apps/pac-service/src/modules · cb405aef94ab55460803b47bd6d49e51edd74c1f · ai-tools / pac

feat(mcp): P1 — PAC MCP 只读服务(开放患者工具给 agent) · cb405aef

POST /pac/v1/mcp(Streamable HTTP,无状态)暴露 6 个只读工具,薄封装现有 service:
- find_patient(检索,掩码号)/ get_patient_overview(360 一把梭)/ get_persona(全量画像)
  / get_facts(纯事实时间轴)/ get_recall_plan(召回原因+优先级)/ list_recall_queue(工作台)
- 鉴权:Bearer 平台 JWT(McpAuthService 复用 JwtService)→ 派生 TenantScope,工具继承租户隔离。
- 越权防护:assertPatientInScope 堵住 persona.getCurrent 等不带 scope 的读(defense-in-depth)。
- 集成:SDK 是 NodeNext-typed,经典 moduleResolution=Node 跟不动 → 手写最小 ambient 声明
  (src/types/mcp-sdk.d.ts),运行时走 clean subpath(exports map 放行),类型与运行时解耦。

本地端到端验证(:3101):401 无 token / initialize 返回 pac-patient-tools / tools/list 6 工具 /
find_patient(孙柯,138****7369)/ get_patient_overview(persona v4+召回+20事实)/
跨租户 patientId → isError 不在租户范围内。

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

committed Jun 09, 2026

cb405aef

Name	Last commit	Last update
..
admin		Loading commit data...
agent		Loading commit data...
ai		Loading commit data...
auth		Loading commit data...
clinical-gap		Loading commit data...
facts		Loading commit data...
mcp		Loading commit data...
patient		Loading commit data...
persona		Loading commit data...
plan		Loading commit data...
plan-aggregate		Loading commit data...
realtime-coach		Loading commit data...
sync		Loading commit data...