Skip to main content
v2

MCP, Tool Orchestration, and Audit (v2)

Two tool paths

  1. ToolOrchestrationStep (direct tool mode)
  • request-driven via tool_request
  • executes one tool
  • runs POST_TOOL_EXECUTION rules
  • writes context.mcp.toolExecution.*
  1. McpToolStep (planner loop mode)
  • planner loop (CALL_TOOL/ANSWER)
  • writes context.mcp.observations[] and context.mcp.finalAnswer
  • runs POST_AGENT_MCP rules
  • writes context.mcp.lifecycle.*

Guardrail blocked branch

If planner proposes a blocked next tool:

  • mcp_status=GUARDRAIL_BLOCKED_NEXT_TOOL
  • fallback final text is written to context.mcp.finalAnswer
  • POST_AGENT_MCP rules still run
  • response is still finalized by ce_response resolution

Rule-ready MCP metadata

context.mcp.lifecycle includes:

  • phase, status, outcome, finished
  • blocked, error, errorMessage
  • lastAction, lastToolCode, lastToolGroup, lastToolArgs
  • toolExecuted

context.mcp.toolExecution includes:

  • phase, status, outcome, finished
  • error, scopeMismatch, toolExecuted
  • toolCode, toolGroup, meta, result, errorMessage

JSON_PATH examples for ce_rule.match_pattern

$[?(@.context.mcp.lifecycle.finished == true && @.context.mcp.lifecycle.outcome == 'BLOCKED')]
$[?(@.context.mcp.lifecycle.error == true)]
$[?(@.context.mcp.toolExecution.phase == 'POST_TOOL_EXECUTION' && @.context.mcp.toolExecution.status == 'SUCCESS')]
$[?(@.context.mcp.toolExecution.scopeMismatch == true)]

Audit stages to watch

Tool orchestration path:

  • TOOL_ORCHESTRATION_REQUEST
  • TOOL_ORCHESTRATION_RESULT
  • TOOL_ORCHESTRATION_ERROR

Planner MCP path:

  • MCP_PLAN_LLM_INPUT
  • MCP_PLAN_LLM_OUTPUT
  • MCP_TOOL_CALL
  • MCP_TOOL_RESULT
  • MCP_TOOL_ERROR
  • MCP_FINAL_ANSWER

Rule phases around these paths:

  • RULE_MATCH (McpToolStep) / RULE_NO_MATCH (McpToolStep)
  • RULE_MATCH (ToolOrchestrationStep PostTool) / RULE_NO_MATCH (ToolOrchestrationStep PostTool)
  • RULE_MATCH (AgentIntentResolver) / RULE_NO_MATCH (AgentIntentResolver)
  • RULE_MATCH (RulesStep) / RULE_NO_MATCH (RulesStep)

Scope enforcement

ce_mcp_tool and ce_mcp_planner are scope-validated at startup:

  • null/blank scope rows are rejected
  • intent_code must be ANY, UNKNOWN, or defined in ce_intent
  • state_code must be ANY, UNKNOWN, or present in ce_rule.state_code