-
Notifications
You must be signed in to change notification settings - Fork 0
Security Model
McAmner edited this page Jun 2, 2026
·
2 revisions
mq-mcp uses explicit safety metadata for each exposed tool.
Current contract source: docs/tool_contracts.json (95 tools).
35 tools.
| Tool | Resolver | Writes | Subprocess |
|---|---|---|---|
analyze_csv |
resolve_repo_file |
no | no |
detect_architecture_drift |
none |
no | no |
get_architecture_decision |
none |
no | no |
get_last_review |
resolve_repo_file |
no | no |
get_learning |
none |
no | no |
get_semantic_memory |
none |
no | no |
git_diff |
run_repo_command |
no | yes |
git_status |
run_repo_command |
no | yes |
learning_status |
none |
no | no |
list_architecture_decisions |
none |
no | no |
list_architecture_docs |
none |
no | no |
list_learnings |
none |
no | no |
list_local_repos |
none |
no | no |
list_openable_apps |
none |
no | no |
list_repo_files |
none |
no | no |
list_review_contracts |
none |
no | no |
list_review_history |
none |
no | no |
list_review_skills |
none |
no | no |
list_semantic_memory |
none |
no | no |
promote_learning |
none |
no | no |
read_repo_file |
resolve_repo_file |
no | no |
repo_signal_status |
none |
no | no |
review_architecture_doc |
resolve_repo_file |
no | no |
review_diff |
none |
no | no |
review_file |
resolve_repo_file |
no | no |
review_repo |
none |
no | no |
review_runtime_contract |
none |
no | no |
risk_review_diff |
none |
no | no |
risk_review_file |
resolve_repo_file |
no | no |
search_learnings |
none |
no | no |
search_repo |
run_repo_command |
no | yes |
search_semantic_memory |
none |
no | no |
summarize_learnings |
none |
no | no |
tool_safety_report |
none |
no | no |
validate_orchestration_contract |
none |
no | no |
15 tools.
| Tool | Resolver | Writes | Subprocess |
|---|---|---|---|
analyze_guitar_pro |
resolve_allowed_local_file |
no | no |
check_port |
none |
no | yes |
find_large_files |
none |
no | yes |
find_recent_files |
none |
no | yes |
get_battery_status |
none |
no | yes |
get_clipboard |
none |
no | no |
get_public_ip |
none |
no | no |
get_system_resources |
none |
no | no |
get_todays_events |
none |
no | yes |
get_wifi_info |
none |
no | yes |
list_running_apps |
none |
no | yes |
repo_signal_analyze |
resolve_allowed_local_file |
no | yes |
repo_signal_checklist |
resolve_allowed_local_file |
no | yes |
repo_signal_doctor_json |
resolve_allowed_local_file |
no | yes |
repo_signal_inspect |
resolve_allowed_local_file |
no | yes |
14 tools.
| Tool | Resolver | Writes | Subprocess |
|---|---|---|---|
bootstrap_learning_memory |
none |
yes | no |
bootstrap_semantic_memory |
none |
yes | no |
build_repo_context |
none |
yes | yes |
edit_image |
resolve_allowed_local_file |
yes | no |
export_symbol_index |
none |
yes | no |
extract_coding_conventions |
none |
yes | no |
learn_from_diff |
none |
yes | yes |
learn_from_review |
resolve_repo_file |
yes | no |
record_architecture_decision |
resolve_repo_file |
yes | no |
record_learning |
none |
yes | no |
set_clipboard |
none |
yes | yes |
store_semantic_memory |
none |
yes | no |
take_screenshot |
none |
yes | yes |
update_repo_file |
resolve_repo_file |
yes | no |
31 tools.
| Tool | Resolver | Writes | Subprocess |
|---|---|---|---|
create_note |
none |
no | yes |
hal_repo_report |
none |
no | yes |
lock_screen |
none |
no | yes |
open_app |
none |
no | yes |
open_chrome |
none |
no | yes |
open_finder |
none |
no | yes |
open_in_app |
resolve_allowed_local_file |
no | yes |
open_messages |
none |
no | yes |
open_repo_terminal |
none |
no | yes |
open_spotify |
none |
no | yes |
open_terminal |
none |
no | yes |
open_url |
none |
no | yes |
open_vscode |
none |
no | yes |
run_mqlaunch |
none |
no | yes |
run_mqlaunch_ask |
none |
no | yes |
run_mqlaunch_bundle |
none |
yes | yes |
run_mqlaunch_demo |
none |
no | yes |
run_mqlaunch_doctor |
none |
no | yes |
run_mqlaunch_perf |
none |
no | yes |
run_mqlaunch_release_check |
none |
no | yes |
run_mqlaunch_selftest |
none |
no | yes |
run_mqlaunch_system_check |
none |
no | yes |
run_mqlaunch_version |
none |
no | yes |
run_tests |
none |
no | yes |
set_reminder |
none |
no | yes |
set_volume |
none |
no | yes |
set_wallpaper |
none |
no | yes |
show_notification |
none |
no | yes |
speak_text |
none |
no | yes |
toggle_dark_mode |
none |
no | yes |
validate_project |
none |
no | yes |
- Repo-scoped file access must stay inside the configured repository root.
- External local file access is only valid for explicitly allowed roots.
- Write-capable tools are controlled and documented as side-effecting.
- Subprocess and app-opening tools are treated as higher-risk operations.
- Generated metadata is the source of truth for tool count, write behavior, subprocess behavior, and resolver mapping.