- Design small, auditable tools with minimal permissions.
- Separate reading, search, writing, and execution.
- Create a clear contract for approving dangerous actions.
tools:
search_notes:
mode: read
allowed_paths: ["./docs", "./notes"]
max_results: 10
read_file:
mode: read
allowed_extensions: [".md", ".txt", ".json"]
max_bytes: 20000
run_check:
mode: execute
allowed_commands:
- "npm run lint"
- "npm test"
requires_human_approval: false
delete_file:
enabled: falseRisk-Based Design
- Low risk: search, read, list, summarize.
- Medium risk: create drafts, write to a temporary folder.
- High risk: delete, publish, send, charge, touch production.
trace:
task_id: "agent-2026-07-05-001"
tool: "read_file"
args:
path: "docs/precios.md"
decision: "allowed"
reason: "extension .md, path inside ./docs"
bytes_returned: 4821Official Sources
- MCP introduction
- MCP specification: tools
- MCP specification