You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Parent:#7682 (5.13 Broker and MQTT (special review)) Tool file: new forge/ee/lib/mcp/tools/broker.js
destructiveHint: true. Contingent on a product decision to allow broker mutation over MCP. Neither tool mints credentials, so #7513 does not block them. One tool per delete endpoint.
The topic delete route uses a plain needsPermission('broker:topics:write') (it is not dual-gated, unlike GET/POST topics), and its path is a single :topicId param, not a wildcard.
The whole surface is gated by the enterprise license tier and the per-team teamBroker feature flag.
Scopes to allow-list + access-tag (#7445, only if writes approved): broker:topics:write (write), broker:clients:delete (write).
Tool definitions (description + zod inputSchema):
platform_delete_broker_topic: {description: 'Deletes a broker topic.',inputSchema: z.object({teamId: z.string().describe('team hashid'),brokerId: z.string().describe("broker id: either the literal 'team-broker' or a 3rd-party broker hashid"),topicId: z.string().describe('topic hashid')})},platform_delete_broker_client: {description: 'Deletes a team broker client.',inputSchema: z.object({teamId: z.string().describe('team hashid'),username: z.string().describe('Username of the broker client to delete')})}
Parent: #7682 (5.13 Broker and MQTT (special review))
Tool file: new
forge/ee/lib/mcp/tools/broker.jsdestructiveHint: true. Contingent on a product decision to allow broker mutation over MCP. Neither tool mints credentials, so #7513 does not block them. One tool per delete endpoint.platform_delete_broker_topicDELETE /teams/:teamId/brokers/:brokerId/topics/:topicIdbroker:topics:writeplatform_delete_broker_clientDELETE /teams/:teamId/broker/client/:usernamebroker:clients:deleteDesign notes:
needsPermission('broker:topics:write')(it is not dual-gated, unlike GET/POST topics), and its path is a single:topicIdparam, not a wildcard.delete_broker_client(broker:clients:delete, Owner) removes a broker client. It does not issue credentials, so it is not in the Scoped PATs - Block Broker Credential Issuance for PAT-Authenticated Requests #7513 class; it belongs with the rest of the contingent broker write/delete surface.teamBrokerfeature flag.Scopes to allow-list + access-tag (#7445, only if writes approved):
broker:topics:write(write),broker:clients:delete(write).Tool definitions (description + zod inputSchema):
Tests (only if writes approved):
destructiveHint: true.