Lesson 292 of 1596
Debugging Through MCP — Wiring Agents to Real Data
MCP lets agents query your database, search your logs, and inspect your services. Used right, it dramatically tightens debug loops. Used wrong, it's a security disaster. Learn both sides.
Creators · AI-Assisted Coding · ~7 min read
When the Agent Can See Production
Model Context Protocol (MCP) is the open standard that lets an agent connect to external data sources and tools — databases, APIs, log systems, ticket trackers. As of 2026, MCP has 100M+ monthly downloads and 3000+ public servers. For debugging, it's transformative: the agent can run `SELECT * FROM users WHERE id=42` instead of asking you to do it. For security, it's a new surface area.
Where MCP shines for debugging
Compare the options
| Capability | Debugging use | Common server |
|---|---|---|
| Database query | "Show me the row this user complained about" | Postgres MCP, MySQL MCP, Supabase MCP |
| Log search | "Find every error from prod-api in the last hour" | Datadog MCP, Loki MCP, Sentry MCP |
| Issue tracker | "What other bugs reference this stack trace?" | Linear MCP, Jira MCP, GitHub MCP |
| Filesystem (sandboxed) | "Read the customer's uploaded file" | Built into Claude Code |
| Service health | "Is the redis cluster up?" | Custom MCP wrapping internal APIs |
A real debugging session via MCP
Three queries, one diagnosis. Without MCP this is 15 minutes of context-switching for the engineer.
Me: "User 8421 says they can't log in. Find their record." Claude (via Postgres MCP): Query: SELECT * FROM users WHERE id = 8421; Result: { id: 8421, email: "x@y.com", status: "suspended", suspended_at: "2026-04-22T14:33:00Z" } The user is suspended. Let me check why. Query: SELECT * FROM audit_log WHERE user_id = 8421 ORDER BY created_at DESC LIMIT 5; Result: "login_failed_threshold_exceeded" Diagnosis: 5 failed login attempts triggered auto-suspension. Fix: unsuspend or reset, depending on policy.Least privilege for MCP
Three rules: read-only, scoped tables, statement timeout. Gets you 90% of the way to safe MCP database access.
-- Create a role for AI agents with read-only, time-boxed access CREATE ROLE ai_debug NOLOGIN; GRANT USAGE ON SCHEMA public TO ai_debug; GRANT SELECT ON users, orders, audit_log TO ai_debug; -- NOT: GRANT ALL, NOT: superuser, NOT: DELETE/UPDATE/INSERT -- Then create a login user that inherits this role CREATE USER ai_agent LOGIN PASSWORD '<generated>' IN ROLE ai_debug; -- Set a reasonable connection limit ALTER USER ai_agent CONNECTION LIMIT 5; -- Set statement timeout to prevent runaway queries ALTER USER ai_agent SET statement_timeout = '30s';Production data needs extra care
- PII (emails, names, addresses): consider a redacted view, not the raw table
- Payment data: never. Use a sandbox with synthetic data instead.
- Multi-tenant data: scope queries to a specific tenant ID at the SQL level (RLS)
- Logs: redact tokens, secrets, headers before exposing through MCP
Common MCP debugging anti-patterns
Compare the options
| Anti-pattern | Why it's bad | Fix |
|---|---|---|
| Giving the agent prod write access | One bad query DROPs production | Read-only role; writes go through PRs |
| MCP server running as root in container | Container escape = host compromise | Run as non-root user, drop capabilities |
| No statement timeout | Agent's `SELECT *` on 10B-row table locks the DB | Set timeout at the role/user level |
| Returning every column to LLM | PII leaks into model provider's logs | Project specific columns; never `SELECT *` |
| No audit log of agent queries | Can't tell what the agent saw | Log every MCP-issued query with the session ID |
MCP for log debugging
Log searching is 80% of incident debugging. MCP turns it into one prompt.
Me: "User reports the upload failed. Find the relevant logs." Claude (via Datadog MCP): Search: service:upload-api status:error user_id:8421 last 1h Result: 3 hits. Top one: "upload failed: PutObject access denied (s3://)" This is an S3 permissions issue, not a user issue. Recommend: check the IAM role for upload-api in staging.When MCP is the wrong tool
- Bug reproduces only on the customer's machine — agent can't see their state
- Bug requires a specific browser/OS combo — needs a browser-using tool, not MCP
- Bug is in client-side JS the agent can't run — instrument with Sentry first, then MCP-search Sentry
“MCP turns the agent from a code generator into a system operator. Treat it that way.”
Key terms in this lesson
The big idea: MCP gives agents access to the same data you'd debug with — but at agent speed. Scope the access tightly, log the queries, and pair with structured logs. The right MCP setup turns a 30-minute debugging session into a 3-minute one. The wrong setup turns a debugging session into an incident.
End-of-lesson quiz
Check what stuck
8 questions · Score saves to your progress.
Tutor
Curious about “Debugging Through MCP — Wiring Agents to Real Data”?
Ask anything about this lesson. I’ll answer using just what you’re reading — short, friendly, grounded.
Progress saved locally in this browser. Sign in to sync across devices.
Related lessons
Keep going
Creators · 75 min
Capstone: Ship a Real Full-Stack AI-Assisted Project
The creators capstone. You scope, design, build, test, deploy, and document a real full-stack project using an agentic workflow — end to end.
Creators · 13 min
Production Incidents With an AI Co-Pilot
When prod is on fire, AI agents can be either your best partner or a dangerous distraction. Learn the incident workflow that uses AI safely under pressure — and the moments to put it down.
Creators · 45 min
Installing and Using the OpenAI Codex CLI
Codex CLI is OpenAI's terminal coding agent. It runs locally, supports MCP, and ships a codex cloud mode for background tasks. Let's install it and compare it honestly to Claude Code.