Aulafy
Courses/Agents and automation/MCP for Local Tools

MCP for Local Tools

MCP is useful when the agent needs real context and tools, but every local tool is a doorway. Start with read access, allowlists, and traces before exposing commands or write access.

  • Design small, auditable tools with minimal permissions.
  • Separate reading, search, writing, and execution.
  • Create a clear contract for approving dangerous actions.
TerminalCode
tools:
  search_notes:
    mode: read
    allowed_paths: ["./docs", "./notes"]
    max_results: 10

  read_file:
    mode: read
    allowed_extensions: [".md", ".txt", ".json"]
    max_bytes: 20000

  run_check:
    mode: execute
    allowed_commands:
      - "npm run lint"
      - "npm test"
    requires_human_approval: false

  delete_file:
    enabled: false

Risk-Based Design

  • Low risk: search, read, list, summarize.
  • Medium risk: create drafts, write to a temporary folder.
  • High risk: delete, publish, send, charge, touch production.
TerminalCode
trace:
  task_id: "agent-2026-07-05-001"
  tool: "read_file"
  args:
    path: "docs/precios.md"
  decision: "allowed"
  reason: "extension .md, path inside ./docs"
  bytes_returned: 4821

Official Sources

  • MCP introduction
  • MCP specification: tools
  • MCP specification