Register an MCP tool
POST
/v1/mcp/tools
const url = 'http://localhost:8693/v1/mcp/tools';const options = { method: 'POST', headers: {'Content-Type': 'application/json'}, body: '{"tool_id":"example","name":"example","resource_uri":"example","required_capabilities":["example"],"max_blast_radius":"example","requires_execution":true,"allowed_operations":["example"],"allowed_targets":["example"]}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url http://localhost:8693/v1/mcp/tools \ --header 'Content-Type: application/json' \ --data '{ "tool_id": "example", "name": "example", "resource_uri": "example", "required_capabilities": [ "example" ], "max_blast_radius": "example", "requires_execution": true, "allowed_operations": [ "example" ], "allowed_targets": [ "example" ] }'Register a tool with its security requirements (capabilities, blast radius, execution binding).
Request Body required
Section titled “Request Body required ” Media type application/json
object
tool_id
required
Unique identifier for the tool
string
name
required
Human-readable name
string
resource_uri
RFC 8707 resource indicator. Token aud must match this.
string
required_capabilities
Capabilities the token must include
Array<string>
max_blast_radius
Maximum blast radius scope (e.g., “namespace:analytics”)
string
requires_execution
Whether execution binding checks (exec_act, inp_hash, target) are enforced
boolean
allowed_operations
Valid exec_act values (when requires_execution is true)
Array<string>
allowed_targets
Valid target URIs (when requires_execution is true)
Array<string>
Example generated
{ "tool_id": "example", "name": "example", "resource_uri": "example", "required_capabilities": [ "example" ], "max_blast_radius": "example", "requires_execution": true, "allowed_operations": [ "example" ], "allowed_targets": [ "example" ]}Responses
Section titled “ Responses ”Tool registered