Expose framework primitives via API gateway and MCP with auth control#2925
Merged
Conversation
Add registry, store, and broker as both HTTP routes and MCP tools
so AI agents and HTTP clients can inspect and operate the framework.
API gateway (/micro/* namespace):
GET /micro/registry List registered services
GET /micro/registry/{name} Describe a service
GET /micro/store List store keys
GET /micro/store/{key} Read a record
POST /micro/store/{key} Write a record
POST /micro/broker/{topic} Publish a message
MCP gateway (micro_* tool prefix):
micro_registry_list List services
micro_registry_get Describe a service
micro_store_list List keys
micro_store_read Read a record
micro_store_write Write a record
micro_broker_publish Publish a message
Framework tools use a Handler field on the MCP Tool struct for
direct dispatch (no RPC). Service tools continue to use RPC.
Rate limiters and circuit breakers are applied to framework
tools the same as service tools.
Framework primitives (registry, broker, store) are now only
exposed when explicitly enabled:
API gateway: micro api --internal
MCP gateway: Options{Internal: true}
Off by default — user services are always exposed, framework
internals require the flag. Banner output only shows framework
routes when enabled.
Revert the --internal flag approach. Framework primitives (registry, broker, store) are now always exposed: - micro api: /micro/* routes always available (dev tool) - MCP gateway: micro_* tools always registered. When Auth is configured (production), they require micro:admin scope. Without Auth (dev), they're open — same as all other tools. This follows the existing pattern: micro run/api = dev (open), micro server = production (auth + scopes). Framework internals follow the same security model as user services. Remove the Internal option from MCP Options. Remove --internal flag from micro api. Note: scope persistence depends on the store backend. The default in-memory store does not survive restarts. Use MICRO_STORE=file for persistent scopes in production.
When the default admin account is deleted via the dashboard, set a marker key (auth/.admin-deleted) in the store. On startup, skip admin creation if the marker exists. This prevents the default admin/micro credentials from reappearing after restart when the user has intentionally removed them.
Agent playground: - Add setup hint in empty state explaining how to get started (click Settings, enter API key, type a prompt) - Hide hint automatically when API key is already configured - Add all 7 providers to dropdown (was only OpenAI + Anthropic) - Include CLI fallback suggestion (micro chat) Docs: - Fix .md links to .html across all doc pages — Jekyll serves .html files, not .md. Fixes 404s including the micro run guide.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.