The highest tagged major version is v2.

security

package

v1.5.0 Latest Latest Go to latest Published: Mar 29, 2026 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/codestz/mcpx

Links

Open Source Insights

Documentation ¶

Index ¶

func ActionString(a Action) string
type Action
type AuditEntry
type AuditLogger
- func NewAuditLogger(path string, redact []string) *AuditLogger
- func (a *AuditLogger) Log(entry AuditEntry) error
type Evaluator
- func NewEvaluator(serverName string, global *config.SecurityConfig, ...) *Evaluator
- func (e *Evaluator) Evaluate(toolName string, args map[string]any) Result
type Result

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ActionString ¶

func ActionString(a Action) string

ActionString converts an Action to its audit log string.

Types ¶

type Action ¶

type Action int

Action represents the result of a policy evaluation.

const (
	// ActionAllow permits the tool call.
	ActionAllow Action = iota
	// ActionDeny blocks the tool call.
	ActionDeny
	// ActionWarn permits the call but emits a warning.
	ActionWarn
)

type AuditEntry ¶

type AuditEntry struct {
	Timestamp  string         `json:"timestamp"`
	Server     string         `json:"server"`
	Tool       string         `json:"tool"`
	Args       map[string]any `json:"args,omitempty"`
	Action     string         `json:"action"` // "allowed", "denied", "warned"
	PolicyName string         `json:"policy_name,omitempty"`
	Message    string         `json:"message,omitempty"`
}

AuditEntry represents a single audit log record.

type AuditLogger ¶

type AuditLogger struct {
	// contains filtered or unexported fields
}

AuditLogger writes JSONL audit logs.

func NewAuditLogger ¶

func NewAuditLogger(path string, redact []string) *AuditLogger

NewAuditLogger creates an audit logger that writes to the given path.

func (*AuditLogger) Log ¶

func (a *AuditLogger) Log(entry AuditEntry) error

Log writes an audit entry to the log file.

type Evaluator ¶

type Evaluator struct {
	// contains filtered or unexported fields
}

Evaluator evaluates security policies for a given server.

func NewEvaluator ¶

func NewEvaluator(serverName string, global *config.SecurityConfig, server *config.ServerSecurity) *Evaluator

NewEvaluator creates an Evaluator from global and per-server security config.

func (*Evaluator) Evaluate ¶

func (e *Evaluator) Evaluate(toolName string, args map[string]any) Result

Evaluate checks whether a tool call is permitted.

type Result ¶

type Result struct {
	Action     Action
	PolicyName string
	Message    string
	Details    string // extra context (e.g. which arg matched)
}

Result holds the outcome of evaluating security policies.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL