ExOS AI Knowledge Base
← Back to all documents

cai-exos-systems/daveadmin-exos-demo:api/mcp-zava.php

gitea 445 words Source ↗
api/mcp-zava.php ```text <?php /** * Zava Telecom — Read-only Copilot MCP proxy * Authorised for read-only demo use by the Exos / Dhaka team. * WRITE tools are permanently blocked at this proxy layer. */ header('Content-Type: application/json'); header('X-Robots-Tag: noindex'); if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); echo json_encode(['error' => 'POST only']); exit; } // ── Read-only whitelist ─────────────────────────────────────────────────────── // Only tools in this list may be called. Write tools are never listed here. const ALLOWED_TOOLS = [ // Zava Telecom MCP tools (119.148.10.57) 'show-latest-bill', 'compare-latest-bill', 'latest-bill-high-reason', 'product-offering-suggestion', 'product-order-failure', 'order-failure-resolution', 'get-category', 'fetch-product-price-lifecyclestatus', 'get-product-specification-by-id', // Order Sherpa tools (Mr Glenn — Greenfield MSO) 'get_order_status', 'get_fallout_details', 'check_warehouse_inventory', 'get_field_ops', 'assess_sla_risk', // Enterprise Billing Expert tools (Mr Glenn — Acme Holdings) 'get_enterprise_hierarchy', 'get_consolidated_bill', 'detect_billing_anomalies', 'check_contracts', 'get_cost_allocation', ]; // ── Write tools — allowed but flagged so the frontend can confirm first ─────── const WRITE_TOOLS = [ 'place-a-new-order', 'cancel-order', 'recreate-order-for-failed-orders', 'category-management-add', 'pricing-add-offering', 'product-update', 'delete-product-with-price', 'delete-product-specification', ]; // ── MCP server endpoints ────────────────────────────────────────────────────── const MCP_ENDPOINTS = [ 'billing' => 'http://119.148.10.57/mcp-server-billing-faster/mcp', 'order' => 'http://119.148.10.57/mcp-order-expert-faster/mcp', 'product' => 'http://119.148.10.57/mcp-order-expert-faster/mcp', ]; $input = json_decode(file_get_contents('php://input'), true) ?? []; $server = (string) ($input['server'] ?? 'order'); $tool = (string) ($input['tool'] ?? ''); $args = $input['args'] ?? []; // Validate server if (!array_key_exists($server, MCP_ENDPOINTS)) { http_response_code(400); echo json_encode(['error' => 'Unknown MCP server']); exit; } $isWrite = in_array($tool, WRITE_TOOLS, true); // Allow whitelisted read tools OR write tools if (!in_array($tool, ALLOWED_TOOLS, true) && !$isWrite) { http_response_code(403); echo json_encode(['error' => 'Tool not in allowed list', 'tool' => $tool]); exit; } // ── Proxy the call ───────────────────────────────────────────────────────────── $endpoint = MCP_ENDPOINTS[$server]; $payload = json_encode([ 'jsonrpc' => '2.0', 'id' => 1, 'method' => 'tools/call', 'params' => ['name' => $tool, 'arguments' => (object) $args], ]); $t0 = microtime(true); $ch = curl_init($endpoint); curl_setopt_array($ch, [ CURLOPT_POST => true, CURLOPT_POSTFIELDS => $payload, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 12, CURLOPT_HTTPHEADER => [ 'Content-Type: application/json', 'Accept: application/json, text/event-stream', ], ]); $raw = curl_exec($ch); $err = curl_error($ch); curl_close($ch); $latency_ms = (int) round((microtime(true) - $t0) * 1000); if ($err || $raw === false) { http_response_code(502); echo json_encode(['error' => 'MCP server unreachable', 'detail' => $err]); exit; } // Parse SSE envelope: strip "event: message\ndata: " prefix $jsonLine = ''; foreach (explode("\n", $raw) as $line) { $line = trim($line); if (str_starts_with($line, 'data: ')) { $jsonLine = substr($line, 6); break; } } $decoded = json_decode($jsonLine, true); $result = $decoded['result'] ?? null; $mcpErr = $decoded['error'] ?? null; // Extract human-readable text from content array $text = ''; if (is_array($result['content'] ?? null)) { foreach ($result['content'] as $c) { if (($c['type'] ?? '') === 'text') $text .= $c['text'] . "\n"; } $text = trim($text); } echo json_encode([ 'ok' => $mcpErr === null, 'tool' => $tool, 'is_write' => $isWrite, 'server' => $endpoint, 'protocol' => 'mcp-streamable-1.0', 'latency_ms' => $latency_ms, 'text' => $text, 'result' => $result, 'mcp_error' => $mcpErr, ], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES); ```