UNPKG

@ithena-one/mcp-governance

Version:

Governance layer (Identity, RBAC, Credentials, Audit, Logging, Tracing) for Model Context Protocol (MCP) servers.

42 lines (41 loc) 1.75 kB
import { PermissionStore, RoleStore } from '../interfaces/rbac.js'; import { UserIdentity, OperationContext, TransportContext } from '../types.js'; import { Request } from '@modelcontextprotocol/sdk/types.js'; /** * Derives a permission string based on the MCP method and parameters. * Examples: * - `tool:call:<tool_name>` * - `resource:read:<uri>` (if fixed URI) * - `resource:read:<uri_template>` (if template URI) * - `resource:list` * - `resource:templates:list` * - `prompt:get:<prompt_name>` * - `prompt:list` * Returns null for protocol-level messages like 'initialize', 'ping'. */ export declare function defaultDerivePermission(request: Request, _transportContext: TransportContext): string | null; /** * Simple in-memory RoleStore implementation. */ export declare class InMemoryRoleStore implements RoleStore { private rolesByUser; constructor(initialRoles?: Record<string, string[]>); getRoles(identity: UserIdentity, _opCtx: OperationContext): Promise<string[]>; /** Adds roles to a user. */ addUserRoles(userId: string, roles: string[]): void; /** Removes roles from a user. */ removeUserRoles(userId: string, roles: string[]): void; } /** * Simple in-memory PermissionStore implementation. */ export declare class InMemoryPermissionStore implements PermissionStore { private permissionsByRole; private logger; constructor(initialPermissions?: Record<string, string[]>); hasPermission(role: string, permission: string, opCtx: OperationContext): Promise<boolean>; /** Adds a permission to a role. */ addPermission(role: string, permission: string): void; /** Removes a permission from a role. */ removePermission(role: string, permission: string): void; }