Building agents in an enterprise setting usually means looking for a balance between control and expressiveness. Clients tend to ask for a whole array of agentic solutions, each of which needs to read or modify specific parts of a knowledge base or a data domain. The natural response is to build a dedicated tool for every vertical, which inflates development and maintenance time and widens the surface exposed to vulnerabilities. On the other hand, a purely agentic paradigm is often not acceptable either: granting indiscriminate access to systems and data and constraining each use case through a specific prompt is a fragile, breakable security layer. At CSI I experimented with a hybrid approach, inspired by MCP in its STDIO form (an internal dialogue between the LLM and an MCP server). The goal was to hide the tool-composition logic from the agent while keeping it quick to configure, without writing code. I focused on a small set of “primitive” tools (for example “filtered retrieval”, “conversational memory”, “API call”) and a YAML configuration file, consumed by the internal MCP server and turned into a set of ready-to-use tools already scoped to the boundaries of each individual agent.

The upshot is that building an agent for a new client, which used to take 4-5 days of work, is now feasible in half a day spent writing the YAML configuration file, where you declare which documents, which filters, and which operations the agent can use. The bottleneck also shifts from developers to domain experts, since this kind of “tool configuration” is easy to surface in a dashboard on the assistant platform that is already online.

In the piece for Agenda Digitale I go deeper into the architecture and the two alternatives we ruled out, fully agentic access and very large context windows, and why neither holds up in the public-sector context on cost, auditability, and security.

It is the second of three articles on production LLM systems for the public administration, after the one on Camilla and before a third, forthcoming, on red-teaming and behavioral evaluation of agentic assistants, with a particular focus on the public-sector domain. The system itself is described on its project page.

Read the full article on Agenda Digitale →