46 lines
1.8 KiB
Markdown
46 lines
1.8 KiB
Markdown
---
|
|
title: 'MCP: execute tools/call through ordinary Tool path'
|
|
state: 'closed'
|
|
created_at: '2026-06-20T05:30:04Z'
|
|
updated_at: '2026-06-20T09:18:51Z'
|
|
assignee: null
|
|
readiness: 'implementation_ready'
|
|
risk_flags: ['mcp', 'tools-call', 'permission', 'history', 'bounded-output']
|
|
queued_by: 'workspace-panel'
|
|
queued_at: '2026-06-20T05:59:04Z'
|
|
---
|
|
|
|
## Background
|
|
|
|
After MCP tools are registered through ToolRegistry, invoking a Yoi MCP-backed tool should call the server's `tools/call` and return a bounded ordinary Tool result. Permission denial must happen before sending a request to the MCP server.
|
|
|
|
## Requirements
|
|
|
|
- Route registered MCP tool invocation to MCP `tools/call`.
|
|
- Apply existing PreToolCall / Tool permission path before MCP server call.
|
|
- If permission is denied, do not send `tools/call` to the server.
|
|
- Distinguish normal result, MCP `isError: true`, and JSON-RPC protocol error.
|
|
- Serialize MCP result forms boundedly: `content[]`, `structuredContent`, `isError`, `_meta`, and supported rich content summaries.
|
|
- Store result through ordinary Tool result/history path.
|
|
- Treat all content as untrusted.
|
|
|
|
## Acceptance criteria
|
|
|
|
- MCP mock tool returns normal result through ordinary Yoi Tool result.
|
|
- MCP `isError: true` is represented distinctly from JSON-RPC protocol failure.
|
|
- Permission denied call is not sent to the MCP server.
|
|
- Oversize/rich results are bounded/truncated or rejected according to explicit policy.
|
|
- Tool history shows ordinary tool call/result, not hidden context injection.
|
|
- Tests cover normal result, `isError`, protocol error, permission denial, and output bounds.
|
|
|
|
## Non-goals
|
|
|
|
- resources/read or prompts/get.
|
|
- list_changed notifications.
|
|
- Sampling/elicitation.
|
|
|
|
## Related work
|
|
|
|
- Depends on `00001KVHR3WS6`.
|
|
- Objective: `00001KTR80WMN`.
|