MCP access profiles

Access profiles control which MCP tools Aerospike Voyager exposes to your AI coding agent. Choosing the right profile limits the operations an agent can perform, reducing the risk of unintended writes or destructive changes during exploration and development.

Available profiles

Voyager provides two access profiles.

All tools enabled (default)

All tools are available. The agent can read, write, delete, manage connections, and run info commands. The underlying profile code returned by the server is full-access.

Use this profile during active development when you need the agent to create or update records or manage connections.

Browse and read only

Browse and read operations only. The underlying profile code returned by the server is read-only.

Allowed tools (11 total):

Connections: list_connections, get_connection, connect, disconnect, test_connection
Browsing: list_namespaces, list_sets, get_nodes
Record reads: get_record, record_exists, query

Blocked tools (10 total):

Record writes: create_record, update_record, delete_record, delete_bin, truncate_set
Connection writes: create_connection, update_connection, delete_connection
Cluster info: execute_info, execute_info_on_node

Use this profile for safe exploration, schema discovery, and any context where you want to prevent the agent from modifying cluster data.

Note

Blocked tools still appear in the agent’s tools/list response. They are rejected at call time, not hidden. Calling a blocked tool returns an error message listing the allowed tools and instructions to switch profiles. Example:

tool "create_record" is blocked by active profile "read-only". Allowed tools:
get_connection, list_connections, connect, disconnect, test_connection,
list_namespaces, list_sets, get_nodes, get_record, record_exists, query, ...
To enable this tool, update the mcpToolProfile preference to "full-access"

Why `execute_info` is excluded from read-only

The browse and read only profile excludes execute_info and execute_info_on_node because the Aerospike info protocol supports mutation subcommands (such as set-config:, truncate, and recluster:). Excluding these tools entirely is the only reliable way to prevent unintended mutations through the info channel.

How to switch profiles

Open Voyager.
Open the MCP Server page from the sidebar.
Use the profile selector to choose All tools enabled or Browse and read only.

The profile change takes effect immediately. The tool list returned by the server does not change, but subsequent calls to blocked tools will be rejected until the profile is switched back.

Security considerations

Access profiles work alongside the other security controls Voyager provides.

Token authentication: When token auth is enabled, agents must include a valid Bearer token in the Authorization header. Without a valid token, the MCP server rejects all requests regardless of profile. See Setup for how to generate and manage tokens.

Localhost-only by default: The MCP server binds to 127.0.0.1 by default, which means it is not accessible from other machines on your network. Only agents running on the same machine as Voyager can reach it unless you explicitly change the bind interface.

When to use browse and read only: Use this profile when:

You are letting an agent explore an unfamiliar dataset or schema for the first time.
You are sharing a Voyager instance with others and want to prevent accidental writes.
You want to audit what the agent would do before granting write access.

When all tools enabled is appropriate: Use this profile when:

You are actively developing against a local or development cluster.
The agent needs to create test records or manage connections as part of a development workflow.
You have reviewed the agent’s planned actions and are confident in its scope.