Cool. Can you give the agent a db user with restricted read permissions?

Also, generic db question, but can you protect against resource overconsumption? Like if the junior/agent makes a query with 100 joins, can a marshall kill the process and time it out?

▲

simba-k 3 days ago | parent [-]

Yeah to restricted read, still a lot of API work to do here and we're a bit blocked by MCP itself changing its auth spec (was just republished yesterday).

If you use the lower-level enrichMCP API (without SQLAlchemy) you can fully control all retrieval logic and add things like rate limiting, not dissimilar to how you'd solve this problem with a traditional API.

	▲	TZubiri 2 days ago \| parent [-]
		You could do this out of the MCP protocol, just by making a SQL user account with restricted privileges. I'm assuming at some point you have to give the mcp orm credentials. I think it's easier and more maintainable to just add a doc page tutorial showing how to do it instead of making it part of the dependency. It also reduces the scope of the library.