feat(rbac): add data_source and mcp_tool OpenFGA types + BFF list filter#1575
Closed
sriaradhyula wants to merge 2 commits into
Closed
Conversation
PR 4 of the 2026-05-27 fine-grained KB ReBAC plan. Introduces two new per-resource OpenFGA types so per-KB ingest and per-tool invoke can be granted independently of `knowledge_base:<id>` reads. OpenFGA model - `deploy/openfga/model.fga` adds `type data_source` and `type mcp_tool` with the same shared-teams relation set as `knowledge_base` (`team#member reader`, `team#admin manager`). Both expose `manager: [..., organization#admin]` so org admins are an explicit model edge, not just a runtime bypass. - `mcp_tool` additionally exposes `user` and `caller` relations so team members get `can_call` (mirrors how `mcp_server` invokers are modelled). - `knowledge_base#manager` also gains `organization#admin` for parity. - `deploy/openfga/init/authorization-model.json` regenerated. Reconcilers - `buildDataSourceRelationshipTupleDiff` and `buildMcpToolRelationshipTupleDiff` (with their `reconcileDataSourceRelationships` / `reconcileMcpToolRelationships` wrappers) mirror the shared-teams diff that PR 3 added for KBs. - The shared helper `buildOwnedResourceWithSharedTeamsDiff` factors the diff logic for `knowledge_base`, `data_source`, and `mcp_tool`. BFF integration - `/api/rag/[...path]` writes `mcp_tool:<tool_id>` tuples on a successful `PUT /v1/mcp/custom-tools/<tool_id>` (owner subject + owner team slug from the request body). Owner-team writes are gated by `team:<slug>#can_use`. - `GET /v1/mcp/custom-tools` responses are filtered by `mcp_tool:<id>#can_read`. Org admins bypass via PR 1's super-grant. Migrations - `data_source_grants_backfill_v1` — strictly additive, mirrors every existing `knowledge_base:<id>` tuple as a parallel `data_source:<id>` tuple so day-zero KB readers stay data-source readers. - `mcp_tool_grants_backfill_v1` — walks Mongo `team_rag_tools` and writes the canonical `reader` + `user` (member) and `manager` (admin) tuples for every team-owned tool. - `schema-area-classifications.ts` adds `openfga_tuples` so `registry-guardrails.test.ts` keeps passing. Docs - RBAC architecture / file-map / pdp-coverage-audit updated to describe the new types, BFF integration, and backfill migrations. Tests - `openfga-data-source-mcp-tool.test.ts` exercises the new reconcilers. - `mcp-tool-list-filter.test.ts` exercises the BFF list filter. - `agent-organization-inheritance.test.ts` covers both backfill migrations. Assisted-by: Claude:claude-opus-4-7 Signed-off-by: Sri Aradhyula <sraradhy@cisco.com> Co-authored-by: Cursor <cursoragent@cursor.com>
Contributor
🧪 CAIPE UI Test Results✅ All tests passed 🟠 Overall Coverage: 55%
📊 Detailed Coverage
✅ Test Suites
📈 Coverage Thresholds
|
4 tasks
Prebuild Artifacts for `1c84079` (archived)Prebuild Artifacts for
|
| Artifact | Image | Tag | Status | CI |
|---|---|---|---|---|
| caipe-ui | - | - | Failed | CI |
These prebuild artifacts will be automatically cleaned up when the PR is closed or merged.
Two follow-on fixes for the new types introduced in this PR that were missing from the original commit: - `ui/src/types/rbac-universal.ts` now lists `data_source` and `mcp_tool` in `UniversalRebacResourceType`. Without this, callers that pass these types through the universal RBAC helpers (`reconcileTeamResourceTuples`, `requireResourcePermission`, etc.) hit a TS-level "type 'data_source' is not assignable to UniversalRebacResourceType" error. - `ui/src/app/api/__tests__/rag-rbac.test.ts` now mocks `reconcileDataSourceRelationships` and `reconcileMcpToolRelationships` in the `@/lib/rbac/openfga-owned-resources` jest factory. Without these mocks the BFF tests pull in the real reconcilers and start hitting the production OpenFGA client. Assisted-by: Claude:claude-opus-4-7 Signed-off-by: Sri Aradhyula <sraradhy@cisco.com> Co-authored-by: Cursor <cursoragent@cursor.com>
Prebuild Artifacts for
|
| Artifact | Image | Tag | Status | CI |
|---|---|---|---|---|
| caipe-ui | ghcr.io/cnoe-io/prebuild/caipe-ui |
feat-rbac-data-source-mcp-tool-types-3 |
Published | CI |
Docker pull commands
docker pull ghcr.io/cnoe-io/prebuild/caipe-ui:feat-rbac-data-source-mcp-tool-types-3These prebuild artifacts will be automatically cleaned up when the PR is closed or merged.
7 tasks
Member
Author
|
Superseded by collapsed replacement PR #1584. |
github-project-automation
Bot
moved this to Done
in CAIPE (AI Platform Engineering) Project Backlog
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
PR 4 of the 2026-05-27 fine-grained KB ReBAC plan (see
docs/docs/specs/2026-05-27-fine-grained-rbac-for-withauth-routes/plan.md).Introduces two new per-resource OpenFGA types so per-KB ingest and per-tool invoke can be granted independently of
knowledge_base:<id>reads.OpenFGA model
deploy/openfga/model.fgaadds:Both expose
manager: [..., organization#admin]so org admins are an explicit edge on the model (not just a runtime bypass).mcp_tooladditionally exposesuserandcallerrelations so team members getcan_call.knowledge_base#manageralso gainsorganization#adminfor parity.Reconcilers
buildDataSourceRelationshipTupleDiffandbuildMcpToolRelationshipTupleDiffmirror the shared-teams diff that PR 3 added for KBs. A shared helperbuildOwnedResourceWithSharedTeamsDiffnow factors the diff logic forknowledge_base,data_source, andmcp_tool.BFF integration
PUT /v1/mcp/custom-tools/<tool_id>(proxied via/api/rag/[...path]) writesmcp_tool:<tool_id>tuples after a 2xx response from the RAG server. Owner-team writes are gated byteam:<slug>#can_use.GET /v1/mcp/custom-toolsresponses are filtered bymcp_tool:<id>#can_read. Org admins bypass via PR 1's super-grant.Backfill migrations
data_source_grants_backfill_v1— strictly additive, mirrors every existingknowledge_base:<id>tuple as a paralleldata_source:<id>tuple so day-zero KB readers stay data-source readers.mcp_tool_grants_backfill_v1— walks Mongoteam_rag_toolsand writes the canonicalreader+user(member) andmanager(admin) tuples for every team-owned tool.Guardrails
schema-area-classifications.tsaddsopenfga_tuplessoregistry-guardrails.test.tskeeps passing.Stacked on
This PR is stacked on:
Base branch is
prebuild/feat/rbac-kb-share-with-teams. Merge order: 1 → 2 → 3 → 4.Test plan
npx jest --testPathPatterns "openfga-data-source-mcp-tool|agent-organization-inheritance|mcp-tool-list-filter|registry-guardrails"— 33 passed.npx eslinton all changed files — 0 errors.data_source_grants_backfill_v1andmcp_tool_grants_backfill_v1in dry-run, compare planned tuples to existing KB grants andteam_rag_toolsrows.Assisted-by: Claude:claude-opus-4-7