Principal
The authenticated caller behind an MCP request, resolved from a bearer token by a host-supplied {@see TokenValidatorInterface}. Deliberately narrow: it carries only what the JSON-RPC/SSE transport layer actually needs to build a {@see ToolContext} and to log who called — not a copy of the host's user/token entity (no Doctrine, no ORM relations). A host with a database-backed token/member model maps its own types down to this DTO inside its `TokenValidatorInterface` implementation.
Principal::__construct()
public function __construct(string $id, string $displayName, array $scopes = [], array $extra = []):Parameters
| Name | Type | Description |
|---|---|---|
| $id | string | Stable identifier for {@see ToolContext::$principal} (e.g. `"user:42"`). Never the raw token. |
| $displayName | string | Human-readable label for logging/audit trails (e.g. a member's name). Never a secret. |
| $scopes | list<string> | Scopes granted to this caller, passed through verbatim to {@see ToolContext::$scopes}. |
| $extra | array<string, mixed> | Host-defined extra context carried onto {@see ToolContext::$extra} verbatim (e.g. a numeric member id, a token prefix for logs). |
Principal::toToolContext()
public function toToolContext(?string $ip = null, ?string $userAgent = null, string $channel = 'mcp'): Milpa\ToolRuntime\Contracts\ToolContextBuild the {@see ToolContext} an authenticated MCP request should execute tools under.
Parameters
| Name | Type | Description |
|---|---|---|
| $ip | ?string | |
| $userAgent | ?string | |
| $channel | string |