Expand ALL permissions in MCP describe_entities to explicit operations (#2951)

souvikghosh04 · Copilot · JerryNixon · web-flow · commit 3b48c4900b2e · 2025-11-05T10:45:27.000-08:00
The MCP `describe_entities` tool returns `"ALL"` for wildcard permissions, which confuses LLM consumers that need explicit operation lists. ### Changes Modified `DescribeEntitiesTool.BuildPermissionsInfo()` to expand `EntityActionOperation.All`: - **Tables/Views**: Expands to `["CREATE", "DELETE", "READ", "UPDATE"]` via `EntityAction.ValidPermissionOperations` - **Stored Procedures**: Expands to `["EXECUTE"]` via `EntityAction.ValidStoredProcedurePermissionOperations` ### Example **Before:** ```json { "name": "Todo", "permissions": ["ALL"] } ``` **After:** ```json { "name": "Todo", "permissions": ["CREATE", "DELETE", "READ", "UPDATE"] } ```  <details> <summary>Original prompt</summary> > > ---- > > *This section details on the original issue you should resolve* > > <issue_title>[Bug]: MCP `describe_entities` permissions value `ALL` needs to be expanded.</issue_title> > <issue_description>## What? > > Models are confused by `ALL`. > > ```json > { > "entities": [ > { > "name": "Todo", > "description": "This table contains the list of todo items.", > "fields": [ ], > "permissions": [ > "ALL" // this is the problem > ] > } > ], > "count": 1, > "mode": "full", > "status": "success" > } > ``` > > ## Solution > > When table/view. > > ```json > { > "permissions: [ > "CREATE", > "DELETE", > "READ", > "UPDATE" > ] > } > ``` > > When stored procedure. > > ```json > { > "permissions: [ > "EXECUTE" > ] > } > ``` > </issue_description> > > ## Comments on the Issue (you are @copilot in this section) > > <comments> > </comments> > </details> - Fixes #2935 --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JerryNixon <1749983+JerryNixon@users.noreply.github.com>
diff --git a/src/Azure.DataApiBuilder.Mcp/BuiltInTools/DescribeEntitiesTool.cs b/src/Azure.DataApiBuilder.Mcp/BuiltInTools/DescribeEntitiesTool.cs
@@ -368,13 +368,30 @@ private static List<object> BuildParameterMetadataInfo(List<ParameterMetadata>?
         /// <returns>A list of permissions available to the entity</returns>
         private static string[] BuildPermissionsInfo(Entity entity)
         {
-            HashSet<string> permissions = new();
+            if (entity.Permissions == null)
+            {
+                return Array.Empty<string>();
+            }
+
+            bool isStoredProcedure = entity.Source.Type == EntitySourceType.StoredProcedure;
+            HashSet<EntityActionOperation> validOperations = isStoredProcedure
+                ? EntityAction.ValidStoredProcedurePermissionOperations
+                : EntityAction.ValidPermissionOperations;
 
-            if (entity.Permissions != null)
+            HashSet<string> permissions = new(StringComparer.OrdinalIgnoreCase);
+
+            foreach (EntityPermission permission in entity.Permissions)
             {
-                foreach (EntityPermission permission in entity.Permissions)
+                foreach (EntityAction action in permission.Actions)
                 {
-                    foreach (EntityAction action in permission.Actions)
+                    if (action.Action == EntityActionOperation.All)
+                    {
+                        foreach (EntityActionOperation op in validOperations)
+                        {
+                            permissions.Add(op.ToString().ToUpperInvariant());
+                        }
+                    }
+                    else
                     {
                         permissions.Add(action.Action.ToString().ToUpperInvariant());
                     }
