Skip to content

Granular MCP policy examples omit required initialization methods #2065

Description

@shiju-nv

Agent Diagnostic

  • Reviewed the granular MCP policy examples added with #1865.
  • Compared the listed methods with the MCP initialization lifecycle.
  • A client first sends initialize, receives the server response, then sends notifications/initialized before normal operation.
  • The current granular examples allow selected tools/call methods. They omit initialize and notifications/initialized, so a conforming client cannot reach tool execution through the example policy.
  • tools/list is optional discovery, not a required lifecycle message.

Description

Actual behavior: A reader can copy the granular policy example and create a policy that allows selected tools/call requests but blocks the preceding initialize request and notifications/initialized notification.

Expected behavior: The documentation should contain one complete minimal policy for the supported MCP revision. It should explain the required initialize request, server result, and notifications/initialized transition in plain language. The policy must permit the client messages needed to reach the active phase and one intended application operation.

Reproduction Steps

  1. Copy the granular MCP policy example from the policy documentation.
  2. Start a conforming MCP client through that endpoint.
  3. Observe that initialize has no matching allow rule.
  4. Add an initialize allow rule and observe that notifications/initialized still has no matching allow rule.

Environment

Agent-First Checklist

  • I pointed my agent at the repo and had it investigate this issue
  • I loaded relevant skills (e.g., debug-openshell-cluster, debug-inference, openshell-cli)
  • My agent could not resolve this — the diagnostic above explains why

Metadata

Metadata

Assignees

No one assigned

    Labels

    state:triage-neededOpened without agent diagnostics and needs triage

    Type

    No fields configured for Bug.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions