> AI should not be using a protocol or set of instructions that is different from what humans have access to (know and use).
Should it? I think it can be very useful to constrain what your AI can do (e.g. read files but don’t delete them). MCP is a way to do that.
Authorisation is a way to do that, too.
Yes, but you often do not have much control over that.
For example try giving a local LLM read access to specific folders in your email account
Easy. What a cron script (that runs as root) that populate a maildir that the agent (restricted user) has access to. The. you restrict network access to the internet, and have it send you its findings by mail (local mail server).
Theoretically you should be creating a "read email" CLI tool and letting agents interact with it in a chroot sandbox.
LLMs are much more proficient with bash and --help than they are with bespoke API protocols.
Treat LLMs like you would a junior programmer - keep things as generic and obvious as you can.