Skip to content

feat(mcp): add scheduled tasks tools #846

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
cchristous wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat(mcp): add scheduled tasks tools #846

cchristous wants to merge 2 commits into from

Conversation

@cchristous
Copy link
Contributor

@cchristous cchristous commented Feb 5, 2026

Summary

Adds three new MCP tools for managing Semaphore scheduled tasks (periodics):

  • tasks_list: List scheduled tasks for a project with pagination
  • tasks_describe: Get task details including recent trigger history
  • tasks_run: Trigger a task to run immediately

Why These Changes Are Safe

Security Controls

  • UUID validation: All ID parameters validated via regex patterns at schema level and handler level
  • RBAC enforcement: project.scheduler.view required for list/describe, project.scheduler.run_manually for run
  • Feature flag gating: Read operations gated by mcp_server_read_tools, write operations by mcp_server_write_tools
  • Path traversal protection: pipeline_file parameter rejects absolute paths, .. sequences, backslashes, and control characters
  • Parameter validation: Task parameters must start with letter/underscore, no control characters, max 128 char names

Implementation Safety

  • Follows established patterns from existing MCP tools (jobs, pipelines, workflows)
  • All proto getters use nil-safe Get*() methods
  • Explicit nil checks on proto messages and slice elements
  • Context timeouts on all gRPC calls via CallTimeout()
  • Response truncation prevents oversized outputs

Test Coverage

  • 7 unit tests covering:
    • Feature flag disabled scenarios
    • Successful list/describe/run operations
    • Missing required parameters
    • Invalid UUID validation
    • Write feature flag for run tool

Files Changed

File Purpose
pkg/tools/tasks/*.go Tool implementations (list, describe, run)
pkg/internal_api/periodic_scheduler/*.go gRPC client stubs
pkg/internalapi/config.go Scheduler endpoint configuration
pkg/internalapi/manager.go Provider interface + Manager
test/support/*.go Test mocks and stubs
Makefile Proto generation modules
README.md Tool documentation

Test plan

  • Unit tests pass (go test ./pkg/tools/tasks/...)
  • Full test suite passes (make test)
  • Lint passes (make lint)
  • Manual testing with MCP client against staging environment
  • Verify RBAC denies access without proper permissions
  • Verify feature flags properly gate tool availability

@cchristous
feat(mcp): add scheduled tasks tools
b2d8fb3 
Add three new MCP tools for managing Semaphore scheduled tasks (periodics):

- tasks_list: List scheduled tasks for a project with pagination
- tasks_describe: Get task details including recent trigger history
- tasks_run: Trigger a task to run immediately

Key implementation details:
- Integrates PeriodicScheduler gRPC service
- Enforces RBAC permissions (project.scheduler.view, project.scheduler.run_manually)
- Feature flag gating (mcp_server_read_tools, mcp_server_write_tools)
- UUID validation on all ID parameters
- Path traversal protection for pipeline_file overrides
- Parameter name/value validation for tasks_run
@github-project-automation github-project-automation bot moved this to Backlog in Roadmap Feb 5, 2026
@cchristous
fix: use utf8.DecodeRuneInString for parameter name validation
099e04b 
The previous code used rune(name[0]) which only reads the first byte,
incorrectly interpreting multi-byte UTF-8 characters. This fix properly
decodes the first rune using utf8.DecodeRuneInString.

Added comprehensive tests for validateParameterName covering valid names,
invalid starts (numbers, special chars, multi-byte UTF-8), control
characters, and length validation.
@cchristous cchristous marked this pull request as ready for review February 5, 2026 02:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DamjanBecirovic DamjanBecirovic Awaiting requested review from DamjanBecirovic DamjanBecirovic is a code owner

@hamir-suspect hamir-suspect Awaiting requested review from hamir-suspect hamir-suspect is a code owner

@dexyk dexyk Awaiting requested review from dexyk dexyk is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

Roadmap
Status: Backlog

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cchristous