← Back to Docs
Configuration

Configure MCP servers for extended capabilities

MCP (Model Context Protocol) extends agents with external tools and data sources. It provides a standardized way for agents to interact with databases, APIs, file systems, and other services beyond their native capabilities.

The power of MCP is in its standardization. Instead of each agent implementing custom integrations for every service, MCP provides a common protocol. Once a service speaks MCP, any MCP-enabled agent can use it. This dramatically expands what agents can do without increasing their complexity.

Enable only relevant MCPs

Each MCP server adds capabilities but also potential risk. Only enable the MCPs your agents actually need. Disable or remove unused MCPs to reduce attack surface and prevent accidental usage of powerful tools.

Prefer stable interfaces

MCP servers vary in quality. Prefer servers with stable APIs, good documentation, and active maintenance. Community servers can be useful, but evaluate them for reliability and security before production use.

Validate outputs before production use

MCP servers return data that agents act upon. Always validate this data before it affects production systems. Check schemas, validate ranges, and sanitize inputs. Don't assume MCP data is safe just because it came through a protocol.

MCP server configuration

QuantenRam supports MCP servers through configuration. Each server is defined with its connection details, capabilities, and security constraints.

// MCP server configuration
{
  "mcp_servers": {
    "postgres": {
      "transport": "stdio",
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-postgres"],
      "env": {
        "DATABASE_URL": "postgresql://localhost/mydb"
      },
      "allowed_operations": ["query", "describe"],
      "blocked_operations": ["insert", "update", "delete"]
    },
    "filesystem": {
      "transport": "stdio",
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem", "./src"],
      "allowed_paths": ["./src", "./docs"],
      "blocked_paths": ["./.env", "./secrets"]
    }
  }
}

This configuration sets up two MCP servers: a PostgreSQL server with read-only access for queries, and a filesystem server limited to specific directories. The principle is least privilege—even MCP servers get restricted capabilities.

MCP security considerations

MCP servers run with the permissions of the process that started them. This means they can potentially access anything the agent can access. Security must be designed in, not added later.

// Security-focused MCP configuration
{
  "mcp_servers": {
    "production_db": {
      "enabled": false,
      // Disabled by default for safety
      "enable_in": ["admin_dashboard_only"],
      // Explicit context for enabling
      "audit_log": true,
      // All operations logged
      "rate_limit": "10/minute",
      // Prevent runaway queries
      "timeout_seconds": 30
      // Don't hang indefinitely
    }
  }
}

Security features include: disabled by default, explicit enable contexts, audit logging, rate limiting, and timeouts. These controls prevent accidental or malicious misuse of powerful MCP capabilities.

MCP servers are powerful extensions, but with power comes responsibility. Configure them carefully, enable only what's needed, and always validate their outputs before acting on them in production.