Small AI database questions can become big scans

A small question can become a big database scan when an AI agent writes the query.

“Show me customers at risk” sounds harmless.

But depending on schema context, the agent might join:

• accounts
• subscriptions
• invoices
• usage events
• support tickets
• notes
• activity logs

Then it may retry when the first query does not answer the question.

For production MCP database servers, row limits should be treated as a safety boundary, not a UI preference.

Useful defaults:

• preview first, not full export
• aggregate before raw rows when possible
• enforced row limits per tool/intent
• page cursors for continuation
• explicit “more rows exist” metadata
• structured refusal for unbounded requests
• audit logs with rows scanned and rows returned

Longer version: Row limits for AI database agents

The model should never summarize 50 preview rows as if it saw the whole database.