Skip to content

feat(policy): add MCP policy layer with startup validation#30

Draft
ghul0 wants to merge 1 commit intonicobailon:mainfrom
ghul0:feat/mcp-policy-layer-standalone
Draft

feat(policy): add MCP policy layer with startup validation#30
ghul0 wants to merge 1 commit intonicobailon:mainfrom
ghul0:feat/mcp-policy-layer-standalone

Conversation

@ghul0
Copy link
Copy Markdown

@ghul0 ghul0 commented Mar 30, 2026

Problem

The adapter currently exposes all tools and resources from a configured MCP server and forwards tool arguments without an adapter-side policy layer. That makes it hard to enforce allowlists and request-shaping rules for higher-risk servers.

Root Cause

Server definitions only described connection and exposure settings. There was no config-level policy model to:

  • limit which tools/resources remain visible
  • reject disallowed tool calls before they reach the MCP server
  • inject or validate required request fields consistently at adapter startup and call time

Fix

  • add a per-server policy model with allowlists for tools, resources, and prompts
  • add per-tool request rules for defaults, required keys, forbidden keys, allowed values, and per-item validation/injection
  • validate policy config fail-fast during adapter initialization
  • filter visible tools/resources and intersect direct-tool exposure with policy allowlists
  • enforce policy at MCP call time before dispatching requests
  • include policy in metadata cache hashing so cached metadata reflects policy changes

Summary

  • add new policy.ts implementation and ServerEntry.policy typing
  • extend config validation with validatePoliciesInConfig()
  • apply policy filtering in metadata/direct-tool paths
  • apply policy enforcement in proxy call execution
  • document the feature in README.md
  • add focused policy tests only

Testing

Policy test suite

npx vitest run __tests__/policy.test.ts __tests__/policy-apply.test.ts __tests__/policy-allowlist.test.ts __tests__/policy-cache-warnings.test.ts __tests__/policy-init-wiring.test.ts __tests__/policy-integration.test.ts
 RUN  v3.2.4 /tmp/pi-mcp-adapter-pr2

 ✓ __tests__/policy.test.ts (24 tests) 5ms
 ✓ __tests__/policy-allowlist.test.ts (24 tests) 5ms
 ✓ __tests__/policy-apply.test.ts (28 tests) 6ms
 ✓ __tests__/policy-cache-warnings.test.ts (11 tests) 7ms
 ✓ __tests__/policy-integration.test.ts (12 tests) 8ms
 ✓ __tests__/policy-init-wiring.test.ts (1 test) 3ms

 Test Files  6 passed (6)
      Tests  100 passed (100)
   Duration  386ms

Standalone note

This PR is intentionally based directly on upstream/main and does not include the repeated --mcp-config work from PR #29.

The only startup wiring change here is the standalone-compatible init.ts addition of:

  • validatePoliciesInConfig(config)

while preserving upstream's existing single-config loading:

  • const configPath = pi.getFlag("mcp-config") as string | undefined;
  • const config = loadMcpConfig(configPath);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ghul0