Connecting Gmail to an agent exposes around 30 tools by default, when most roles need one or two. Larger context, worse tool selection, and a bigger surface for misuse all come from the same root cause: tool list and user identity baked into a single static config.
A summarizer agent only calls fetch. With virtual MCP servers, that's the only tool it sees. The role definition is set once and reused across every user; a short-lived session token resolves the right credentials per user at runtime, so the same definition serves a thousand tenants without a thousand separate servers.
What's included
- Define a virtual MCP server once per agent role, scoped to specific connections and specific tools, not the full catalog.
- Mint a short-lived session token per user before each run; credentials resolve server-side, never entering agent context or logs.
- Cuts unused tool definitions from context, reducing overhead by roughly 80% when scoping from 40 tools down to 5-10.
- Per-tenant credential isolation by default, so one user's data is never reachable by an agent acting for another.
