Skip to content

Refactor: MCP resource-only access for Skillz #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
intellectronica merged 1 commit into from
Oct 24, 2025
Merged

Refactor: MCP resource-only access for Skillz #7

intellectronica merged 1 commit into from
Oct 24, 2025

Conversation

@intellectronica
Copy link
Owner

@intellectronica intellectronica commented Oct 24, 2025

Overview

This PR refactors the Skillz MCP server to ensure that tool responses and instructions never expose absolute filesystem paths. Instead, resources are advertised and consumed exclusively via MCP resource URIs.

Changes

Core Implementation

  • Removed absolute paths from SkillResourceMetadata TypedDict: The path field has been removed, keeping only relative_path, uri, and runnable
  • Updated register_skill_resources(): Now only emits relative paths and URIs in metadata
  • Updated register_skill_tool():
    • Removed legacy_paths variable entirely
    • resource_entries now only contain relative_path, uri, and runnable
    • script_entries now only contain relative_path and uri
    • available_resources now only contains URIs (no filesystem paths)

Documentation/Guidance

  • Enhanced guidance text: Now explicitly requires resource access via MCP protocol and instructs clients to use ctx.read_resource(uri)
  • Updated call_instructions: Clarifies script invocation using relative paths and resource reading via URIs

Tests

  • Updated test expectations to match the new URI-only schema
  • Added regression test to ensure no absolute paths leak into payloads
  • All 7 tests pass successfully

Benefits

  1. Universal compatibility: Resources work regardless of where the skill directory is located
  2. Cleaner abstraction: Clients interact with resources through the MCP protocol, not filesystem paths
  3. Security: Prevents accidental exposure of system paths
  4. Consistency: All resource access follows the same pattern via ctx.read_resource(uri)

Internal Note

Internally, the server still maintains the mapping from URIs to absolute paths for serving resources and running scripts. These paths are only used server-side and never exposed in tool payloads.

@intellectronica
refactor: remove absolute paths from skill resource metadata
0eaa1cb 
- Remove 'path' field from SkillResourceMetadata TypedDict
- Update register_skill_resources() to only emit relative_path, uri, and runnable fields
- Update register_skill_tool() to use URI-only resource entries, removing legacy_paths
- Update available_resources to only contain URIs, not absolute filesystem paths
- Strengthen guidance and call_instructions to mandate ctx.read_resource(uri) for resource access
- Update tests to match new schema and add regression test to prevent path leakage

This ensures all skill resources are accessed exclusively via MCP protocol,
preventing absolute filesystem paths from being exposed to clients.
@intellectronica intellectronica merged commit 0c9162b into main Oct 24, 2025
1 check passed
@intellectronica intellectronica deleted the feature/mcp-resource-only branch October 24, 2025 16:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@intellectronica @Claude @Codex