yoi/.yoi/tickets/00001KVHR3WSN/item.md

title	state	created_at	updated_at	assignee	readiness	risk_flags	queued_by	queued_at
MCP: expose resources and prompts as explicit tool operations	closed	2026-06-20T05:30:04Z	2026-06-20T10:05:16Z	null	implementation_ready	mcp resources prompts prompt-context history untrusted-content	workspace-panel	2026-06-20T05:58:57Z

Background

MCP resources and prompts must not become hidden context injection. They should be exposed as explicit Yoi tool operations whose results are recorded through ordinary Tool result/history paths.

Requirements

• Expose MCP resources/prompts as explicit namespaced Yoi tool operations: resources/list, resources/read, prompts/list, and prompts/get.
• Treat returned content/templates as untrusted tool result data.
• Do not inject resource/prompt content directly into context outside history/tool result.
• Bound result sizes and rich/embedded content serialization.
• Handle pagination/list bounds where applicable.
• Diagnostics identify server/resource/prompt operation without leaking secrets.

Acceptance criteria

• resources/list and resources/read can be invoked as explicit tools.
• prompts/list and prompts/get can be invoked as explicit tools.
• Results are ordinary Tool results and history records.
• No hidden context injection path is introduced.
• Oversize/rich content is bounded.
• Tests cover list/read/get happy paths, untrusted content, bounds, and no hidden injection.

Non-goals

• MCP tool execution itself.
• list_changed notification refresh.
• Sampling/elicitation.

Related work

• Depends on 00001KVHR3WRY.
• Related to 00001KVHR3WSD for result serialization policy.
• Objective: 00001KTR80WMN.