mcp: add response size cap to prevent blowing LLM context windows

[bobbyiliev]

Adds an mcp_max_response_size dyncfg (default 1MB) that rejects MCP tool responses exceeding the limit with a clear JSON-RPC error telling the agent to use LIMIT or WHERE. This catches oversized responses after JSON serialization, which is what the LLM actually consumes.

The existing max_result_size operates on raw row bytes during streaming and doesn't account for JSON formatting overhead.

Fixes https://linear.app/materializeinc/issue/DEX-3/mcp-query-safety-limits-size-timeout

[github-actions]

Thanks for opening this PR! Here are a few tips to help make the review process smooth for everyone.

PR title guidelines

• Use imperative mood: "Fix X" not "Fixed X" or "Fixes X"
• Be specific: "Fix panic in catalog sync when controller restarts" not "Fix bug" or "Update catalog code"
• Prefix with area if helpful: compute: , storage: , adapter: , sql:

Pre-merge checklist

• The PR title is descriptive and will make sense in the git log.
• This PR has adequate test coverage / QA involvement has been duly considered. (trigger-ci for additional test/nightly runs)
• If this PR includes major user-facing behavior changes, I have pinged the relevant PM to schedule a changelog post.
• This PR has an associated up-to-date design doc, is a design doc (template), or is sufficiently small to not require a design.
• If this PR evolves an existing $T ⇔ Proto$T mapping (possibly in a backwards-incompatible way), then it is tagged with a T-proto label.
• If this PR will require changes to cloud orchestration or tests, there is a companion cloud PR to account for those changes that is tagged with the release-blocker label (example).

[ggevay]

Is this error msg correct? mz_mcp_data_products has a LEFT JOIN with mz_comments, so it would return rows even if there are no comments on objects, if I'm reading things correctly.

(Also, is it intended that this is a log msg, and not an error to be returned to the user?)

[bobbyiliev]

Oh yes, good catch! Removed the warning entirely as the agent already sees the empty array in the response.

[ggevay]

Why not just make MCP_MAX_RESPONSE_SIZE a usize instead of a u32, to avoid the casting?

[jubrad]

should this be in the tool description as well?

[bobbyiliev]

Good call! Added the response limit dynamically to the read_data_product, query, and query_system_catalog tool descriptions. It's populated from the mcp_max_response_size dyncfg value at request time so it stays in sync.

The only thing that I can think of as a small tradeoff is a few extra tokens in the tool descriptions that the LLM processes on every request, but it should help agents proactively use LIMIT instead of hitting the error.