feat(cli): add tool catalog and risk config

api/v1alpha1/mcpserver_types.go

@@ -47,6 +47,15 @@ const (
 	ToolSideEffectDestructive ToolSideEffect = "destructive"
 )
 
+// +kubebuilder:validation:Enum=low;medium;high
+type ToolRiskLevel string
+
+const (
+	ToolRiskLevelLow    ToolRiskLevel = "low"
+	ToolRiskLevelMedium ToolRiskLevel = "medium"
+	ToolRiskLevelHigh   ToolRiskLevel = "high"
+)
+
 // +kubebuilder:validation:Enum=RollingUpdate;Recreate;Canary
 type RolloutStrategy string
 
@@ -184,6 +193,7 @@ type ToolConfig struct {
 	Description   string            `json:"description,omitempty"`
 	RequiredTrust TrustLevel        `json:"requiredTrust,omitempty"`
 	SideEffect    ToolSideEffect    `json:"sideEffect"`
+	RiskLevel     ToolRiskLevel     `json:"riskLevel,omitempty"`
 	Labels        map[string]string `json:"labels,omitempty"`
 }
 

config/crd/bases/mcpruntime.org_mcpservers.yaml

@@ -421,6 +421,12 @@ spec:
                       - medium
                       - high
                       type: string
+                    riskLevel:
+                      enum:
+                      - low
+                      - medium
+                      - high
+                      type: string
                     sideEffect:
                       enum:
                       - read

docs/api.md

@@ -51,6 +51,7 @@ flowchart LR
 | **policy.mode** | `allow-list`, `observe` | `allow-list` enforces deny-by-default; `observe` keeps the decision path visible. |
 | **trust** | `low`, `medium`, `high` | Used on tools, grants, sessions. Effective trust = min(grant, session). |
 | **tool sideEffect** | `read`, `write`, `destructive` | Required on each listed tool. Grants must include the tool's side effect in `allowedSideEffects` before a tool call can pass. |
+| **tool riskLevel** | `low`, `medium`, `high` | Optional informational catalog/audit badge. If omitted, the platform computes a default from trust and side effect. It does not gate calls. |
 | **rollout.strategy** | `RollingUpdate`, `Recreate`, `Canary` | Available on `spec.rollout`. |
 
 ### Validation rules in code
@@ -102,10 +103,12 @@ spec:
       description: List invoices for a customer account.
       requiredTrust: low
       sideEffect: read
+      riskLevel: low
     - name: refund_invoice
       description: Issue a refund for an invoice.
       requiredTrust: high
       sideEffect: destructive
+      riskLevel: high
   rollout:
     strategy: Canary
     canaryReplicas: 1

docs/cli.md

@@ -289,11 +289,29 @@ mcp-runtime server policy inspect workspace-demo --namespace mcp-team-acme
 mcp-runtime server list
 mcp-runtime server get workspace-demo --namespace mcp-team-acme
 mcp-runtime server status --namespace mcp-team-acme
+mcp-runtime server connect-config workspace-demo --namespace mcp-team-acme --client claude
 mcp-runtime server policy inspect workspace-demo --namespace mcp-team-acme
 mcp-runtime server delete workspace-demo
 mcp-runtime server generate --metadata-dir .mcp --output manifests/
 ```
 
+---
+
+## catalog
+
+**[User]** platform API only
+
+```bash
+mcp-runtime catalog tools
+mcp-runtime catalog tools --query invoice --risk high
+mcp-runtime catalog tools --namespace mcp-team-acme --side-effect write
+mcp-runtime catalog tool refund_invoice --server payments --output json
+```
+
+The catalog is visibility-only. It shows tools from visible servers with trust,
+side effect, computed or declared risk, drift (`declared`, `ungoverned`,
+`missing`), and copyable connect config.
+
 ### Direct Kubernetes operations (--use-kube) [Admin]
 
 ```bash

docs/internals/go-package-reference.md

@@ -172,6 +172,7 @@ Package v1alpha1 contains API Schema definitions for the MCP server resource.
 - [`type ToolConfig struct`](#api-types-type-toolconfig-struct)
 - [`func (in *ToolConfig) DeepCopy() *ToolConfig`](#api-types-func-in-toolconfig-deepcopy-toolconfig)
 - [`func (in *ToolConfig) DeepCopyInto(out *ToolConfig)`](#api-types-func-in-toolconfig-deepcopyinto-out-toolconfig)
+- [`type ToolRiskLevel string`](#api-types-type-toolrisklevel-string)
 - [`type ToolRule struct`](#api-types-type-toolrule-struct)
 - [`func (in *ToolRule) DeepCopy() *ToolRule`](#api-types-func-in-toolrule-deepcopy-toolrule)
 - [`func (in *ToolRule) DeepCopyInto(out *ToolRule)`](#api-types-func-in-toolrule-deepcopyinto-out-toolrule)
@@ -1284,6 +1285,7 @@ type ToolConfig struct {
 	Description   string            `json:"description,omitempty"`
 	RequiredTrust TrustLevel        `json:"requiredTrust,omitempty"`
 	SideEffect    ToolSideEffect    `json:"sideEffect"`
+	RiskLevel     ToolRiskLevel     `json:"riskLevel,omitempty"`
 	Labels        map[string]string `json:"labels,omitempty"`
 }
     ToolConfig describes one MCP tool exposed by a server.
@@ -1307,6 +1309,18 @@ func (in *ToolConfig) DeepCopyInto(out *ToolConfig)
 
 ```
 
+<a id="api-types-type-toolrisklevel-string"></a>
+```text
+type ToolRiskLevel string
+    +kubebuilder:validation:Enum=low;medium;high
+
+const (
+	ToolRiskLevelLow    ToolRiskLevel = "low"
+	ToolRiskLevelMedium ToolRiskLevel = "medium"
+	ToolRiskLevelHigh   ToolRiskLevel = "high"
+)
+```
+
 <a id="api-types-type-toolrule-struct"></a>
 ```text
 type ToolRule struct {
@@ -1420,6 +1434,7 @@ _No package overview is documented._
 - [`type ServerMetadata struct`](#metadata-helpers-type-servermetadata-struct)
 - [`type SessionConfig struct`](#metadata-helpers-type-sessionconfig-struct)
 - [`type ToolConfig struct`](#metadata-helpers-type-toolconfig-struct)
+- [`type ToolRiskLevel string`](#metadata-helpers-type-toolrisklevel-string)
 - [`type ToolSideEffect string`](#metadata-helpers-type-toolsideeffect-string)
 - [`type TrustLevel string`](#metadata-helpers-type-trustlevel-string)
 
@@ -1848,12 +1863,24 @@ type ToolConfig struct {
 	Description   string            `yaml:"description,omitempty" json:"description,omitempty"`
 	RequiredTrust TrustLevel        `yaml:"requiredTrust,omitempty" json:"requiredTrust,omitempty"`
 	SideEffect    ToolSideEffect    `yaml:"sideEffect" json:"sideEffect"`
+	RiskLevel     ToolRiskLevel     `yaml:"riskLevel,omitempty" json:"riskLevel,omitempty"`
 	Labels        map[string]string `yaml:"labels,omitempty" json:"labels,omitempty"`
 }
     ToolConfig describes one MCP tool exposed by a server.
 
 ```
 
+<a id="metadata-helpers-type-toolrisklevel-string"></a>
+```text
+type ToolRiskLevel string
+
+const (
+	ToolRiskLevelLow    ToolRiskLevel = "low"
+	ToolRiskLevelMedium ToolRiskLevel = "medium"
+	ToolRiskLevelHigh   ToolRiskLevel = "high"
+)
+```
+
 <a id="metadata-helpers-type-toolsideeffect-string"></a>
 ```text
 type ToolSideEffect string
@@ -4786,6 +4813,7 @@ _No package overview is documented._
 - [`func (c *PlatformClient) ListGrants(ctx context.Context, namespace string) ([]sentinelaccess.GrantSummary, error)`](#cli-platform-api-func-c-platformclient-listgrants-ctx-context-context-namespace-string-sentinelaccess-grantsummary-error)
 - [`func (c *PlatformClient) ListNamespaces(ctx context.Context) ([]namespaceListItem, error)`](#cli-platform-api-func-c-platformclient-listnamespaces-ctx-context-context-namespacelistitem-error)
 - [`func (c *PlatformClient) ListRuntimeServers(ctx context.Context, namespace string) ([]ServerListItem, error)`](#cli-platform-api-func-c-platformclient-listruntimeservers-ctx-context-context-namespace-string-serverlistitem-error)
+- [`func (c *PlatformClient) ListRuntimeTools(ctx context.Context, filters map[string]string) ([]RuntimeToolRow, error)`](#cli-platform-api-func-c-platformclient-listruntimetools-ctx-context-context-filters-map-string-string-runtimetoolrow-error)
 - [`func (c *PlatformClient) ListSessions(ctx context.Context, namespace string) ([]sentinelaccess.SessionSummary, error)`](#cli-platform-api-func-c-platformclient-listsessions-ctx-context-context-namespace-string-sentinelaccess-sessionsummary-error)
 - [`func (c *PlatformClient) ListTeamMembers(ctx context.Context, slug string) ([]TeamMembership, error)`](#cli-platform-api-func-c-platformclient-listteammembers-ctx-context-context-slug-string-teammembership-error)
 - [`func (c *PlatformClient) ListTeams(ctx context.Context) ([]Team, error)`](#cli-platform-api-func-c-platformclient-listteams-ctx-context-context-team-error)
@@ -4797,9 +4825,11 @@ _No package overview is documented._
 - [`func (c *PlatformClient) ValidateCredentials(ctx context.Context) error`](#cli-platform-api-func-c-platformclient-validatecredentials-ctx-context-context-error)
 - [`type PlatformUser struct`](#cli-platform-api-type-platformuser-struct)
 - [`type Principal struct`](#cli-platform-api-type-principal-struct)
+- [`type RuntimeToolRow struct`](#cli-platform-api-type-runtimetoolrow-struct)
 - [`type ServerListItem struct`](#cli-platform-api-type-serverlistitem-struct)
 - [`type Team struct`](#cli-platform-api-type-team-struct)
 - [`type TeamMembership = platform.TeamMembership`](#cli-platform-api-type-teammembership-platform-teammembership)
+- [`type ToolConfig struct`](#cli-platform-api-type-toolconfig-struct)
 
 <a id="cli-platform-api-constants"></a>
 ### Constants
@@ -5025,6 +5055,12 @@ func (c *PlatformClient) ListRuntimeServers(ctx context.Context, namespace strin
 
 ```
 
+<a id="cli-platform-api-func-c-platformclient-listruntimetools-ctx-context-context-filters-map-string-string-runtimetoolrow-error"></a>
+```text
+func (c *PlatformClient) ListRuntimeTools(ctx context.Context, filters map[string]string) ([]RuntimeToolRow, error)
+
+```
+
 <a id="cli-platform-api-func-c-platformclient-listsessions-ctx-context-context-namespace-string-sentinelaccess-sessionsummary-error"></a>
 ```text
 func (c *PlatformClient) ListSessions(ctx context.Context, namespace string) ([]sentinelaccess.SessionSummary, error)
@@ -5105,18 +5141,43 @@ type Principal struct {
 
 ```
 
+<a id="cli-platform-api-type-runtimetoolrow-struct"></a>
+```text
+type RuntimeToolRow struct {
+	ToolName      string            `json:"tool_name"`
+	Description   string            `json:"description,omitempty"`
+	ServerName    string            `json:"server_name"`
+	Namespace     string            `json:"namespace"`
+	TeamID        string            `json:"team_id,omitempty"`
+	EndpointURL   string            `json:"endpoint_url,omitempty"`
+	Declared      bool              `json:"declared"`
+	Live          bool              `json:"live"`
+	DriftStatus   string            `json:"drift_status"`
+	RequiredTrust string            `json:"required_trust,omitempty"`
+	SideEffect    string            `json:"side_effect,omitempty"`
+	RiskLevel     string            `json:"risk_level,omitempty"`
+	Labels        map[string]string `json:"labels,omitempty"`
+	ConnectConfig map[string]any    `json:"connect_config,omitempty"`
+}
+
+```
+
 <a id="cli-platform-api-type-serverlistitem-struct"></a>
 ```text
 type ServerListItem struct {
 	Name        string            `json:"name"`
 	Namespace   string            `json:"namespace"`
+	TeamID      string            `json:"team_id,omitempty"`
 	Image       string            `json:"image,omitempty"`
 	ImageTag    string            `json:"imageTag,omitempty"`
 	Description string            `json:"description,omitempty"`
 	Ready       string            `json:"ready"`
 	Status      string            `json:"status"`
 	Labels      map[string]string `json:"labels"`
 	Age         string            `json:"age"`
+	Endpoint    string            `json:"endpoint,omitempty"`
+	Tools       []ToolConfig      `json:"tools,omitempty"`
+	AccessJSON  map[string]any    `json:"access_json,omitempty"`
 }
     ServerListItem is one row from the platform API runtime servers list.
 
@@ -5137,6 +5198,19 @@ type Team struct {
 <a id="cli-platform-api-type-teammembership-platform-teammembership"></a>
 ```text
 type TeamMembership = platform.TeamMembership
+
+```
+
+<a id="cli-platform-api-type-toolconfig-struct"></a>
+```text
+type ToolConfig struct {
+	Name          string            `json:"name"`
+	Description   string            `json:"description,omitempty"`
+	RequiredTrust string            `json:"requiredTrust,omitempty"`
+	SideEffect    string            `json:"sideEffect,omitempty"`
+	RiskLevel     string            `json:"riskLevel,omitempty"`
+	Labels        map[string]string `json:"labels,omitempty"`
+}
 ```
 
 <a id="cli-platform-status"></a>
@@ -5703,6 +5777,7 @@ Package server owns routing for the server top-level command.
 <a id="cli-server-index"></a>
 ### Index
 
+- [`func BuildConnectConfig(server platformapi.ServerListItem, clientName string) (map[string]any, error)`](#cli-server-func-buildconnectconfig-server-platformapi-serverlistitem-clientname-string-map-string-any-error)
 - [`func BuildImage(ctx context.Context, logger *zap.Logger, serverName, dockerfile, metadataFile, metadataDir, registryURL, tag, platform, contextDir string) error`](#cli-server-func-buildimage-ctx-context-context-logger-zap-logger-servername-dockerfile-metadatafile-metadatadir-registryurl-tag-platform-contextdir-string-error)
 - [`func DiscoverToolsFromServer(serverURL string) ([]string, error)`](#cli-server-func-discovertoolsfromserver-serverurl-string-string-error)
 - [`func New(runtime *core.Runtime) *cobra.Command`](#cli-server-func-new-runtime-core-runtime-cobra-command)
@@ -5712,14 +5787,15 @@ Package server owns routing for the server top-level command.
 - [`func NewServerManager(kubectl *core.KubectlClient, logger *zap.Logger) *ServerManager`](#cli-server-func-newservermanager-kubectl-core-kubectlclient-logger-zap-logger-servermanager)
 - [`func (m *ServerManager) ApplyServerFromFile(file string) error`](#cli-server-func-m-servermanager-applyserverfromfile-file-string-error)
 - [`func (m *ServerManager) BindUseKubeFlag(cmd *cobra.Command)`](#cli-server-func-m-servermanager-bindusekubeflag-cmd-cobra-command)
+- [`func (m *ServerManager) ConnectConfig(name, namespace, clientName, output string) error`](#cli-server-func-m-servermanager-connectconfig-name-namespace-clientname-output-string-error)
 - [`func (m *ServerManager) CreateServer(name, namespace, image, imageTag string) error`](#cli-server-func-m-servermanager-createserver-name-namespace-image-imagetag-string-error)
 - [`func (m *ServerManager) CreateServerFromFile(file string) error`](#cli-server-func-m-servermanager-createserverfromfile-file-string-error)
 - [`func (m *ServerManager) DeleteServer(name, namespace string) error`](#cli-server-func-m-servermanager-deleteserver-name-namespace-string-error)
 - [`func (m *ServerManager) DeployServer(name, namespace, team, scope, image, imageTag string, replicas, port, servicePort int32, metadataFile, metadataDir string, update bool) error`](#cli-server-func-m-servermanager-deployserver-name-namespace-team-scope-image-imagetag-string-replicas-port-serviceport-int32-metadatafile-metadatadir-string-update-bool-error)
 - [`func (m *ServerManager) ExportServer(name, namespace, file string) error`](#cli-server-func-m-servermanager-exportserver-name-namespace-file-string-error)
 - [`func (m *ServerManager) GenerateManifests(metadataFile, metadataDir, outputDir string) error`](#cli-server-func-m-servermanager-generatemanifests-metadatafile-metadatadir-outputdir-string-error)
 - [`func (m *ServerManager) GetServer(name, namespace string) error`](#cli-server-func-m-servermanager-getserver-name-namespace-string-error)
-- [`func (m *ServerManager) InitServer(name, metadataDir, image, imageTag, scope, policyMode, defaultDecision string, sessionRequired bool, port int32, tools, toolSpecs []string, force bool) error`](#cli-server-func-m-servermanager-initserver-name-metadatadir-image-imagetag-scope-policymode-defaultdecision-string-sessionrequired-bool-port-int32-tools-toolspecs-string-force-bool-error)
+- [`func (m *ServerManager) InitServer(name, metadataDir, image, imageTag, scope, policyMode, defaultDecision string, sessionRequired bool, port int32, tools, toolSpecs []string, toolRisk string, force bool) error`](#cli-server-func-m-servermanager-initserver-name-metadatadir-image-imagetag-scope-policymode-defaultdecision-string-sessionrequired-bool-port-int32-tools-toolspecs-string-toolrisk-string-force-bool-error)
 - [`func (m *ServerManager) InspectServerPolicy(name, namespace string) error`](#cli-server-func-m-servermanager-inspectserverpolicy-name-namespace-string-error)
 - [`func (m *ServerManager) ListServers(namespace, team string) error`](#cli-server-func-m-servermanager-listservers-namespace-team-string-error)
 - [`func (m *ServerManager) Logger() *zap.Logger`](#cli-server-func-m-servermanager-logger-zap-logger)
@@ -5730,6 +5806,11 @@ Package server owns routing for the server top-level command.
 <a id="cli-server-functions"></a>
 ### Functions
 
+<a id="cli-server-func-buildconnectconfig-server-platformapi-serverlistitem-clientname-string-map-string-any-error"></a>
+```text
+func BuildConnectConfig(server platformapi.ServerListItem, clientName string) (map[string]any, error)
+```
+
 <a id="cli-server-func-buildimage-ctx-context-context-logger-zap-logger-servername-dockerfile-metadatafile-metadatadir-registryurl-tag-platform-contextdir-string-error"></a>
 ```text
 func BuildImage(ctx context.Context, logger *zap.Logger, serverName, dockerfile, metadataFile, metadataDir, registryURL, tag, platform, contextDir string) error
@@ -5803,6 +5884,14 @@ func (m *ServerManager) BindUseKubeFlag(cmd *cobra.Command)
 
 ```
 
+<a id="cli-server-func-m-servermanager-connectconfig-name-namespace-clientname-output-string-error"></a>
+```text
+func (m *ServerManager) ConnectConfig(name, namespace, clientName, output string) error
+    ConnectConfig prints client connection config for a platform-visible MCP
+    server.
+
+```
+
 <a id="cli-server-func-m-servermanager-createserver-name-namespace-image-imagetag-string-error"></a>
 ```text
 func (m *ServerManager) CreateServer(name, namespace, image, imageTag string) error
@@ -5852,9 +5941,9 @@ func (m *ServerManager) GetServer(name, namespace string) error
 
 ```
 
-<a id="cli-server-func-m-servermanager-initserver-name-metadatadir-image-imagetag-scope-policymode-defaultdecision-string-sessionrequired-bool-port-int32-tools-toolspecs-string-force-bool-error"></a>
+<a id="cli-server-func-m-servermanager-initserver-name-metadatadir-image-imagetag-scope-policymode-defaultdecision-string-sessionrequired-bool-port-int32-tools-toolspecs-string-toolrisk-string-force-bool-error"></a>
 ```text
-func (m *ServerManager) InitServer(name, metadataDir, image, imageTag, scope, policyMode, defaultDecision string, sessionRequired bool, port int32, tools, toolSpecs []string, force bool) error
+func (m *ServerManager) InitServer(name, metadataDir, image, imageTag, scope, policyMode, defaultDecision string, sessionRequired bool, port int32, tools, toolSpecs []string, toolRisk string, force bool) error
 
 ```
 

docs/publish-mcp-server.md

@@ -177,10 +177,12 @@ servers:
         description: List invoices for a customer account.
         requiredTrust: low
         sideEffect: read
+        riskLevel: low
       - name: refund_invoice
         description: Issue a refund for an invoice.
         requiredTrust: high
         sideEffect: destructive
+        riskLevel: high
 ```
 
 ### Metadata fields
@@ -210,7 +212,7 @@ servers:
 - `namespace`
   The target namespace.
 - `tools`
-  Tool inventory for the platform catalog and policy authoring. Include each tool's description when the MCP server SDK exposes one through `tools/list`, and set `sideEffect` to `read`, `write`, or `destructive`. Tool side effects are required when a tool is listed.
+  Tool inventory for the platform catalog and policy authoring. Include each tool's description when the MCP server SDK exposes one through `tools/list`, and set `sideEffect` to `read`, `write`, or `destructive`. Tool side effects are required when a tool is listed. Optional `riskLevel` (`low`, `medium`, `high`) is informational for catalog and audit views; it does not change gateway authorization.
 - `auth`, `policy`, `session`, and `gateway`
   Governed request-path settings. `server init` writes `gateway.enabled: true`, allow-list/deny policy, and `session.required: true` so public tool calls go through the adapter/session path by default. Use `--policy-mode`, `--default-decision`, or `--session-required=false` to change those scaffolded values. Init omits platform-managed gateway wiring and auth/session header details unless you override them intentionally.