#!/usr/bin/env python
"""
Nexus MCP Server - Role-Based GraphQL Integration

Run with: python -m core.mcp.server

This server exposes Nexus business operations as MCP tools with role-based
access control. All operations use GraphQL internally for consistency.

Roles:
- ADMIN: Full access to all operations
- TEAM_LEADER: View all, no modifications
- TEAM_MEMBER: View/modify own assigned work only
"""

# Import base to initialize Django and create MCP instance
from core.mcp.base import mcp

# Import all tool modules to register them
from core.mcp.tools import (  # noqa: F401
    auth,
    dashboard,
    customers,
    services,
    projects,
    sessions,
    notifications,
    admin,
    utility,
)


# =============================================================================
# RESOURCES
# =============================================================================

@mcp.resource("nexus://schema")
def get_graphql_schema() -> str:
    """Get the GraphQL schema in SDL format."""
    from core.graphql.schema import schema
    return str(schema)


@mcp.resource("nexus://roles")
def get_roles_info() -> str:
    """Get information about role permissions."""
    return """# Nexus Role Permissions

## ADMIN
- Full access to all operations
- Can view all customers, accounts, services, projects
- Can create/update/delete services and projects
- Can open/close sessions for any work
- Can manage system-wide notification rules

## TEAM_LEADER
- View-only access to all data
- Can see all customers, accounts, services, projects
- Cannot create, update, or delete anything
- Cannot open/close sessions
- Can manage their own notifications

## TEAM_MEMBER
- Limited to their own assigned work
- Can view only services/projects assigned to them
- Can open/close sessions for their assigned work
- Can manage task completions during sessions
- Can create personal notification rules (scoped to self)
- Can manage their own notifications
"""


if __name__ == "__main__":
    mcp.run()