MCP servers expose tools, resources, and prompts to AI agents via a flat discovery list with no native scoping. In shared production environments, this creates over-permissioned agents, credential sprawl, and missing audit trails. The post outlines a two-level provisioning model: organization-level controls set the ceiling (blocking dangerous tools org-wide), while workspace-level controls scope access per team. Credentials should live at a centralized gateway layer rather than inside agent code, enabling instant revocation. Runtime governance adds policy checks, rate limits, and structured audit logs at invocation time. Portkey's MCP gateway is presented as an implementation of this centralized model.
Table of contents
What MCP servers actually expose to agentsWhy unrestricted tool access breaks in productionThe two levels of tool provisioning in MCP serversCredential management and authentication at the tool layerPolicy enforcement, rate limits, and auditability across tool invocationsHow Portkey's MCP gateway handles tool provisioning at scaleGovern your MCPsFAQsSort: