MCP Server bank-specific URLs should expose bank-specific functionality #317
Description
Use Case
I'm working with an agent system using an 80B model and using bank-specific URL for MCP server. I want to silo the memory so this agent only has access to the bank specified by the URL.
Problem Statement
- When connecting to the MCP server at the bank-specific URL:
- Functions such as "list_banks" are available and show the names of other memory banks.
- Functions such as "retain" still expose "bank_id" as a parameter
- If the "bank_id" is left empty, "retain" operation fails
From a practical perspective, this lets the agent see other memory banks and can try to add memories to other banks. Even if there is a security layer that prevents the retain from succeeding on the other bank (uncertain whether this is the case), the AI agent has no way to determine this when interacting with the MCP functions.
How This Feature Would Help
With this feature, we would be able to silo memory banks more effectively between agents. It would eliminate the need for guardrails in the prompt. It would make it easier for agents to interact with the MCP by reducing the number of available functions, making function selection more consistent and reducing the number of tool call loops.
Proposed Solution
In bank-specific MCP server URLS:
- Remove any functionality to list / create / modify banks - operations are constrained to the bank specified by the URL
- Remove bank_id from parameters (bank_id is specified by the URL)
Alternatives Considered
No response
Priority
Nice to have
Additional Context
No response
Checklist
- I would be willing to contribute this feature