Tool Server Agentic Automation
MCP server: Tool Server Agentic Automation
Installation
npx mcp-tool-server-agentic-automationAsk AI about Tool Server Agentic Automation
Powered by Claude Β· Grounded in docs
I know everything about Tool Server Agentic Automation. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
MCP Tool Server + Agentic Automation (Production-ish demo)
This project is a small MCP-like tool server + workflow client that demonstrates how to safely expose operational tools to an βagentβ (or automation runner) with guardrails:
- β API-key auth
- β Tool allowlist / policy checks
- β Idempotency keys (avoid duplicate βcreateβ actions)
- β Human-in-the-loop (HITL) confirmations for risky actions
- β Audit logging (JSONL event trail)
- β Simple rate limiting per API key
- β
Tool discovery endpoint (
/mcp/tools) with input/output schemas
Itβs intentionally LLM-agnostic: the focus is on tooling + safety + ops workflows, not on model calls.
What it does (in plain terms)
You can run a workflow that:
- Finds a customer in a simple CRM-like database
- Creates a support ticket (idempotent, so it wonβt create duplicates)
- Requests a customer status update (requires approval)
- Confirms the action (HITL step)
- Sends a βsupport channelβ message (mock)
- Logs every step to
server/app/audit.log(JSON lines)
The included demo runs the workflow twice to prove idempotency replay.
Project structure
.
ββ client/
β ββ agent.py # client wrapper for calling server tools
β ββ scenarios.py # demo workflow (scenario 1 + scenario 2)
β ββ requirements.txt
ββ server/
β ββ app/
β β ββ __init__.py
β β ββ main.py # FastAPI server + tool endpoints + tool discovery
β β ββ db.py # SQLAlchemy engine/session + sqlite setup
β β ββ models.py # Customer, Ticket, PendingAction models
β β ββ policy.py # allowlist/policy enforcement
β β ββ idempotency.py # idempotency cache (in-memory)
β β ββ audit.py # JSONL audit logger
β ββ requirements.txt
β ββ .env.example
ββ docker-compose.yml # optional
ββ README.md
Quickstart (Windows / PowerShell)
1) Create venv + install deps (once)
From repo root:
python -m venv .venv
.\.venv\Scripts\Activate.ps1
pip install -r server\requirements.txt
pip install -r client\requirements.txt
If PowerShell blocks activation, run:
Set-ExecutionPolicy -Scope CurrentUser RemoteSigned
2) Run the server (Terminal 1)
cd server
..\.\.venv\Scripts\Activate.ps1
python -m uvicorn app.main:app --reload --port 8000
You should see:
Uvicorn running on http://127.0.0.1:8000
3) Run the demo client (Terminal 2)
cd client
..\.\.venv\Scripts\Activate.ps1
python scenarios.py
Expected behavior:
- Scenario 1 runs the full flow
- Scenario 2 repeats the same request and create_ticket should return idempotent_replay: True
Configuration
Create a file called server/.env (do NOT commit it).
Use server/.env.example as a template.
Example server/.env:
API_KEY=dev-key
ALLOWED_TOOLS=search_customer,create_ticket,update_customer_status,send_message,get_incident_impact
β Tip: Commit
server/.env.exampleto GitHub, but never commitserver/.env.
What these settings do
API_KEYis the shared key required to call the server.ALLOWED_TOOLSis an allowlist: tools not listed here will be blocked by policy.
Auth header
All tool endpoints require the header:
X-API-Key: <API_KEY>
Example (conceptually):
X-API-Key: dev-key
Tools exposed by the server
POST /tools/search_customerPOST /tools/create_ticket(supportsIdempotency-Key)POST /tools/update_customer_status(createsPendingActionunlessconfirm=true)POST /confirm/{pending_action_id}(approve/reject)POST /tools/send_message(mock)POST /tools/get_incident_impact(placeholder tool)GET /mcp/tools(tool discovery with schemas)GET /health
Safety & reliability features
API key auth
Every call must include X-API-Key. Unauthorized requests return 401.
Allowlist / policy
Only tools included in ALLOWED_TOOLS may be called.
Idempotency keys
create_ticket supports an Idempotency-Key header:
- same key β same response (prevents duplicates)
Human-in-the-loop (HITL)
Risky actions (like status change) return requires_confirmation=true unless explicitly confirmed.
Client can then call /confirm/{pending_action_id}.
Audit log
All tool calls and confirmations are written as JSON lines.
Rate limiting (basic)
Simple per-key throttling to avoid spam.
Why this matters (interview talking points)
This demo shows:
- how to expose βagent toolsβ safely (auth + allowlist)
- how to prevent accidental repeated actions (idempotency)
- how to design risk gates (human approval)
- how to create an operational audit trail (logs)
- how to package tools with schemas (tool discovery endpoint)
Next improvements (optional)
- Persist idempotency + pending actions in DB (instead of in-memory)
- Real integrations (Slack/Jira/CRM APIs) behind the same tool interface
- Stronger auth (JWT, per-user keys) + structured RBAC policies
- Better rate limiting (Redis) + request tracing (OpenTelemetry)
- Add a small βgraphβ query tool to show incident β customer impact