Skip to content

Commit d1dfefa

Browse files
Merge pull request #68 from engineeredsoftware/v33/gate-3-mcp-api-tool-registry-contracts
V33 Gate 3: MCP API Tool Registry Contracts
2 parents 5424a7c + 8c2512d commit d1dfefa

20 files changed

Lines changed: 1618 additions & 79 deletions

.bitcode/v33-interface-contract-catalog.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -222,7 +222,7 @@
222222
]
223223
},
224224
{
225-
"digest": "sha256:c8df35e424491484dcd72b26044ed53cef54c30d35d40dd089ea4e25bd6e4bda",
225+
"digest": "sha256:43b65036a542f5a329aec530008d3faabf404f7e9cd4082b69e59aa49bd6495c",
226226
"relativePath": "packages/btd/src/index.ts",
227227
"requiredTokens": [
228228
{
@@ -232,7 +232,7 @@
232232
]
233233
},
234234
{
235-
"digest": "sha256:ba4069d85192fa7b62a3c393baf5a2ebd38f9a661b19f81a01793cd09414852c",
235+
"digest": "sha256:7b1a6d74f640a1a5d263f6863b7ed12c5bb1a12c45dd1ade2f5b9a878d3ae2d2",
236236
"relativePath": "BITCODE_SPEC_V33.md",
237237
"requiredTokens": [
238238
{
Lines changed: 252 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,252 @@
1+
{
2+
"artifactId": "v33-mcp-api-tool-contracts",
3+
"closureCommand": "pnpm run check:v33-gate3",
4+
"contracts": [
5+
{
6+
"authPolicyId": "interface.authorization.pipeline-permission",
7+
"category": "pipelines",
8+
"contractRoot": "v33-mcp-api-tool-contract:d37acb48606663faf222a539",
9+
"deniedStates": [
10+
"MISSING_API_KEY",
11+
"INSUFFICIENT_PERMISSIONS",
12+
"PROVIDER_BINDING_REQUIRED",
13+
"SCHEMA_VALIDATION_FAILED",
14+
"RATE_LIMITED",
15+
"UNKNOWN_TOOL"
16+
],
17+
"examples": [
18+
{
19+
"exampleId": "mcp-asset-pack-create-success-queued",
20+
"fixturePath": "packages/executions-mcp/src/mcp-server/src/__tests__/unit/pipeline-ingress-contract.test.ts",
21+
"posture": "success_queued"
22+
},
23+
{
24+
"exampleId": "mcp-asset-pack-create-denied-permission",
25+
"fixturePath": "packages/executions-mcp/src/mcp-server/src/__tests__/unit/pipeline-ingress-contract.test.ts",
26+
"posture": "denied_permission"
27+
},
28+
{
29+
"exampleId": "mcp-asset-pack-create-denied-auth",
30+
"fixturePath": "packages/executions-mcp/src/mcp-server/src/__tests__/unit/auth.test.ts",
31+
"posture": "denied_auth"
32+
},
33+
{
34+
"exampleId": "mcp-asset-pack-create-denied-provider-binding",
35+
"fixturePath": "packages/executions-mcp/src/mcp-server/src/__tests__/unit/pipeline-ingress-contract.test.ts",
36+
"posture": "denied_provider_binding"
37+
}
38+
],
39+
"inputSchemaId": "bitcode.mcp.assetPackCreate.input.v1",
40+
"outputSchemaId": "bitcode.mcp.assetPackCreate.output.v1",
41+
"proofRootFields": [
42+
"toolId",
43+
"inputSchemaId",
44+
"outputSchemaId",
45+
"authPolicyId",
46+
"requestRoot",
47+
"responseRoot",
48+
"writeAdmission"
49+
],
50+
"protectedSourcePolicy": "source-safe-preview-and-metadata-before-settlement",
51+
"requestRootFields": [
52+
"task",
53+
"repository",
54+
"attachments",
55+
"connections",
56+
"subtype",
57+
"streaming"
58+
],
59+
"requiredPermissions": [
60+
"pipelines.create"
61+
],
62+
"responseRootFields": [
63+
"runId",
64+
"assetPackEvidenceId",
65+
"status",
66+
"interfaceSurface",
67+
"writeAdmission",
68+
"outputMeaning",
69+
"monitoringUrl"
70+
],
71+
"sourceSafetyClass": "protected-source-locked",
72+
"toolId": "bitcode://pipelines/asset-pack/create",
73+
"validationCommands": [
74+
"pnpm --filter @bitcode/btd test -- --runTestsByPath __tests__/mcp-tool-contract.test.ts",
75+
"pnpm --dir packages/executions-mcp/src/mcp-server run test:mcp -- --runTestsByPath src/__tests__/unit/mcp-tool-contract.test.ts src/__tests__/unit/pipeline-ingress-contract.test.ts --runInBand"
76+
]
77+
}
78+
],
79+
"coverage": {
80+
"credentialsSerialized": false,
81+
"deniedStateCoverage": true,
82+
"missingToolIds": [],
83+
"observedToolIds": [
84+
"bitcode://pipelines/asset-pack/create"
85+
],
86+
"proofRootCoverage": true,
87+
"protectedSourceVisible": false,
88+
"toolDiscoveryPackageDerived": true
89+
},
90+
"currentTarget": "V32",
91+
"generatedAt": "2026-05-22T00:00:00.000Z",
92+
"passed": true,
93+
"requiredDeniedStates": [
94+
"MISSING_API_KEY",
95+
"INSUFFICIENT_PERMISSIONS",
96+
"PROVIDER_BINDING_REQUIRED",
97+
"SCHEMA_VALIDATION_FAILED",
98+
"RATE_LIMITED",
99+
"UNKNOWN_TOOL"
100+
],
101+
"requiredProofRootFields": [
102+
"toolId",
103+
"inputSchemaId",
104+
"outputSchemaId",
105+
"authPolicyId",
106+
"requestRoot",
107+
"responseRoot",
108+
"writeAdmission"
109+
],
110+
"requiredToolIds": [
111+
"bitcode://pipelines/asset-pack/create"
112+
],
113+
"schemaId": "bitcode.v33.mcpApiToolContracts.v1",
114+
"sharedFixtureFiles": [
115+
"packages/btd/src/mcp-tool-contract.ts",
116+
"packages/btd/src/index.ts",
117+
"packages/executions-mcp/src/mcp-server/src/tools/pipeline-tools.ts",
118+
"packages/executions-mcp/src/mcp-server/src/types/index.ts",
119+
"packages/executions-mcp/src/mcp-server/src/server.ts",
120+
"packages/btd/__tests__/mcp-tool-contract.test.ts",
121+
"packages/executions-mcp/src/mcp-server/src/__tests__/unit/mcp-tool-contract.test.ts",
122+
"packages/executions-mcp/src/mcp-server/src/__tests__/unit/pipeline-ingress-contract.test.ts",
123+
"packages/executions-mcp/src/mcp-server/src/__tests__/unit/auth.test.ts",
124+
"scripts/check-v33-gate3-mcp-api-tool-contracts.mjs"
125+
],
126+
"sourceEvidence": [
127+
{
128+
"digest": "sha256:ed7ff68bb55bd47afc9c538b346a3df3b4559c4278f21f5551cb00a212d98c03",
129+
"relativePath": "packages/btd/src/mcp-tool-contract.ts",
130+
"requiredTokens": [
131+
{
132+
"present": true,
133+
"token": "buildBtdMcpToolContractRegistry"
134+
},
135+
{
136+
"present": true,
137+
"token": "bitcode://pipelines/asset-pack/create"
138+
},
139+
{
140+
"present": true,
141+
"token": "SCHEMA_VALIDATION_FAILED"
142+
},
143+
{
144+
"present": true,
145+
"token": "PROVIDER_BINDING_REQUIRED"
146+
},
147+
{
148+
"present": true,
149+
"token": "source-safe-preview-and-metadata-before-settlement"
150+
}
151+
]
152+
},
153+
{
154+
"digest": "sha256:7ebd19411892562e1dacc38ba2187bd56ef62e95be89c0b9419d85b70331ae7e",
155+
"relativePath": "packages/executions-mcp/src/mcp-server/src/tools/pipeline-tools.ts",
156+
"requiredTokens": [
157+
{
158+
"present": true,
159+
"token": "getBtdMcpToolContract"
160+
},
161+
{
162+
"present": true,
163+
"token": "assetPackCreateContract.toolId"
164+
},
165+
{
166+
"present": true,
167+
"token": "assetPackCreateContract.description"
168+
},
169+
{
170+
"present": true,
171+
"token": "AssetPackPipelineToolSchema"
172+
}
173+
]
174+
},
175+
{
176+
"digest": "sha256:7780b32086b7ae3f6bbd10b98b2b69e16b0fa7e7547076725723182111e03dec",
177+
"relativePath": "packages/executions-mcp/src/mcp-server/src/types/index.ts",
178+
"requiredTokens": [
179+
{
180+
"present": true,
181+
"token": "AssetPackPipelineToolSchema"
182+
},
183+
{
184+
"present": true,
185+
"token": "PipelineNameValues"
186+
},
187+
{
188+
"present": true,
189+
"token": "PipelineConnectionInputSchema"
190+
}
191+
]
192+
}
193+
],
194+
"sourceSafetyVerdict": "source-safe-mcp-api-tool-contract-metadata",
195+
"testEvidence": [
196+
{
197+
"digest": "sha256:27ef7ecf25bdbcb8420466d898b28b5808ef30121ae24d5378a906573607c585",
198+
"relativePath": "packages/btd/__tests__/mcp-tool-contract.test.ts",
199+
"requiredTokens": [
200+
{
201+
"present": true,
202+
"token": "publishes the package-owned AssetPack create tool contract"
203+
},
204+
{
205+
"present": true,
206+
"token": "carries proof-root fields, request roots, response roots, denied states, and examples"
207+
},
208+
{
209+
"present": true,
210+
"token": "fails closed when the required MCP tool id is missing"
211+
}
212+
]
213+
},
214+
{
215+
"digest": "sha256:b6a65ab71085aa0218109c207a5c079076aea59c4e7c531f25d51b4a1b58f428",
216+
"relativePath": "packages/executions-mcp/src/mcp-server/src/__tests__/unit/mcp-tool-contract.test.ts",
217+
"requiredTokens": [
218+
{
219+
"present": true,
220+
"token": "discovers the AssetPack create tool from the package-owned BTD contract"
221+
},
222+
{
223+
"present": true,
224+
"token": "rejects invalid MCP tool input before execution"
225+
},
226+
{
227+
"present": true,
228+
"token": "declares source-safe output fields and proof roots for MCP responses"
229+
}
230+
]
231+
},
232+
{
233+
"digest": "sha256:c09f752e418c23b85c4bb583aab39a5e36037602d10ffbcde0ca58def6343144",
234+
"relativePath": "packages/executions-mcp/src/mcp-server/src/__tests__/unit/pipeline-ingress-contract.test.ts",
235+
"requiredTokens": [
236+
{
237+
"present": true,
238+
"token": "rejects MCP pipeline writes without pipelines.create permission"
239+
},
240+
{
241+
"present": true,
242+
"token": "rejects incoherent repository/provider ingress before queueing MCP work"
243+
},
244+
{
245+
"present": true,
246+
"token": "returns asset-pack-normalized results for completed MCP writes"
247+
}
248+
]
249+
}
250+
],
251+
"version": "V33"
252+
}

.github/workflows/bitcode-gate-quality.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -131,6 +131,7 @@ jobs:
131131
node scripts/check-v32-gate10-promotion-readiness.mjs --promotion-mode --skip-branch-check
132132
node scripts/check-v33-gate1-interface-roadmap-opening.mjs --skip-branch-check
133133
node scripts/check-v33-gate2-interface-contract-catalog.mjs --skip-branch-check
134+
node scripts/check-v33-gate3-mcp-api-tool-contracts.mjs --skip-branch-check
134135
else
135136
echo "Unexpected BITCODE_SPEC.txt pointer: $POINTER" >&2
136137
exit 1
@@ -159,11 +160,13 @@ jobs:
159160
pnpm --filter @bitcode/btd test -- --runTestsByPath __tests__/v32-ledger-btd-settlement-failure-states.test.ts
160161
pnpm --filter @bitcode/btd test -- --runTestsByPath __tests__/v32-interface-contract-regression.test.ts
161162
pnpm --filter @bitcode/btd test -- --runTestsByPath __tests__/interface-contract-catalog.test.ts
163+
pnpm --filter @bitcode/btd test -- --runTestsByPath __tests__/mcp-tool-contract.test.ts
162164
pnpm --filter @bitcode/btd test -- --runTestsByPath __tests__/v32-testnet-mainnet-readiness-rehearsal.test.ts
163165
pnpm --dir packages/protocol exec node --test --test-force-exit test/v32-promotion-proof-generation.test.js
164166
pnpm --filter @bitcode/api exec jest --config jest.config.cjs --runTestsByPath src/routes/__tests__/btd-crypto.test.ts --runInBand
165167
pnpm --filter @bitcode/api exec jest --config jest.config.cjs --runTestsByPath src/routes/__tests__/auxillaries-contract.test.ts --runInBand
166168
pnpm --dir packages/executions-mcp/src/mcp-server run test:mcp -- --runTestsByPath src/__tests__/unit/auth.test.ts --runInBand
169+
pnpm --dir packages/executions-mcp/src/mcp-server run test:mcp -- --runTestsByPath src/__tests__/unit/mcp-tool-contract.test.ts src/__tests__/unit/pipeline-ingress-contract.test.ts --runInBand
167170
pnpm --dir packages/chatgptapp exec jest --runTestsByPath src/__tests__/tools.test.ts --runInBand
168171
pnpm --filter @bitcode/pipeline-hosts exec jest --config jest.config.cjs --runTestsByPath src/__tests__/asset-pack-harness.test.ts --runInBand
169172
pnpm --filter @bitcode/pipeline-asset-pack exec jest --config jest.config.cjs --passWithNoTests --forceExit

BITCODE_SPEC_V33.md

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,8 @@
77
- Current canonical/latest target: `V32`
88
- Prior canonical anchor: `BITCODE_SPEC_V32.md`
99
- Prior generated proof appendix: `BITCODE_SPEC_V32_PROVEN.md`
10-
- Generated structured artifact inventory: draft V33 specifying artifacts `.bitcode/v33-spec-family-report.json`, `.bitcode/v33-canonical-input-report.json`, and Gate 2 `.bitcode/v33-interface-contract-catalog.json`; later V33 gates may add additional source-safe interface proof artifacts
11-
- Source parity state: Gate 2 adds package-owned `InterfaceContractCatalog` source and generated proof coverage for active and deferred interface surfaces
10+
- Generated structured artifact inventory: draft V33 specifying artifacts `.bitcode/v33-spec-family-report.json`, `.bitcode/v33-canonical-input-report.json`, Gate 2 `.bitcode/v33-interface-contract-catalog.json`, and Gate 3 `.bitcode/v33-mcp-api-tool-contracts.json`; later V33 gates may add additional source-safe interface proof artifacts
11+
- Source parity state: Gate 3 adds package-owned `McpToolContract` source and generated proof coverage for MCP API tool discovery, schema, auth, denial, and proof-root contracts
1212
- Active canonical pointer during draft opening: `BITCODE_SPEC.txt` -> `V32`
1313
- Notes companion: `BITCODE_SPEC_V33_NOTES.md`
1414
- Delta companion: `BITCODE_SPEC_V33_DELTA.md`
@@ -148,6 +148,7 @@ Layer boundaries:
148148
- Ledger records and journals are source-of-truth for settlement/finality; Supabase/PostgreSQL projections must not contradict them.
149149
- Source-safe previews may expose measurements, roots, score bands, policy ids, fee quote roots, settlement posture, and denial reasons; they may not expose protected source before payment.
150150
- Interface responses may expose proof roots and repair instructions; they must not expose secrets, service-role keys, wallet private material, provider tokens, raw protected prompts, or pre-settlement AssetPack source.
151+
- MCP API tools must derive tool ids, descriptions, schema ids, proof-root fields, auth policy ids, denied states, examples, and source-safety posture from the package-owned `McpToolContract` registry, starting with `bitcode://pipelines/asset-pack/create`.
151152

152153
## V33 proof/test package API and inherited support canon
153154

@@ -175,7 +176,7 @@ V33 adds interface-facing contract objects over V32 protocol truth:
175176

176177
- `InterfaceContractCatalog`: active interface ids, owners, actions/tools/routes, schemas, source-safety classes, examples, proof roots, and compatibility status.
177178
- `InterfaceAuthorizationPolicy`: auth mode, issuer, organization/team/role requirements, wallet requirement, license requirement, protected-source policy, denial reason, and repair posture.
178-
- `McpToolContract`: MCP tool id, input schema, output schema, auth policy, source-safety class, ledger/database proof bindings, and denied-state rendering.
179+
- `McpToolContract`: MCP tool id, input schema, output schema, auth policy, source-safety class, ledger/database proof bindings, denied-state rendering, proof-root field set, package-derived examples, and pre-settlement protected-source lock.
179180
- `ChatGptAppActionContract`: ChatGPT App action id, UI response family, source-safe summary, structured result schema, repair instructions, and proof-root projection.
180181
- `PublicApiRouteContract`: route id, method, schema, auth policy, idempotency, versionless path, rate/security posture, and example set.
181182
- `ReadLicenseInterfaceContract`: Read request, reviewed ReadNeed, Finding Fits admission, source-safe preview, fee quote, license posture, unpaid denial, paid unlock, and proof root.
@@ -191,7 +192,7 @@ V33 closes through ten gates:
191192

192193
1. **Gate 1: V33 Interface Roadmap And Spec Opening** opens the V33 family, makes `SPECIFICATIONS_ROADMAP.md` truthful after V32 promotion, and wires V33 Gate 1 checks.
193194
2. **Gate 2: Interface Inventory And Contract Catalog** inventories active and deferred interface surfaces and creates the package-owned `InterfaceContractCatalog`.
194-
3. **Gate 3: MCP API Tool And Registry Contracts** hardens MCP tool schemas, action discovery, policy denial, proof-root surfacing, and example replay.
195+
3. **Gate 3: MCP API Tool And Registry Contracts** hardens MCP tool schemas, action discovery, policy denial, proof-root surfacing, and example replay through `McpToolContract` and `.bitcode/v33-mcp-api-tool-contracts.json`.
195196
4. **Gate 4: ChatGPT App Action And Tool Contracts** hardens ChatGPT App action schemas, source-safe response rendering, denial readability, and examples.
196197
5. **Gate 5: Interface Authorization Policy Fail-Closed** centralizes auth, organization, wallet, read-license, rights, and protected-source policy denials.
197198
6. **Gate 6: Read License And AssetPack Rights Interface Contracts** proves source-safe preview, paid settlement, BTD rights, and delivery contracts across interfaces.
@@ -492,6 +493,11 @@ The required row ids are `terminal_handoff`, `public_api`, `mcp_api`, `chatgpt_a
492493
Each row names an owner package, action/tool/route id, schema id, auth policy id, source-safety class, example fixture path, validation command, compatibility status, failure mode, repair posture, telemetry proof hook id, and deterministic proof root.
493494
The `exchange_hook` and `conversations_hook` rows are visible as `deferred_not_admitted` rather than hidden.
494495

496+
Gate 3 `McpToolContract` rows are package-owned source-safe MCP API metadata.
497+
The required first tool id is `bitcode://pipelines/asset-pack/create`.
498+
The contract binds `bitcode.mcp.assetPackCreate.input.v1`, `bitcode.mcp.assetPackCreate.output.v1`, `interface.authorization.pipeline-permission`, `pipelines.create`, `protected-source-locked`, `source-safe-preview-and-metadata-before-settlement`, proof-root fields, request/response roots, and denied states including `SCHEMA_VALIDATION_FAILED` and `PROVIDER_BINDING_REQUIRED`.
499+
MCP discovery must consume this contract instead of repeating tool ids or descriptions locally.
500+
495501
## Appendix B. Proof family closure catalog
496502

497503
The V33 proof-family catalog is the nine-family catalog in `V33 proof-family canon`.
@@ -527,11 +533,13 @@ V33 inherits the V20 operator-quality expectation that interface-facing proof is
527533
| `.bitcode/v33-spec-family-report.json` | spec-family report builder | `check-bitcode-spec-family` | source-safe-generated-proof | draft-required |
528534
| `.bitcode/v33-canonical-input-report.json` | canonical-input report builder | `check-bitcode-canonical-inputs` | source-safe-generated-proof | draft-required |
529535
| `.bitcode/v33-interface-contract-catalog.json` | `scripts/generate-v33-interface-contract-catalog.mjs` | `check:v33-interface-contract-catalog` and `check:v33-gate2` | source-safe-interface-contract-catalog-metadata | Gate 2 required |
536+
| `.bitcode/v33-mcp-api-tool-contracts.json` | `scripts/generate-v33-mcp-api-tool-contracts.mjs` | `check:v33-mcp-api-tool-contracts` and `check:v33-gate3` | source-safe-mcp-api-tool-contract-metadata | Gate 3 required |
530537

531538
### V33 specifying generated artifacts
532539

533540
V33 starts with `.bitcode/v33-spec-family-report.json` and `.bitcode/v33-canonical-input-report.json`.
534541
Gate 2 adds `.bitcode/v33-interface-contract-catalog.json`, which serializes source-safe `InterfaceContractCatalog` metadata for `terminal_handoff`, `public_api`, `mcp_api`, `chatgpt_app`, `package_consumer`, `exchange_hook`, and `conversations_hook` with deferred hooks marked `deferred_not_admitted`.
542+
Gate 3 adds `.bitcode/v33-mcp-api-tool-contracts.json`, which serializes source-safe `McpToolContract` metadata for `bitcode://pipelines/asset-pack/create`, including schema ids, denied states, proof-root fields, examples, package-derived discovery posture, and protected-source invisibility.
535543
Later gates may add authorization policy, schema compatibility, telemetry replay, and promotion readiness artifacts.
536544

537545
### Shared generated-artifact fields

0 commit comments

Comments
 (0)