3tears-mcp 0.14.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- 3tears_mcp-0.14.0/.gitignore +216 -0
- 3tears_mcp-0.14.0/LICENSE +21 -0
- 3tears_mcp-0.14.0/PKG-INFO +74 -0
- 3tears_mcp-0.14.0/README.md +49 -0
- 3tears_mcp-0.14.0/pyproject.toml +56 -0
- 3tears_mcp-0.14.0/src/threetears/mcp/__init__.py +81 -0
- 3tears_mcp-0.14.0/src/threetears/mcp/auth.py +539 -0
- 3tears_mcp-0.14.0/src/threetears/mcp/http_client.py +511 -0
- 3tears_mcp-0.14.0/src/threetears/mcp/migrations/__init__.py +58 -0
- 3tears_mcp-0.14.0/src/threetears/mcp/migrations/v001_create_mcp_tool_grants.py +68 -0
- 3tears_mcp-0.14.0/src/threetears/mcp/py.typed +0 -0
- 3tears_mcp-0.14.0/src/threetears/mcp/rbac.py +243 -0
- 3tears_mcp-0.14.0/src/threetears/mcp/server.py +360 -0
- 3tears_mcp-0.14.0/src/threetears/mcp/tool.py +206 -0
- 3tears_mcp-0.14.0/tests/integration/conftest.py +11 -0
- 3tears_mcp-0.14.0/tests/integration/test_multi_pod_rbac.py +418 -0
- 3tears_mcp-0.14.0/tests/unit/test_auth.py +487 -0
- 3tears_mcp-0.14.0/tests/unit/test_http_client.py +370 -0
- 3tears_mcp-0.14.0/tests/unit/test_http_client_concurrent.py +123 -0
- 3tears_mcp-0.14.0/tests/unit/test_no_stdio_writes.py +76 -0
- 3tears_mcp-0.14.0/tests/unit/test_rbac.py +202 -0
- 3tears_mcp-0.14.0/tests/unit/test_server.py +335 -0
- 3tears_mcp-0.14.0/tests/unit/test_to_sqlalchemy_table_parity.py +63 -0
- 3tears_mcp-0.14.0/tests/unit/test_tool.py +139 -0
- 3tears_mcp-0.14.0/tests/unit/test_tool_validation.py +55 -0
|
@@ -0,0 +1,216 @@
|
|
|
1
|
+
# Byte-compiled / optimized / DLL files
|
|
2
|
+
__pycache__/
|
|
3
|
+
*.py[codz]
|
|
4
|
+
*$py.class
|
|
5
|
+
|
|
6
|
+
# C extensions
|
|
7
|
+
*.so
|
|
8
|
+
|
|
9
|
+
# Distribution / packaging
|
|
10
|
+
.Python
|
|
11
|
+
build/
|
|
12
|
+
develop-eggs/
|
|
13
|
+
dist/
|
|
14
|
+
downloads/
|
|
15
|
+
eggs/
|
|
16
|
+
.eggs/
|
|
17
|
+
lib/
|
|
18
|
+
lib64/
|
|
19
|
+
parts/
|
|
20
|
+
sdist/
|
|
21
|
+
var/
|
|
22
|
+
wheels/
|
|
23
|
+
share/python-wheels/
|
|
24
|
+
*.egg-info/
|
|
25
|
+
.installed.cfg
|
|
26
|
+
*.egg
|
|
27
|
+
MANIFEST
|
|
28
|
+
|
|
29
|
+
# PyInstaller
|
|
30
|
+
# Usually these files are written by a python script from a template
|
|
31
|
+
# before PyInstaller builds the exe, so as to inject date/other infos into it.
|
|
32
|
+
*.manifest
|
|
33
|
+
*.spec
|
|
34
|
+
|
|
35
|
+
# Installer logs
|
|
36
|
+
pip-log.txt
|
|
37
|
+
pip-delete-this-directory.txt
|
|
38
|
+
|
|
39
|
+
# Unit test / coverage reports
|
|
40
|
+
htmlcov/
|
|
41
|
+
.tox/
|
|
42
|
+
.nox/
|
|
43
|
+
.coverage
|
|
44
|
+
.coverage.*
|
|
45
|
+
.cache
|
|
46
|
+
nosetests.xml
|
|
47
|
+
coverage.xml
|
|
48
|
+
*.cover
|
|
49
|
+
*.py.cover
|
|
50
|
+
.hypothesis/
|
|
51
|
+
.pytest_cache/
|
|
52
|
+
cover/
|
|
53
|
+
|
|
54
|
+
# Translations
|
|
55
|
+
*.mo
|
|
56
|
+
*.pot
|
|
57
|
+
|
|
58
|
+
# Django stuff:
|
|
59
|
+
*.log
|
|
60
|
+
local_settings.py
|
|
61
|
+
db.sqlite3
|
|
62
|
+
db.sqlite3-journal
|
|
63
|
+
|
|
64
|
+
# Flask stuff:
|
|
65
|
+
instance/
|
|
66
|
+
.webassets-cache
|
|
67
|
+
|
|
68
|
+
# Scrapy stuff:
|
|
69
|
+
.scrapy
|
|
70
|
+
|
|
71
|
+
# Sphinx documentation
|
|
72
|
+
docs/_build/
|
|
73
|
+
|
|
74
|
+
# PyBuilder
|
|
75
|
+
.pybuilder/
|
|
76
|
+
target/
|
|
77
|
+
|
|
78
|
+
# Jupyter Notebook
|
|
79
|
+
.ipynb_checkpoints
|
|
80
|
+
|
|
81
|
+
# IPython
|
|
82
|
+
profile_default/
|
|
83
|
+
ipython_config.py
|
|
84
|
+
|
|
85
|
+
# pyenv
|
|
86
|
+
# For a library or package, you might want to ignore these files since the code is
|
|
87
|
+
# intended to run in multiple environments; otherwise, check them in:
|
|
88
|
+
# .python-version
|
|
89
|
+
|
|
90
|
+
# pipenv
|
|
91
|
+
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
|
|
92
|
+
# However, in case of collaboration, if having platform-specific dependencies or dependencies
|
|
93
|
+
# having no cross-platform support, pipenv may install dependencies that don't work, or not
|
|
94
|
+
# install all needed dependencies.
|
|
95
|
+
#Pipfile.lock
|
|
96
|
+
|
|
97
|
+
# UV
|
|
98
|
+
# Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
|
|
99
|
+
# This is especially recommended for binary packages to ensure reproducibility, and is more
|
|
100
|
+
# commonly ignored for libraries.
|
|
101
|
+
#uv.lock
|
|
102
|
+
|
|
103
|
+
# poetry
|
|
104
|
+
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
|
|
105
|
+
# This is especially recommended for binary packages to ensure reproducibility, and is more
|
|
106
|
+
# commonly ignored for libraries.
|
|
107
|
+
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
|
|
108
|
+
#poetry.lock
|
|
109
|
+
#poetry.toml
|
|
110
|
+
|
|
111
|
+
# pdm
|
|
112
|
+
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
|
|
113
|
+
# pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
|
|
114
|
+
# https://pdm-project.org/en/latest/usage/project/#working-with-version-control
|
|
115
|
+
#pdm.lock
|
|
116
|
+
#pdm.toml
|
|
117
|
+
.pdm-python
|
|
118
|
+
.pdm-build/
|
|
119
|
+
|
|
120
|
+
# pixi
|
|
121
|
+
# Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
|
|
122
|
+
#pixi.lock
|
|
123
|
+
# Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
|
|
124
|
+
# in the .venv directory. It is recommended not to include this directory in version control.
|
|
125
|
+
.pixi
|
|
126
|
+
|
|
127
|
+
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
|
|
128
|
+
__pypackages__/
|
|
129
|
+
|
|
130
|
+
# Celery stuff
|
|
131
|
+
celerybeat-schedule
|
|
132
|
+
celerybeat.pid
|
|
133
|
+
|
|
134
|
+
# SageMath parsed files
|
|
135
|
+
*.sage.py
|
|
136
|
+
|
|
137
|
+
# Environments
|
|
138
|
+
.env
|
|
139
|
+
.envrc
|
|
140
|
+
.venv
|
|
141
|
+
env/
|
|
142
|
+
venv/
|
|
143
|
+
ENV/
|
|
144
|
+
env.bak/
|
|
145
|
+
venv.bak/
|
|
146
|
+
|
|
147
|
+
# Spyder project settings
|
|
148
|
+
.spyderproject
|
|
149
|
+
.spyproject
|
|
150
|
+
|
|
151
|
+
# Rope project settings
|
|
152
|
+
.ropeproject
|
|
153
|
+
|
|
154
|
+
# mkdocs documentation
|
|
155
|
+
/site
|
|
156
|
+
|
|
157
|
+
# mypy
|
|
158
|
+
.mypy_cache/
|
|
159
|
+
.dmypy.json
|
|
160
|
+
dmypy.json
|
|
161
|
+
|
|
162
|
+
# Pyre type checker
|
|
163
|
+
.pyre/
|
|
164
|
+
|
|
165
|
+
# pytype static type analyzer
|
|
166
|
+
.pytype/
|
|
167
|
+
|
|
168
|
+
# Cython debug symbols
|
|
169
|
+
cython_debug/
|
|
170
|
+
|
|
171
|
+
# PyCharm
|
|
172
|
+
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
|
|
173
|
+
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
|
|
174
|
+
# and can be added to the global gitignore or merged into this file. For a more nuclear
|
|
175
|
+
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
|
|
176
|
+
#.idea/
|
|
177
|
+
|
|
178
|
+
# Abstra
|
|
179
|
+
# Abstra is an AI-powered process automation framework.
|
|
180
|
+
# Ignore directories containing user credentials, local state, and settings.
|
|
181
|
+
# Learn more at https://abstra.io/docs
|
|
182
|
+
.abstra/
|
|
183
|
+
|
|
184
|
+
# Visual Studio Code
|
|
185
|
+
# Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore
|
|
186
|
+
# that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
|
|
187
|
+
# and can be added to the global gitignore or merged into this file. However, if you prefer,
|
|
188
|
+
# you could uncomment the following to ignore the entire vscode folder
|
|
189
|
+
# .vscode/
|
|
190
|
+
|
|
191
|
+
# Ruff stuff:
|
|
192
|
+
.ruff_cache/
|
|
193
|
+
|
|
194
|
+
# PyPI configuration file
|
|
195
|
+
.pypirc
|
|
196
|
+
|
|
197
|
+
# Cursor
|
|
198
|
+
# Cursor is an AI-powered code editor. `.cursorignore` specifies files/directories to
|
|
199
|
+
# exclude from AI features like autocomplete and code analysis. Recommended for sensitive data
|
|
200
|
+
# refer to https://docs.cursor.com/context/ignore-files
|
|
201
|
+
.cursorignore
|
|
202
|
+
.cursorindexingignore
|
|
203
|
+
|
|
204
|
+
# Marimo
|
|
205
|
+
marimo/_static/
|
|
206
|
+
marimo/_lsp/
|
|
207
|
+
__marimo__/
|
|
208
|
+
|
|
209
|
+
# Claude Code local state
|
|
210
|
+
.claude/
|
|
211
|
+
|
|
212
|
+
# prawduct session evidence (local governance artifacts, never shipped)
|
|
213
|
+
.prawduct/
|
|
214
|
+
|
|
215
|
+
# macOS folder metadata
|
|
216
|
+
.DS_Store
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 Mark Pace
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: 3tears-mcp
|
|
3
|
+
Version: 0.14.0
|
|
4
|
+
Summary: Shared MCP framework: McpServer + McpTool + PlatformHttpClient + per-tool RBAC backed by mcp_tool_grants and the task-02 epoch broadcast
|
|
5
|
+
Project-URL: Repository, https://github.com/pacepace/3tears
|
|
6
|
+
Author: pace
|
|
7
|
+
License-Expression: MIT
|
|
8
|
+
License-File: LICENSE
|
|
9
|
+
Classifier: Development Status :: 3 - Alpha
|
|
10
|
+
Classifier: Framework :: AsyncIO
|
|
11
|
+
Classifier: Intended Audience :: Developers
|
|
12
|
+
Classifier: Programming Language :: Python :: 3
|
|
13
|
+
Classifier: Programming Language :: Python :: 3.14
|
|
14
|
+
Classifier: Topic :: Software Development :: Libraries
|
|
15
|
+
Classifier: Typing :: Typed
|
|
16
|
+
Requires-Python: >=3.14
|
|
17
|
+
Requires-Dist: 3tears
|
|
18
|
+
Requires-Dist: 3tears-epoch
|
|
19
|
+
Requires-Dist: 3tears-nats
|
|
20
|
+
Requires-Dist: 3tears-observe
|
|
21
|
+
Requires-Dist: httpx>=0.27
|
|
22
|
+
Requires-Dist: mcp>=1.27
|
|
23
|
+
Requires-Dist: pydantic>=2
|
|
24
|
+
Description-Content-Type: text/markdown
|
|
25
|
+
|
|
26
|
+
# 3tears-mcp
|
|
27
|
+
|
|
28
|
+
Shared MCP (Model Context Protocol) framework. Per-product MCP servers compose this framework instead of reimplementing stdio transport, JWT auth, error mapping, and per-tool RBAC.
|
|
29
|
+
|
|
30
|
+
## What's in here
|
|
31
|
+
|
|
32
|
+
| Module | Responsibility |
|
|
33
|
+
|---|---|
|
|
34
|
+
| `server` | `McpServer` -- wraps the official `mcp.server.Server`. Owns tool registration, RBAC gating before handler dispatch, structured error mapping per the MCP spec. |
|
|
35
|
+
| `tool` | `McpTool` dataclass (name, description, input_schema, required_permission, handler) and `register_tool` decorator. |
|
|
36
|
+
| `http_client` | `PlatformHttpClient` -- typed httpx client with JWT login + refresh-on-401. Used by both MCP server tool handlers (calling /api/v1/...) and CLI scripts. One HTTP-client implementation, two transports. |
|
|
37
|
+
| `auth` | `Identity` dataclass + `IdentityProvider` Protocol + `EnvVarIdentityProvider` (stdio impl). `Authorizer` Protocol + `LocalGrantAuthorizer` (default impl backed by `McpToolGrantCollection`). |
|
|
38
|
+
| `rbac` | `McpToolGrantCollection` -- `BaseCollection` over `mcp_tool_grants`. Exposes the in-memory grant cache that `LocalGrantAuthorizer` consults. |
|
|
39
|
+
| `migrations/` | `v01_create_mcp_tool_grants` -- platform-scope DDL. Consumers register via `MigrationRunner.register(epoch_pkg)` (same shape as `threetears.epoch`). |
|
|
40
|
+
|
|
41
|
+
## RBAC model
|
|
42
|
+
|
|
43
|
+
Per-tool, default-deny. Each `McpTool` declares a `required_permission` string (e.g. `"conversations.read"`, `"audit.read"`). On every dispatch:
|
|
44
|
+
|
|
45
|
+
1. The framework calls `Authorizer.allows(identity, required_permission)`.
|
|
46
|
+
2. `LocalGrantAuthorizer` checks whether the caller's identity matches an active grant in `McpToolGrantCollection` for the requested permission.
|
|
47
|
+
3. If denied, the framework returns a structured MCP error to the client (not a Python exception in the response body).
|
|
48
|
+
|
|
49
|
+
The configured admin identity (env-var creds in the stdio impl) is **auto-granted in memory at server startup**. The grant is logged but NOT written to `mcp_tool_grants`. This keeps the table truthful (only operator-added grants live there).
|
|
50
|
+
|
|
51
|
+
Grant changes propagate cross-pod via the `mcp.rbac` epoch broadcast. `LocalGrantAuthorizer` subscribes to `Subjects.mcp_rbac_epoch()` via an `EpochListener`; on bump it reloads the grant cache from L3. Cold-start primes from `EpochClient.current(...)`. Missed broadcasts recover via the standard pull-on-stale path.
|
|
52
|
+
|
|
53
|
+
## Identity in v1
|
|
54
|
+
|
|
55
|
+
`EnvVarIdentityProvider` returns one fixed `Identity` for the lifetime of the server, derived from env-var credentials. v2 (HTTP transport + per-call bearer-token identity) plugs in by adding a `BearerTokenIdentityProvider`; the rest of the framework is unchanged. The `Authorizer.allows(identity, permission)` interface is unchanged between v1 and v2.
|
|
56
|
+
|
|
57
|
+
## Stdio transport discipline
|
|
58
|
+
|
|
59
|
+
Every byte on stdout/stderr from a stdio MCP server confuses the client. The framework configures logging to a file or to NATS; **no module under `threetears.mcp` should write to `sys.stdout` / `sys.stderr`**. An AST enforcement test guards this.
|
|
60
|
+
|
|
61
|
+
## Postgres backing
|
|
62
|
+
|
|
63
|
+
```
|
|
64
|
+
CREATE TABLE IF NOT EXISTS mcp_tool_grants (
|
|
65
|
+
grant_id UUID PRIMARY KEY,
|
|
66
|
+
principal_type TEXT NOT NULL, -- 'user' | 'group' | 'role'
|
|
67
|
+
principal_id UUID NOT NULL,
|
|
68
|
+
tool_name TEXT NOT NULL,
|
|
69
|
+
permission TEXT NOT NULL,
|
|
70
|
+
date_created TIMESTAMPTZ NOT NULL DEFAULT now()
|
|
71
|
+
);
|
|
72
|
+
```
|
|
73
|
+
|
|
74
|
+
Mutation paths (admin `POST /admin/mcp/grants`, `DELETE /admin/mcp/grants/{id}`) bump `Subjects.mcp_rbac_epoch()` after the row commit; sibling pods reload via the epoch listener.
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
# 3tears-mcp
|
|
2
|
+
|
|
3
|
+
Shared MCP (Model Context Protocol) framework. Per-product MCP servers compose this framework instead of reimplementing stdio transport, JWT auth, error mapping, and per-tool RBAC.
|
|
4
|
+
|
|
5
|
+
## What's in here
|
|
6
|
+
|
|
7
|
+
| Module | Responsibility |
|
|
8
|
+
|---|---|
|
|
9
|
+
| `server` | `McpServer` -- wraps the official `mcp.server.Server`. Owns tool registration, RBAC gating before handler dispatch, structured error mapping per the MCP spec. |
|
|
10
|
+
| `tool` | `McpTool` dataclass (name, description, input_schema, required_permission, handler) and `register_tool` decorator. |
|
|
11
|
+
| `http_client` | `PlatformHttpClient` -- typed httpx client with JWT login + refresh-on-401. Used by both MCP server tool handlers (calling /api/v1/...) and CLI scripts. One HTTP-client implementation, two transports. |
|
|
12
|
+
| `auth` | `Identity` dataclass + `IdentityProvider` Protocol + `EnvVarIdentityProvider` (stdio impl). `Authorizer` Protocol + `LocalGrantAuthorizer` (default impl backed by `McpToolGrantCollection`). |
|
|
13
|
+
| `rbac` | `McpToolGrantCollection` -- `BaseCollection` over `mcp_tool_grants`. Exposes the in-memory grant cache that `LocalGrantAuthorizer` consults. |
|
|
14
|
+
| `migrations/` | `v01_create_mcp_tool_grants` -- platform-scope DDL. Consumers register via `MigrationRunner.register(epoch_pkg)` (same shape as `threetears.epoch`). |
|
|
15
|
+
|
|
16
|
+
## RBAC model
|
|
17
|
+
|
|
18
|
+
Per-tool, default-deny. Each `McpTool` declares a `required_permission` string (e.g. `"conversations.read"`, `"audit.read"`). On every dispatch:
|
|
19
|
+
|
|
20
|
+
1. The framework calls `Authorizer.allows(identity, required_permission)`.
|
|
21
|
+
2. `LocalGrantAuthorizer` checks whether the caller's identity matches an active grant in `McpToolGrantCollection` for the requested permission.
|
|
22
|
+
3. If denied, the framework returns a structured MCP error to the client (not a Python exception in the response body).
|
|
23
|
+
|
|
24
|
+
The configured admin identity (env-var creds in the stdio impl) is **auto-granted in memory at server startup**. The grant is logged but NOT written to `mcp_tool_grants`. This keeps the table truthful (only operator-added grants live there).
|
|
25
|
+
|
|
26
|
+
Grant changes propagate cross-pod via the `mcp.rbac` epoch broadcast. `LocalGrantAuthorizer` subscribes to `Subjects.mcp_rbac_epoch()` via an `EpochListener`; on bump it reloads the grant cache from L3. Cold-start primes from `EpochClient.current(...)`. Missed broadcasts recover via the standard pull-on-stale path.
|
|
27
|
+
|
|
28
|
+
## Identity in v1
|
|
29
|
+
|
|
30
|
+
`EnvVarIdentityProvider` returns one fixed `Identity` for the lifetime of the server, derived from env-var credentials. v2 (HTTP transport + per-call bearer-token identity) plugs in by adding a `BearerTokenIdentityProvider`; the rest of the framework is unchanged. The `Authorizer.allows(identity, permission)` interface is unchanged between v1 and v2.
|
|
31
|
+
|
|
32
|
+
## Stdio transport discipline
|
|
33
|
+
|
|
34
|
+
Every byte on stdout/stderr from a stdio MCP server confuses the client. The framework configures logging to a file or to NATS; **no module under `threetears.mcp` should write to `sys.stdout` / `sys.stderr`**. An AST enforcement test guards this.
|
|
35
|
+
|
|
36
|
+
## Postgres backing
|
|
37
|
+
|
|
38
|
+
```
|
|
39
|
+
CREATE TABLE IF NOT EXISTS mcp_tool_grants (
|
|
40
|
+
grant_id UUID PRIMARY KEY,
|
|
41
|
+
principal_type TEXT NOT NULL, -- 'user' | 'group' | 'role'
|
|
42
|
+
principal_id UUID NOT NULL,
|
|
43
|
+
tool_name TEXT NOT NULL,
|
|
44
|
+
permission TEXT NOT NULL,
|
|
45
|
+
date_created TIMESTAMPTZ NOT NULL DEFAULT now()
|
|
46
|
+
);
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
Mutation paths (admin `POST /admin/mcp/grants`, `DELETE /admin/mcp/grants/{id}`) bump `Subjects.mcp_rbac_epoch()` after the row commit; sibling pods reload via the epoch listener.
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
[build-system]
|
|
2
|
+
requires = ["hatchling"]
|
|
3
|
+
build-backend = "hatchling.build"
|
|
4
|
+
|
|
5
|
+
[project]
|
|
6
|
+
name = "3tears-mcp"
|
|
7
|
+
version = "0.14.0"
|
|
8
|
+
description = "Shared MCP framework: McpServer + McpTool + PlatformHttpClient + per-tool RBAC backed by mcp_tool_grants and the task-02 epoch broadcast"
|
|
9
|
+
readme = "README.md"
|
|
10
|
+
requires-python = ">=3.14"
|
|
11
|
+
authors = [{name = "pace"}]
|
|
12
|
+
license = "MIT"
|
|
13
|
+
license-files = ["LICENSE"]
|
|
14
|
+
classifiers = [
|
|
15
|
+
"Development Status :: 3 - Alpha",
|
|
16
|
+
"Framework :: AsyncIO",
|
|
17
|
+
"Intended Audience :: Developers",
|
|
18
|
+
"Programming Language :: Python :: 3",
|
|
19
|
+
"Programming Language :: Python :: 3.14",
|
|
20
|
+
"Topic :: Software Development :: Libraries",
|
|
21
|
+
"Typing :: Typed",
|
|
22
|
+
]
|
|
23
|
+
dependencies = [
|
|
24
|
+
"3tears",
|
|
25
|
+
"3tears-epoch",
|
|
26
|
+
"3tears-nats",
|
|
27
|
+
"3tears-observe",
|
|
28
|
+
"mcp>=1.27",
|
|
29
|
+
"httpx>=0.27",
|
|
30
|
+
"pydantic>=2",
|
|
31
|
+
]
|
|
32
|
+
|
|
33
|
+
[project.urls]
|
|
34
|
+
Repository = "https://github.com/pacepace/3tears"
|
|
35
|
+
|
|
36
|
+
[tool.hatch.build.targets.wheel]
|
|
37
|
+
packages = ["src/threetears"]
|
|
38
|
+
|
|
39
|
+
[tool.uv.sources]
|
|
40
|
+
3tears = { workspace = true }
|
|
41
|
+
3tears-epoch = { workspace = true }
|
|
42
|
+
3tears-nats = { workspace = true }
|
|
43
|
+
3tears-observe = { workspace = true }
|
|
44
|
+
|
|
45
|
+
[tool.mypy]
|
|
46
|
+
strict = true
|
|
47
|
+
mypy_path = "src"
|
|
48
|
+
packages = ["threetears.mcp"]
|
|
49
|
+
explicit_package_bases = true
|
|
50
|
+
ignore_missing_imports = true
|
|
51
|
+
|
|
52
|
+
# no [tool.pytest.ini_options] block: pytest's rootdir detection
|
|
53
|
+
# picks the closest pyproject with [tool.pytest.ini_options], so a
|
|
54
|
+
# per-package block hides the workspace-level conftest.py and
|
|
55
|
+
# unregisters the canonical ``pytest_plugins = ["threetears.core.
|
|
56
|
+
# testing.fixtures"]`` line. inherit from the workspace instead.
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
"""3tears-mcp: shared Model Context Protocol framework.
|
|
2
|
+
|
|
3
|
+
per-product MCP servers compose this
|
|
4
|
+
framework instead of reimplementing stdio transport, JWT auth, error
|
|
5
|
+
mapping, and per-tool RBAC.
|
|
6
|
+
|
|
7
|
+
modules:
|
|
8
|
+
|
|
9
|
+
- :mod:`threetears.mcp.server` -- :class:`McpServer` (RBAC-gated
|
|
10
|
+
wrapper over the official ``mcp.server.Server``)
|
|
11
|
+
- :mod:`threetears.mcp.tool` -- :class:`McpTool`, :class:`ToolRegistry`,
|
|
12
|
+
:func:`register_tool` decorator
|
|
13
|
+
- :mod:`threetears.mcp.http_client` -- :class:`PlatformHttpClient`
|
|
14
|
+
(typed httpx with JWT login + refresh-on-401; used by both MCP
|
|
15
|
+
servers and CLI scripts)
|
|
16
|
+
- :mod:`threetears.mcp.auth` -- :class:`Identity`,
|
|
17
|
+
:class:`IdentityProvider` Protocol + :class:`EnvVarIdentityProvider`,
|
|
18
|
+
:class:`Authorizer` Protocol + :class:`LocalGrantAuthorizer`
|
|
19
|
+
- :mod:`threetears.mcp.rbac` -- :class:`McpToolGrantCollection` over
|
|
20
|
+
the ``mcp_tool_grants`` table
|
|
21
|
+
- :mod:`threetears.mcp.migrations` -- platform-scope migration that
|
|
22
|
+
creates ``mcp_tool_grants``
|
|
23
|
+
"""
|
|
24
|
+
|
|
25
|
+
from __future__ import annotations
|
|
26
|
+
|
|
27
|
+
# Version derived from pyproject.toml so the metadata is the single
|
|
28
|
+
# source of truth -- a future release that bumps pyproject without
|
|
29
|
+
# updating ``__init__.py`` can't drift the runtime ``__version__``.
|
|
30
|
+
# The except guard handles the rare case where the package isn't
|
|
31
|
+
# installed via importlib.metadata (e.g. running directly from a
|
|
32
|
+
# checked-out source tree without ``uv sync``); the fallback keeps
|
|
33
|
+
# imports working but reports ``unknown`` rather than crashing.
|
|
34
|
+
from importlib.metadata import PackageNotFoundError as _PackageNotFoundError
|
|
35
|
+
from importlib.metadata import version as _version
|
|
36
|
+
|
|
37
|
+
try:
|
|
38
|
+
__version__ = _version("3tears-mcp")
|
|
39
|
+
except _PackageNotFoundError: # pragma: no cover - dev fallback
|
|
40
|
+
__version__ = "unknown"
|
|
41
|
+
|
|
42
|
+
from threetears.mcp.auth import (
|
|
43
|
+
Authorizer,
|
|
44
|
+
EnvVarIdentityProvider,
|
|
45
|
+
Identity,
|
|
46
|
+
IdentityProvider,
|
|
47
|
+
LocalGrantAuthorizer,
|
|
48
|
+
PrincipalType,
|
|
49
|
+
)
|
|
50
|
+
from threetears.mcp.http_client import PlatformHttpClient, PlatformHttpError
|
|
51
|
+
from threetears.mcp.rbac import (
|
|
52
|
+
McpToolGrantCollection,
|
|
53
|
+
McpToolGrantEntity,
|
|
54
|
+
mcp_tool_grants_table,
|
|
55
|
+
)
|
|
56
|
+
from threetears.mcp.server import McpServer
|
|
57
|
+
from threetears.mcp.tool import (
|
|
58
|
+
McpTool,
|
|
59
|
+
ToolHandler,
|
|
60
|
+
ToolRegistry,
|
|
61
|
+
register_tool,
|
|
62
|
+
)
|
|
63
|
+
|
|
64
|
+
__all__ = [
|
|
65
|
+
"Authorizer",
|
|
66
|
+
"EnvVarIdentityProvider",
|
|
67
|
+
"Identity",
|
|
68
|
+
"IdentityProvider",
|
|
69
|
+
"LocalGrantAuthorizer",
|
|
70
|
+
"McpServer",
|
|
71
|
+
"McpTool",
|
|
72
|
+
"McpToolGrantCollection",
|
|
73
|
+
"McpToolGrantEntity",
|
|
74
|
+
"PlatformHttpClient",
|
|
75
|
+
"PlatformHttpError",
|
|
76
|
+
"PrincipalType",
|
|
77
|
+
"ToolHandler",
|
|
78
|
+
"ToolRegistry",
|
|
79
|
+
"mcp_tool_grants_table",
|
|
80
|
+
"register_tool",
|
|
81
|
+
]
|