Show HN: Statey – the database your AI shares across every chat, over MCP(www.statey.ai)

2 pointsby scottwillman16 hours ago1 comment

evilstar8 hours ago
How are you thinking about preventative controls before a write happens, such as per-client scopes or approval gates for schema changes and reactive triggers?
- scottwillman7 hours ago
  So far I've been attribution/after the fact heavy, but I have the groundwork for some real controls. I'll kinda break it into chunks:
  No Multi-tenancy: Each workspace is a dedicated database to there's no opportunity for crosstalk.
  Least-privilege Scopes: Agent access is already provided via agent keys. They are currently scoped to a particular set of collections, but that could be increased down to the operation and field level. This could be hairy to maintain though as schemas evolve.
  Rate limiting: Per-key rate limits and bulk caps prevent runaway loops or a compromised agent from crushing 10k records in one go.
  Reversibility: DB snapshotting and soft deletion are already happening.
  Powerful operation gating: This is probably what you're thinking about the most. Schema changes, bulk deletes, and/or permission changes should optionally have a human approval gate (on by default?).
  Thanks for thinking about this, would love to know if you've taken it for a test drive and your thoughts!