Skip to content

DL-12: MCP Server & Middleware #34

Open
Open
DL-12: MCP Server & Middleware#34
Assignees
spuentespcopilot-swe-agent
Labels
copilotHuman GM assistant (CF-*)data-layerepic-0infrastructurepriority-highreadyAll dependencies satisfied, ready to work
Milestone
EPIC 0: Data Layer Access
@spuentesp

Description

@spuentesp
spuentesp
opened on Dec 27, 2025

Category: data-layer | Epic: 0 | Priority: high

Summary

Implement the MCP server with middleware for authentication, authorization,
validation, and health monitoring. This is the central infrastructure that
exposes all data-layer tools to agents via the Model Context Protocol.

Acceptance Criteria

  • MCP server registers all tools with proper schemas
  • MCP server exposes tool list via introspection
  • Auth middleware validates caller identity
  • Auth middleware enforces AUTHORITY_MATRIX for each tool
  • Auth middleware returns 403 for unauthorized calls
  • Validation middleware validates inputs against Pydantic schemas
  • Validation middleware returns 400 for invalid inputs
  • Health endpoint returns server status and DB connectivity
  • Health endpoint includes version info
  • All tool calls are logged with caller, params, result status
  • Error responses follow consistent format
  • Unit tests achieve >= 80% coverage

Blocks

This use case blocks:

  • DL-1
  • DL-2
  • DL-3
  • DL-4
  • DL-5
  • DL-6
  • DL-7
  • DL-8
  • DL-9
  • DL-10
  • DL-11
  • DL-13
  • DL-14
  • SYS-1

Implementation

Layer: 1

Files to create:

  • packages/data-layer/tests/test_middleware/test_auth.py
  • packages/data-layer/tests/test_middleware/test_validation.py
  • packages/data-layer/tests/test_server/test_health.py
    Files to modify:
  • packages/data-layer/src/monitor_data/server.py
  • packages/data-layer/src/monitor_data/middleware/auth.py
  • packages/data-layer/src/monitor_data/middleware/validation.py

Notes:

  • MCP server is the entry point for all data-layer access
  • Authority is caller-based (CanonKeeper, Narrator, etc.)
  • Health endpoint for k8s liveness/readiness probes
  • Consider rate limiting for protection

Testing Requirements

Minimum coverage: 80%

Unit tests:

  • test_tool_registration: all tools registered
  • test_tool_introspection: list returns tool schemas
  • test_auth_valid_caller: authorized → allowed
  • test_auth_invalid_caller: unauthorized → 403
  • test_validation_valid: good input → passes
  • ... and 4 more

Integration tests:

  • test_full_call: auth → validate → execute → response
  • test_logging: calls are logged with metadata

References

Documentation:

Generated from /home/sebas/monitor2/docs/use-cases/data-layer/DL-12.yml

Metadata

Metadata

Assignees

Labels

copilotHuman GM assistant (CF-*)data-layerepic-0infrastructurepriority-highreadyAll dependencies satisfied, ready to work

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions