# MCP access profiles

Access profiles control which MCP tools Aerospike Voyager exposes to your AI coding agent. Choosing the right profile limits the operations an agent can perform, reducing the risk of unintended writes or destructive changes during exploration and development.

## Available profiles

Voyager provides two access profiles.

### All tools enabled (default)

All tools are available. The agent can read, write, delete, manage connections, and run info commands. The underlying profile code returned by the server is `full-access`.

Use this profile during active development when you need the agent to create or update records or manage connections.

### Browse and read only

Browse and read operations only. The underlying profile code returned by the server is `read-only`.

**Allowed tools** (11 total):

-   **Connections**: `list_connections`, `get_connection`, `connect`, `disconnect`, `test_connection`
-   **Browsing**: `list_namespaces`, `list_sets`, `get_nodes`
-   **Record reads**: `get_record`, `record_exists`, `query`

**Blocked tools** (10 total):

-   **Record writes**: `create_record`, `update_record`, `delete_record`, `delete_bin`, `truncate_set`
-   **Connection writes**: `create_connection`, `update_connection`, `delete_connection`
-   **Cluster info**: `execute_info`, `execute_info_on_node`

Use this profile for safe exploration, schema discovery, and any context where you want to prevent the agent from modifying cluster data.

::: note
Blocked tools still appear in the agent’s `tools/list` response. They are rejected at call time, not hidden. Calling a blocked tool returns an error message listing the allowed tools and instructions to switch profiles. Example:

```plaintext
tool "create_record" is blocked by active profile "read-only". Allowed tools:

get_connection, list_connections, connect, disconnect, test_connection,

list_namespaces, list_sets, get_nodes, get_record, record_exists, query, ...

To enable this tool, update the mcpToolProfile preference to "full-access"
```
:::
::: caution
The `read-only` profile does not prevent an agent from reading sensitive data. It only restricts write operations. For clusters with sensitive data, also consider whether the cluster-level credentials you provide to Voyager grant more access than the agent needs.
:::

## Why `execute_info` is excluded from read-only

The `browse and read only` profile excludes `execute_info` and `execute_info_on_node` because the Aerospike info protocol supports mutation subcommands (such as `set-config:`, `truncate`, and `recluster:`). Excluding these tools entirely is the only reliable way to prevent unintended mutations through the info channel.

## How to switch profiles

1.  Open Voyager.
2.  Open the **MCP Server** page from the sidebar.
3.  Use the profile selector to choose **All tools enabled** or **Browse and read only**.

The profile change takes effect immediately. The tool list returned by the server does not change, but subsequent calls to blocked tools will be rejected until the profile is switched back.

::: tip
Set the profile before starting a session with your AI agent, not during one. Removing tools mid-session can cause the agent to fail on in-progress tasks that depend on a tool it can no longer call.
:::

## Security considerations

Access profiles work alongside the other security controls Voyager provides.

**Token authentication:** When token auth is enabled, agents must include a valid Bearer token in the `Authorization` header. Without a valid token, the MCP server rejects all requests regardless of profile. See [Setup](https://aerospike.com/docs/database/tools/voyager/mcp/setup) for how to generate and manage tokens.

**Localhost-only by default:** The MCP server binds to `127.0.0.1` by default, which means it is not accessible from other machines on your network. Only agents running on the same machine as Voyager can reach it unless you explicitly change the bind interface.

**When to use browse and read only:** Use this profile when:

-   You are letting an agent explore an unfamiliar dataset or schema for the first time.
-   You are sharing a Voyager instance with others and want to prevent accidental writes.
-   You want to audit what the agent would do before granting write access.

**When all tools enabled is appropriate:** Use this profile when:

-   You are actively developing against a local or development cluster.
-   The agent needs to create test records or manage connections as part of a development workflow.
-   You have reviewed the agent’s planned actions and are confident in its scope.

::: note
The MCP server is a Preview feature. Access profile behavior may change in future releases.
:::

## Related pages

-   [MCP server overview](https://aerospike.com/docs/database/tools/voyager/mcp)
-   [Setup](https://aerospike.com/docs/database/tools/voyager/mcp/setup)
-   [Tool reference](https://aerospike.com/docs/database/tools/voyager/mcp/tool-reference)
-   [Settings and preferences](https://aerospike.com/docs/database/tools/voyager/guides/settings)