Skip to content

Challenge 005: Build a Safe MCP-Style ToolΒΆ

Level: L200 Type: Challenge Time: ~60 min πŸ’° Cost: Free (local)

ScenarioΒΆ

OutdoorGear wants to expose an order-status lookup tool to agents through an MCP-style contract. The current tool leaks customer email addresses, accepts extra arguments, and has an incomplete schema.

Your job is to design a safe local tool contract and execution path before the tool is exposed to any agent runtime.

ObjectiveΒΆ

Fix starter_mcp_tool.py so the tool manifest is valid, argument validation is strict, invalid calls are blocked, order lookups redact PII, and the validator generates a completion code.

Your final tool should:

  • Define a clear get_order_status manifest with an input schema
  • Accept only order_id
  • Reject unknown tools and extra arguments
  • Return safe order-status data without customer_email
  • Report contract metrics accurately

Starter FilesΒΆ

Save these files in one folder named challenge-005/:

File Purpose Download
orders.json Mock OutdoorGear orders Download
tool_requests.json Valid and invalid tool calls Download
starter_mcp_tool.py Broken MCP-style tool implementation Download
test_mcp_tool.py Acceptance tests Download
validate_mcp_tool.py Generates the final completion code Download

Challenge BriefΒΆ

You receive mock orders, valid and invalid tool calls, and a broken tool implementation. There is no walkthrough: decide how to describe the tool, validate arguments, dispatch execution, and redact sensitive fields.

ConstraintsΒΆ

  • Use only the Python standard library in starter_mcp_tool.py.
  • Do not expose customer_email in tool results.
  • Do not accept extra arguments.
  • Do not execute unknown tools.
  • Preserve the public function names used by the tests.

Acceptance CriteriaΒΆ

Your solution is complete when:

  • python -m pytest test_mcp_tool.py passes
  • The manifest includes a valid inputSchema
  • Only order_id is accepted as input
  • Unknown tools and extra PII arguments are blocked
  • Successful calls return delivered and processing
  • Tool results are redacted

ValidationΒΆ

When your implementation is ready, run:

python -m pytest test_mcp_tool.py
python validate_mcp_tool.py

Enter the completion code printed by validate_mcp_tool.py:

HintsΒΆ

Hint 1 β€” The schema is a security boundary

A loose schema invites agents to send fields the tool should never see.

Hint 2 β€” Redaction belongs near the tool

Do not rely on the agent to hide sensitive fields after the tool returns them.

Hint 3 β€” Fail closed

Unknown tools, missing required fields, and extra arguments should raise errors.

RubricΒΆ

Area Points What good looks like
Manifest contract 25 Clear name, description, schema, and required fields
Argument validation 25 Missing and extra fields are rejected
Safe execution 25 Correct order status with PII redacted
Error handling 15 Unknown or invalid calls fail closed
Simplicity 10 Small deterministic tool code