store

package
v0.8.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 20, 2026 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package store provides per-session authentication and capability stores for the token broker layer.

Index

Constants

View Source 
const DefaultCapabilityStoreTTL = 30 * 24 * time.Hour

DefaultCapabilityStoreTTL is the session-level TTL for capability entries.

Variables

This section is empty.

Functions

This section is empty.

Types

type Capabilities 

type Capabilities struct {
	Tools     []mcp.Tool
	Resources []mcp.Resource
	Prompts   []mcp.Prompt
}

Capabilities holds the MCP capabilities for a session+server pair.

func (*Capabilities) DeepCopy 

func (c *Capabilities) DeepCopy() *Capabilities

DeepCopy returns a new Capabilities with independent slice backing arrays. Element structs (Tool/Resource/Prompt) are copied by value.

type CapabilityStore 

type CapabilityStore interface {
	// Get returns the capabilities for a session+server pair.
	// Returns nil, nil on cache miss.
	Get(ctx context.Context, sessionID, serverName string) (*Capabilities, error)
	// GetAll returns all capabilities for a session, keyed by server name.
	GetAll(ctx context.Context, sessionID string) (map[string]*Capabilities, error)
	// Set stores capabilities for a session+server pair and resets the session TTL.
	Set(ctx context.Context, sessionID, serverName string, caps *Capabilities) error
	// Delete removes all capabilities for a session (full logout).
	Delete(ctx context.Context, sessionID string) error
	// DeleteEntry removes capabilities for a single session+server pair (per-server logout).
	DeleteEntry(ctx context.Context, sessionID, serverName string) error
	// DeleteServer removes capabilities for a server across all sessions (deregistration).
	DeleteServer(ctx context.Context, serverName string) error
	// Exists reports whether capabilities exist for a session+server pair.
	Exists(ctx context.Context, sessionID, serverName string) (bool, error)
	// Touch resets the session TTL. Returns true if the session existed and was touched.
	Touch(ctx context.Context, sessionID string) (bool, error)
	// ListSessions returns current sessionIDs; expired sessions are excluded.
	ListSessions(ctx context.Context) ([]string, error)
}

CapabilityStore stores per-session, per-server MCP capabilities. Implementations must be safe for concurrent use.

type InMemoryCapabilityStore 

type InMemoryCapabilityStore struct {
	// contains filtered or unexported fields
}

InMemoryCapabilityStore is a map-based CapabilityStore with per-session TTL timers. Suitable for single-pod dev/test deployments.

func NewInMemoryCapabilityStore 

func NewInMemoryCapabilityStore(ttl time.Duration) *InMemoryCapabilityStore

NewInMemoryCapabilityStore creates an in-memory store with the given session TTL.

func (*InMemoryCapabilityStore) Delete 

func (s *InMemoryCapabilityStore) Delete(_ context.Context, sessionID string) error

func (*InMemoryCapabilityStore) DeleteEntry 

func (s *InMemoryCapabilityStore) DeleteEntry(_ context.Context, sessionID, serverName string) error

func (*InMemoryCapabilityStore) DeleteServer 

func (s *InMemoryCapabilityStore) DeleteServer(_ context.Context, serverName string) error

func (*InMemoryCapabilityStore) Exists 

func (s *InMemoryCapabilityStore) Exists(_ context.Context, sessionID, serverName string) (bool, error)

func (*InMemoryCapabilityStore) Get 

func (s *InMemoryCapabilityStore) Get(_ context.Context, sessionID, serverName string) (*Capabilities, error)

func (*InMemoryCapabilityStore) GetAll 

func (s *InMemoryCapabilityStore) GetAll(_ context.Context, sessionID string) (map[string]*Capabilities, error)

func (*InMemoryCapabilityStore) ListSessions 

func (s *InMemoryCapabilityStore) ListSessions(_ context.Context) ([]string, error)

func (*InMemoryCapabilityStore) Set 

func (s *InMemoryCapabilityStore) Set(_ context.Context, sessionID, serverName string, caps *Capabilities) error

func (*InMemoryCapabilityStore) Stop 

func (s *InMemoryCapabilityStore) Stop()

Stop cleans up all timers. Call when the store is no longer needed.

func (*InMemoryCapabilityStore) Touch 

func (s *InMemoryCapabilityStore) Touch(_ context.Context, sessionID string) (bool, error)

type InMemorySessionAuthStore 

type InMemorySessionAuthStore struct {
	// contains filtered or unexported fields
}

InMemorySessionAuthStore is a map-based SessionAuthStore with per-session TTL timers. Suitable for single-pod dev/test deployments.

func NewInMemorySessionAuthStore 

func NewInMemorySessionAuthStore(ttl time.Duration) *InMemorySessionAuthStore

NewInMemorySessionAuthStore creates an in-memory auth store with the given session TTL.

func (*InMemorySessionAuthStore) IsAuthenticated 

func (s *InMemorySessionAuthStore) IsAuthenticated(_ context.Context, sessionID, serverName string) (bool, error)

func (*InMemorySessionAuthStore) MarkAuthenticated 

func (s *InMemorySessionAuthStore) MarkAuthenticated(_ context.Context, sessionID, serverName string) error

func (*InMemorySessionAuthStore) Revoke 

func (s *InMemorySessionAuthStore) Revoke(_ context.Context, sessionID, serverName string) error

func (*InMemorySessionAuthStore) RevokeServer 

func (s *InMemorySessionAuthStore) RevokeServer(_ context.Context, serverName string) error

func (*InMemorySessionAuthStore) RevokeSession 

func (s *InMemorySessionAuthStore) RevokeSession(_ context.Context, sessionID string) error

func (*InMemorySessionAuthStore) Stop 

func (s *InMemorySessionAuthStore) Stop()

Stop cleans up all timers. Call when the store is no longer needed.

func (*InMemorySessionAuthStore) Touch 

func (s *InMemorySessionAuthStore) Touch(_ context.Context, sessionID string) (bool, error)

type SessionAuthStore 

type SessionAuthStore interface {
	// IsAuthenticated reports whether the session has authenticated to the server.
	IsAuthenticated(ctx context.Context, sessionID, serverName string) (bool, error)
	// MarkAuthenticated records successful authentication and resets the session TTL.
	MarkAuthenticated(ctx context.Context, sessionID, serverName string) error
	// Revoke removes auth state for a single session+server pair (per-server logout).
	Revoke(ctx context.Context, sessionID, serverName string) error
	// RevokeSession removes all auth state for a session (full logout / token revocation).
	RevokeSession(ctx context.Context, sessionID string) error
	// RevokeServer removes auth state for a server across all sessions (deregistration).
	RevokeServer(ctx context.Context, serverName string) error
	// Touch extends the session TTL. Returns true if the session existed and was touched.
	Touch(ctx context.Context, sessionID string) (bool, error)
}

SessionAuthStore tracks per-session, per-server authentication state. It answers: "may this session call tools on this server?" Implementations must be safe for concurrent use.

type ValkeyCapabilityStore 

type ValkeyCapabilityStore struct {
	// contains filtered or unexported fields
}

ValkeyCapabilityStore stores per-session capabilities in Valkey hashes.

Data model: 

Key:    {keyPrefix}cap:{sessionID}
Fields: {serverName} -> JSON{tools, resources, prompts}
TTL:    session-level, reset on every Set via EXPIRE

func NewValkeyCapabilityStore 

func NewValkeyCapabilityStore(client valkey.Client, ttl time.Duration, keyPrefix string) *ValkeyCapabilityStore

NewValkeyCapabilityStore creates a Valkey-backed capability store. keyPrefix is prepended to all Valkey keys (default "muster:" if empty).

func (*ValkeyCapabilityStore) Delete 

func (s *ValkeyCapabilityStore) Delete(ctx context.Context, sessionID string) error

func (*ValkeyCapabilityStore) DeleteEntry 

func (s *ValkeyCapabilityStore) DeleteEntry(ctx context.Context, sessionID, serverName string) error

func (*ValkeyCapabilityStore) DeleteServer 

func (s *ValkeyCapabilityStore) DeleteServer(ctx context.Context, serverName string) error

func (*ValkeyCapabilityStore) Exists 

func (s *ValkeyCapabilityStore) Exists(ctx context.Context, sessionID, serverName string) (bool, error)

func (*ValkeyCapabilityStore) Get 

func (s *ValkeyCapabilityStore) Get(ctx context.Context, sessionID, serverName string) (*Capabilities, error)

func (*ValkeyCapabilityStore) GetAll 

func (s *ValkeyCapabilityStore) GetAll(ctx context.Context, sessionID string) (map[string]*Capabilities, error)

func (*ValkeyCapabilityStore) ListSessions 

func (s *ValkeyCapabilityStore) ListSessions(ctx context.Context) ([]string, error)

ListSessions returns every sessionID with a capability entry.

func (*ValkeyCapabilityStore) Set 

func (s *ValkeyCapabilityStore) Set(ctx context.Context, sessionID, serverName string, caps *Capabilities) error

func (*ValkeyCapabilityStore) Touch 

func (s *ValkeyCapabilityStore) Touch(ctx context.Context, sessionID string) (bool, error)

type ValkeySessionAuthStore 

type ValkeySessionAuthStore struct {
	// contains filtered or unexported fields
}

ValkeySessionAuthStore stores per-session authentication state in Valkey hashes.

Data model: 

Key:    {keyPrefix}auth:{sessionID}
Fields: {serverName} -> "1"
TTL:    session-level, reset on every MarkAuthenticated via EXPIRE

func NewValkeySessionAuthStore 

func NewValkeySessionAuthStore(client valkey.Client, ttl time.Duration, keyPrefix string) *ValkeySessionAuthStore

NewValkeySessionAuthStore creates a Valkey-backed session auth store. keyPrefix is prepended to all Valkey keys (default "muster:" if empty).

func (*ValkeySessionAuthStore) IsAuthenticated 

func (s *ValkeySessionAuthStore) IsAuthenticated(ctx context.Context, sessionID, serverName string) (bool, error)

func (*ValkeySessionAuthStore) MarkAuthenticated 

func (s *ValkeySessionAuthStore) MarkAuthenticated(ctx context.Context, sessionID, serverName string) error

func (*ValkeySessionAuthStore) Revoke 

func (s *ValkeySessionAuthStore) Revoke(ctx context.Context, sessionID, serverName string) error

func (*ValkeySessionAuthStore) RevokeServer 

func (s *ValkeySessionAuthStore) RevokeServer(ctx context.Context, serverName string) error

func (*ValkeySessionAuthStore) RevokeSession 

func (s *ValkeySessionAuthStore) RevokeSession(ctx context.Context, sessionID string) error

func (*ValkeySessionAuthStore) Touch 

func (s *ValkeySessionAuthStore) Touch(ctx context.Context, sessionID string) (bool, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.