authz

package
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 5, 2026 License: MIT Imports: 3 Imported by: 0

Documentation

Overview

Package authz defines the authorization interface that mcp-kit consumers implement to expose their existing RBAC / permission model to the kit.

The kit never owns roles or permissions. Tool handlers in consumer code use the consumer's existing authz machinery directly. This package exists so kit-internal code (e.g. audit-log read endpoints in future versions) has a stable surface to call into.

Index

Constants

This section is empty.

Variables

View Source 
var ErrForbidden = errors.New("authz: forbidden")

ErrForbidden indicates the user lacks the required permission. Consumers MUST return this exact sentinel so the kit can map it to a 403 response.

Functions

This section is empty.

Types

type Service 

type Service interface {
	// Check returns nil when userID has the named permission. Returns
	// ErrForbidden when they don't. Any other error is treated as a 500
	// (e.g. database unavailable).
	Check(ctx context.Context, userID uuid.UUID, permission string) error
}

Service is the consumer's authorization checker. Implementations must be safe for concurrent use.

func AlwaysAllow 

func AlwaysAllow() Service

AlwaysAllow returns a Service that approves every check. Intended for tests and for consumers wiring in dev/local mode without a real RBAC system. Never use in production.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.