Panther MCP Server

Instructions

Implementation Reference

• src/mcp_panther/panther_mcp_core/tools/users.py:17-82 (handler)

  The handler function for the 'list_users' MCP tool. It uses the Panther REST API to list users with pagination support (cursor and limit). Includes input schema via Annotated types with Pydantic Fields and the @mcp_tool decorator for registration.
  @mcp_tool( annotations={ "permissions": all_perms(Permission.USER_READ), "readOnlyHint": True, } ) async def list_users( cursor: Annotated[ str | None, Field(description="Optional cursor for pagination from a previous query"), ] = None, limit: Annotated[ int, Field( description="Maximum number of results to return (1-60)", ge=1, le=60, ), ] = 60, ) -> dict[str, Any]: """List all Panther user accounts. Returns: Dict containing: - success: Boolean indicating if the query was successful - users: List of user accounts if successful - total_users: Number of users returned - has_next_page: Boolean indicating if more results are available - next_cursor: Cursor for fetching the next page of results - message: Error message if unsuccessful """ logger.info("Fetching Panther users") try: # Use REST API with pagination support params = {"limit": limit} if cursor: params["cursor"] = cursor async with get_rest_client() as client: result, status = await client.get( "/users", params=params, expected_codes=[200] ) if status != 200: raise Exception(f"API request failed with status {status}") users = result.get("results", []) next_cursor = result.get("next") logger.info(f"Successfully retrieved {len(users)} users") return { "success": True, "users": users, "total_users": len(users), "has_next_page": next_cursor is not None, "next_cursor": next_cursor, } except Exception as e: logger.error(f"Failed to fetch users: {str(e)}") return { "success": False, "message": f"Failed to fetch users: {str(e)}", }
• src/mcp_panther/panther_mcp_core/tools/users.py:17-22 (registration)

  The @mcp_tool decorator application which registers the list_users function in the tool registry.
  @mcp_tool( annotations={ "permissions": all_perms(Permission.USER_READ), "readOnlyHint": True, } )
• src/mcp_panther/server.py:75-75 (registration)

  Call to register_all_tools which registers all decorated tools including list_users with the MCP server instance.
  register_all_tools(mcp)
• src/mcp_panther/panther_mcp_core/tools/registry.py:75-108 (helper)

  The register_all_tools function that iterates over all decorated tools and registers them with the MCP instance using mcp_instance.tool().
  def register_all_tools(mcp_instance) -> None: """ Register all tools marked with @mcp_tool with the given MCP instance. Args: mcp_instance: The FastMCP instance to register tools with """ logger.info(f"Registering {len(_tool_registry)} tools with MCP") # Sort tools by name sorted_funcs = sorted(_tool_registry, key=lambda f: f.__name__) for tool in sorted_funcs: logger.debug(f"Registering tool: {tool.__name__}") # Get tool metadata if it exists metadata = getattr(tool, "_mcp_tool_metadata", {}) annotations = metadata.get("annotations", {}) # Create tool decorator with metadata tool_decorator = mcp_instance.tool( name=metadata.get("name"), description=metadata.get("description"), annotations=annotations, ) if annotations and annotations.get("permissions"): if not tool.__doc__: tool.__doc__ = "" tool.__doc__ += f"\n\n Permissions:{annotations.get('permissions')}" # Register the tool tool_decorator(tool) logger.info("All tools registered successfully")
• src/mcp_panther/panther_mcp_core/tools/__init__.py:25-38 (registration)

  Import of the users module in tools/__init__.py, which triggers execution of the @mcp_tool decorator for list_users.
  from . import ( alerts, data_lake, data_models, detections, global_helpers, metrics, permissions, roles, scheduled_queries, schemas, sources, users, )