Same Saavi narration, smaller file. Opus 48k preferred — auto-selected by your browser.
Scenario anchor
Aap Aaranya IT BFSI ke ek senior architect hain — client ek large Indian PSU bank hai.
Unka MCP server deploy ho gaya, lekin audit team ne flag kiya: agent ne
customer KYC records sirf read karne ke liye ek Tool call ki, aur us call ne
accidentally ek downstream write transaction trigger kar di. Production mein
ek compliance breach ho gaya — sirf isliye ki Resource aur Tool ki boundary
blur thi. Is lesson mein hum exactly yahi fix karenge.
Key Takeaways
Resources are read-only, idempotent, and safe to cache — model them like GET endpoints on a read-replica; any capability that mutates state must be a Tool.
The LLM host uses the Resource vs Tool distinction to enforce capability-surface minimization — incorrectly typed capabilities silently expand the agent's blast radius in production.
In regulated environments (BFSI, healthcare, legal-tech), every Tool invocation should carry an explicit side-effect declaration in its schema so downstream audit systems can gate approval workflows.
Exam anchor: Resource = read-replica (safe, idempotent, no side effects); Tool = write-master (stateful, auditable, requires intent confirmation).