Building a Permission-Gated MCP Server in Laravel (Without Opening a Backdoor)

I spent today wiring an MCP server into a Laravel app that manages a Kong API gateway. The interesting part wasn't "make the AI talk to the app" — that's the easy bit now that there's a first-party package for it. The interesting part was making sure the MCP layer is just another UI over the same rules, and never a quiet little backdoor that skips authorization.

Here's how I think about it, and the patterns that kept it honest.

MCP is a third front-end, not a new set of powers

The app already has two ways in: a web UI and an HTTP API. Both go through the same authorization, the same action classes, the same approval workflow. When you bolt on an MCP server, the temptation is to let the tools "just query the database" because it's faster. That's exactly how you end up with an AI agent that can do things a logged-in user never could.

So the rule I set for myself: every MCP tool maps to a permission the human already has, and every write goes through the same action class the web UI calls. MCP gets zero special privileges.