3tears-mcp 0.14.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,216 @@
1
+ # Byte-compiled / optimized / DLL files
2
+ __pycache__/
3
+ *.py[codz]
4
+ *$py.class
5
+
6
+ # C extensions
7
+ *.so
8
+
9
+ # Distribution / packaging
10
+ .Python
11
+ build/
12
+ develop-eggs/
13
+ dist/
14
+ downloads/
15
+ eggs/
16
+ .eggs/
17
+ lib/
18
+ lib64/
19
+ parts/
20
+ sdist/
21
+ var/
22
+ wheels/
23
+ share/python-wheels/
24
+ *.egg-info/
25
+ .installed.cfg
26
+ *.egg
27
+ MANIFEST
28
+
29
+ # PyInstaller
30
+ # Usually these files are written by a python script from a template
31
+ # before PyInstaller builds the exe, so as to inject date/other infos into it.
32
+ *.manifest
33
+ *.spec
34
+
35
+ # Installer logs
36
+ pip-log.txt
37
+ pip-delete-this-directory.txt
38
+
39
+ # Unit test / coverage reports
40
+ htmlcov/
41
+ .tox/
42
+ .nox/
43
+ .coverage
44
+ .coverage.*
45
+ .cache
46
+ nosetests.xml
47
+ coverage.xml
48
+ *.cover
49
+ *.py.cover
50
+ .hypothesis/
51
+ .pytest_cache/
52
+ cover/
53
+
54
+ # Translations
55
+ *.mo
56
+ *.pot
57
+
58
+ # Django stuff:
59
+ *.log
60
+ local_settings.py
61
+ db.sqlite3
62
+ db.sqlite3-journal
63
+
64
+ # Flask stuff:
65
+ instance/
66
+ .webassets-cache
67
+
68
+ # Scrapy stuff:
69
+ .scrapy
70
+
71
+ # Sphinx documentation
72
+ docs/_build/
73
+
74
+ # PyBuilder
75
+ .pybuilder/
76
+ target/
77
+
78
+ # Jupyter Notebook
79
+ .ipynb_checkpoints
80
+
81
+ # IPython
82
+ profile_default/
83
+ ipython_config.py
84
+
85
+ # pyenv
86
+ # For a library or package, you might want to ignore these files since the code is
87
+ # intended to run in multiple environments; otherwise, check them in:
88
+ # .python-version
89
+
90
+ # pipenv
91
+ # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
92
+ # However, in case of collaboration, if having platform-specific dependencies or dependencies
93
+ # having no cross-platform support, pipenv may install dependencies that don't work, or not
94
+ # install all needed dependencies.
95
+ #Pipfile.lock
96
+
97
+ # UV
98
+ # Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
99
+ # This is especially recommended for binary packages to ensure reproducibility, and is more
100
+ # commonly ignored for libraries.
101
+ #uv.lock
102
+
103
+ # poetry
104
+ # Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
105
+ # This is especially recommended for binary packages to ensure reproducibility, and is more
106
+ # commonly ignored for libraries.
107
+ # https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
108
+ #poetry.lock
109
+ #poetry.toml
110
+
111
+ # pdm
112
+ # Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
113
+ # pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
114
+ # https://pdm-project.org/en/latest/usage/project/#working-with-version-control
115
+ #pdm.lock
116
+ #pdm.toml
117
+ .pdm-python
118
+ .pdm-build/
119
+
120
+ # pixi
121
+ # Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
122
+ #pixi.lock
123
+ # Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
124
+ # in the .venv directory. It is recommended not to include this directory in version control.
125
+ .pixi
126
+
127
+ # PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
128
+ __pypackages__/
129
+
130
+ # Celery stuff
131
+ celerybeat-schedule
132
+ celerybeat.pid
133
+
134
+ # SageMath parsed files
135
+ *.sage.py
136
+
137
+ # Environments
138
+ .env
139
+ .envrc
140
+ .venv
141
+ env/
142
+ venv/
143
+ ENV/
144
+ env.bak/
145
+ venv.bak/
146
+
147
+ # Spyder project settings
148
+ .spyderproject
149
+ .spyproject
150
+
151
+ # Rope project settings
152
+ .ropeproject
153
+
154
+ # mkdocs documentation
155
+ /site
156
+
157
+ # mypy
158
+ .mypy_cache/
159
+ .dmypy.json
160
+ dmypy.json
161
+
162
+ # Pyre type checker
163
+ .pyre/
164
+
165
+ # pytype static type analyzer
166
+ .pytype/
167
+
168
+ # Cython debug symbols
169
+ cython_debug/
170
+
171
+ # PyCharm
172
+ # JetBrains specific template is maintained in a separate JetBrains.gitignore that can
173
+ # be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
174
+ # and can be added to the global gitignore or merged into this file. For a more nuclear
175
+ # option (not recommended) you can uncomment the following to ignore the entire idea folder.
176
+ #.idea/
177
+
178
+ # Abstra
179
+ # Abstra is an AI-powered process automation framework.
180
+ # Ignore directories containing user credentials, local state, and settings.
181
+ # Learn more at https://abstra.io/docs
182
+ .abstra/
183
+
184
+ # Visual Studio Code
185
+ # Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore
186
+ # that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
187
+ # and can be added to the global gitignore or merged into this file. However, if you prefer,
188
+ # you could uncomment the following to ignore the entire vscode folder
189
+ # .vscode/
190
+
191
+ # Ruff stuff:
192
+ .ruff_cache/
193
+
194
+ # PyPI configuration file
195
+ .pypirc
196
+
197
+ # Cursor
198
+ # Cursor is an AI-powered code editor. `.cursorignore` specifies files/directories to
199
+ # exclude from AI features like autocomplete and code analysis. Recommended for sensitive data
200
+ # refer to https://docs.cursor.com/context/ignore-files
201
+ .cursorignore
202
+ .cursorindexingignore
203
+
204
+ # Marimo
205
+ marimo/_static/
206
+ marimo/_lsp/
207
+ __marimo__/
208
+
209
+ # Claude Code local state
210
+ .claude/
211
+
212
+ # prawduct session evidence (local governance artifacts, never shipped)
213
+ .prawduct/
214
+
215
+ # macOS folder metadata
216
+ .DS_Store
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Mark Pace
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1,74 @@
1
+ Metadata-Version: 2.4
2
+ Name: 3tears-mcp
3
+ Version: 0.14.0
4
+ Summary: Shared MCP framework: McpServer + McpTool + PlatformHttpClient + per-tool RBAC backed by mcp_tool_grants and the task-02 epoch broadcast
5
+ Project-URL: Repository, https://github.com/pacepace/3tears
6
+ Author: pace
7
+ License-Expression: MIT
8
+ License-File: LICENSE
9
+ Classifier: Development Status :: 3 - Alpha
10
+ Classifier: Framework :: AsyncIO
11
+ Classifier: Intended Audience :: Developers
12
+ Classifier: Programming Language :: Python :: 3
13
+ Classifier: Programming Language :: Python :: 3.14
14
+ Classifier: Topic :: Software Development :: Libraries
15
+ Classifier: Typing :: Typed
16
+ Requires-Python: >=3.14
17
+ Requires-Dist: 3tears
18
+ Requires-Dist: 3tears-epoch
19
+ Requires-Dist: 3tears-nats
20
+ Requires-Dist: 3tears-observe
21
+ Requires-Dist: httpx>=0.27
22
+ Requires-Dist: mcp>=1.27
23
+ Requires-Dist: pydantic>=2
24
+ Description-Content-Type: text/markdown
25
+
26
+ # 3tears-mcp
27
+
28
+ Shared MCP (Model Context Protocol) framework. Per-product MCP servers compose this framework instead of reimplementing stdio transport, JWT auth, error mapping, and per-tool RBAC.
29
+
30
+ ## What's in here
31
+
32
+ | Module | Responsibility |
33
+ |---|---|
34
+ | `server` | `McpServer` -- wraps the official `mcp.server.Server`. Owns tool registration, RBAC gating before handler dispatch, structured error mapping per the MCP spec. |
35
+ | `tool` | `McpTool` dataclass (name, description, input_schema, required_permission, handler) and `register_tool` decorator. |
36
+ | `http_client` | `PlatformHttpClient` -- typed httpx client with JWT login + refresh-on-401. Used by both MCP server tool handlers (calling /api/v1/...) and CLI scripts. One HTTP-client implementation, two transports. |
37
+ | `auth` | `Identity` dataclass + `IdentityProvider` Protocol + `EnvVarIdentityProvider` (stdio impl). `Authorizer` Protocol + `LocalGrantAuthorizer` (default impl backed by `McpToolGrantCollection`). |
38
+ | `rbac` | `McpToolGrantCollection` -- `BaseCollection` over `mcp_tool_grants`. Exposes the in-memory grant cache that `LocalGrantAuthorizer` consults. |
39
+ | `migrations/` | `v01_create_mcp_tool_grants` -- platform-scope DDL. Consumers register via `MigrationRunner.register(epoch_pkg)` (same shape as `threetears.epoch`). |
40
+
41
+ ## RBAC model
42
+
43
+ Per-tool, default-deny. Each `McpTool` declares a `required_permission` string (e.g. `"conversations.read"`, `"audit.read"`). On every dispatch:
44
+
45
+ 1. The framework calls `Authorizer.allows(identity, required_permission)`.
46
+ 2. `LocalGrantAuthorizer` checks whether the caller's identity matches an active grant in `McpToolGrantCollection` for the requested permission.
47
+ 3. If denied, the framework returns a structured MCP error to the client (not a Python exception in the response body).
48
+
49
+ The configured admin identity (env-var creds in the stdio impl) is **auto-granted in memory at server startup**. The grant is logged but NOT written to `mcp_tool_grants`. This keeps the table truthful (only operator-added grants live there).
50
+
51
+ Grant changes propagate cross-pod via the `mcp.rbac` epoch broadcast. `LocalGrantAuthorizer` subscribes to `Subjects.mcp_rbac_epoch()` via an `EpochListener`; on bump it reloads the grant cache from L3. Cold-start primes from `EpochClient.current(...)`. Missed broadcasts recover via the standard pull-on-stale path.
52
+
53
+ ## Identity in v1
54
+
55
+ `EnvVarIdentityProvider` returns one fixed `Identity` for the lifetime of the server, derived from env-var credentials. v2 (HTTP transport + per-call bearer-token identity) plugs in by adding a `BearerTokenIdentityProvider`; the rest of the framework is unchanged. The `Authorizer.allows(identity, permission)` interface is unchanged between v1 and v2.
56
+
57
+ ## Stdio transport discipline
58
+
59
+ Every byte on stdout/stderr from a stdio MCP server confuses the client. The framework configures logging to a file or to NATS; **no module under `threetears.mcp` should write to `sys.stdout` / `sys.stderr`**. An AST enforcement test guards this.
60
+
61
+ ## Postgres backing
62
+
63
+ ```
64
+ CREATE TABLE IF NOT EXISTS mcp_tool_grants (
65
+ grant_id UUID PRIMARY KEY,
66
+ principal_type TEXT NOT NULL, -- 'user' | 'group' | 'role'
67
+ principal_id UUID NOT NULL,
68
+ tool_name TEXT NOT NULL,
69
+ permission TEXT NOT NULL,
70
+ date_created TIMESTAMPTZ NOT NULL DEFAULT now()
71
+ );
72
+ ```
73
+
74
+ Mutation paths (admin `POST /admin/mcp/grants`, `DELETE /admin/mcp/grants/{id}`) bump `Subjects.mcp_rbac_epoch()` after the row commit; sibling pods reload via the epoch listener.
@@ -0,0 +1,49 @@
1
+ # 3tears-mcp
2
+
3
+ Shared MCP (Model Context Protocol) framework. Per-product MCP servers compose this framework instead of reimplementing stdio transport, JWT auth, error mapping, and per-tool RBAC.
4
+
5
+ ## What's in here
6
+
7
+ | Module | Responsibility |
8
+ |---|---|
9
+ | `server` | `McpServer` -- wraps the official `mcp.server.Server`. Owns tool registration, RBAC gating before handler dispatch, structured error mapping per the MCP spec. |
10
+ | `tool` | `McpTool` dataclass (name, description, input_schema, required_permission, handler) and `register_tool` decorator. |
11
+ | `http_client` | `PlatformHttpClient` -- typed httpx client with JWT login + refresh-on-401. Used by both MCP server tool handlers (calling /api/v1/...) and CLI scripts. One HTTP-client implementation, two transports. |
12
+ | `auth` | `Identity` dataclass + `IdentityProvider` Protocol + `EnvVarIdentityProvider` (stdio impl). `Authorizer` Protocol + `LocalGrantAuthorizer` (default impl backed by `McpToolGrantCollection`). |
13
+ | `rbac` | `McpToolGrantCollection` -- `BaseCollection` over `mcp_tool_grants`. Exposes the in-memory grant cache that `LocalGrantAuthorizer` consults. |
14
+ | `migrations/` | `v01_create_mcp_tool_grants` -- platform-scope DDL. Consumers register via `MigrationRunner.register(epoch_pkg)` (same shape as `threetears.epoch`). |
15
+
16
+ ## RBAC model
17
+
18
+ Per-tool, default-deny. Each `McpTool` declares a `required_permission` string (e.g. `"conversations.read"`, `"audit.read"`). On every dispatch:
19
+
20
+ 1. The framework calls `Authorizer.allows(identity, required_permission)`.
21
+ 2. `LocalGrantAuthorizer` checks whether the caller's identity matches an active grant in `McpToolGrantCollection` for the requested permission.
22
+ 3. If denied, the framework returns a structured MCP error to the client (not a Python exception in the response body).
23
+
24
+ The configured admin identity (env-var creds in the stdio impl) is **auto-granted in memory at server startup**. The grant is logged but NOT written to `mcp_tool_grants`. This keeps the table truthful (only operator-added grants live there).
25
+
26
+ Grant changes propagate cross-pod via the `mcp.rbac` epoch broadcast. `LocalGrantAuthorizer` subscribes to `Subjects.mcp_rbac_epoch()` via an `EpochListener`; on bump it reloads the grant cache from L3. Cold-start primes from `EpochClient.current(...)`. Missed broadcasts recover via the standard pull-on-stale path.
27
+
28
+ ## Identity in v1
29
+
30
+ `EnvVarIdentityProvider` returns one fixed `Identity` for the lifetime of the server, derived from env-var credentials. v2 (HTTP transport + per-call bearer-token identity) plugs in by adding a `BearerTokenIdentityProvider`; the rest of the framework is unchanged. The `Authorizer.allows(identity, permission)` interface is unchanged between v1 and v2.
31
+
32
+ ## Stdio transport discipline
33
+
34
+ Every byte on stdout/stderr from a stdio MCP server confuses the client. The framework configures logging to a file or to NATS; **no module under `threetears.mcp` should write to `sys.stdout` / `sys.stderr`**. An AST enforcement test guards this.
35
+
36
+ ## Postgres backing
37
+
38
+ ```
39
+ CREATE TABLE IF NOT EXISTS mcp_tool_grants (
40
+ grant_id UUID PRIMARY KEY,
41
+ principal_type TEXT NOT NULL, -- 'user' | 'group' | 'role'
42
+ principal_id UUID NOT NULL,
43
+ tool_name TEXT NOT NULL,
44
+ permission TEXT NOT NULL,
45
+ date_created TIMESTAMPTZ NOT NULL DEFAULT now()
46
+ );
47
+ ```
48
+
49
+ Mutation paths (admin `POST /admin/mcp/grants`, `DELETE /admin/mcp/grants/{id}`) bump `Subjects.mcp_rbac_epoch()` after the row commit; sibling pods reload via the epoch listener.
@@ -0,0 +1,56 @@
1
+ [build-system]
2
+ requires = ["hatchling"]
3
+ build-backend = "hatchling.build"
4
+
5
+ [project]
6
+ name = "3tears-mcp"
7
+ version = "0.14.0"
8
+ description = "Shared MCP framework: McpServer + McpTool + PlatformHttpClient + per-tool RBAC backed by mcp_tool_grants and the task-02 epoch broadcast"
9
+ readme = "README.md"
10
+ requires-python = ">=3.14"
11
+ authors = [{name = "pace"}]
12
+ license = "MIT"
13
+ license-files = ["LICENSE"]
14
+ classifiers = [
15
+ "Development Status :: 3 - Alpha",
16
+ "Framework :: AsyncIO",
17
+ "Intended Audience :: Developers",
18
+ "Programming Language :: Python :: 3",
19
+ "Programming Language :: Python :: 3.14",
20
+ "Topic :: Software Development :: Libraries",
21
+ "Typing :: Typed",
22
+ ]
23
+ dependencies = [
24
+ "3tears",
25
+ "3tears-epoch",
26
+ "3tears-nats",
27
+ "3tears-observe",
28
+ "mcp>=1.27",
29
+ "httpx>=0.27",
30
+ "pydantic>=2",
31
+ ]
32
+
33
+ [project.urls]
34
+ Repository = "https://github.com/pacepace/3tears"
35
+
36
+ [tool.hatch.build.targets.wheel]
37
+ packages = ["src/threetears"]
38
+
39
+ [tool.uv.sources]
40
+ 3tears = { workspace = true }
41
+ 3tears-epoch = { workspace = true }
42
+ 3tears-nats = { workspace = true }
43
+ 3tears-observe = { workspace = true }
44
+
45
+ [tool.mypy]
46
+ strict = true
47
+ mypy_path = "src"
48
+ packages = ["threetears.mcp"]
49
+ explicit_package_bases = true
50
+ ignore_missing_imports = true
51
+
52
+ # no [tool.pytest.ini_options] block: pytest's rootdir detection
53
+ # picks the closest pyproject with [tool.pytest.ini_options], so a
54
+ # per-package block hides the workspace-level conftest.py and
55
+ # unregisters the canonical ``pytest_plugins = ["threetears.core.
56
+ # testing.fixtures"]`` line. inherit from the workspace instead.
@@ -0,0 +1,81 @@
1
+ """3tears-mcp: shared Model Context Protocol framework.
2
+
3
+ per-product MCP servers compose this
4
+ framework instead of reimplementing stdio transport, JWT auth, error
5
+ mapping, and per-tool RBAC.
6
+
7
+ modules:
8
+
9
+ - :mod:`threetears.mcp.server` -- :class:`McpServer` (RBAC-gated
10
+ wrapper over the official ``mcp.server.Server``)
11
+ - :mod:`threetears.mcp.tool` -- :class:`McpTool`, :class:`ToolRegistry`,
12
+ :func:`register_tool` decorator
13
+ - :mod:`threetears.mcp.http_client` -- :class:`PlatformHttpClient`
14
+ (typed httpx with JWT login + refresh-on-401; used by both MCP
15
+ servers and CLI scripts)
16
+ - :mod:`threetears.mcp.auth` -- :class:`Identity`,
17
+ :class:`IdentityProvider` Protocol + :class:`EnvVarIdentityProvider`,
18
+ :class:`Authorizer` Protocol + :class:`LocalGrantAuthorizer`
19
+ - :mod:`threetears.mcp.rbac` -- :class:`McpToolGrantCollection` over
20
+ the ``mcp_tool_grants`` table
21
+ - :mod:`threetears.mcp.migrations` -- platform-scope migration that
22
+ creates ``mcp_tool_grants``
23
+ """
24
+
25
+ from __future__ import annotations
26
+
27
+ # Version derived from pyproject.toml so the metadata is the single
28
+ # source of truth -- a future release that bumps pyproject without
29
+ # updating ``__init__.py`` can't drift the runtime ``__version__``.
30
+ # The except guard handles the rare case where the package isn't
31
+ # installed via importlib.metadata (e.g. running directly from a
32
+ # checked-out source tree without ``uv sync``); the fallback keeps
33
+ # imports working but reports ``unknown`` rather than crashing.
34
+ from importlib.metadata import PackageNotFoundError as _PackageNotFoundError
35
+ from importlib.metadata import version as _version
36
+
37
+ try:
38
+ __version__ = _version("3tears-mcp")
39
+ except _PackageNotFoundError: # pragma: no cover - dev fallback
40
+ __version__ = "unknown"
41
+
42
+ from threetears.mcp.auth import (
43
+ Authorizer,
44
+ EnvVarIdentityProvider,
45
+ Identity,
46
+ IdentityProvider,
47
+ LocalGrantAuthorizer,
48
+ PrincipalType,
49
+ )
50
+ from threetears.mcp.http_client import PlatformHttpClient, PlatformHttpError
51
+ from threetears.mcp.rbac import (
52
+ McpToolGrantCollection,
53
+ McpToolGrantEntity,
54
+ mcp_tool_grants_table,
55
+ )
56
+ from threetears.mcp.server import McpServer
57
+ from threetears.mcp.tool import (
58
+ McpTool,
59
+ ToolHandler,
60
+ ToolRegistry,
61
+ register_tool,
62
+ )
63
+
64
+ __all__ = [
65
+ "Authorizer",
66
+ "EnvVarIdentityProvider",
67
+ "Identity",
68
+ "IdentityProvider",
69
+ "LocalGrantAuthorizer",
70
+ "McpServer",
71
+ "McpTool",
72
+ "McpToolGrantCollection",
73
+ "McpToolGrantEntity",
74
+ "PlatformHttpClient",
75
+ "PlatformHttpError",
76
+ "PrincipalType",
77
+ "ToolHandler",
78
+ "ToolRegistry",
79
+ "mcp_tool_grants_table",
80
+ "register_tool",
81
+ ]