consent

package
v1.23.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 26, 2026 License: MIT Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ConfigKeyConsent = agentcopilot.ConfigKeyConsent
)

Variables

View Source 
var AllowedActionTypes = []ActionType{
	ActionReadOnly,
	ActionAny,
}

AllowedActionTypes contains the valid action types for command validation

View Source 
var AllowedOperationTypes = []OperationType{
	OperationTypeTool,
	OperationTypeSampling,
	OperationTypeElicitation,
}

AllowedOperationTypes contains the valid operation contexts for command validation

View Source 
var AllowedPermissions = []Permission{
	PermissionAllow,
	PermissionDeny,
	PermissionPrompt,
}

AllowedPermissions contains the valid permissions for command validation

View Source 
var AllowedScopes = []Scope{
	ScopeGlobal,
	ScopeProject,
	ScopeSession,
	ScopeOneTime,
}

AllowedScopes contains the valid scopes for command validation

View Source 
var ErrElicitationDenied = fmt.Errorf("elicitation denied by user")
View Source 
var ErrSamplingDenied = fmt.Errorf("sampling denied by user")
View Source 
var ErrToolExecutionDenied = fmt.Errorf("tool execution denied by user")
View Source 
var ErrToolExecutionSkipped = fmt.Errorf("tool execution skipped by user")

Functions

This section is empty.

Types

type ActionType 

type ActionType string

ActionType defines the kind of action the rule controls 

const (
	ActionReadOnly ActionType = "readonly"
	ActionAny      ActionType = "any"
)

func ParseActionType 

func ParseActionType(actionStr string) (ActionType, error)

ParseActionType converts a string to ActionType with validation

type ConsentChecker 

type ConsentChecker struct {
	// contains filtered or unexported fields
}

ConsentChecker provides shared consent checking logic for different tool types

func NewConsentChecker 

func NewConsentChecker(
	consentMgr ConsentManager,
	serverName string,
) *ConsentChecker

NewConsentChecker creates a new shared consent checker

func (*ConsentChecker) CheckElicitationConsent 

func (cc *ConsentChecker) CheckElicitationConsent(
	ctx context.Context,
	toolName string,
) (*ConsentDecision, error)

CheckElicitationConsent checks elicitation consent for a specific tool

func (*ConsentChecker) CheckSamplingConsent 

func (cc *ConsentChecker) CheckSamplingConsent(
	ctx context.Context,
	toolName string,
) (*ConsentDecision, error)

CheckSamplingConsent checks sampling consent for a specific tool

func (*ConsentChecker) CheckToolConsent 

func (cc *ConsentChecker) CheckToolConsent(
	ctx context.Context,
	toolName, toolDesc string,
	annotations mcp.ToolAnnotation,
) (*ConsentDecision, error)

CheckToolConsentWithAnnotations checks tool consent with optional MCP annotations

func (*ConsentChecker) PromptAndGrantConsent 

func (cc *ConsentChecker) PromptAndGrantConsent(
	ctx context.Context,
	toolName, displayName, toolDesc string,
	annotations mcp.ToolAnnotation,
) error

PromptAndGrantConsent shows consent prompt and grants permission based on user choice. toolName is the consent rule identifier (e.g., "shell"). displayName is what the user sees in the prompt (e.g., "shell command: npm install"). toolDesc is the help text with additional context.

func (*ConsentChecker) PromptAndGrantElicitationConsent 

func (cc *ConsentChecker) PromptAndGrantElicitationConsent(
	ctx context.Context,
	toolName, toolDesc string,
) error

PromptAndGrantElicitationConsent shows elicitation consent prompt and grants permission based on user choice

func (*ConsentChecker) PromptAndGrantReadOnlyToolConsent 

func (cc *ConsentChecker) PromptAndGrantReadOnlyToolConsent(
	ctx context.Context,
) error

PromptAndGrantReadOnlyToolConsent shows consent prompt and grants permission based on user choice for read only tools

func (*ConsentChecker) PromptAndGrantSamplingConsent 

func (cc *ConsentChecker) PromptAndGrantSamplingConsent(
	ctx context.Context,
	toolName, toolDesc string,
) error

PromptAndGrantSamplingConsent shows sampling consent prompt and grants permission based on user choice

type ConsentConfig 

type ConsentConfig struct {
	Rules []ConsentRule `json:"rules,omitempty"`
}

ConsentConfig represents the MCP consent configuration

type ConsentDecision 

type ConsentDecision struct {
	Allowed        bool
	Reason         string
	RequiresPrompt bool
}

ConsentDecision represents the result of a consent check

type ConsentManager 

type ConsentManager interface {
	CheckConsent(ctx context.Context, request ConsentRequest) (*ConsentDecision, error)
	GrantConsent(ctx context.Context, rule ConsentRule) error
	ListConsentRules(ctx context.Context, options ...FilterOption) ([]ConsentRule, error)
	ClearConsentRules(ctx context.Context, options ...FilterOption) error

	// PromptWorkflowConsent shows an upfront consent prompt asking the user whether to grant
	// blanket access to the given MCP tool servers. If all servers are already trusted, the
	// prompt is skipped.
	PromptWorkflowConsent(ctx context.Context, servers []string) error

	// Environment context methods
	IsProjectScopeAvailable(ctx context.Context) bool
}

ConsentManager manages consent rules and decisions

func NewConsentManager 

func NewConsentManager(
	lazyEnvManager *lazy.Lazy[environment.Manager],
	console input.Console,
	userConfigManager config.UserConfigManager,
) ConsentManager

NewConsentManager creates a new consent manager

type ConsentRequest 

type ConsentRequest struct {
	ToolID      string
	ServerName  string
	Operation   OperationType // Type of consent being requested (tool, sampling, etc.)
	Parameters  map[string]any
	Annotations mcp.ToolAnnotation
}

ConsentRequest represents a request to check consent for a tool

type ConsentRule 

type ConsentRule struct {
	Scope      Scope         `json:"scope"`
	Target     Target        `json:"target"` // e.g. "myServer/myTool", "myServer/*", "*"
	Action     ActionType    `json:"action"`
	Operation  OperationType `json:"operation"`
	Permission Permission    `json:"permission"`
	GrantedAt  time.Time     `json:"grantedAt"`
}

ConsentRule represents a single consent rule entry

func (ConsentRule) Validate 

func (r ConsentRule) Validate() error

Validate checks if the consent rule is valid

type FilterOption 

type FilterOption func(*FilterOptions)

FilterOption represents a functional option for filtering consent rules

func WithAction 

func WithAction(action ActionType) FilterOption

WithAction filters rules by action type

func WithOperation 

func WithOperation(operation OperationType) FilterOption

WithOperation filters rules by operation type

func WithPermission 

func WithPermission(permission Permission) FilterOption

WithPermission filters rules by permission type

func WithScope 

func WithScope(scope Scope) FilterOption

WithScope filters rules by scope

func WithTarget 

func WithTarget(target Target) FilterOption

WithTarget filters rules by target pattern

type FilterOptions 

type FilterOptions struct {
	Scope      *Scope
	Operation  *OperationType
	Target     *Target
	Action     *ActionType
	Permission *Permission
}

FilterOptions contains the filtering options for listing consent rules

type OperationType 

type OperationType string

OperationType defines the feature or context for the rule 

const (
	OperationTypeTool        OperationType = "tool"        // running tools
	OperationTypeSampling    OperationType = "sampling"    // sampling requests
	OperationTypeElicitation OperationType = "elicitation" // elicitation requests
)

func ParseOperationType 

func ParseOperationType(contextStr string) (OperationType, error)

ParseOperationType converts a string to OperationType with validation

type Permission 

type Permission string

Permission is the consent outcome for a rule 

const (
	PermissionAllow  Permission = "allow"
	PermissionDeny   Permission = "deny"
	PermissionPrompt Permission = "prompt"
)

func ParsePermission 

func ParsePermission(permissionStr string) (Permission, error)

ParsePermission converts a string to Permission with validation

type Scope 

type Scope string

Scope defines the rule applicability level 

const (
	ScopeSession Scope = "session"
	ScopeProject Scope = "project"
	ScopeGlobal  Scope = "global"
	ScopeOneTime Scope = "one_time"
)

func ParseScope 

func ParseScope(scopeStr string) (Scope, error)

ParseScope converts a string to Scope with validation

type Target 

type Target string

Target is a consolidated string combining server and tool in the form "server/tool" Wildcards supported, e.g., "server/*" means all tools in that server, "*" or "*/*" means all servers/tools

func NewGlobalTarget 

func NewGlobalTarget() Target

NewGlobalTarget creates a target for all servers and tools

func NewServerTarget 

func NewServerTarget(server string) Target

NewServerTarget creates a target for all tools in a server

func NewToolTarget 

func NewToolTarget(server, tool string) Target

NewToolTarget creates a target for a specific tool

func (Target) Validate 

func (t Target) Validate() error

Validate checks if the target format is valid

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.