MCP scope's and tracing

Based on user feedback: 

--
Curious how you’re thinking about boundaries here.

If an agent can call internal microservice APIs via MCP, what’s the “least privilege” story (authz, rate limits), and how do you audit/trace tool calls back to user intent?
---

And the follow on

---
I’m leaning toward per-tool scopes plus short‑lived tokens tied to the user’s intent. Each tool call should carry a request/trace id that maps back to the original user message, with rate limits at both the gateway and service layers. For audit, keep an immutable log of tool calls + policy decisions. A real end‑to‑end example with traces would make the model concrete.
---

It's clear we can introduce this sort of fine grained scoping into our tools and a way to manage it through the UI in the server.

We can use the blog app as a test case

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

MCP scope's and tracing #2849

If an agent can call internal microservice APIs via MCP, what’s the “least privilege” story (authz, rate limits), and how do you audit/trace tool calls back to user intent?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

MCP scope's and tracing #2849

Description

If an agent can call internal microservice APIs via MCP, what’s the “least privilege” story (authz, rate limits), and how do you audit/trace tool calls back to user intent?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions