profile

package
v0.39.0-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 9, 2026 License: MIT Imports: 1 Imported by: 0

Documentation

Overview

Package profile carries request-scoped in-proxy profile filtering (Spec 057).

A profile is a named, stateless view over a subset of the configured upstream servers, addressable at /mcp/p/<slug>. A ProfileScope is resolved once by the profile middleware from the request URL and injected into the request context; the scope filters which servers a request may see/call. It is an independent, auth-type-agnostic primitive that composes with (but does not depend on) the Spec 028 agent-token scope — an unauthenticated /mcp/p/<slug> connection runs as an admin AuthContext yet must still be profile-filtered.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func WithProfileScope 

func WithProfileScope(ctx context.Context, p *ProfileScope) context.Context

WithProfileScope returns a context carrying the given ProfileScope.

Types

type ProfileScope 

type ProfileScope struct {
	// Name is the resolved profile slug, used in rejection messages and activity
	// metadata (FR-012).
	Name string
	// contains filtered or unexported fields
}

ProfileScope is the immutable, request-scoped set of servers a profile exposes. It is resolved by profileMiddleware from the /mcp/p/<slug> URL and never mutated for the lifetime of a request.

func NewProfileScope 

func NewProfileScope(name string, servers []string) *ProfileScope

NewProfileScope builds a scope for the named profile over the given effective server set. The returned scope is always non-nil (an empty/nil server list is a legal profile that allows nothing).

func ProfileScopeFromContext 

func ProfileScopeFromContext(ctx context.Context) *ProfileScope

ProfileScopeFromContext extracts the ProfileScope, or nil when the request did not enter via a profile URL (no filtering).

func (*ProfileScope) AllowedServerNames 

func (p *ProfileScope) AllowedServerNames() []string

AllowedServerNames returns the list of server names in this profile scope. Returns nil for a nil receiver (allow-all — no restriction list). Returns an empty slice for a non-nil scope with no servers (deny-all).

func (*ProfileScope) Allows 

func (p *ProfileScope) Allows(serverName string) bool

Allows reports whether the named server is visible under this scope.

A nil receiver means the request did not enter via /mcp/p/<slug> (it used /mcp, /mcp/code, or /mcp/call) and therefore is not profile-filtered — every server is allowed (FR-010). A non-nil scope allows only servers in its set; the empty server name is never allowed for a real scope.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.