Task 3: Role-Specific Tool Access Control

**OBJECTIVE:** Implement MCP function access control based on agent roles, ensuring each agent type only has access to tools relevant to their designated duties. **TOOL ACCESS MATRIX:** **Orchestrator - Allowed Tools:** - `list_tasks` - View all project tasks - `create_ticket` - Create new tasks/subtasks - `get_ticket` - View task details - `update_ticket` - Modify task metadata (not implementation) - `add_comment` - Coordinate with agents - `search_memory` - Find past patterns - `store_memory` - Save architectural decisions - `transition_ticket` - Move tasks between states **Orchestrator - Blocked Tools:** - `claim_task` - Should not implement - `create_code_diff` - Should not implement - `finalize_task` - Should not approve own work - All file editing tools (Edit, Write) **Worker - Allowed Tools:** - `claim_task` - Pick up implementation tasks - `get_ticket` - View assigned task details - `update_ticket` - Update implementation progress - `create_code_diff` - Submit code for review - `add_comment` - Report progress/issues - `search_memory` - Find implementation patterns - `store_memory` - Save implementation learnings - `transition_ticket` - Move own tasks (e.g., start_work, submit_review) - `finalize_task` - Mark implementation complete - `checkpoint_task` - Save progress **Worker - Blocked Tools:** - `create_ticket` - Should not plan - `list_tasks` with filtering for assignment - Should not coordinate **Reviewer - Allowed Tools:** - `list_tasks` - Find tasks to review - `get_ticket` - View task details for review - `claim_task` - Claim review tasks - `add_comment` - Provide review feedback - `create_code_diff` - Submit review feedback - `transition_ticket` - Approve/reject tasks - `search_memory` - Find review patterns - `store_memory` - Save review learnings - `checkpoint_task` - Save review artifacts **Reviewer - Blocked Tools:** - `create_ticket` - Should not create new work - `update_ticket` - Should not modify implementation - `finalize_task` - Should not approve without review **TECHNICAL IMPLEMENTATION:** 1. **Create MCP middleware:** - `/lib/tinker/mcp_access_control.rb` - Intercept all MCP function calls - Check role permissions before execution - Return controlled error messages for blocked calls 2. **Configuration:** - `/config/tinker/mcp_permissions.yml` - Define role-to-function mappings - Support wildcards and exclusions 3. **Agent context injection:** - Pass agent role with each MCP call - Store role in session context - Validate role authenticity **FILES TO CREATE/MODIFY:** - `/lib/tinker/mcp_access_control.rb` (new) - `/config/tinker/mcp_permissions.yml` (new) - Modify MCP server initialization **ACCEPTANCE CRITERIA:** - Each role can only access allowed MCP functions - Blocked function calls return clear error messages - Access control works across all MCP tools - Role context is securely maintained - No privilege escalation possible