The Fabric MCP tools
When an agent connects to Fabric over MCP, it discovers a small, governed set of tools. Each tool requires a specific grant and is available in specific modes.
| Tool | Purpose | Grant | Modes |
|---|---|---|---|
query-context |
Read-only query against the project’s context graph | fabric:query.read |
Simple & Advanced |
create-ontology |
Define the ontology — self-organizing commit (Simple) or proposal → commit (Advanced) | fabric:ontology.write |
Simple & Advanced |
save-context |
Write nodes and relationships; the ontology self-organizes | fabric:ontology.write |
Simple only |
docs |
Live ontology, query examples, governance status, and doc search | fabric:docs.read |
Simple & Advanced |
query-context
Section titled “query-context”Read-only retrieval. The agent passes a query; Fabric assembles grounding by graph traversal — starting from the entities relevant to the query and following the graph’s real relationships — and returns the connected context. Always scope-pinned to your project, read-only, and bounded.
This is the tool behind “What are the top accounts at churn risk?” See Query context for the request and response shape.
create-ontology
Section titled “create-ontology”Defines the ontology — the schema of entity and relationship types.
- In Simple (Auto) mode the commit self-organizes automatically.
- In Advanced (Manual) mode it follows a proposal → commit flow, and the commit may require human approval and is subject to an edit budget.
save-context
Section titled “save-context”Writes nodes and relationships into the context graph; the ontology self-organizes to
accommodate them. Available in Simple mode only — in Advanced mode, writes go through
the explicit ontology flow instead, and save-context is rejected. See
Simple vs Advanced mode.
Returns live, project-specific help: the current ontology, example queries, governance status, and documentation search. Useful for an agent (or a person) to discover what the workspace contains before querying.
Governance applies to every tool call
Section titled “Governance applies to every tool call”Every tool call — regardless of which tool — runs Fabric’s fail-closed pipeline:
authenticate → resolve scope → rate / quota → validate →policy (allow | deny | allow+gate) → approval (human-in-the-loop) →dry-run → execute → post-process (PII redaction) → recordReads are validated by a Cypher guard (write clauses denied, mandatory project filter,
result limits and timeouts clamped) and run against a read-only role, so an agent cannot
write through a read tool or read outside its project. Every response carries a
lifecycle_id. See Authentication & scopes.
