If today had a spine, it was MCP. I shipped the generic MCP toolbox into a public package and stood up MCP servers across a cluster of enterprise apps — same gate-first pattern, different domains. Around that, two other threads ran all day: making transactional email tell you whether it was opened, and getting nested admin sidebars to behave across a half-dozen apps. Busy day. Here's the log.
MCP toolbox, and three servers that use the pattern
The public, teachable piece I wrote up separately: cleaniquecoders/laravel-mcp-kit got a generic, opt-in toolbox — the ops tools (whoami, log tailing, failed-job retry, queue status, token management) that I kept rewriting in every MCP server. The trick is that each tool registers only when its backing package is present, and every tool is gated and uuid-only. Full write-up is in today's focused post, so I won't repeat the code here.
What's worth adding in the log is why that package exists: today I also wired full MCP servers into a set of private enterprise platforms — an identity/IAM system, an API-gateway manager, and a user portal. Each got the same shape: read-only diagnostic tools behind an ability gate, a handful of write tools that funnel through Actions, and a small Livewire admin card to toggle the server and manage tokens. Building three of them back-to-back is exactly what surfaced the generic spine worth extracting. The rule I held to across all of them: the agent gets read tools freely, write tools sparingly, and every write goes through a human-gated runbook — orient, observe, diagnose, propose, then stop at the gate. An MCP server that can do things is only safe if the dangerous verbs are few, audited, and explicitly authorized.
