DAILY NEWS

Stay Ahead, Stay Informed – Every Day

Advertisement
MCP Server Design: 3 Principles We Learned in Production



Exposing a tool to an agent over MCP takes ten minutes. Building an MCP server that survives a model you don’t control, on a tight token budget with limited thinking time, is the part nobody warns you about.

We learned the difference shipping our own, consumed by third-party agents whose models we don’t pick. Three principles came out of it, each one we only fully believed after it broke in production:

TL;DR — three MCP server best practices from our trenches:

Fewer tools, narrower surface. Consolidate around the workflow, not the underlying API.

Consistent verbiage everywhere. Same name for the same concept across every input, output, and value on the server.

Validate against the protocol, not just your tests. The schema is the contract; everything else is a hint.

Background

We’ve been iterating on Trent’s MCP server; one public-facing surface for the product, consumed by third-party agents whose models we don’t control. Each iteration taught us something we’d half-believed going in but only fully internalized after it broke. These three principles have crystallized from that work, and they cut against the grain of how it feels to build a server when you’re moving fast. None of these are subtle in hindsight.

1. Fewer Tools, Narrower Surface

The instinct from regular software design, small composable units, single responsibility, doesn’t transfer cleanly to MCP. The consumer of the surface is an LLM with a finite attention budget, not another piece of software. The right size tool is the workflow, the agent is actually performing, not the smallest atomic operation in the underlying API.

Two reasons we’ve been aggressive about consolidation:

Overlap confuses tool selection. The trap usually isn’t tools that look identical; it’s tools that look distinct from the outside, with different names and different framings, but expose largely the same data with minor variations between them. The model has to decide which one is the “right” call for the workflow, and the decision is often arbitrary. On harder tasks it’s wrong in ways that are hard to debug. Consolidating those into a single tool, with the relevant slice exposed as a parameter, removes a degree of freedom the model didn’t need.

Every tool consumes context. If you’re exposing ~20 tools, the schema, name, description for each tool rides in the prompt every turn (once fetched). That’s a substantial chunk of context burned before the agent has done anything. Those tokens compound across a long loop and compete directly with the work the agent is actually trying to do.

Consolidating also tightens the loop for us as engineers. Fewer tools means a smaller surface to test, a smaller set of failure modes to observe, and a more direct path from a customer issue to the tool that caused it. The product gets simpler for the user, the workflow gets simpler for the model, and the codebase gets simpler for us. That alignment is rare; when you can find it, take it.

Concretely: we took our own MCP server from 17 tools down to 11, and the result was visibly better tool usage across the workflows that had been giving us trouble. The model spent fewer cycles on tool selection and the failure modes we were seeing on tighter constraints largely cleaned up. The current published version is trentai-mcp on PyPI.

The push to make this cut came from a pre-launch integration where Trent was exposed to end users through a third party’s chat interface. During testing we kept hitting cases where the chat couldn’t follow our instructions reliably, and tool overlap turned out to be a major contributor.

2. Consistency Across the Surface is a Correctness Property

MCP tool wording across the input schema, output schema, and the output values of every tool on a server needs to be consistent. If one tool calls a field user_id and another calls the same thing customer_id and a third returns accountId, the model has to reconcile that on every call. It mostly does, but reconciliation costs tokens, introduces ambiguity, and shows up as flaky tool calls in unpredictable conditions.

This matters more than it sounds because you don’t always control the model on the other side of the wire. When the MCP server is consumed by a third party, the agent could be running on a small model with a tight token budget and limited thinking time. Inconsistent naming that a frontier model would reason past, a smaller model just fails on. The same surface that looks fine in development collapses in a deployment you can’t see.

We ran into this during the same third-party pre-launch integration mentioned above. We exposed an update_tasks tool that let the chat write progress into a Trent security assessment, but the underlying API used control_id for the response field name and task_id for the input field name. The chat got confused between the two, the tool call failed repeatedly, and it couldn’t debug its way out. We didn’t catch this right away either; the 422s we kept seeing looked like a service-side bug, and we’d been debugging on the service end for a while before realizing the failure was upstream of the API, in the chat’s tool call. Making the naming consistent across input, output, and value cleared it up.

The frame I’ve started landing on is simple: the model on the other side of the wire is a variable you don’t get to pick. So design the surface for the lowest common denominator (consumer) that matters. Capable models reason past inconsistent naming; smaller ones fail on it. Consistency costs you one round of cleanup before you ship; inconsistency gets paid by every consumer, every call, forever.

3. Don’t Trust the Implementation Just Because it Works

This is the principle I’d most like to have learned sooner.

We built the MCP server with an agent. It worked. The tests the agent wrote alongside the implementation passed, our engineer-driven dogfooding ran cleanly, and the manual testing we did in the workflows we cared about all came back green. Beyond the tool selection and naming problems we covered earlier, we kept hitting a different class of failure that we couldn’t reproduce locally: the agent getting input shape wrong, invoking the tool in ways that didn’t match what we’d documented at all.

When we looked under the hood, the implementation hadn’t actually defined input and output schemas in the JSON properties the MCP protocol specifies. The agent that wrote the server had instead stuffed the entire contract, input shape, output shape, examples, into the description string of the tool, as a long comment-like blob. Frontier models read that and inferred the right structure. Smaller models, with less budget for inference, couldn’t. The fix is structural. MCP inputSchema and outputSchema are contracts, not hints. Stuffing them into the description string opts you out of every guarantee the protocol gives you.

Two lessons from that, both worth saying out loud:

Use the structure the protocol gives you. MCP defines inputSchema and outputSchema as discrete, structured fields for a reason: well-built clients use them to validate inputs, constrain agent behavior, and surface errors early. A description is a hint. A schema is a contract.

Agents get you to “working” faster than to “correct.” That gap is widest in unfamiliar territory, and a young protocol counts as unfamiliar territory, however many examples you’ve worked through. The agent picked a path that satisfied the tests it had written itself, evaluated by the same class of model that wrote them. It didn’t pick the path the protocol intended. We caught it because a stricter consumer broke; if we’d never had that consumer, we’d still be carrying the bug.

What we built with these principles

The server I’ve been describing — trentai-mcp — is how Trent shows up inside Claude Code. It runs the full Scan → Judge → Mitigate → Evaluate loop in your editor: surfacing threats relevant to your application’s architecture, prioritizing them against the real risk profile, generating a remediation plan that becomes tasks Claude Code can implement, and tracking how your security posture changes session over session.

MCP is still young, and the patterns for designing servers well are still being worked out across the industry. The three principles above are real world examples of what we’ve learned in production, and these principles are what I’d share with a new teammate, on day one when building a new server.

Originally published on the Trent AI blog — the full piece includes the worked example of the four consolidated tools.



Source link

PostgreSQL 22034 Error: Causes and Solutions Complete Guide


PostgreSQL Error 22034: more than one sql json item

PostgreSQL error code 22034 (more than one sql json item) occurs when a SQL/JSON function such as JSON_VALUE() or JSON_QUERY() encounters a JSON path expression that returns more than one item, while the function context expects exactly one. This error became more prevalent with the introduction of SQL-standard JSON functions in PostgreSQL 15 and later.

Top 3 Causes

1. Wildcard path in JSON_VALUE() returning multiple results

JSON_VALUE() strictly requires a single scalar return value. Using a wildcard like $across an array will match multiple elements and immediately trigger error 22034.

— Triggers 22034
SELECT JSON_VALUE(‘{“fruits”: (“apple”, “banana”, “cherry”)}’, ‘$.fruits’);

— Fix: specify an explicit index
SELECT JSON_VALUE(‘{“fruits”: (“apple”, “banana”, “cherry”)}’, ‘$.fruits(0)’);
— Result: “apple”

— Fix: suppress the error gracefully
SELECT JSON_VALUE(
‘{“fruits”: (“apple”, “banana”, “cherry”)}’,
‘$.fruits’
NULL ON ERROR
);
— Result: NULL

Enter fullscreen mode

Exit fullscreen mode

2. JSON_QUERY() without WITH ARRAY WRAPPER on multi-value paths

JSON_QUERY() also fails when a path resolves to multiple independent values and no wrapper option is provided to consolidate them into a single JSON array.

— Triggers 22034
SELECT JSON_QUERY(‘{“scores”: (95, 87, 76)}’, ‘$.scores’);

— Fix: wrap results into a JSON array
SELECT JSON_QUERY(
‘{“scores”: (95, 87, 76)}’,
‘$.scores’
WITH ARRAY WRAPPER
);
— Result: (95, 87, 76)

Enter fullscreen mode

Exit fullscreen mode

3. Navigating nested array structures with simple path expressions

Deeply nested JSON arrays compound the cardinality problem at every path step. Using JSON_VALUE() or JSON_QUERY() on paths that traverse multiple array levels without index constraints will almost always produce multiple results.

— Sample nested data
WITH doc AS (
SELECT ‘{“orders”: ({“id”:1}, {“id”:2}, {“id”:3})}’::jsonb AS data
)

— Triggers 22034 (multiple ids returned)
— SELECT JSON_VALUE(data::json, ‘$.orders.id’) FROM doc;

— Fix: use jsonb_path_query() to return a set of rows
SELECT jsonb_path_query(data, ‘$.orders.id’)
FROM doc;

— Fix: use jsonb_array_elements() for row-by-row processing
SELECT elem->>’id’ AS order_id
FROM doc, jsonb_array_elements(data->’orders’) AS elem;

Enter fullscreen mode

Exit fullscreen mode

Quick Fix Solutions

Scenario
Recommended Fix

Need only the first value
Use $.array(0) explicit index

Need all values as JSON array
JSON_QUERY(… WITH ARRAY WRAPPER)

Need all values as rows

jsonb_path_query() or jsonb_array_elements()

Want to avoid query failure
Add NULL ON ERROR clause

Complex nested structures
Use JSON_TABLE() (PostgreSQL 17+)

— JSON_TABLE() for structured unnesting (PostgreSQL 17+)
SELECT *
FROM JSON_TABLE(
‘{“orders”: ({“id”:1,”amt”:100},{“id”:2,”amt”:250})}’::json,
‘$.orders’
COLUMNS (
order_id INT PATH ‘$.id’,
amount INT PATH ‘$.amt’
)
) AS jt;

Enter fullscreen mode

Exit fullscreen mode

Prevention Tips

Always verify path cardinality before using scalar JSON functions.Before deploying queries with JSON path expressions into production, use jsonb_path_query_array() to check how many items a path returns. If the count exceeds one, switch to a set-returning function or add WITH ARRAY WRAPPER.

— Pre-flight cardinality check
SELECT jsonb_array_length(
jsonb_path_query_array(your_column, ‘$.some.path’)
)
FROM your_table
LIMIT 10;

Enter fullscreen mode

Exit fullscreen mode

Always declare explicit error and empty behavior clauses.Never rely on default behavior for SQL/JSON functions. Explicitly specifying NULL ON ERROR and NULL ON EMPTY prevents a single malformed or unexpectedly multi-valued JSON document from failing an entire query batch — especially critical when handling externally sourced JSON data.

SELECT JSON_VALUE(
payload::json,
‘$.event.type’
NULL ON EMPTY
NULL ON ERROR
)
FROM event_log;

Enter fullscreen mode

Exit fullscreen mode

Related Errors

22033 – invalid sql json subscript: bad array index in path expression

22032 – invalid json text: malformed JSON, often encountered before 22034

22035 – no sql json item: the opposite of 22034; path matches nothing

2203A – sql json scalar required: path returns an object/array where a scalar is expected

📖 Want a more detailed guide?Check out the full in-depth version (Korean) on oraerror.com — includes detailed analysis, additional SQL examples, and prevention tips.



Source link

The AI Agent Payment Wars Have Begun — Here’s What Actually Matters



Visa announced this week that AI agents can now use credit cards. Mastercard launched a protocol for AI-to-AI payments and micropayments. Catena Labs raised $30M and filed for a national trust bank charter to build an “AI-native bank.”

The agent payment wars are officially live.

But if you look past the headlines, the real story isn’t about competition between payment networks. It’s about a structural mismatch between legacy financial infrastructure and autonomous systems — and what it actually takes to solve it.

The Identity Gap No One’s Talking About

Here’s the problem: AI agents can’t open bank accounts.

They can’t pass KYC. They don’t have Social Security numbers. They can’t verify their identity using a driver’s license or utility bill. Every compliance layer in traditional finance is built around human identity.

Credit cards require all of this. When Visa says agents can “use credit cards,” what they’re really offering is a workaround — not a solution. Someone (a human) still owns the card. The agent is operating under delegation, not autonomy.

This isn’t a technical limitation. It’s an architectural one. Cards were designed 50 years ago for human consumers. Retrofitting them for agents is like adding a fax machine to a self-driving car.

Settlement Speed vs. Agent Speed

An agent booking a $47 flight needs three things:

Authorization in under 150ms
Policy enforcement (spend caps, recipient allowlists) in real-time
Immediate settlement

Cards can’t deliver this. Authorization might be fast, but settlement takes 3 days. Fraud models are built around human behavior patterns — purchase location, time of day, merchant category. None of this applies to agents operating autonomously across APIs.

Mastercard’s AI-to-AI protocol is a step in the right direction, but it still sits on top of card rails. The latency is baked into the foundation.

Meanwhile, stablecoin payments settle in seconds. USDC already dominates AI agent payments, according to CoinDesk. Not because developers are crypto ideologues — because it’s the only architecture that actually works for non-human actors.

Why Catena’s Bank Charter Matters More Than Visa’s Announcement

The most important signal this week wasn’t Visa or Mastercard. It was Catena Labs filing for a national trust bank charter.

Founded by Circle co-founder Sean Neville, Catena raised $30M to build financial infrastructure specifically for AI agents. But more importantly, they’re seeking regulatory approval to do it properly.

This proves two things:

The industry knows agents need financial access
Existing banks can’t provide it without regulatory reinvention

Catena is building at the banking layer — custody, compliance, identity. That’s a different layer than payment gateways like AgentWallex, but it validates the same thesis: legacy rails weren’t designed for this, and you can’t just patch them.

The MPC Advantage: Security Without Human Friction

Multi-party computation (MPC) wallets solve the core problem: agents need to authorize payments autonomously, but they can’t hold private keys.

With MPC, no single party ever holds the full key. A 2-of-3 threshold signing model means an agent can authorize a transaction without exposing secrets — and without requiring a human to approve every payment.

This isn’t just faster. It’s architecturally correct. Agents operate on policy, not instinct. You set spend caps, recipient allowlists, rate limits, and time-based rules once. Then the agent executes within those constraints — no manual approvals, no bottlenecks.

Compare that to card authorization: every purchase is either pre-approved (no control) or requires human intervention (not autonomous). There’s no middle ground.

What the Payment Wars Actually Mean for Builders

If you’re building AI agents today, here’s what matters:

Don’t wait for Visa and Mastercard to “solve” this. They’re offering retrofitted solutions to a structural problem. Cards will always carry human identity requirements and settlement delays.
Stablecoins aren’t a crypto preference — they’re a technical necessity. Agents need wallets that don’t require SSNs, KYC checks, or 3-day settlement windows.
MPC infrastructure is the security model that scales. Agents can’t hold keys. Humans shouldn’t approve every transaction. Policy-driven authorization with threshold signing is the only model that delivers both autonomy and control.
Watch the regulatory layer. Catena’s bank charter filing matters because it signals that compliance frameworks for agents are coming. Building on top of compliant infrastructure now will save you pain later.

We’ve Been Building for This Moment

At AgentWallex, we’ve been building the payment gateway for AI agents since before this became a headline war.

MPC-secured wallets. Sub-150ms authorization. Native support for x402 micropayments (pay-per-API-call billing). A policy engine that enforces rules without manual approvals. Stablecoin-first, starting with USDC on Base.

We’re not competing with Visa or Mastercard. We’re building the infrastructure layer they can’t — because we started with agents, not humans.

The payment wars have begun. But the real question isn’t who wins between card networks and crypto rails. It’s whether you’re building on architecture designed for the future, or retrofitted from the past.

Sandbox live now at app.agentwallex.com. 3,600+ teams already on the waitlist.

Follow & Try AgentWallex



Source link