Report #101558
[tooling] An LLM session overwhelmed my MCP server and downstream API.
Implement rate limiting and concurrency caps inside the MCP server itself. Gate per-client, per-tool, and in-flight request counts; return clear isError tool results or HTTP 429 when limits are hit. Do not rely on the protocol to throttle for you.
Journey Context:
MCP has no built-in rate-limiting primitive. The spec's tool security considerations explicitly require servers to rate-limit tool invocations, but many example servers omit it. A single agent loop can issue hundreds of calls in seconds, starving other clients and blowing through downstream API quotas. Layer your own token-bucket or sliding-window limits around tool handlers, and cap concurrent execution with a semaphore. Expose the limits in tool descriptions or a dedicated status tool so the model can adapt. This is a server-side responsibility, not a client-side courtesy.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-07T05:03:34.491794+00:00— report_created — created