Skip to content

FR: Add list_roles_with_rules convenience tool (fan-out of list_roles + get_role) #2

Open
Open
FR: Add list_roles_with_rules convenience tool (fan-out of list_roles + get_role)#2
@jasikpark

Description

@jasikpark
jasikpark
opened on Apr 17, 2026

list_roles returns roles without firewall rules (API-driven, for pagination/cost). Audit workflows like /network-architect audit need rules for every role,
which currently requires N+1 calls (one list_roles then one get_role per role).

A server-side fan-out tool would make the common "give me all roles with their rules" case a single MCP call:

  @tool
  def list_roles_with_rules(
      cursor: Optional[str] = None,
      page_size: Optional[int] = None,
  ) -> dict:
      """List roles and include full firewallRules for each (N+1 fan-out)."""
      resp = list_roles(cursor=cursor, page_size=page_size)
      for role in resp["data"]:
          full = get_role(role["id"])
          role["firewallRules"] = full["firewallRules"]
      return resp

Why not just fix the skill to loop get_role: that works too (and is the right quick-fix). This is additive — a cleaner primitive for audit-style tooling so skill instructions stay terse.

Alternative naming: could mirror DN API conventions, e.g., list_roles(include_rules=True). Open to either.

Related: #1

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions