Skip to content

feat: add MCP tool annotations for human-in-the-loop safety#4

Merged
notque merged 1 commit into
mainfrom
feat/tool-annotations
May 7, 2026
Merged

feat: add MCP tool annotations for human-in-the-loop safety#4
notque merged 1 commit into
mainfrom
feat/tool-annotations

Conversation

@notque
Copy link
Copy Markdown
Owner

@notque notque commented May 7, 2026

Summary

  • All 54 tools now declare intent via MCP protocol tool annotations
  • 51 read-only tools: ReadOnlyHint=true — clients may auto-approve
  • 3 destructive tools: DestructiveHint=true — clients prompt for confirmation
  • README updated with three-layer safety architecture documentation

Why

When MCP_READ_ONLY=false enables destructive tools, the MCP client (Claude Code, Cursor) will still enforce a human confirmation dialog before executing. The server declares, the client enforces.

Test plan

  • make build-all — compiles cleanly
  • go test ./... — all tests pass
  • make run-golangci-lint — 0 issues
  • Annotations are protocol-level metadata (no behavioral change to existing tools)

@notque
feat: add MCP tool annotations for human-in-the-loop safety
9728b7c 
All 54 tools now declare their intent via MCP protocol annotations:
- 51 read-only tools: ReadOnlyHint=true (clients may auto-approve)
- 3 destructive tools: DestructiveHint=true (clients prompt user)

This enables MCP clients (Claude Code, Cursor) to enforce confirmation
dialogs before executing server actions or credential mutations, even
when MCP_READ_ONLY=false allows the tools to be registered.

Also updates README Security section to document the three-layer safety
architecture: read-only mode + tool annotations + credential isolation.
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 7, 2026

Merging this branch will not change overall coverage

Impacted Packages Coverage Δ 🤖
github.com/notque/openstack-mcp-server/internal/tools/archer 11.43% (ø)
github.com/notque/openstack-mcp-server/internal/tools/barbican 11.11% (ø)
github.com/notque/openstack-mcp-server/internal/tools/castellum 9.52% (ø)
github.com/notque/openstack-mcp-server/internal/tools/cinder 11.43% (ø)
github.com/notque/openstack-mcp-server/internal/tools/cronus 14.29% (ø)
github.com/notque/openstack-mcp-server/internal/tools/designate 10.34% (ø)
github.com/notque/openstack-mcp-server/internal/tools/glance 9.30% (ø)
github.com/notque/openstack-mcp-server/internal/tools/hermes 8.57% (ø)
github.com/notque/openstack-mcp-server/internal/tools/ironic 10.00% (ø)
github.com/notque/openstack-mcp-server/internal/tools/keppel 12.24% (ø)
github.com/notque/openstack-mcp-server/internal/tools/keystone 9.48% (ø)
github.com/notque/openstack-mcp-server/internal/tools/limes 10.91% (ø)
github.com/notque/openstack-mcp-server/internal/tools/maia 12.00% (ø)
github.com/notque/openstack-mcp-server/internal/tools/manila 9.52% (ø)
github.com/notque/openstack-mcp-server/internal/tools/neutron 10.00% (ø)
github.com/notque/openstack-mcp-server/internal/tools/nova 10.59% (ø)
github.com/notque/openstack-mcp-server/internal/tools/octavia 8.08% (ø)
github.com/notque/openstack-mcp-server/internal/tools/swift 8.82% (ø)
Coverage by file

Changed files (no unit tests)

Changed File Coverage Δ Total Covered Missed 🤖
github.com/notque/openstack-mcp-server/internal/tools/archer/archer.go 11.43% (ø) 70 8 62
github.com/notque/openstack-mcp-server/internal/tools/barbican/barbican.go 11.11% (ø) 36 4 32
github.com/notque/openstack-mcp-server/internal/tools/castellum/castellum.go 9.52% (ø) 63 6 57
github.com/notque/openstack-mcp-server/internal/tools/cinder/cinder.go 11.43% (ø) 35 4 31
github.com/notque/openstack-mcp-server/internal/tools/cronus/cronus.go 14.29% (ø) 28 4 24
github.com/notque/openstack-mcp-server/internal/tools/designate/designate.go 10.34% (ø) 58 6 52
github.com/notque/openstack-mcp-server/internal/tools/glance/glance.go 9.30% (ø) 43 4 39
github.com/notque/openstack-mcp-server/internal/tools/hermes/hermes.go 8.57% (ø) 70 6 64
github.com/notque/openstack-mcp-server/internal/tools/ironic/ironic.go 10.00% (ø) 40 4 36
github.com/notque/openstack-mcp-server/internal/tools/keppel/keppel.go 12.24% (ø) 49 6 43
github.com/notque/openstack-mcp-server/internal/tools/keystone/keystone.go 9.48% (ø) 116 11 105
github.com/notque/openstack-mcp-server/internal/tools/limes/limes.go 10.91% (ø) 55 6 49
github.com/notque/openstack-mcp-server/internal/tools/maia/maia.go 12.00% (ø) 50 6 44
github.com/notque/openstack-mcp-server/internal/tools/manila/manila.go 9.52% (ø) 42 4 38
github.com/notque/openstack-mcp-server/internal/tools/neutron/neutron.go 10.00% (ø) 80 8 72
github.com/notque/openstack-mcp-server/internal/tools/nova/nova.go 10.59% (ø) 85 9 76
github.com/notque/openstack-mcp-server/internal/tools/octavia/octavia.go 8.08% (ø) 99 8 91
github.com/notque/openstack-mcp-server/internal/tools/swift/swift.go 8.82% (ø) 68 6 62

Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code.

@notque notque merged commit 832d689 into main May 7, 2026
3 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@notque