LLM provider discovery: read tools and access probe#426
Merged
Conversation
Add get_llm_providers, get_available_ai_models, get_default_llm_provider, get_llm_provider_dependencies, and validate_llm_provider_access with full SDK + MCP + CLI parity, plus the shared SDK-level GraphQL error classifier (pipefy_sdk.graphql_problem) the probe and later write gating reuse. Closes #411
adriannoes
approved these changes
Jul 17, 2026
adriannoes
left a comment
Collaborator
There was a problem hiding this comment.
Summary
Reviewed with local checkout and tests on tip 7cf1aa7d. This ships the #411 read/probe surface cleanly: five tools with SDK + MCP + CLI parity, readOnlyHint, registry/parity updates, and the shared pipefy_sdk.graphql_problem classifier ready for #415. CI is green on the tip (including the format + skill-ref allowlist fixup).
What worked well
- Full parity for the five discovery reads, with org UUID vs numeric ID called out at the tool boundary.
- Probe semantics are explicit and locked in tests: green means list/read access only; empty system list can mean feature off; partial GraphQL errors stay visible on the result.
- Live smoke matrix in the PR body covers the acceptance paths that matter, including expected rejections.
Also noted
- F3: A probe can return
ok: truewith a non-nullproblemwhen GraphQL returns partial data plus errors. That matches the locked tests and the PR contract. The success path still reads like a clean gate (MCP "confirmed", CLI exit 0), and the docs do not say a clean gate also needsproblemabsent. Worth a small docs (and maybe message) polish before #415 write gating keys off this probe: clean gate =okand noproblem; classifierkindon CLI is probe-shaped today. No need to flipokfor this PR.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
AI agent behaviors accept
providerId/systemProviderId, but the only way to discover valid IDs was the organization's AI settings in the Pipefy UI. There was also no way to list the models a vendor exposes, see which provider an owner defaults to, check what depends on a provider, or verify that a credential can read the provider surface at all — and failures on this surface came back as opaque server errors. Closes #411.Outcome
get_llm_providers(custom + Pipefy-managed system providers in one union surface, paginated,only_active),get_available_ai_models,get_default_llm_provider(generalowner_type, organization default),get_llm_provider_dependencies, and thevalidate_llm_provider_accessprobe. Registry and parity table go 157 → 162; all carryreadOnlyHint.typediscriminator (byom/system) and theirconfiguration, which the API redacts server-side — placeholders come back instead of secrets.pipefy_sdk.graphql_problemclassifies GraphQL errors into structured problems (permission denied / not found / invalid arguments / feature / runtime) withcodeandcorrelation_idcarried through. The MCP tools and the probe consume it today; CLI write gating (6. LLM provider management: write tools (BYOM) #415) reuses it next. It lives in the SDK because the existing MCP enrichment cannot be imported by the SDK/CLI.get_organizationreturns both.pipefy ai-provider list | models | default get | dependencies | validate-access;validate-accessexits 1 on a red probe.get_llm_providers; new reference docdocs/mcp/tools/llm-providers.md.Testing
uv run pytest -m "not integration"(3512 passed) + ruff + import-linter green. Exercised end-to-end against a dev org through the MCP server running this branch's code:get_llm_providerssystem+ 2byom;token/clientSecret/customHeadersall__REDACTED__; pagination block presentvalidate_llm_provider_accessok: true, both visibility flags true, note states green proves read access onlyget_llm_provider_dependencies(real provider)dependencies: [],total_count: 0get_llm_provider_dependencies(bogus id)RESOURCE_NOT_FOUND,kind: not_found, "Use 'get_llm_providers'…" appendedget_available_ai_models/get_default_llm_providerwithout provider-management rightsPERMISSION_DENIED,kind: permission_denied,correlation_idcarriedorganization_uuid'organization_uuid' must be non-empty.PERMISSION_DENIEDrather than not-foundRows 4–7 are the probe error-mapping acceptance criterion exercised live: each returns the classified problem instead of the opaque error this issue set out to eliminate.