DEV Community

Tang Weigang
Tang Weigang

Posted on

FastMCP: tool discovery is not authorization

FastMCP makes it easy to expose Python functions as MCP tools, resources, and prompts. The production question is not whether a client can discover a tool, but what that discovery is allowed to trigger.

My validation order is deliberately boring:

  1. Start with a side-effect-free function and verify server, client, and host discovery.
  2. Test input/output contracts, authentication, timeouts, exception mapping, and recovery.
  3. Only then consider filesystem, network, credential, or production-write permissions.

A working protocol path is evidence that the transport works. It is not evidence that the permission model is safe. Each real tool needs a bounded capability, a reproducible example, and a failure case that has been observed.

Project: https://doramagic.ai/en/projects/fastmcp/
Human manual: https://doramagic.ai/en/projects/fastmcp/manual/
Upstream: https://github.com/PrefectHQ/fastmcp

Top comments (0)