Default mcp.expose to true (the manifest entry is the opt-in)

expose controls MCP-catalog membership only — it is not an authorization gate (invocation is gated by invoke_query regardless). So requiring a per-query mcp.expose: true was friction with no safety benefit: a non-exposed query is still HTTP-invocable by name. Flip the default so declaring a query in the manifest exposes it to the agent tool catalog by default; expose: false is the escape hatch for service-only queries. Both the absent-mcp path (Default impl) and the present-but-no-expose path (serde default fn) now yield true. Doc comments + cli-reference updated; the config round-trip test asserts the new default.
2026-06-12 01:45:14 +02:00 · 2026-05-31 12:59:30 +02:00 · 2026-05-31 12:59:30 +02:00 · 6cad21cb6a
commit 6cad21cb6a
parent f4c38bb75a
3 changed files with 30 additions and 13 deletions
--- a/docs/user/cli-reference.md
+++ b/docs/user/cli-reference.md
@ -39,7 +39,7 @@ graphs:
      <query-name>:               # key MUST equal the `query <name>` symbol inside the .gq
        file: <path-to-.gq>       # relative to this config's directory
        mcp:
-          expose: false           # default false: HTTP-callable but not listed as an MCP tool
+          expose: true            # default true: listed in the MCP catalog (GET /queries); set false to hide (still HTTP-callable)
          tool_name: <name>       # optional MCP tool-name override (defaults to <query-name>;
                                  #   must be unique across exposed queries)
 server:
@ -68,7 +68,7 @@ aliases:
    branch: <name>
    format: <output-format>
 queries:                          # top-level stored-query registry (single-graph mode); mirrors top-level `policy`
-  <query-name>: { file: <path-to-.gq>, mcp: { expose: false } }
+  <query-name>: { file: <path-to-.gq> }   # mcp.expose defaults to true
 policy:
  file: ./policy.yaml
 ```