Skip to content

docs: add Tool Authorization and Access Control section for MCP server #364

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Matovidlo merged 2 commits into from
Jan 26, 2026
Merged

docs: add Tool Authorization and Access Control section for MCP server #364

Matovidlo merged 2 commits into from
Jan 26, 2026

Conversation

@Matovidlo
Copy link
Contributor

@Matovidlo Matovidlo commented Jan 20, 2026
edited by devin-ai-integration bot
Loading

Jira issue(s): N/A (documentation for mcp-server PR #350)

Link to Devin run: https://app.devin.ai/sessions/4ccc6d6f64aa49a6823bf2e09c8a5091
Requested by: Martin Vasko (@Matovidlo)

Changes:

  • Add new "Tool Authorization and Access Control" section to MCP integration documentation
  • Document three HTTP headers for granular tool access control: X-Allowed-Tools, X-Disallowed-Tools, X-Read-Only-Mode
  • Explain filter behavior when multiple headers are combined
  • List all 15 read-only tools categorized by function
  • Provide use case examples for AI agent restrictions and compliance scenarios

Updates since last revision:

  • Added hyperlink from "Keboola MCP Server" to the MCP Server documentation page
  • Changed Cursor-specific documentation reference to be client-agnostic ("your MCP client's documentation")

This documentation corresponds to the new ToolAuthorizationMiddleware feature being added in keboola/mcp-server#350.

Human Review Checklist

  • Verify the read-only tools list matches the READ_ONLY_TOOLS frozenset in mcp-server PR add length to example #350
  • Confirm the filter behavior description (allowed → read-only intersection → disallowed exclusion) matches the implementation
  • Check that use case examples are clear and helpful for users
  • Verify the hyperlink /ai/mcp-server/ resolves correctly in the deployed documentation

@devin-ai-integration @Matovidlo
docs: add Tool Authorization and Access Control section for MCP server
b33ec4d 
Co-Authored-By: Martin Vasko <Matovidlo2@gmail.com>
@devin-ai-integration
Copy link
Contributor

devin-ai-integration bot commented Jan 20, 2026

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

@Matovidlo Matovidlo requested a review from Copilot January 20, 2026 08:25
Copilot AI reviewed Jan 20, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds comprehensive documentation for the new Tool Authorization and Access Control feature in the Keboola MCP Server, enabling granular control over which tools are available to clients via HTTP headers.

Changes:

  • Added "Tool Authorization and Access Control" section documenting three HTTP headers (X-Allowed-Tools, X-Disallowed-Tools, X-Read-Only-Mode) for controlling tool access
  • Documented filter application order and behavior when multiple headers are combined
  • Listed all 15 read-only tools categorized by function (Components, Flows, Storage, SQL, Data Apps, Jobs, Search, Project, Documentation)
  • Provided practical use case examples for AI agent restrictions, compliance scenarios, and combined restrictions
  • Fixed minor formatting issue at end of file (removed extra pipe character)

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@Matovidlo Matovidlo marked this pull request as ready for review January 22, 2026 15:18
Copilot AI reviewed Jan 22, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@devin-ai-integration devin-ai-integration bot mentioned this pull request Jan 26, 2026
Merged
4 tasks
jordanrburger
jordanrburger reviewed Jan 26, 2026
View reviewed changes
@devin-ai-integration @Matovidlo
docs: add hyperlink to MCP Server page and make client reference generic
274bc0e 
Co-Authored-By: Martin Vasko <Matovidlo2@gmail.com>
@Matovidlo Matovidlo merged commit 06784ef into main Jan 26, 2026
1 check passed
@Matovidlo Matovidlo deleted the devin/1768896539-mcp-tool-authorization-docs branch January 26, 2026 14:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

Copilot code review Copilot Copilot left review comments

@jordanrburger jordanrburger jordanrburger approved these changes

Assignees

@Matovidlo Matovidlo

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Matovidlo @jordanrburger