Skip to main content

Socle commun des serveurs MCP Otomata : doctrines en base servies en tools, runs start/stop, RBAC scopé, logging. Tout-en-tools, scope injecté (intra-entreprise ; le × Z reste à l'orchestrateur).

Project description

otomata-mcp

Socle commun des serveurs MCP Otomata (Python / FastMCP). Tout-en-tools (pas de resource ni de prompt → tout accès est loggé), scopé par entreprise.

Le socle modélise l'intra-entreprise (1 org = X groupes, Y users). Le multi-entreprise (× Z) — résolution de l'org courante, platform_admin, marketplace de doctrines — reste dans l'orchestrateur (oto / madeleine), qui injecte un scope (tenant_id) à chaque appel. Le socle ne requête jamais sans scope → pas de fuite cross-org.

Modules

otomata_mcp/
  scope.py        # Scope + ScopeResolver (ConstantScope = Z1, CallableScope = ZN)
  identity.py     # current_identity() via resolver injecté (JWT en prod)
  content/        # instructions en base, servies EN TOOLS (readme_agent / list_instructions / get_instruction / set_instruction)
                  #   model · store (Protocol + InMemory) · validate (zéro nom) · schema (DDL) · tools
  run/            # start/stop : pile de runs en session state, corrélée run_id
  rbac/           # org_admin → group_admin → member, scopé (gate des tools)
  logging.py      # middleware run-aware (réutilise le schéma otomata-calllog + run_id)
  bootstrap.py    # build_server(...) compose tout

Ce que le consommateur fournit (injecté)

  • un ContentStore (OGIC : PostgREST/Supabase ; oto/madeleine : asyncpg) — SCHEMA_SQL fourni ;
  • un RoleStore (rôles scopés) ;
  • un ScopeResolver (ConstantScope("ogic") en Z=1, CallableScope(current_org) en Z=N) ;
  • un sink de logs (table tool_calls, cf. otomata-calllog) ;
  • l'auth (verifier JWT du provider) — le socle lit l'identité via un resolver injecté.

Exemple

from otomata_mcp import build_server, InMemoryContentStore, InMemoryRoleStore, ConstantScope
mcp = build_server("mon-mcp", content_store=..., role_store=..., scope_resolver=ConstantScope("acme"),
                   sink=my_sink, blocklist=["NomInterdit"])

example_demo.py montre tout (doctrines-tools loggées + corrélées run_id, RBAC, validation).

Dev

python -m venv .venv && . .venv/bin/activate
pip install -e ".[dev]"
pytest          # tests du socle
python example_demo.py

Distribution

Publié sur PyPI (pip install otomata-mcp), modèle otomata-calllog. Le contenu est du plumbing MCP générique — aucun secret ni donnée client.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

otomata_mcp-0.3.0.tar.gz (14.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

otomata_mcp-0.3.0-py3-none-any.whl (17.8 kB view details)

Uploaded Python 3

File details

Details for the file otomata_mcp-0.3.0.tar.gz.

File metadata

  • Download URL: otomata_mcp-0.3.0.tar.gz
  • Upload date:
  • Size: 14.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.4

File hashes

Hashes for otomata_mcp-0.3.0.tar.gz
Algorithm Hash digest
SHA256 86e7e7778452eb4749b8085a1cac7cfba84f48f95827d6d893bab2d600b4aac6
MD5 6188449fd8cf280b0d0daed1b9d33607
BLAKE2b-256 acf34dd513356653bd8cc32d89aabc67ed91308189d1bb9f51c318ac3e919d3b

See more details on using hashes here.

File details

Details for the file otomata_mcp-0.3.0-py3-none-any.whl.

File metadata

  • Download URL: otomata_mcp-0.3.0-py3-none-any.whl
  • Upload date:
  • Size: 17.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.4

File hashes

Hashes for otomata_mcp-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 cd72ee4d6571df0399cb95e2af322cc4fbd3900fc91442e068e65bc767ac1dd2
MD5 d6169d3e25772224b7a3cbec69ef479c
BLAKE2b-256 03664b1355e76b4f872aab65c85f72742260e3a22e6a6dfd00063188f633e888

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page