Skip to main content

Tool Management

A tenant with forty installed upstreams has several hundred tools. Dumping all of them into every model's context is the classic failure mode: the model gets slower, dumber, and more expensive at once. The gateway treats tool exposure as a managed surface.

Lazy by default: the meta-tools

Out of the box, a caller's tools/list contains only the gateway's meta-tools:

  • find_tools(query, limit?) — searches the entire tenant catalog (name, description, upstream) and returns matching tools with their full input schemas
  • call_external_tool(upstream, tool, arguments) — dispatches any tool find_tools surfaced
  • pin_tool / unpin_tool / list_pinned_tools — personal favorites

The model discovers what it needs, when it needs it. The full catalog stays reachable; the context stays small. (call_external_tool exists because models only invoke tools present in their most recent tools/list — it's the dispatch bridge for discovered tools.)

Scope tags: pre-loading what an agent actually uses

When an agent has a known job, make its tools first-class. Upstreams carry tags (crm, support, data, …); agent profiles carry scope_tags:

Agent scope_tagstools/list contains
(empty — default)Meta-tools only (lazy)
["support", "crm"]Meta-tools + every tool from upstreams tagged support or crm
["*"]Everything (use sparingly — this is the failure mode you're avoiding)

A support agent pre-loads Intercom and Zendesk and never sees Snowflake; a data agent gets the reverse. Both can still reach anything else through find_tools — subsetting shapes context, policy controls permission.

Pinned tools

Individual users can pin specific tools into their own tools/list — handy for the three tools you call constantly without widening your whole tag scope. Pins are per-user and survive sessions.

The two inventory pages

  • My Tools (/governance/mcp-gateway/my-tools) — your callable surface: upstreams you've connected, their tools, and a Refresh that forces live re-discovery against the upstream.
  • Registry (/governance/mcp-gateway/registry) — the tenant-wide catalog: every fingerprinted tool on every enabled upstream, with expandable input schemas and risk-flag counts. This is the audit view, independent of who has connected what.