Skip to main content

Socle commun des serveurs MCP Otomata : doctrines en base servies en tools, runs start/stop, RBAC scopé, logging. Tout-en-tools, scope injecté (intra-entreprise ; le × Z reste à l'orchestrateur).

Project description

otomata-mcp

Socle commun des serveurs MCP Otomata (Python / FastMCP). Tout-en-tools (pas de resource ni de prompt → tout accès est loggé), scopé par entreprise.

Le socle modélise l'intra-entreprise (1 org = X groupes, Y users). Le multi-entreprise (× Z) — résolution de l'org courante, platform_admin, marketplace de doctrines — reste dans l'orchestrateur (oto / madeleine), qui injecte un scope (tenant_id) à chaque appel. Le socle ne requête jamais sans scope → pas de fuite cross-org.

Modules

otomata_mcp/
  scope.py        # Scope + ScopeResolver (ConstantScope = Z1, CallableScope = ZN)
  identity.py     # current_identity() via resolver injecté (JWT en prod)
  content/        # instructions en base, servies EN TOOLS (readme_agent / list_instructions / get_instruction / set_instruction)
                  #   model · store (Protocol + InMemory) · validate (zéro nom) · schema (DDL) · tools
  run/            # start/stop : pile de runs en session state, corrélée run_id
  rbac/           # org_admin → group_admin → member, scopé (gate des tools)
  logging.py      # middleware run-aware (réutilise le schéma otomata-calllog + run_id)
  bootstrap.py    # build_server(...) compose tout

Ce que le consommateur fournit (injecté)

  • un ContentStore (OGIC : PostgREST/Supabase ; oto/madeleine : asyncpg) — SCHEMA_SQL fourni ;
  • un RoleStore (rôles scopés) ;
  • un ScopeResolver (ConstantScope("ogic") en Z=1, CallableScope(current_org) en Z=N) ;
  • un sink de logs (table tool_calls, cf. otomata-calllog) ;
  • l'auth (verifier JWT du provider) — le socle lit l'identité via un resolver injecté.

Exemple

from otomata_mcp import build_server, InMemoryContentStore, InMemoryRoleStore, ConstantScope
mcp = build_server("mon-mcp", content_store=..., role_store=..., scope_resolver=ConstantScope("acme"),
                   sink=my_sink, blocklist=["NomInterdit"])

example_demo.py montre tout (doctrines-tools loggées + corrélées run_id, RBAC, validation).

Dev

python -m venv .venv && . .venv/bin/activate
pip install -e ".[dev]"
pytest          # tests du socle
python example_demo.py

Distribution

Publié sur PyPI (pip install otomata-mcp), modèle otomata-calllog. Le contenu est du plumbing MCP générique — aucun secret ni donnée client.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

otomata_mcp-0.2.0.tar.gz (13.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

otomata_mcp-0.2.0-py3-none-any.whl (16.0 kB view details)

Uploaded Python 3

File details

Details for the file otomata_mcp-0.2.0.tar.gz.

File metadata

  • Download URL: otomata_mcp-0.2.0.tar.gz
  • Upload date:
  • Size: 13.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.4

File hashes

Hashes for otomata_mcp-0.2.0.tar.gz
Algorithm Hash digest
SHA256 1004b59289870855dc97dc0f970e436dbb5feedffff94e5725e22dc300283bec
MD5 6f56ade223ed10d1c704856cd724f95d
BLAKE2b-256 6909f1bac282c3d5c3309094a9c1e1eceb41560ded972fa5f59de8e6b3b26e49

See more details on using hashes here.

File details

Details for the file otomata_mcp-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: otomata_mcp-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 16.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.4

File hashes

Hashes for otomata_mcp-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 6e49442a2aeac67e4135a7823090583948bd99253f69e7de7aa5330cc8c903d1
MD5 46a4643a9394cf95ff0d16e03b30afda
BLAKE2b-256 c693aa5ca8f6285e0e6d87c3f4a0bd252aadfb2387e1d35c7a5489d8f4dc233d

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page