Expand description
tsafe-mcp — library entry point exposed for the tsafe meta-crate.
Per ADR-006, this crate ships a separately published companion binary that
mirrors the publish topology of tsafe-agent. The library entry point
run is called both from the standalone tsafe-mcp binary
(src/main.rs) and from the meta-crate shim
(crates/tsafe/src/bin/tsafe_mcp.rs).
The runtime exposes four subcommands per design §5.2:
tsafe-mcp serve [...]— stdio JSON-RPC server (default subcommand)tsafe-mcp install <host> [...]— write per-host MCP configtsafe-mcp uninstall <host> [...]— remove the entrytsafe-mcp status— print binary version + resolved scope
All other doctrine: thin-MCP stance, ADR-003 agent IPC reuse, ADR-005 module
layout. See docs/architecture/ADR-006-mcp-server.md and
docs/architecture/mcp-server-design.md.
Modules§
- audit
- mcp-flavored AuditEntry construction helpers built on
tsafe_core::audit. - backend
- Vault unlock helper — calls
tsafe_core::agent::request_password_from_agentand opens the vault read-only for the bound profile. - errors
- JSON-RPC error code table and
McpErrorenum. - install
tsafe-mcp install <host>dispatch — routes to per-host writer modules.- server
TsafeMcpServer— the rmcp 1.7ServerHandlerthat exposes tsafe’s tool surface over a spec-compliant MCP 2025-06-18 stdio transport.- session
- Immutable per-process Session: bound profile, allowed/denied globs, optional contract.
- tools
- Tool dispatch table and
tools/listcatalog construction.
Functions§
- run
- Process entry point. Parses argv, dispatches to the matching subcommand,
and exits the process with code 1 on error (same shape as
tsafe-agent::runatcrates/tsafe-agent/src/lib.rs).