docs: Add tool discovery proposal

[rubambiza]

Summary

• Proposes optional, opt-in tool discovery for KAN: a controller that calls tools/list on MCP backends, validates schemas, and surfaces discovered tools in XBackend.status
• Enables policy validation against real backend state, operator visibility via kubectl, and a foundation for response filtering
• Discovery is advisory (does not affect policy enforcement) and opt-in via annotation

Phasing

• Phase 1: In-cluster discovery over plain HTTP with graceful failure for auth-required backends
• Phase 2: External backends with TLS/authentication (deferred pending Backend spec stabilization)
• Phase 3: AccessPolicy cross-referencing against discovered tools

Prior discussion

This proposal was initially drafted and reviewed on the fork PR (rubambiza#1) with feedback from @evaline-ju and @david-martin incorporated.

Test plan

• Community review of proposal content and API design
• Alignment on community consensus points (XBackend.status location, MCP client library, sync interval)

[netlify]

✅ Deploy Preview for kube-agentic-networking ready!

Name	Link
🔨 Latest commit	6a59a19
🔍 Latest deploy log	https://app.netlify.com/projects/kube-agentic-networking/deploys/69e99a98f65e37000802c668
😎 Deploy Preview	https://deploy-preview-227--kube-agentic-networking.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: rubambiza
Once this PR has been reviewed and has the lgtm label, please assign david-martin for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Hi @rubambiza. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Tip

We noticed you've done this a few times! Consider joining the org to skip this step and gain /lgtm and other bot rights. We recommend asking approvers on your previous PRs to sponsor you.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[evaline-ju]

/ok-to-test

[LiorLieberman]

/cc

[david-martin]

Given the XBackend resource won't be in v1alpha1, we should hold this for now.
I see the value in having a controller being able to list and report back tools from mcp servers for more than AccessPolicy tool validation. For example, it can help with configuration validation, or surfacing of tools for informational purposes beyond auth.

I tend to like the standalone (extension?) approach, as making it a required piece could be a barrier to some agentic networking implementations, and could potentially be unwanted in some installations for various reasons (unwanted load, difficult to configure auth for some mcp servers)

/hold

[david-martin]

Good to call this out.
I wonder, should we be more explicit to avoid confusion here as there are 2 identities at play here.
The identity to use when this new controller calls tools/list for populating the backend status,
and the identity when an agent/user is calling tool list?
The latter tool/list filtering I see as dynamic at list time, performing an authZ function, and driven by the rules in AccessPolicy

[david-martin]

https?

[david-martin]

30s probably too aggresive.
5 minutes maybe?

[david-martin]

agentic.networking.x-k8s.io

[david-martin]

note the change to method based matching in v1alpha1

kube-agentic-networking/api/v1alpha1/accesspolicy_types.go

Line 197 in d2507a7

// +kubebuilder:validation:XValidation:rule="has(self.params) && self.params.size() > 0 ? self.name in ['prompts/get', 'tools/call', 'resources/subscribe', 'resources/unsubscribe', 'resources/read'] : true",message="Params can only be specified for get, call, subscribe, unsubscribe, or read methods"

Will need to consider that and update here.