# Tanjiren MCP Resources

Resources are the stable, read-only context surface of `tanjiren-mcp`.

Use resources when you want:

- canonical context
- something a host can cache
- a URI you can refer back to
- state without treating every read as an action

## Static resources

### `tanjiren://session/whoami`

Use this first. It returns:

- user id
- organization id
- role
- org type
- enforced plan
- granted scopes

### `tanjiren://org/current`

Canonical summary of the active organization and what capabilities this session has inside it.

### `tanjiren://limits/current`

Plan-derived operational limits and capability flags:

- workstation limit
- controller limit
- fleet group limit
- audit retention days
- whether this session can operate (`canOperate`)
- whether this session can read governance data (`canReadGovernance`)

Use this when you need to check whether task execution or governance reads are allowed before attempting them.

### `tanjiren://org/current/security-policy`

Trusted-controller policy summary. Shows whether the following are gated by policy:

- task execution
- relay
- rotation approval
- controller governance

Use this when you need to understand whether an operate action will be blocked by org-level security constraints.

### `tanjiren://org/current/doctrine`

Organization doctrine and operational guidance for agents and human operators.

### `tanjiren://docs/mcp-overview`

Stable server-side summary of how to reason about the MCP surface. Cacheable for the session lifetime.

### `tanjiren://tasks/runtime-overview`

Organization-wide summary of task runtime state.

### `tanjiren://workers/runtime-overview`

Organization-wide summary of worker health and routing state.

## Template resources

### `tanjiren://workstations/{instanceId}`

Canonical read-only record for one workstation.

Use this when you need:

- online/offline state
- workstation metadata (OS, hostname, appVersion)
- tags
- stable object context before creating a task

### `tanjiren://tasks/{taskId}`

Canonical read-only record for one task, including execution, steps, and artifacts.

### `tanjiren://tasks/{taskId}/delegation-contract`

Canonical read-only summary of the intent, targets, constraints, and expected execution contract for one task.

### `tanjiren://workers/{workerId}`

Canonical read-only record for one worker including trust state, task linkage, and runtime health.

### `tanjiren://workers/{workerId}/agent-card`

Agent-facing worker card for a single worker identity.

### `tanjiren://runbooks/{runbookId}`

Canonical runbook blueprint record for one runbook.

### `tanjiren://investigations/{investigationId}`

Canonical investigation record for one investigation including linked tasks and synthesized findings.

## Recommended usage

1. Read `tanjiren://session/whoami`
2. Read `tanjiren://org/current`
3. Read `tanjiren://limits/current` to understand plan constraints
4. Read `tanjiren://org/current/security-policy` if the task may involve execution or relay
5. Then move into workstation, worker, task, runbook, or investigation resources as needed