Skip to main content

Socle commun des serveurs MCP Otomata : doctrines en base servies en tools, runs start/stop, RBAC scopé, logging. Tout-en-tools, scope injecté (intra-entreprise ; le × Z reste à l'orchestrateur).

Project description

otomata-mcp

Socle commun des serveurs MCP Otomata (Python / FastMCP). Tout-en-tools (pas de resource ni de prompt → tout accès est loggé), scopé par entreprise.

Le socle modélise l'intra-entreprise (1 org = X groupes, Y users). Le multi-entreprise (× Z) — résolution de l'org courante, platform_admin, marketplace de doctrines — reste dans l'orchestrateur (oto / madeleine), qui injecte un scope (tenant_id) à chaque appel. Le socle ne requête jamais sans scope → pas de fuite cross-org.

Modules

otomata_mcp/
  scope.py        # Scope + ScopeResolver (ConstantScope = Z1, CallableScope = ZN)
  identity.py     # current_identity() via resolver injecté (JWT en prod)
  content/        # doctrines en base, servies EN TOOLS (list / open / set / get_doctrine)
                  #   model · store (Protocol + InMemory) · validate (zéro nom) · schema (DDL) · tools
  run/            # start/stop : pile de runs en session state, corrélée run_id
  rbac/           # org_admin → group_admin → member, scopé (gate des tools)
  logging.py      # middleware run-aware (réutilise le schéma otomata-calllog + run_id)
  bootstrap.py    # build_server(...) compose tout

Ce que le consommateur fournit (injecté)

  • un ContentStore (OGIC : PostgREST/Supabase ; oto/madeleine : asyncpg) — SCHEMA_SQL fourni ;
  • un RoleStore (rôles scopés) ;
  • un ScopeResolver (ConstantScope("ogic") en Z=1, CallableScope(current_org) en Z=N) ;
  • un sink de logs (table tool_calls, cf. otomata-calllog) ;
  • l'auth (verifier JWT du provider) — le socle lit l'identité via un resolver injecté.

Exemple

from otomata_mcp import build_server, InMemoryContentStore, InMemoryRoleStore, ConstantScope
mcp = build_server("mon-mcp", content_store=..., role_store=..., scope_resolver=ConstantScope("acme"),
                   sink=my_sink, blocklist=["NomInterdit"])

example_demo.py montre tout (doctrines-tools loggées + corrélées run_id, RBAC, validation).

Dev

python -m venv .venv && . .venv/bin/activate
pip install -e ".[dev]"
pytest          # tests du socle
python example_demo.py

Distribution

Publié sur PyPI (pip install otomata-mcp), modèle otomata-calllog. Le contenu est du plumbing MCP générique — aucun secret ni donnée client.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

otomata_mcp-0.1.2.tar.gz (12.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

otomata_mcp-0.1.2-py3-none-any.whl (14.8 kB view details)

Uploaded Python 3

File details

Details for the file otomata_mcp-0.1.2.tar.gz.

File metadata

  • Download URL: otomata_mcp-0.1.2.tar.gz
  • Upload date:
  • Size: 12.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.4

File hashes

Hashes for otomata_mcp-0.1.2.tar.gz
Algorithm Hash digest
SHA256 82354f25a6bb2c08556d2809b31fea49e6fefe139540aea502a2db1f79cf87f2
MD5 eb6de42879efa9bedaf557e79e018ca0
BLAKE2b-256 7ecd756373eb24e73bcb7ad790c74b2cf192f32de0412f9e79851768995f6c94

See more details on using hashes here.

File details

Details for the file otomata_mcp-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: otomata_mcp-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 14.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.4

File hashes

Hashes for otomata_mcp-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 7997edf04c2f635bce71433fec57a648cb3175fdd47a64c142124670dff79759
MD5 2f3b11c0d60699e8e375a6b095dfde05
BLAKE2b-256 5e9ec535e39f75b8b4eca17cf2ee8e7d8e7d50c2d42941a7f607f9a3828d371c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page