feat(api): streamable-HTTP MCP server endpoint (/api/mcp, PAT-authed) #331
Labels
No labels
area:auth
area:ci
area:db
area:infra
area:native
area:pwa
area:service
epic
feature
foundation
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
james/carol#331
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Expose Carol's shared domain tool registry (#51) to external agent runtimes over a streamable-HTTP MCP endpoint, so a user can paste a Carol-issued PAT into Claude Code / opencode / a custom MCP client and read + write their own data. Part of epic #47; implements against ADR-0029 (agent runtime) and ADR-0030 (tool surface).
Scope
POST /api/mcp— Streamable HTTP MCP transport (JSON-RPC 2.0). PAT-authed via the existing identity reader (lib/auth/identity.tsgetAuthIdentity—Authorization: Bearer <PAT>); no valid token → 401. Mirror the auth pattern the existing/api/agent/proposals/*routes already use (not in the public-route allowlist).userIdis the only actor, threaded into theToolContextfrom#51. Tools never take auser_id(ADR-0030); scoping stays at the repository layer; a cross-user proposal commit returns 404, not 403.tools/listreturns the full registry (lib/agent/toolslistTools());tools/callexecutes a tool — read tools return data, write tools return theProposedChangeas the tool result and never mutate. Plus two meta-tools —commit_proposal(proposal_id)andreject_proposal(proposal_id)wired tocommitProposal/rejectProposal— so an external agent applies a confirmed proposal via the standard MCP tool-call confirmation flow (the client surfaces thecommit_proposalcall to the user, which is the confirmation).@modelcontextprotocol/sdk, via a Next App Router adapter) for protocol correctness — handshake, capabilities, protocol-version negotiation. A minimal spec-compliant Streamable-HTTP JSON-RPC handler (initialize/notifications/initialized/tools/list/tools/call/ping, singleapplication/jsonresponses) is an acceptable fallback if SDK/Next integration proves impractical. Either way it must be connectable by Claude Code's MCP client.Acceptance criteria
initialize→tools/list→tools/callround-trip works overPOST /api/mcp.tools/callreturns a proposal and never mutates;commit_proposal(the #51 commit path) is the only mutator and writes the audit event.Out of scope
Depends on #51 (the registry + commit path) and #50/#48 (the ADRs).