Skip to content

[0.6] MCP tool-level scopes + scope attenuation #132

Open
Open
[0.6] MCP tool-level scopes + scope attenuation#132
Labels
P2Important: - missing stuff - medium impact bugstrack-authorityTrack label for Agentic Era
Milestone
Agentic Era
@Raulgooo

Description

@Raulgooo
Raulgooo
opened on May 7, 2026

Release

0.6 — Real MCP

Objective

Scope policies for MCP tools.

Problem

  • No fine-grained tool scoping
  • All tools share same access level

Fix

  1. mcp_tool_scopes table: (tool_id, scope, required_capability)
  2. Admin UI to configure tool scopes
  3. Enforce at MCP auth layer
  4. Scope attenuation per delegation hop

Files

  • internal/storage/sqlite.go
  • internal/mcp/scopes.go
  • admin/src/components/mcp_tools.tsx (new)

Acceptance Criteria

  • Tool scopes configurable
  • Enforced at auth layer
  • Scope attenuation per hop
  • Admin UI
  • Tests for scope enforcement

Metadata

Metadata

Assignees

No one assigned

    Labels

    P2Important: - missing stuff - medium impact bugstrack-authorityTrack label for Agentic Era

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions