Beyond the API Mirror: How Breyta Transforms Workspaces with the Model Context Protocol (MCP)
By Vegard Steen • Published 2026-05-28
Discover how Breyta's Model Context Protocol (MCP) revolutionizes AI agent interactions with software platforms, offering progressive discovery, enhanced safety, and streamlined workflows for developers.
As AI agents and coding assistants become standard fixtures in our development workflows, we face a fundamental question: How should these models interact with our software platforms? The naive approach is simply mirroring an existing HTTP API or CLI dictionary to the model. But handing an LLM a raw, un-curated list of hundreds of API endpoints is a recipe for context bloat, hallucinated arguments, and brittle automation.
At Breyta, we built our Model Context Protocol (MCP) implementation to be an agent-facing control plane for workflows and workspaces. Instead of acting as a passive API wrapper, Breyta's MCP surface focuses on progressive discovery—offering intent-shaped tools, rich situational context, and structural safety guardrails that treat AI agents as first-class operators.
Here is an architectural look inside Breyta’s two-way MCP engine and how it changes how developers build, run, and debug agentic workflows.
---
The Architecture: Two-Way MCP
Breyta doesn't just expose tools to external models; it embeds the protocol symmetrically. Our architecture operates across three distinct layers, creating a comprehensive "two-way" MCP ecosystem:
- The Workspace MCP Server: A hosted, workspace-scoped endpoint (
https://flows.breyta.ai/api/workspaces/{workspace_id}/mcp) that acts as the central control plane. Coding agents (like Claude Code, Cursor, or Codex) connect here to discover resources, fetch prompts, and execute workflows. - Flow MCP Interfaces: Individual Breyta workflows can expose specific invocations as standard MCP tools. The workspace server acts as a broker, indexing and presenting these interfaces cleanly without exploding the top-level tool space.
- Native Inside-the-Flow Adapters: Inside a running Breyta flow, LLM or agent steps can call external third-party MCP servers over streamable HTTP.
> The Big Picture: External agents use Breyta MCP to discover and run workflows, while Breyta workflows use internal MCP adapters to leverage tools across your broader software stack.
---
Progressive Discovery over Raw Execution
An agent shouldn't have to guess input contracts or parse massive, unstructured log dumps. Breyta’s workspace design guides models through a predictable, highly reliable execution pattern:
search_flow_tools ──> inspect_flow_tool ──> call_flow_tool ──> get_run_status
By separating discovery from execution, the agent naturally searches for capabilities, inspects the exact JSON-RPC input schema required, kicks off the run, and polls for status updates in a bounded way.
To support this workflow, the workspace server exposes more than just tools. It coordinates three core MCP primitives:
- Tools: Actions like
search_flows,check_connections, orcall_flow_tool. - Resources: Contextual entry points (e.g.,
breyta://mcp-docs/overviewor URI templates for explicit flow definitions) so agents can read documentation directly instead of guessing constraints. - Prompts: User-invoked workflow templates (like
create_flow_from_goalordebug_failed_run) that help guide the agent through multi-step operations safely.
---
The Workspace Tool Catalog
The core workspace toolset is split into explicit capability groups, ensuring agents only see and do what is required for the job at hand:
| Tool Category | Key Operations | Purpose | | --- | --- | --- | | Discovery & Search | search_flows, search_flow_tools | Finds available workflows and callable interfaces without executing them. | | Setup & Inventory | list_connections, check_connections | Verifies integration health and connectivity without leaking credentials. | | Execution & Tracking | call_flow_tool, get_run_status | Invokes workflows and systematically tracks execution state. | | Authoring & Validation | validate_flow_definition, create_flow_draft | Evaluates flow schema logic and updates code strictly in a draft state. | | Promotion & Feedback | release_flow, send_feedback | Promotes approved drafts to production or relays engineering friction. |
---
Safety by Design: Narrowing and Sanitization
Building an enterprise-ready agent control plane requires deep consideration of safety boundaries. We approach safety structurally, rather than relying on the model to "behave."
1. Token Capabilities vs. Tool Exposure
Breyta uses existing API authentication, requiring a standard bearer token. We decouple what the token is allowed to do (underlying capabilities like flows.read or flows.manage) from what the MCP server entry chooses to expose.
Using headers like X-MCP-Toolsets or X-MCP-Readonly, you can restrict an assistant to a specific mode. If a support agent tries to run an unexposed mutation tool, Breyta throws a structured blocker (e.g., read_only_policy or toolset_policy) before execution is ever attempted.
2. Prompt-Injection & Metadata Safety
Flow definitions contain human-authored descriptions, labels, and comments. To an LLM, these are highly susceptible to prompt injection.
By default, Breyta strips or neutralizes flow-authored descriptions from model-facing metadata. Unless an internal system flag explicitly marks an installation or adapter as :trusted-metadata true, the model relies purely on fixed, system-vetted parameter schemas.
3. Strict Secret Containment
Breyta's MCP architecture enforces a rigid boundary: secrets never travel via tool arguments. API tokens, private keys, and authorization headers remain safely encapsulated within Breyta’s native connections and environment config.
---
The Draft-First Authoring Flow
When an agent helps design or modify a Breyta automation, it follows a strict, non-destructive authoring pipeline. Agents can generate complex configurations but cannot unilaterally alter production traffic:
- Context Gathering: The agent checks primitive documentation via
get_step_reference. - Validation: The agent tests structural logic using
validate_flow_definition, receiving immediate diagnostic feedback. - Drafting: The agent saves changes safely via
create_flow_draft. This writes draft state only and explicitly blocks automated live deployment. - Human-in-the-Loop Release: A live deployment requires a call to
release_flow. This tool is explicitly marked as destructive, depends on theflows.managecapability, and is designed to prompt for definitive user approval within the host application interface before execution.
---
Developer Adoption: Fast Setup via the CLI
Getting an agent up and running with Breyta's workspace control plane is a single-command process. The Breyta CLI natively handles configuration generation for major MCP-compatible environments (including Claude Code, Cursor, Claude Desktop, and VS Code).
To expose a secure, read-only debugging configuration to a local assistant via standard input/output (stdio), you can generate a structured proxy command directly:
breyta mcp stdio \
--workspace-id ws-your-workspace \
--token-env-var BREYTA_MCP_TOKEN \
--read-only \
--toolsets read,setup,debug,feedback
To guarantee that connectivity, capability scopes, and transport handshakes are perfectly configured before handing control to an agent, developers can run our diagnostic utility:
breyta mcp doctor
This runs a comprehensive handshake sequence, verifying your JSON-RPC schemas and policy restrictions without invoking state-mutating operations.
---
Conclusion: The Future of Agentic Infrastructure
The core value of the Model Context Protocol isn't merely that it connects an AI to an app—it’s that it standardizes how context is discovered and how intent is declared. By transforming workspaces into structured, discoverable environments, Breyta ensures that your AI assistants move past brittle scripting and toward deterministic, safe, and highly effective workflow execution.
Ready to bridge the gap between your development tools and AI agents? Check out our @@INLINE_0@@ or spin up your first workspace server using the Breyta CLI today.