Comment by nulone
2 days ago
How do you handle side-effectful tools and secrets? Least-privilege and auditing seem hard once any Python function can become a tool (scoped creds, revocation, logs).
2 days ago
How do you handle side-effectful tools and secrets? Least-privilege and auditing seem hard once any Python function can become a tool (scoped creds, revocation, logs).
Hi Thanks for the comment, The unified agent doesn’t execute untrusted code — it orchestrates. Side effects only happen at explicit execution boundaries (remote tools or the CodeAgent). The CodeAgent is sandboxed in Docker; the planner/router isn’t, because it never executes arbitrary code. Least-privilege and auditing are enforced at the execution boundary, not per function. Do you have any suggestions for making PolyMCP better?
Makes sense — execution boundary is the right place.
I'd prioritize audit logs + correlation IDs, and short-lived creds per tool call. Do you expose tool capabilities to the planner without exposing creds?