[pjm331]

> Re: security, I think I need to make an AI credential broker/system. The only way to securely use agents is to never give them access to a credential at all. So the only way to have the agent run a command which requires credentials, is to send the command to a segregated process which asks the user for permission, then runs it, then returns status to the agent

This is a problem that model context protocol solves

Your MCP server has the creds, your agent does not.

[0xbadcafebee]

But what about the context pollution? For every request you want an MCP to handle, it has to fill up the context with instructions on how to make requests; and the MCP server has to implement basically every function, right? So like, an AWS MCP would have hundreds of commands to support, and all that would need to be fed into context. You could try to limit the number of AWS MCP functions in context, but then you're limiting yourself. Compare this to just letting the AI run an AWS command (or API call via curl) using the knowledge it already has; no extra complexity or context on the AI-side. You just need to implement a server which intercepts these stock commands/API calls and handles them the same way an MCP server would

[pjm331]

You don’t need to implement every api endpoint as a tool you can just say - this is the aws cli tool it takes one string as an argument and that string is an aws cli command

No difference between that and using the bash tool - except you can keep the keys on the MCP server

[0xbadcafebee]

I mean, there's a tiny difference: once of them is secure, the other isn't...