Back to work
AI & Agents

Agent tooling for a developer platform

An engineering org wanted their AI assistants to safely operate real systems — clusters, editors, and build tools — instead of just answering questions.

The constraint

The team’s assistants were stuck at the chat boundary: they could describe what to do, but a human still had to translate every suggestion into clicks and commands. The org wanted agents that could actually operate their systems — clusters, editors, build pipelines — without handing an LLM an unbounded shell.

Architecture

We built the bridge as a set of Model Context Protocol (MCP) servers, one per system, each designed around least privilege:

  • Well-scoped operations, not raw access. Instead of exposing a shell or a full API surface, each server publishes a small, intentional set of tools — the operations the agent is actually allowed to perform, with typed inputs and validated arguments.
  • Guardrails at the tool boundary. Destructive or wide-blast-radius actions are gated, parameterized, and constrained in the server itself, so safety doesn’t depend on the model behaving.
  • Auditability by default. Every action an agent takes flows through the MCP layer, which gives the team a single, reviewable record of what was done and why — the difference between “the AI changed something” and “here is exactly what changed.”

Because MCP is a standard, the same servers work across the assistants and agent runtimes the team already uses.

Outcome

The agents went from advisors to operators: they take real, auditable actions in production tooling within tight, reviewable bounds. It’s a force multiplier for the whole team — the routine operational work an engineer used to do by hand is now something an agent can do safely, with a paper trail.