MCP Fusion
AI-First DX for the Model Context Protocol.

Blast Radius Control

Introduction

In a large MCP server with 100+ tools, you don't always want the agent to see everything. A billing agent shouldn't see user management tools. A read-only dashboard agent shouldn't see mutations. Blast Radius Control uses tags to filter which tools are visible to each agent session.

Tag-Based Filtering

Tag your tools during definition:

typescript
const f = initFusion<AppContext>();

export const listInvoices = f.query('billing.list')
  .describe('List invoices')
  .tags('billing', 'read')
  .returns(InvoicePresenter)
  .handle(async (input, ctx) => {
    return ctx.db.invoices.findMany();
  });

export const chargeInvoice = f.mutation('billing.charge')
  .describe('Charge an invoice')
  .tags('billing', 'write', 'destructive')
  .withString('id', 'Invoice ID')
  .handle(async (input, ctx) => {
    await ctx.db.invoices.charge(input.id);
    return { charged: true };
  });

export const listUsers = f.query('users.list')
  .describe('List users')
  .tags('users', 'read', 'admin')
  .returns(UserPresenter)
  .handle(async (input, ctx) => {
    return ctx.db.users.findMany();
  });

The tags() Method

.tags() accepts any number of string arguments. Tags are metadata — they don't affect tool behavior, only visibility:

typescript
f.query('projects.list')
  .tags('projects', 'read', 'v1')    // Multiple tags

Runtime Tag Filtering

Filter tools at server attachment time based on session context:

typescript
registry.attachToServer(server, {
  contextFactory: createContext,
  toolFilter: (tool, session) => {
    // Billing agent: only billing tools
    if (session.agentType === 'billing') {
      return tool.tags.includes('billing');
    }

    // Read-only agent: no write tools
    if (session.agentType === 'readonly') {
      return tool.tags.includes('read');
    }

    // Admin: everything
    return true;
  },
});

The toolFilter runs during tools/list — filtered tools are invisible to the agent. They don't appear in the tool list and can't be called.

Use Cases

Agent TypeTag FilterEffect
Billing agentbillingSees only invoice/payment tools
Dashboard agentreadSees only query tools, no mutations
Admin agentNo filterSees everything
External agentpublicSees only public-facing tools
Debug agentinternalSees monitoring and debug tools

IMPORTANT

Tag filtering is a presentation-layer control. It hides tools from the agent's view but doesn't prevent direct tools/call invocations if the agent guesses the tool name. For true authorization, combine tag filtering with Authentication Middleware.