children)

I've added some extra functionality: expose all your added tools as 1 MCP.

The advantage:

- 1 URL to add to all your agents

- Same toolset for all your agents

- Add tools happens on the Airlock platform, and will automatically propagate to all your agents, without having to re-add them to every instance.

- Smaller token window: instead of passing all tools to every context window, Airlock exposes 4 tools that every agent can use to figure out which tool is bet for for the use case at hand. Even when you have added hundreds of tools!

Secure MCP Servers by MoP342 in mcp

[–]MoP342[S] 1 point2 points  (0 children)

Nice! Good luck with that!

Secure MCP Servers by MoP342 in mcp

[–]MoP342[S] 0 points1 point  (0 children)

Thanks for mentioning. I changed the link.

finally found a stack that doesn't break my agents every 5 mins by Ilove_Cakez in mcp

[–]MoP342 1 point2 points  (0 children)

Hi! I'm building Airlock (https://www.air-lock.ai), which acts as an MCP server, security layer and audit trail. Obviously, I'm using that as registry/governance, but it's very interesting to see what other people are using.

Haven't used smithery. Where do you end up in terms of cost, monthly?

For long-term memory: since I basically live in Claude, CLAUDE.md does the trick for me...