The bet behind mcp-flowgate
Your model reads every tool you register on every call, and none of it comes with governance. Here's the one bet mcp-flowgate makes to fix both — and an honest account of what's built so far.
Project updates, technical deep dives, and things we learned building mcp-flowgate.
Your model reads every tool you register on every call, and none of it comes with governance. Here's the one bet mcp-flowgate makes to fix both — and an honest account of what's built so far.
mcp-flowgate is not an agentic coding tool. Coding is one use case among many — and new regulation is fast making the audit trail it produces a requirement.
Every tool you register is a recurring tax: input tokens for its definition, output tokens for the reasoning to choose it. Here's the math, measured.
When an agent acts out of order, the fix isn't a longer prompt. It's the oldest, most boring pattern in computing — and agent governance is exactly the problem it was built for.
An LLM is a client that's bad at remembering rules. So stop making it. Let every response carry the legal next moves.
Approval gates and permission checks written inside each tool drift, can't be reviewed as a set, and are invisible. Declare them as data instead.
A flat tool list is fine at 12 tools and quietly breaks at 200. The failure isn't only tokens — it's that the model has no structure to navigate.
The security controls that don't fit in a tool definition need a layer of their own. Here's what a gateway enforces — and an honest account of what it doesn't.
An LLM does one kind of work: generation. It can't compute — by design, not by immaturity. Match each job to the tool built for it, and both shine.
Not every pipeline step is a decision. Tag the computable ones and the runtime runs them itself — the model only wakes for the choices that matter.