mirror of
https://github.com/ModernRelay/omnigraph.git
synced 2026-06-12 01:45:14 +02:00
66c37d289a
Project 14 built-in operations as MCP tools over the /mcp endpoint: health,
snapshot, schema_get, branches_list, commits_list, commits_get, graphs_list,
query, mutate, ingest, branches_create, branches_delete, branches_merge,
schema_apply. Each tool reuses the exact do_* / run_query / run_mutate path
(and the exact Cedar action) its REST route enforces, so there is no new
business logic and no second authorization surface.
- list_tools is Cedar-filtered: a tool is listed only if the actor's policy
permits its action (a policy-engine error propagates; a denial hides).
- call_tool enforces the same gate, masks a denied or unknown tool identically
("unknown tool: <name>", deny == missing), and classifies engine failures as
isError tool results (4xx/409) vs JSON-RPC errors (5xx) per the 2025-11-25
spec split.
- Tool annotations set readOnlyHint / destructiveHint / openWorldHint
explicitly (rmcp defaults destructive + open_world to true).
- The actor and graph handle are read from the request extensions the
bearer/handle middleware attached, threaded through rmcp's RequestContext
(RFC-003 §5.8); a multi-graph tool call resolves the per-request graph for
free.
- Bound MCP request bodies with tower-http RequestBodyLimitLayer at the ingest
limit: rmcp reads the body directly, so axum's DefaultBodyLimit does not
cover /mcp.
Tests (tests/server.rs, 11 MCP cases): tools/list contents + Cedar filtering
by policy, a snapshot read and a mutate write end to end through the extension
passthrough, masked deny, malformed-query isError, unknown-tool JSON-RPC error,
and the read/write annotation hints. docs/user/server.md deferred to the docs
phase per the RFC-003 rollout.
Co-Authored-By: Claude <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| omnigraph | ||
| omnigraph-cli | ||
| omnigraph-compiler | ||
| omnigraph-policy | ||
| omnigraph-server | ||