UNPKG

octocode-mcp

Version:

Model Context Protocol (MCP) server for advanced GitHub repository analysis, code discovery, and npm package exploration. Provides AI assistants with powerful tools to search, analyze, and understand codebases across GitHub and npm ecosystems.

octocode.ai

bgauryy/octocode-mcp

3 lines (2 loc) 3.91 kB
1
2
3
#!/usr/bin/env node class e{static policies=new Map;static initialized=!1;static initialize(){this.initialized||(this.initialized=!0,this.loadDefaultPolicies())}static registerPolicy(e){this.policies.set(e.id,e)}static getPolicies(){return Array.from(this.policies.values())}static getPolicy(e){return this.policies.get(e)||null}static async evaluatePolicies(e){if(!this.initialized)return{allowed:!0,policies:[]};const i={allowed:!0,policies:[],requirements:[],auditEvents:[]};for(const t of this.policies.values()){if(!t.enabled)continue;const a=await this.evaluatePolicy(t,e);if(i.policies.push({policyId:t.id,matched:a.matched,action:a.action}),a.matched)for(const a of t.actions)switch(a.type){case"deny":i.allowed=!1;break;case"require_approval":i.requirements=i.requirements||[],i.requirements.push(`Approval required by policy: ${t.name}`);break;case"audit_log":i.auditEvents=i.auditEvents||[],i.auditEvents.push({action:`policy_${t.id}_triggered`,details:{policyName:t.name,context:e,...a.parameters}});break;case"rate_limit":i.auditEvents=i.auditEvents||[],i.auditEvents.push({action:"policy_rate_limit_applied",details:{policyName:t.name,parameters:a.parameters}})}}return i}static isMfaRequired(e){if(!e)return!1;const i=this.policies.get("require_mfa");return i?.enabled||!1}static isRepositoryAccessRestricted(e){if(!e)return!1;const i=this.policies.get("restrict_repo_access");return i?.enabled||!1}static removePolicy(e){return this.policies.delete(e)}static clearPolicies(){this.policies.clear()}static getStats(){const e=Array.from(this.policies.values());return{initialized:this.initialized,totalPolicies:e.length,enabledPolicies:e.filter(e=>e.enabled).length,policies:e.map(e=>({id:e.id,name:e.name,enabled:e.enabled}))}}static loadDefaultPolicies(){"true"===process.env.REQUIRE_MFA&&this.registerPolicy({id:"require_mfa",name:"Multi-Factor Authentication Required",description:"Requires users to have MFA enabled for organization access",enabled:!0,conditions:[{type:"org_member",field:"organizationId",operator:"equals",value:process.env.GITHUB_ORGANIZATION||""}],actions:[{type:"audit_log",parameters:{event:"mfa_policy_checked"}}]}),"true"===process.env.RESTRICT_TO_MEMBERS&&this.registerPolicy({id:"restrict_repo_access",name:"Restrict Repository Access to Members",description:"Only organization members can access repositories",enabled:!0,conditions:[{type:"org_member",field:"organizationId",operator:"equals",value:process.env.GITHUB_ORGANIZATION||""}],actions:[{type:"audit_log",parameters:{event:"repo_access_policy_checked"}}]}),process.env.GITHUB_ADMIN_USERS&&this.registerPolicy({id:"admin_users",name:"Administrative Users",description:"Grants administrative privileges to specified users",enabled:!0,conditions:[{type:"user_in_list",field:"userId",operator:"in",value:process.env.GITHUB_ADMIN_USERS.split(",").map(e=>e.trim())}],actions:[{type:"allow"},{type:"audit_log",parameters:{event:"admin_access_granted"}}]})}static async evaluatePolicy(e,i){let t=!0;for(const a of e.conditions)if(!await this.evaluateCondition(a,i)){t=!1;break}return{matched:t,action:e.actions.find(e=>"deny"===e.type||"allow"===e.type)?.type||"allow"}}static async evaluateCondition(e,i){const t=this.getContextValue(e.field,i);switch(e.type){case"user_in_list":case"org_member":case"repo_visibility":return this.evaluateOperator(t,e.operator,e.value);default:return!1}}static getContextValue(e,i){switch(e){case"userId":return i.userId;case"organizationId":return i.organizationId;case"resource":return i.resource;case"action":return i.action;default:return i.metadata?.[e]}}static evaluateOperator(e,i,t){switch(i){case"equals":return e===t;case"not_equals":return e!==t;case"in":return Array.isArray(t)&&t.includes(e);case"not_in":return Array.isArray(t)&&!t.includes(e);case"contains":return"string"==typeof e&&"string"==typeof t&&e.includes(t);default:return!1}}}export{e as PolicyManager};