@ithena-one/mcp-governance
Version:
Governance layer (Identity, RBAC, Credentials, Audit, Logging, Tracing) for Model Context Protocol (MCP) servers.
42 lines (41 loc) • 1.75 kB
TypeScript
import { PermissionStore, RoleStore } from '../interfaces/rbac.js';
import { UserIdentity, OperationContext, TransportContext } from '../types.js';
import { Request } from '@modelcontextprotocol/sdk/types.js';
/**
* Derives a permission string based on the MCP method and parameters.
* Examples:
* - `tool:call:<tool_name>`
* - `resource:read:<uri>` (if fixed URI)
* - `resource:read:<uri_template>` (if template URI)
* - `resource:list`
* - `resource:templates:list`
* - `prompt:get:<prompt_name>`
* - `prompt:list`
* Returns null for protocol-level messages like 'initialize', 'ping'.
*/
export declare function defaultDerivePermission(request: Request, _transportContext: TransportContext): string | null;
/**
* Simple in-memory RoleStore implementation.
*/
export declare class InMemoryRoleStore implements RoleStore {
private rolesByUser;
constructor(initialRoles?: Record<string, string[]>);
getRoles(identity: UserIdentity, _opCtx: OperationContext): Promise<string[]>;
/** Adds roles to a user. */
addUserRoles(userId: string, roles: string[]): void;
/** Removes roles from a user. */
removeUserRoles(userId: string, roles: string[]): void;
}
/**
* Simple in-memory PermissionStore implementation.
*/
export declare class InMemoryPermissionStore implements PermissionStore {
private permissionsByRole;
private logger;
constructor(initialPermissions?: Record<string, string[]>);
hasPermission(role: string, permission: string, opCtx: OperationContext): Promise<boolean>;
/** Adds a permission to a role. */
addPermission(role: string, permission: string): void;
/** Removes a permission from a role. */
removePermission(role: string, permission: string): void;
}