Socle commun des serveurs MCP Otomata : doctrines en base servies en tools, runs start/stop, RBAC scopé, logging. Tout-en-tools, scope injecté (intra-entreprise ; le × Z reste à l'orchestrateur).
Project description
otomata-mcp
Socle commun des serveurs MCP Otomata (Python / FastMCP). Tout-en-tools (pas de resource ni de prompt → tout accès est loggé), scopé par entreprise.
Le socle modélise l'intra-entreprise (1 org = X groupes, Y users). Le multi-entreprise
(× Z) — résolution de l'org courante, platform_admin, marketplace de doctrines — reste dans
l'orchestrateur (oto / madeleine), qui injecte un scope (tenant_id) à chaque appel. Le
socle ne requête jamais sans scope → pas de fuite cross-org.
Modules
otomata_mcp/
scope.py # Scope + ScopeResolver (ConstantScope = Z1, CallableScope = ZN)
identity.py # current_identity() via resolver injecté (JWT en prod)
content/ # instructions en base, servies EN TOOLS (readme_agent / list_instructions / get_instruction / set_instruction)
# model · store (Protocol + InMemory) · validate (zéro nom) · schema (DDL) · tools
run/ # start/stop : pile de runs en session state, corrélée run_id
rbac/ # org_admin → group_admin → member, scopé (gate des tools)
logging.py # middleware run-aware (réutilise le schéma otomata-calllog + run_id)
bootstrap.py # build_server(...) compose tout
Ce que le consommateur fournit (injecté)
- un
ContentStore(OGIC : PostgREST/Supabase ; oto/madeleine : asyncpg) —SCHEMA_SQLfourni ; - un
RoleStore(rôles scopés) ; - un
ScopeResolver(ConstantScope("ogic")en Z=1,CallableScope(current_org)en Z=N) ; - un sink de logs (table
tool_calls, cf.otomata-calllog) ; - l'auth (verifier JWT du provider) — le socle lit l'identité via un resolver injecté.
Exemple
from otomata_mcp import build_server, InMemoryContentStore, InMemoryRoleStore, ConstantScope
mcp = build_server("mon-mcp", content_store=..., role_store=..., scope_resolver=ConstantScope("acme"),
sink=my_sink, blocklist=["NomInterdit"])
example_demo.py montre tout (doctrines-tools loggées + corrélées run_id, RBAC, validation).
Dev
python -m venv .venv && . .venv/bin/activate
pip install -e ".[dev]"
pytest # tests du socle
python example_demo.py
Distribution
Publié sur PyPI (pip install otomata-mcp), modèle otomata-calllog. Le contenu est du
plumbing MCP générique — aucun secret ni donnée client.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file otomata_mcp-0.2.0.tar.gz.
File metadata
- Download URL: otomata_mcp-0.2.0.tar.gz
- Upload date:
- Size: 13.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1004b59289870855dc97dc0f970e436dbb5feedffff94e5725e22dc300283bec
|
|
| MD5 |
6f56ade223ed10d1c704856cd724f95d
|
|
| BLAKE2b-256 |
6909f1bac282c3d5c3309094a9c1e1eceb41560ded972fa5f59de8e6b3b26e49
|
File details
Details for the file otomata_mcp-0.2.0-py3-none-any.whl.
File metadata
- Download URL: otomata_mcp-0.2.0-py3-none-any.whl
- Upload date:
- Size: 16.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6e49442a2aeac67e4135a7823090583948bd99253f69e7de7aa5330cc8c903d1
|
|
| MD5 |
46a4643a9394cf95ff0d16e03b30afda
|
|
| BLAKE2b-256 |
c693aa5ca8f6285e0e6d87c3f4a0bd252aadfb2387e1d35c7a5489d8f4dc233d
|