Incomex AI Portal
KB-1E7B

Phase 2G GPT MCP Primary + Full Access

8 min read Revision 1
phase-2gmcpgptfull-accessreport

title: Phase 2G — Promote GPT MCP to Primary + Full Access date: 2026-05-14 phase: 2G status: PASS related:

  • phase-2f-d1-list-documents-sql-pushdown
  • phase-2f-d2a-mcp-content-negotiation
  • phase-2f-d3-move-document-cleanup tags:
  • phase-2g
  • mcp
  • gpt
  • full-access
  • report

Phase 2G — Promote GPT MCP to Primary Channel + Enable Full Access

1. Decision

  • Channel policy: GPT ChatGPT MCP App is now the PRIMARY channel for KB operations.
  • OpenAPI Action / connector: demoted to BACKUP only.
  • Public secret route target: /mcp-gpt-full (was /mcp-gpt).
  • Tool surface: 10 tools (full minus move_document).

2. Tool Surface (final)

Profile Count Tools
/mcp (internal) 10 search/list/get/get_for_rewrite/upload/update/delete/ingest/patch/batch_read
/mcp-gpt (safe, rollback target) 8 as above minus delete/ingest
/mcp-gpt-full (NEW public target) 10 as /mcp minus move_document
/mcp-readonly 5 search/list/get/get_for_rewrite/batch_read
Public route (after switch) 10 identical to /mcp-gpt-full

move_document NOT advertised — see §4.

3. Public Route Switch

  • File: /opt/incomex/docker/nginx/secrets/gpt-mcp-route.conf (NOT committed; secrets repo).
  • Backup: gpt-mcp-route.conf.pre-2g-1778815181
  • Diff:
    • line 6: proxy_pass http://agent_data_backend/mcp-gpt;mcp-gpt-full;
    • line 24: same change.
  • nginx -t PASS, nginx -s reload PASS.
  • Public tools/list went from 8 → 10 post-switch.
  • Default.conf NOT modified.

4. move_document Decision

  • HTTP POST /documents/{x}/move retains S170 deprecation: returns 501 NOT_IMPLEMENTED.
  • MCP dispatcher branch removed in phase 2F-D3 (commit 62653d0).
  • Profile guard returns: {"code":-32601,"message":"Tool move_document not allowed in gpt-full MCP mode"}.
  • move_document remains unavailable; not advertised in GPT full profile.
  • Recipe for moves: upload_document to new path → delete_document old path.

5. ingest_document Decision

  • Schema: {source: string}. Accepts inline text only (S109 — GCS/PubSub removed).
  • Negative validation (source="") returns: INTERNAL/Failed to ingest/Missing text in request body. Confirmed.
  • Positive smoke test (inline marker text) created inline-{uuid} doc + Qdrant vector entry, verified by search_knowledge. Cleaned up via delete_document.
  • ingest_document IS advertised — minimal safe test PASS, no external URL fetched.

6. Internal Test Results (/mcp-gpt-full)

A. tools/list counts

Endpoint Expected Actual
/mcp 10 10 PASS
/mcp-gpt 8 8 PASS
/mcp-gpt-full 10 10 PASS
/mcp-readonly 5 5 PASS

B. Reads PASS

  • search_knowledge PASS (3.6 KB result).
  • list_documents prefix=knowledge/test/ PASS.
  • get_document PASS on existing doc.
  • batch_read paths=[...] PASS.

C. Write CRUD knowledge/test/mcp-full-access/full-crud-1778814535.md

# Tool Result
9 upload_document revision 1 PASS
10 get_document after upload content matches
11 update_document revision 2 PASS
11v get verify _UPDATED marker present
12 patch_document revision 3 PASS
12v get verify _PATCHED marker present
13 delete_document revision 4 PASS
14 get after delete 404 NOT_FOUND

D. ingest_document

  • D15 negative: TOOL_ERROR Missing text in request body PASS.
  • D16 positive: inline-9649d2ec-... created, vector indexed, marker found via search_knowledge. PASS + cleanup PASS.

E. move_document

  • E19: ERROR -32601 Tool not allowed. PASS.

F. Transport

  • F20 Accept application/json200 application/json; charset=utf-8. PASS.
  • F21 Accept text/event-stream200 text/event-stream; charset=utf-8 + event: message. PASS.

G. Auth

  • G22 no x-api-key401 Invalid API key. PASS.

7. Long Document CRUD Test (B3B)

  • Doc: knowledge/temp/mcp-full-long-doc-test-1778815006.md, 17,550 chars, two unique markers.
  • L1 upload PASS (rev 1).
  • L2 get_document → 500 chars + truncated=true PASS.
  • L3 get_document_for_rewrite → full body 17,550 chars, truncated=false, both markers present PASS.
  • L4 batch_read full=true → item 17,550 chars, both markers present PASS.
  • L5 patch_document on long-doc → status=patched, rev 2; _PATCHED marker present PASS.
    • Note: earlier reported flake of patch_document old_str not found on long-doc did NOT reproduce. Marker was unique and exact-once.
  • L6 update_document full rewrite → rev 3; _UPDATED marker present, _PATCHED preserved PASS.
  • L7 cleanup delete PASS (rev 4).

Policy:

  • Long-doc safe edit path = get_document_for_rewrite → mutate locally → update_document → verify.
  • patch_document works on long-doc when marker is exact-once; reserved for short/medium edits or when marker uniqueness is guaranteed.

8. Public HTTPS Test Results

Route /gpt-mcp/<SECRET>/mcp (HTTPS via vps.incomexsaigoncorp.vn):

# Test Result
P1 tools/list count=10 PASS
P2 get_document existing content returned PASS
P3 upload public-full-crud-1778815242.md rev 1 PASS
P4 update rev 2 PASS
P5 patch rev 3 PASS
P6 delete rev 4 PASS
P7 ingest_document source="" negative validation PASS
P8 move_document rejected -32601 PASS
P9 wrong secret HTTPS 404 PASS
P10 subpath /mcp/tools/delete_document 404 PASS
Logs nginx + agent-data clean (only expected ingest-empty validation error)
Safe profile /mcp-gpt internal still 8 tools — rollback intact

9. Rollback Plan

If full profile causes incidents:

  1. SSH VPS root.
  2. cp /opt/incomex/docker/nginx/secrets/gpt-mcp-route.conf.pre-2g-1778815181 /opt/incomex/docker/nginx/secrets/gpt-mcp-route.conf
  3. docker exec incomex-nginx nginx -t && docker exec incomex-nginx nginx -s reload
  4. Public tools/list returns to 8 (mcp-gpt safe profile).
  5. No agent-data restart needed (mcp-gpt-full code remains live; only public exposure is gated by nginx).

10. Commit / Source Change

  • No source code change in this phase.
  • /mcp-gpt-full profile already existed in codebase since phase 2F (commit 62653d0).
  • Only nginx/secrets/gpt-mcp-route.conf changed (secrets file, NOT committed).
  • VPS HEAD remains 62653d0.
  • VPS git working tree clean.

11. Warnings / Risks

  • /mcp-gpt-full exposes delete_document and ingest_document over public secret route. Secret rotation discipline now matters more.
  • ingest_document creates inline-{uuid} docs at root with no namespace control — orphan candidates. Recommend periodic inline-* audit if abuse suspected.
  • patch_document long-doc behavior PASSED in this session, but watch for future flakes — old user-reported failure may have been content-specific (non-unique marker).

12. Recommendation

Proceed to ChatGPT MCP full CRUD retest in actual ChatGPT App:

  1. List documents in knowledge/test/.
  2. Create+update+patch+delete a test doc via natural-language prompts.
  3. Verify the GPT now sees and uses delete_document and ingest_document tools.
  4. Confirm long-doc edit recipe (get_for_rewrite → update_document) is preferred over patch for >5KB docs.

If retest PASS → connector demotion is final; mark Phase 2G CLOSED.