KeyLore and MCP clients

MCP behavior

Why this model fits MCP clients better than flat env exposure.

KeyLore works well with MCP-style interactions because MCP clients often need a structured way to discover resources and invoke tools. In this model, credentials are not dumped into process environment state for the agent to read.

Expose enough metadata for the client to distinguish credentials by service, purpose, and environment.
Do not rely on raw secret names alone; make the intended use explicit in the metadata.
Keep the AI-visible layer descriptive but minimal so selection is accurate without oversharing.
Validate the workflow by confirming the client can complete the task without ever seeing the underlying token value.

Model-visible contract

What the agent sees.

MCP clients are especially sensitive to interface design. If the only interface to credentials is a flat list of env vars, the agent must infer intent from weak signals. KeyLore gives that interaction a better structure: searchable metadata for discovery, brokered access for use, and a clearer separation between model context and secret material.

Visible over MCP

{
  "service": "github",
  "allowedDomains": ["api.github.com"],
  "permittedOperations": ["http.get"],
  "userContext": "Human explanation",
  "llmContext": "Use for repo metadata and rate-limit reads"
}

Not returned

{
  "rawToken": "not exposed",
  "secretBinding": "not exposed",
  "envDump": "not part of the flow"
}