Skip to content

The Fabric MCP tools

When an agent connects to Fabric over MCP, it discovers a small, governed set of tools. Each tool requires a specific grant and is available in specific modes.

Tool Purpose Grant Modes
query-context Read-only query against the project’s context graph fabric:query.read Simple & Advanced
create-ontology Define the ontology — self-organizing commit (Simple) or proposal → commit (Advanced) fabric:ontology.write Simple & Advanced
save-context Write nodes and relationships; the ontology self-organizes fabric:ontology.write Simple only
docs Live ontology, query examples, governance status, and doc search fabric:docs.read Simple & Advanced

Read-only retrieval. The agent passes a query; Fabric assembles grounding by graph traversal — starting from the entities relevant to the query and following the graph’s real relationships — and returns the connected context. Always scope-pinned to your project, read-only, and bounded.

This is the tool behind “What are the top accounts at churn risk?” See Query context for the request and response shape.

Defines the ontology — the schema of entity and relationship types.

  • In Simple (Auto) mode the commit self-organizes automatically.
  • In Advanced (Manual) mode it follows a proposal → commit flow, and the commit may require human approval and is subject to an edit budget.

Writes nodes and relationships into the context graph; the ontology self-organizes to accommodate them. Available in Simple mode only — in Advanced mode, writes go through the explicit ontology flow instead, and save-context is rejected. See Simple vs Advanced mode.

Returns live, project-specific help: the current ontology, example queries, governance status, and documentation search. Useful for an agent (or a person) to discover what the workspace contains before querying.

Every tool call — regardless of which tool — runs Fabric’s fail-closed pipeline:

authenticate → resolve scope → rate / quota → validate →
policy (allow | deny | allow+gate) → approval (human-in-the-loop) →
dry-run → execute → post-process (PII redaction) → record

Reads are validated by a Cypher guard (write clauses denied, mandatory project filter, result limits and timeouts clamped) and run against a read-only role, so an agent cannot write through a read tool or read outside its project. Every response carries a lifecycle_id. See Authentication & scopes.