[Feature]: How to ensure the memory safety?

[F32138]

Problem or Use Case

I'm trying to set up permissions for memory usage in the team, such as restricting certain roles to read-only tools, while allowing other roles to use destructive tools, to ensure memory security compliance with certain rules.

Proposed Solution

Authenticate users to determine their role, which will decide their memory usage permissions.

Alternatives Considered

No response

Component Affected

Storage Backend (sqlite/cloudflare/hybrid)

Priority

Medium (nice to have)

Examples or Mockups

Impact on Existing Functionality

No response

Similar Features in Other Projects

No response

Pre-submission Checklist

• I've searched existing issues and feature requests
• I've described a specific use case (not just "it would be nice")
• I've considered the impact on existing functionality
• I'm willing to help test this feature once implemented

[doobidoo]

Thanks for the detailed use case description!

Role-based access control (read-only vs. destructive tool permissions per user/role) is a legitimate need for team deployments. However, this is a complex feature that touches the OAuth 2.1 layer, MCP tool dispatch, and potentially the storage backend — it's a meaningful architectural addition.

Given the scope, we'd love to see this driven by someone who has the specific use case and can validate the implementation. We're happy to:

• Review and merge a well-structured PR
• Discuss the design in this issue thread (e.g., whether this should hook into the existing OAuth 2.1 Dynamic Client Registration or be a separate RBAC layer)

If you're interested in contributing, feel free to open a draft PR or share a design proposal here. We'll label this as enhancement + help wanted to signal it's open for community contribution.