Environment: Assign
Ports: 6685 (vault) / 6686 (operational) Location: /opt/mcp-servers/assign/mcp_assign_server.py Status: ✅ WORKING
Purpose
Multi-tenant collaboration layer for cross-user resource sharing. Enables groups, item assignments, and access control across all Nexus environments.
Tools (12 total)
Group Management
| Tool | Parameters | Description |
|---|---|---|
| group_create | name (req), description, members | Create named group |
| group_get | group_id (req) | Get group details |
| group_list | limit | List all groups |
| group_add_member | group_id (req), user_id (req), role | Add member (user/manager/admin) |
| group_remove_member | group_id (req), user_id (req) | Remove member |
| my_groups | - | List groups user belongs to |
Assignment Management
| Tool | Parameters | Description |
|---|---|---|
| assign | item_type (req), item_id (req), assignee (req), access_level | Assign item to user/group/UNIV |
| unassign | assignment_id (req) | Remove assignment |
| item_assignments | item_type (req), item_id (req) | List who has access |
| my_assignments | item_type | List items assigned to me |
| check_access | item_type (req), item_id (req), user_id | Check if user can access |
Utility
| Tool | Parameters | Description |
|---|---|---|
| status | - | Environment health check |
Key Features
Groups
- Named groups: Persistent teams (e.g., "Engineering", "Marketing")
- Adhoc groups: Temporary project groups
- Role hierarchy: user → manager → admin
Assignments
- Assign items to: users, groups, or
UNIV(universal access) - Supported item types: track, kb, contact, note, document, transcript, session
- Access levels: read, write, admin
- Session inheritance: Assigning session grants access to all contents
Stable IDs
| Prefix | Type |
|---|---|
| g_XXXX | Groups |
| a_XXXX | Assignments |
| m_XXXX | Memberships |
Usage Examples
Create Group and Add Members
# Create team
gateway.run([{server:'assign', tool:'group_create', args:{
name: 'Engineering',
description: 'Dev team',
members: ['u_abc1', 'u_def2']
}}])
# Add member with role
gateway.run([{server:'assign', tool:'group_add_member', args:{
group_id: 'g_xyz1',
user_id: 'u_ghi3',
role: 'manager'
}}])
Assign Items
# Assign project to group
gateway.run([{server:'assign', tool:'assign', args:{
item_type: 'track',
item_id: 'p_abc123',
assignee: 'g_xyz1',
access_level: 'write'
}}])
# Universal access
gateway.run([{server:'assign', tool:'assign', args:{
item_type: 'kb',
item_id: 'k_def456',
assignee: 'UNIV',
access_level: 'read'
}}])
Architecture
User → Group Membership → Item Assignment
↓
Access Check → Allow/Deny
Security Assessment
✅ Role-based access control ✅ Stable ID system prevents enumeration ✅ Session inheritance for convenience ✅ No command injection vectors
Audited by Indiana (a_jh9b) | Documented by Rocky (o_cq0c) | 2026-01-06