Skip to content

MCP Track B Phase B4: add guarded personal chat write tool #1019

Description

@Bionic711

Summary

Add send_personal_chat_message to the inbound SimpleChat MCP server only after read-only personal tools, auth, governance, telemetry, and tests are stable.

Scope

  • Add send_personal_chat_message as a personal-scope-only inbound MCP tool.
  • Require a valid delegated user identity.
  • Validate conversation ownership/access when conversation_id is supplied.
  • Define behavior for new-conversation creation.
  • Preserve content safety behavior.
  • Preserve model invocation and token/cost logging.
  • Add rate limits and abuse protections.
  • Bound response size.
  • Add audit events that identify caller app, user, tool, conversation, and success/failure without logging message secrets.

Acceptance Criteria

  • Tool is disabled unless explicitly allowed by inbound MCP governance.
  • Tool cannot target group/public/all-scope contexts.
  • Existing conversation writes require ownership or valid access.
  • New conversation creation behavior is explicit and tested.
  • Content safety and model logging behavior is preserved.
  • Rate limits and bounded responses are enforced.
  • Tests cover new conversation creation, existing conversation ownership validation, rejection for inaccessible conversations, rate-limit behavior, bounded response behavior, and audit logging redaction.

Notes

Parent: #1013
Depends on the inbound auth/governance foundation and read-only personal tools issues.
Planning doc: docs/explanation/features/MCP_PLUGIN_ROBUSTNESS_PLAN.md
Priority: P1
Size: L

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requestsecurity_improvementThis issue results in an improvement to security

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
Pending Evaluation

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions