Summary

Added authorization checking to the mcp tools to prevent users from accessing functionality or data they would not have access to through the web interface.

Details

• Fixed: The role permission interface for instance management actually showed and changed the permission for instance viewing
• Removed the example prompts and resources since they are not used and are also not really doing anything useful yet
• added permission checking to all available mcp tools to ensure that users cannot do things they would not be able to do through the web interface
  • added new tool that lists the tools that can actually be used by the user given the space settings and the users permissions
    • xmcp currently does not seem to allow toggling which tools are advertised at run time so we cannot deactivate tools based on env variables
  • if an LLM tries to access a tool that the user cannot use it will get an error message