Introduction: The "Last Mile" Challenge of AI Agents
In the engineering practice of AI agents, we are undergoing a transformation from "local integration" to "cloud-based plug-in." Over the past year, the industry has witnessed the rise of Model Context Protocol (MCP), which successfully solved the "protocol standardization" problem for cross-process connections between large models and external tools. However, with the deepening of enterprise-level scenarios, developers have found that simply achieving connectivity is not enough.
Today, Solon AI 3.9.0 officially proposes the concept of Remote Skills. This feature is not a simple encapsulation of MCP, but rather an evolution of the originally static, passively triggered MCP toolset into a distributed intelligent unit with business awareness, lifecycle management, and dynamic routing capabilities.
I. The Leap from MCP Tools to Remote Skills
The traditional MCP interaction mode is essentially a kind of "static broadcast." Once the server starts, it exposes all tools to the large model. This model works well in single-machine experimental environments, but in complex, multi-tenant, and high-security enterprise-level businesses, it triggers three critical engineering pain points:
1. Context Noise and Token Inflation:
The context window of a large model is expensive and finite. If a system has 500 tools, even for simple chat or basic queries, traditional MCP will cram the JSON schemas of all 500 tools into the System Prompt. This not only wastes a significant amount of token resources, but more seriously, excessive distracting information can cause the model to become "distracted," reducing the accuracy of inference.
2. Security Risks and Unauthorized Calls:
In the native architecture of MCP, the model's visibility to tools is "full." The model cannot spontaneously and dynamically hide sensitive operations based on the current user's role. For example, if an intern inquires about order information, the model might attempt to call the OrderCancel tool during inference. Although the execution layer can intercept this, the "see-and-try" approach itself poses a significant security risk.
3. Instruction Gap:
Tools describe "what they can do," but fail to tell the model "how to do it" in a specific context. For example, the same "interest rate query" tool might have drastically different preconditions in the business logic of the Shenzhen branch and the Shanghai branch; a static MCP protocol cannot convey this dynamic "behavioral guidelines."
The core idea of Remote Skills is to wrap remote tools within the Skill lifecycle, enabling them to perceive the current Prompt context, thus achieving a leap from "static description" to "dynamic contract."
II. Core Mechanisms: Perception, Mounting, and Dynamic Routing
Solon AI endows remote skills with the ability to "think" by establishing a context negotiation mechanism between McpSkillClient (client-side agent) and McpSkillServer (server-side implementation). This is primarily reflected in the following three aspects:
1. Intelligent Admission (isSupported): From "Full Loading" to "On-Demand Activation"
Remote Skills are no longer blindly activated. Before the session begins, the server parses the current Prompt attributes (such as tenant ID, user profile, and current intent attributes). By executing the isSupported logic, the server can determine whether the current skill participates in the conversation.
- Engineering Value: Financial skills are only mounted to the memory graph when the conversation involves "financial statements" and the user has "auditor" permissions. This physically eliminates interference from irrelevant tools.
2. Dynamic Instruction Injection (getInstruction): Giving Tools a "Business Soul"
Skills are no longer just APIs. During mounting, the server dynamically issues instruction constraints based on the context using getInstruction. This mechanism allows developers to adjust the Agent's behavioral logic in real time without modifying the model prompts.
- Example: When a request is detected to originate from a mobile device, the server injects: "Please keep your replies concise, use Markdown tables whenever possible, and do not exceed 200 characters."
3. Three-State Routing Capability (getToolsName): Fine-grained Permission Isolation
This is the most groundbreaking feature of Remote Skills. The server can dynamically determine which tool names to distribute based on the requester's identity, achieving "tool-level RBAC":
Full Authorization: Exposes all debugging and management tools to super administrators.
Precise Filtering: Hides high-risk tools like
DeleteorBatchUpdatefor ordinary users.Complete Interception: When an abnormal request is detected (such as an abnormal IP address), all tool access permissions can be instantly disabled even if the skill is activated.
III. Practical Application: Building Remote Skills with "Self-Reflection" Capabilities
1. Client: Extremely Simplified Integration Experience
In the Solon AI framework, McpSkillClient makes complex remote communication and protocol conversions transparent. Developers only need to focus on injecting business attributes (Attrs).
import org.noear.solon.ai.chat.ChatModel;
import org.noear.solon.ai.chat.prompt.Prompt;
import org.noear.solon.ai.mcp.McpChannel;
import org.noear.solon.ai.mcp.client.McpClientProvider;
import org.noear.solon.ai.mcp.client.McpSkillClient;
// 1. Build the mcp client
McpClientProvider mcpClient = McpClientProvider.builder()
.channel(McpChannel.STREAMABLE)
.url("http://localhost:8081//skill/order")
.build();
// 2. Build prompt words with deep business attributes
Prompt prompt = Prompt.of("Help me with order A001")
.attrPut("tenant_id", "solon_cloud")
.attrPut("user_role", "ADMIN")
.attrPut("client_ip", "10.0.0.1");
// 3. Injecting remote skill agents, the framework handles context pass-through automatically
chatModel.prompt(prompt)
.options(o -> o.skillAdd(new McpSkillClient(mcpClient)))
.call();
2. Server-side: Declarative security capability export
By inheriting McpSkillServer, you can easily implement remote services with dynamic defense capabilities. Note how the tool is exposed through code logic control.
import org.noear.solon.ai.annotation.ToolMapping;
import org.noear.solon.ai.chat.prompt.Prompt;
import org.noear.solon.ai.mcp.McpChannel;
import org.noear.solon.ai.mcp.server.McpSkillServer;
import org.noear.solon.ai.mcp.server.annotation.McpServerEndpoint;
import java.util.ArrayList;
import java.util.List;
@McpServerEndpoint(channel = McpChannel.STREAMABLE, mcpEndpoint = "/skill/order")
public class OrderRemoteSkillServer extends McpSkillServer {
@Override
public boolean isSupported(Prompt prompt) {
// Logical admission: If the request has no tenant identity, simply refuse to mount the skill
return prompt.attr("tenant_id") != null;
}
@Override
public List<String> getToolsName(Prompt prompt) {
// Dynamic Routing: Achieving physical isolation of tools
List<String> tools = new ArrayList<>();
tools.add("OrderQuery");
if ("ADMIN".equals(prompt.attr("user_role"))) {
tools.add("OrderCancel"); // Visible only to administrators
}
return tools;
}
@ToolMapping(description = "Query order details, including logistics status")
public String OrderQuery(String id) { ... }
@ToolMapping(description = "Emergency cancel order, this action is not reversible")
public String OrderCancel(String id) { ... }
}
IV. Architectural Reflection: Why is this an inevitable choice for enterprise-level agents?
Evolving MCP into Remote Skills represents a qualitative leap in the architectural quality of AI systems:
Extreme Context Purity: Through dynamic filtering, the model only sees the tools it should see "at this moment, by this person, and with this authority." This "minimize information principle" significantly improves inference success rate and substantially reduces token consumption, which directly impacts operational costs for large-scale concurrent systems.
Hardened Security: In the past, we attempted to defend against unauthorized calls using "prompt injections." However, under the Remote Skills architecture, access control has been elevated from a "constraint model" to "server-side physical filtering." Even if a large model attempts to attack unauthorized tools, the attack is impossible because the tool definitions have never been distributed.
Hot Updates and Governance of Capabilities: In a distributed environment, business logic, tool lists, and behavioral guidelines all converge on the remote server. This means that when business operations are adjusted (such as adding a refund restriction logic), developers only need to update the McpSkillServer code, and hundreds or thousands of running client agents can instantly receive capability upgrades without redeployment.
Solon AI Remote Skills is more than just an implementation of a protocol; it represents a profound reflection on "how to manage the capabilities of distributed intelligent agents." It allows AI plugins to move beyond the era of "static broadcasting" and into a new stage of "on-demand allocation and intelligent perception."
V. Looking to the Future: Towards "Skills as a Service"
Solon AI Remote Skills is more than just an implementation of a protocol; it represents a profound reflection on "how to manage AI capabilities like managing microservices." In future AI architectures, large models will no longer be bloated "universal boxes," but rather streamlined "inference hubs," connecting distributed expert units around the world on demand through the Remote Skills protocol.
By enabling AI plugins to move beyond "static broadcasting" and enter a new phase of "on-demand allocation and intelligent perception," Solon AI is providing developers with a more robust, controllable, and commercially valuable agent development framework.
Top comments (0)