Documentation
¶
Index ¶
- Constants
- func DefaultGuardrailConfig() *config.GuardrailConfig
- func IsBlocked(cmd string) bool
- func RequestApproval(ctx context.Context, session *mcp.ServerSession, risk RiskLevel, ...) error
- func WithGuardrail[In, Out any](g *Guardrail, toolName string, riskInputFn func(In) RiskInput, ...) mcp.ToolHandlerFor[In, Out]
- type AuditEntry
- type AuditLogger
- type Decision
- type Guardrail
- type Policy
- type RiskInput
- type RiskLevel
Constants ¶
const ( FallbackDeny = "deny" // reject everything that needs approval FallbackAllow = "allow" // allow all, rely on client-side tool approval FallbackDowngrade = "downgrade" // allow moderate ops, still deny dangerous )
Fallback policies when client does not support Elicitation.
Variables ¶
This section is empty.
Functions ¶
func DefaultGuardrailConfig ¶
func DefaultGuardrailConfig() *config.GuardrailConfig
DefaultGuardrailConfig returns sensible defaults when no config is provided.
func RequestApproval ¶
func RequestApproval(ctx context.Context, session *mcp.ServerSession, risk RiskLevel, input RiskInput, fallback string) error
RequestApproval sends an Elicitation request to the MCP client, asking the user to approve a dangerous operation.
If the client does not support Elicitation, it falls back to the configured policy (deny / allow / downgrade).
func WithGuardrail ¶
func WithGuardrail[In, Out any]( g *Guardrail, toolName string, riskInputFn func(In) RiskInput, handler mcp.ToolHandlerFor[In, Out], ) mcp.ToolHandlerFor[In, Out]
WithGuardrail wraps any typed tool handler with the full guardrail pipeline: classify -> policy -> approval -> execute -> audit.
riskInputFn extracts a RiskInput from the tool-specific input type.
Types ¶
type AuditEntry ¶
type AuditEntry struct {
Timestamp time.Time `json:"ts"`
Tool string `json:"tool"`
NodeID string `json:"node,omitempty"`
Command string `json:"command,omitempty"`
Paths []string `json:"paths,omitempty"`
RiskLevel string `json:"risk"`
Decision string `json:"decision"`
Outcome string `json:"outcome"` // "executed", "denied", "error"
Error string `json:"error,omitempty"`
}
AuditEntry is a single line in the audit log.
type AuditLogger ¶
type AuditLogger struct {
// contains filtered or unexported fields
}
AuditLogger writes JSON Lines to a file.
func NewAuditLogger ¶
func NewAuditLogger(path string) *AuditLogger
NewAuditLogger creates a logger that writes to the given path. The path may contain ~ which is expanded to the user's home directory.
func (*AuditLogger) Log ¶
func (a *AuditLogger) Log(entry AuditEntry)
Log appends an audit entry to the log file.
type Guardrail ¶
type Guardrail struct {
// contains filtered or unexported fields
}
Guardrail coordinates risk classification, policy evaluation, approval, and audit logging for MCP tool invocations.
func New ¶
func New(cfg *config.GuardrailConfig) *Guardrail
New creates a Guardrail from configuration. If cfg is nil, defaults are used.
type Policy ¶
type Policy struct {
// contains filtered or unexported fields
}
Policy evaluates tool invocations against configurable rules.
func NewPolicy ¶
func NewPolicy(cfg *config.GuardrailConfig) *Policy
NewPolicy creates a policy engine from config.
type RiskInput ¶
type RiskInput struct {
ToolName string
NodeID string
Command string // populated only for ssh_run
Paths []string // file/directory paths involved
Sudo bool // whether sudo is requested
}
RiskInput carries contextual information about a single tool invocation for risk assessment.
type RiskLevel ¶
type RiskLevel int
RiskLevel represents the danger level of a tool invocation.
func AnalyzeCommand ¶
AnalyzeCommand returns the risk level for an ssh_run command string.
func AnalyzePaths ¶
AnalyzePaths returns the highest risk level implied by the given paths.
func Classify ¶
Classify returns the effective risk level for a tool invocation. For ssh_run, it refines the level based on command analysis.
func ParseRiskLevel ¶
ParseRiskLevel converts a string to RiskLevel, defaulting to Dangerous.
Source Files