๐๐จ๐๐๐๐๐ก๐ ๐ ๐ฃ๐๐ฅ๐ ๐๐ฆ๐ฆ๐๐ข๐ก-๐๐๐ง๐๐ ๐ ๐๐ฃ ๐ฆ๐๐ฅ๐ฉ๐๐ฅ I built an MCP server in a Laravel app that manages a Kong API gateway. The challenge was to ensure the MCP layer follows the same rules as the web UI and HTTP API, without creating a backdoor that skips authorization.
Here's how I did it:
- Every MCP tool maps to a permission the human already has.
- Every write goes through the same action class the web UI calls.
- MCP gets zero special privileges.
I used an abstract base class to push auth checks into a single place. Each concrete tool declares the permission it needs, and the base decides whether the caller is allowed.
Key takeaways:
- Gate every tool through a base class against an existing permission.
- Use a driver-based contract to degrade capabilities honestly.
- Make write tools call the same action classes as the rest of the app.
This approach ensures the AI is useful without being sneaky. The MCP server is a powerful new surface, and it should be the least privileged one.