Problem statement
The issue with MCPs at the moment is that a lot of practical design choices still fall on the developer, and that includes some important security decisions. MCP shines at standardizing tool access, but the safety boundary still lives in the host, client, and server implementation. In this post I’m going to use a small TypeScript policy gate as an exercise for thinking through those boundaries. We’ll look at concrete examples of MCP-style tool calls, where they can go wrong, and what kind of checks can catch them before they run.
Comments