MCP Tools
The DPU tool surface is intentionally small. It groups operations by domain rather than exposing storage internals directly. Here, MCP stands for Model Context Protocol.
Why The Tool Surface Is Grouped
Explorer needs stable operations such as “list visible secrets” or “update this confidential object”. It does not need direct read/write access to DPU storage files. The tool surface therefore reflects the domain model: identity, secrets, confidential objects, comments, and permission checks.
Tool Groups
| Group | Tools |
|---|---|
| Identity and roots | dpu_whoami, dpu_workspace_roots |
| Secrets | dpu_secret_list, dpu_secret_get, dpu_secret_put, dpu_secret_delete, dpu_secret_grant, dpu_secret_revoke |
| Confidential objects | dpu_confidential_list, dpu_confidential_get, dpu_confidential_create, dpu_confidential_update, dpu_confidential_delete |
| Comments | dpu_confidential_comment_add, dpu_confidential_comment_delete |
| Permission checks | dpu_access_check, dpu_confidential_grant, dpu_confidential_revoke |
Input And Response Behavior
tools/dpu_tool.mjs normalizes the MCP envelope, reads the verified metadata.invocation grant, validates required strings and enum-like values, and only then dispatches into the domain layer. Tool responses are actor-filtered. For example, a caller may see a secret record in a list without seeing its plaintext value unless the resolved role allows read.
Execution Constraints
mcp-config.json sets maxParallelTasks to 1. Mutating operations are also serialized through the DPU file lock. This does not turn DPU into a database, but it does keep the state files and permissions manifest from being updated concurrently through competing writes.
For delegated Git/DPU calls, the router verifies the source agent's DS013 Agent Assertion and mints a DPU-audience Router Request for an internal secret alias. DPU verifies that Router Request, then applies per-secret ACLs and agent policy before authorizing the operation.
Audit collection starts disabled and is enabled explicitly through dpu_audit_config_set. Once enabled, DPU appends JSONL records for audited secret and confidential mutations.