feat: write safety architecture + complete API coverage (86 tools)#12
Merged
feat: write safety architecture + complete API coverage (86 tools)#12
Conversation
Implements the AWS IAM-inspired "confirmed" parameter pattern: - BoolParam() extracts boolean parameters from MCP requests - RequireConfirmation() returns a preview when confirmed=false, or nil when confirmed=true (allowing execution to proceed) This enables two-call write safety: first call shows what will happen, second call with confirmed=true actually executes the operation.
Implement 14 write tools with best-in-class safety patterns: - Two-call confirmed pattern (preview on first call, execute on confirmed=true) - Semantic validation guardrails (reject 0.0.0.0/0 on SSH/DB ports, prevent deletion of in-use volumes, CNAME singleton enforcement) - ReadOnly gating via MCP_READ_ONLY env var hides all write tools - WithDestructiveHintAnnotation for MCP client awareness New write tools: - cinder_create_volume, cinder_delete_volume - designate_create_recordset, designate_delete_recordset - neutron_create_security_group_rule, neutron_delete_security_group_rule - nova_create_server - swift_upload_object (with safe_write If-None-Match:*), swift_delete_object - octavia_create_loadbalancer, octavia_delete_loadbalancer (with cascade) - keystone_create/delete_application_credential (now with confirmed pattern) New read tools for API coverage: - keystone_list_domains, keystone_list_users, keystone_list_roles - nova_get_quotas, nova_list_availability_zones - cinder_get_quotas - octavia_list_l7policies - manila_list_share_networks - ironic_list_allocations Total: 86 tools across 18 services (72 read + 14 write).
- Update tool count from 66 to 86 (72 read + 14 write) - Document four-layer safety architecture - Add confirmed two-call pattern documentation - Document semantic guardrails per service - List all 14 write tools in security section - Add write operation example prompts - Update service tables with new tools
…istency Review loop 1 fixes: Security guardrails (neutron): - Block all-ports-open rules (no port range + 0.0.0.0/0) - Block ::/0 (IPv6 equivalent of world-open) - Check if any dangerous port falls within specified port range (e.g., port_range_min=20, port_range_max=25 now caught for port 22) Confirmation pattern consistency: - nova_server_action: add confirmed parameter and RequireConfirmation - octavia delete_loadbalancer: always fetch LB (verify state on both paths) - swift delete_object: always fetch metadata (verify existence on both paths) Null vs empty array: - New pagination handlers use make([]map[string]any, 0) to return [] instead of null when no results match filters
Merging this branch changes the coverage (6 decrease, 4 increase)
Coverage by fileChanged files (no unit tests)
Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code. Changed unit test files
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Write Safety Architecture
All write tools implement a four-layer safety model:
MCP_READ_ONLY=truedefault) — write tools are not registered, invisible to the LLMconfirmed=trueexecutesNew Write Tools
create_volume,delete_volumein-usestatuscreate_recordset,delete_recordsetcreate_security_group_rule,delete_security_group_rulecreate_serverupload_object,delete_objectsafe_writeuses If-None-Match:*create_loadbalancer,delete_loadbalancercreate/delete_application_credentialNew Read Tools
keystone_list_domains,keystone_list_users,keystone_list_rolesnova_get_quotas,nova_list_availability_zonescinder_get_quotasoctavia_list_l7policiesmanila_list_share_networksironic_list_allocationsTest plan
go build ./...— compiles cleango test ./...— all tests passgolangci-lint run ./...— 0 issuesMCP_READ_ONLY=truehides all write toolsMCP_READ_ONLY=falseshows write toolsconfirmed=truereturns previewconfirmed=trueexecutes operation