Agent Diagnostic
- Reviewed the granular MCP policy examples added with #1865.
- Compared the listed methods with the MCP initialization lifecycle.
- A client first sends
initialize, receives the server response, then sends notifications/initialized before normal operation.
- The current granular examples allow selected
tools/call methods. They omit initialize and notifications/initialized, so a conforming client cannot reach tool execution through the example policy.
tools/list is optional discovery, not a required lifecycle message.
Description
Actual behavior: A reader can copy the granular policy example and create a policy that allows selected tools/call requests but blocks the preceding initialize request and notifications/initialized notification.
Expected behavior: The documentation should contain one complete minimal policy for the supported MCP revision. It should explain the required initialize request, server result, and notifications/initialized transition in plain language. The policy must permit the client messages needed to reach the active phase and one intended application operation.
Reproduction Steps
- Copy the granular MCP policy example from the policy documentation.
- Start a conforming MCP client through that endpoint.
- Observe that
initialize has no matching allow rule.
- Add an
initialize allow rule and observe that notifications/initialized still has no matching allow rule.
Environment
Agent-First Checklist
Agent Diagnostic
initialize, receives the server response, then sendsnotifications/initializedbefore normal operation.tools/callmethods. They omitinitializeandnotifications/initialized, so a conforming client cannot reach tool execution through the example policy.tools/listis optional discovery, not a required lifecycle message.Description
Actual behavior: A reader can copy the granular policy example and create a policy that allows selected
tools/callrequests but blocks the precedinginitializerequest andnotifications/initializednotification.Expected behavior: The documentation should contain one complete minimal policy for the supported MCP revision. It should explain the required initialize request, server result, and
notifications/initializedtransition in plain language. The policy must permit the client messages needed to reach the active phase and one intended application operation.Reproduction Steps
initializehas no matching allow rule.initializeallow rule and observe thatnotifications/initializedstill has no matching allow rule.Environment
f27ff1507cbacbeead144f43e96a0339be49543d, which contains the documentation introduced with PR feat(l7): add JSON-RPC and MCP policy enforcement #18652025-11-25Agent-First Checklist
debug-openshell-cluster,debug-inference,openshell-cli)