@zuplo/runtime 6.71.26 → 6.71.27
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,5 +1,57 @@
|
|
|
1
1
|
import { z } from "zod/v4";
|
|
2
2
|
|
|
3
|
+
/**
|
|
4
|
+
* Optional per-caller access control. Defaults to mode 'allPublic' (no access control). Set mode to 'rolesAndGroups' to match the caller's role/group claims against each capability's markup (every capability must then set roles/groups or public: true), or 'function' to delegate to a custom resolver.
|
|
5
|
+
* @public
|
|
6
|
+
*/
|
|
7
|
+
declare interface AccessControl {
|
|
8
|
+
/**
|
|
9
|
+
* Access-control strategy. 'allPublic' (default): no access control; roles/groups/public markup is not allowed. 'rolesAndGroups': match the caller's role and group claims against each capability's markup. 'function': delegate to the resolver named by 'identifier'.
|
|
10
|
+
*/
|
|
11
|
+
mode?: "allPublic" | "rolesAndGroups" | "function";
|
|
12
|
+
/**
|
|
13
|
+
* Property on request.user.data holding the caller's roles (commonly a JWT 'roles' claim, but request.user.data is set by whichever auth policy ran — JWT, API key, etc.), matched against each capability's 'roles'. Supports a dot-path for nested values, e.g. 'realm_access.roles'. Used in mode 'rolesAndGroups'. Defaults to 'roles'.
|
|
14
|
+
*/
|
|
15
|
+
roleClaim?: string;
|
|
16
|
+
/**
|
|
17
|
+
* Property on request.user.data holding the caller's groups (commonly a JWT 'groups' claim, but request.user.data is set by whichever auth policy ran — JWT, API key, etc.), matched against each capability's 'groups'. Supports a dot-path for nested values, e.g. 'cognito:groups'. Used in mode 'rolesAndGroups'. Defaults to 'groups'.
|
|
18
|
+
*/
|
|
19
|
+
groupClaim?: string;
|
|
20
|
+
/**
|
|
21
|
+
* Custom capability resolver, required when mode is 'function'. It fully replaces built-in roles/groups matching.
|
|
22
|
+
*/
|
|
23
|
+
identifier?: {
|
|
24
|
+
/**
|
|
25
|
+
* Module to load the resolver from, e.g. $import(./modules/mcp-access-control).
|
|
26
|
+
*/
|
|
27
|
+
module: string;
|
|
28
|
+
/**
|
|
29
|
+
* Named export of the resolver function, e.g. 'default'.
|
|
30
|
+
*/
|
|
31
|
+
export: string;
|
|
32
|
+
};
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
/**
|
|
36
|
+
* The set of MCP capabilities a caller is permitted to see and invoke, returned
|
|
37
|
+
* by an {@link McpCapabilityResolver}. Each array lists the allowed identifiers
|
|
38
|
+
* (tool/prompt names, resource/template URIs).
|
|
39
|
+
*
|
|
40
|
+
* Omit a property to leave that capability type unrestricted (it falls back to
|
|
41
|
+
* the static allowlist). Return an empty array to expose none of that type.
|
|
42
|
+
* Returned identifiers are always clamped to the policy's configured catalog, so
|
|
43
|
+
* a resolver can only ever narrow access, never widen it — a capability type
|
|
44
|
+
* left as passthrough (no static allowlist) is therefore not narrowed at all.
|
|
45
|
+
*
|
|
46
|
+
* @public
|
|
47
|
+
*/
|
|
48
|
+
export declare interface AllowedCapabilities {
|
|
49
|
+
tools?: string[];
|
|
50
|
+
prompts?: string[];
|
|
51
|
+
resources?: string[];
|
|
52
|
+
resourceTemplates?: string[];
|
|
53
|
+
}
|
|
54
|
+
|
|
3
55
|
/**
|
|
4
56
|
* MCP tool annotations to expose downstream.
|
|
5
57
|
* @public
|
|
@@ -68,6 +120,22 @@ declare interface BuildRouteConfiguration {
|
|
|
68
120
|
/* Excluded from this release type: raw */
|
|
69
121
|
}
|
|
70
122
|
|
|
123
|
+
/**
|
|
124
|
+
* Built-in resolver for `accessControl.mode: "rolesAndGroups"`.
|
|
125
|
+
*
|
|
126
|
+
* Reads the caller's roles and groups from two properties on `request.user.data`
|
|
127
|
+
* (`accessControl.roleClaim` / `accessControl.groupClaim`, defaulting to
|
|
128
|
+
* `roles`/`groups`, each allowing a dot-path such as `realm_access.roles`).
|
|
129
|
+
* `request.user.data` is populated by whichever auth policy ran (JWT claims,
|
|
130
|
+
* API-key metadata, etc.). A capability marked `public: true` is allowed for
|
|
131
|
+
* everyone; otherwise the caller must match any listed role or group. In this
|
|
132
|
+
* mode every capability must be classified (see {@link assertClassified}), so
|
|
133
|
+
* nothing is public by omission.
|
|
134
|
+
*
|
|
135
|
+
* @public
|
|
136
|
+
*/
|
|
137
|
+
export declare const claimsCapabilityResolver: McpCapabilityResolver;
|
|
138
|
+
|
|
71
139
|
/**
|
|
72
140
|
* The 2-letter continent codes Cloudflare uses
|
|
73
141
|
* @public
|
|
@@ -135,6 +203,14 @@ declare const EventType: {
|
|
|
135
203
|
|
|
136
204
|
declare type EventType = (typeof EventType)[keyof typeof EventType];
|
|
137
205
|
|
|
206
|
+
/**
|
|
207
|
+
* Access control: groups allowed to see and invoke this capability. Matched against the caller's groups on request.user.data (accessControl.groupClaim, default 'groups'). Used when accessControl.mode is 'rolesAndGroups'.
|
|
208
|
+
*
|
|
209
|
+
* @minItems 1
|
|
210
|
+
* @public
|
|
211
|
+
*/
|
|
212
|
+
declare type Groups = [string, ...string[]];
|
|
213
|
+
|
|
138
214
|
/**
|
|
139
215
|
* @public
|
|
140
216
|
*/
|
|
@@ -1138,6 +1214,10 @@ declare const mcpAuth0OAuthOptionsSchema: z.ZodObject<
|
|
|
1138
1214
|
* with a customer-facing `ConfigurationError` instead of failing at module
|
|
1139
1215
|
* load.
|
|
1140
1216
|
*
|
|
1217
|
+
* Optional per-caller access control (`accessControl`) narrows the curated
|
|
1218
|
+
* catalog. See {@link claimsCapabilityResolver} for built-in role/group matching
|
|
1219
|
+
* and {@link McpCapabilityResolver} for custom resolvers.
|
|
1220
|
+
*
|
|
1141
1221
|
* @public
|
|
1142
1222
|
* @title MCP Capability Filter
|
|
1143
1223
|
* @product mcp-gateway
|
|
@@ -1173,6 +1253,7 @@ export declare interface McpCapabilityFilterInboundPolicyOptions {
|
|
|
1173
1253
|
* Resource templates to expose. Use a string for URI-template-only filtering, or an object to expose and project template name, description, MIME type, and _meta. Omit to pass through all upstream resource templates; use an empty array to expose no resource templates.
|
|
1174
1254
|
*/
|
|
1175
1255
|
resourceTemplates?: (string | ResourceTemplateProjection)[];
|
|
1256
|
+
accessControl?: AccessControl;
|
|
1176
1257
|
}
|
|
1177
1258
|
|
|
1178
1259
|
declare const mcpCapabilityFilterOptionsSchema: z.ZodObject<
|
|
@@ -1190,6 +1271,9 @@ declare const mcpCapabilityFilterOptionsSchema: z.ZodObject<
|
|
|
1190
1271
|
z.ZodRecord<z.ZodString, z.ZodUnknown>
|
|
1191
1272
|
>;
|
|
1192
1273
|
_meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
1274
|
+
roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1275
|
+
groups: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1276
|
+
public: z.ZodOptional<z.ZodBoolean>;
|
|
1193
1277
|
},
|
|
1194
1278
|
z.core.$strict
|
|
1195
1279
|
>,
|
|
@@ -1207,6 +1291,9 @@ declare const mcpCapabilityFilterOptionsSchema: z.ZodObject<
|
|
|
1207
1291
|
name: z.ZodString;
|
|
1208
1292
|
description: z.ZodOptional<z.ZodString>;
|
|
1209
1293
|
_meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
1294
|
+
roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1295
|
+
groups: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1296
|
+
public: z.ZodOptional<z.ZodBoolean>;
|
|
1210
1297
|
},
|
|
1211
1298
|
z.core.$strict
|
|
1212
1299
|
>,
|
|
@@ -1226,6 +1313,9 @@ declare const mcpCapabilityFilterOptionsSchema: z.ZodObject<
|
|
|
1226
1313
|
description: z.ZodOptional<z.ZodString>;
|
|
1227
1314
|
mimeType: z.ZodOptional<z.ZodString>;
|
|
1228
1315
|
_meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
1316
|
+
roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1317
|
+
groups: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1318
|
+
public: z.ZodOptional<z.ZodBoolean>;
|
|
1229
1319
|
},
|
|
1230
1320
|
z.core.$strict
|
|
1231
1321
|
>,
|
|
@@ -1245,6 +1335,9 @@ declare const mcpCapabilityFilterOptionsSchema: z.ZodObject<
|
|
|
1245
1335
|
description: z.ZodOptional<z.ZodString>;
|
|
1246
1336
|
mimeType: z.ZodOptional<z.ZodString>;
|
|
1247
1337
|
_meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
1338
|
+
roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1339
|
+
groups: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1340
|
+
public: z.ZodOptional<z.ZodBoolean>;
|
|
1248
1341
|
},
|
|
1249
1342
|
z.core.$strict
|
|
1250
1343
|
>,
|
|
@@ -1252,10 +1345,53 @@ declare const mcpCapabilityFilterOptionsSchema: z.ZodObject<
|
|
|
1252
1345
|
>
|
|
1253
1346
|
>
|
|
1254
1347
|
>;
|
|
1348
|
+
accessControl: z.ZodOptional<
|
|
1349
|
+
z.ZodObject<
|
|
1350
|
+
{
|
|
1351
|
+
mode: z.ZodOptional<
|
|
1352
|
+
z.ZodEnum<{
|
|
1353
|
+
function: "function";
|
|
1354
|
+
allPublic: "allPublic";
|
|
1355
|
+
rolesAndGroups: "rolesAndGroups";
|
|
1356
|
+
}>
|
|
1357
|
+
>;
|
|
1358
|
+
roleClaim: z.ZodOptional<z.ZodString>;
|
|
1359
|
+
groupClaim: z.ZodOptional<z.ZodString>;
|
|
1360
|
+
identifier: z.ZodOptional<
|
|
1361
|
+
z.ZodObject<
|
|
1362
|
+
{
|
|
1363
|
+
module: z.ZodUnknown;
|
|
1364
|
+
export: z.ZodString;
|
|
1365
|
+
},
|
|
1366
|
+
z.core.$strict
|
|
1367
|
+
>
|
|
1368
|
+
>;
|
|
1369
|
+
},
|
|
1370
|
+
z.core.$strict
|
|
1371
|
+
>
|
|
1372
|
+
>;
|
|
1255
1373
|
},
|
|
1256
1374
|
z.core.$strict
|
|
1257
1375
|
>;
|
|
1258
1376
|
|
|
1377
|
+
/**
|
|
1378
|
+
* Resolves, per request, which MCP capabilities a caller may see and invoke.
|
|
1379
|
+
*
|
|
1380
|
+
* The built-in {@link claimsCapabilityResolver} (used for
|
|
1381
|
+
* `accessControl.mode: "rolesAndGroups"`) matches the caller's role and group
|
|
1382
|
+
* claims against each capability's `roles`/`groups` markup. Provide a custom
|
|
1383
|
+
* resolver with `accessControl.mode: "function"` and
|
|
1384
|
+
* `accessControl.identifier: { module, export }` to derive access any other way,
|
|
1385
|
+
* e.g. from an external entitlements API.
|
|
1386
|
+
*
|
|
1387
|
+
* @public
|
|
1388
|
+
*/
|
|
1389
|
+
export declare type McpCapabilityResolver = (
|
|
1390
|
+
request: ZuploRequest,
|
|
1391
|
+
context: ZuploContext,
|
|
1392
|
+
options: McpCapabilityFilterInboundPolicyOptions
|
|
1393
|
+
) => AllowedCapabilities | Promise<AllowedCapabilities>;
|
|
1394
|
+
|
|
1259
1395
|
/**
|
|
1260
1396
|
* Authenticate MCP gateway requests using a gateway-issued OAuth access token,
|
|
1261
1397
|
* with browser login delegated to Clerk.
|
|
@@ -3217,8 +3353,17 @@ declare interface PromptProjection {
|
|
|
3217
3353
|
*/
|
|
3218
3354
|
description?: string;
|
|
3219
3355
|
_meta?: Metadata;
|
|
3356
|
+
roles?: Roles;
|
|
3357
|
+
groups?: Groups;
|
|
3358
|
+
public?: Public;
|
|
3220
3359
|
}
|
|
3221
3360
|
|
|
3361
|
+
/**
|
|
3362
|
+
* Access control: mark this capability as available to all callers. In mode 'rolesAndGroups' every capability must set roles/groups OR public: true (not both) — an unclassified capability is a configuration error, so nothing is ever exposed by omission.
|
|
3363
|
+
* @public
|
|
3364
|
+
*/
|
|
3365
|
+
declare type Public = boolean;
|
|
3366
|
+
|
|
3222
3367
|
/**
|
|
3223
3368
|
* Generic type parameters for a request.
|
|
3224
3369
|
* Extends RequestInitGeneric and adds query parameter typing.
|
|
@@ -3298,6 +3443,9 @@ declare interface ResourceProjection {
|
|
|
3298
3443
|
*/
|
|
3299
3444
|
mimeType?: string;
|
|
3300
3445
|
_meta?: Metadata;
|
|
3446
|
+
roles?: Roles;
|
|
3447
|
+
groups?: Groups;
|
|
3448
|
+
public?: Public;
|
|
3301
3449
|
}
|
|
3302
3450
|
|
|
3303
3451
|
declare interface ResourceTemplateProjection {
|
|
@@ -3318,6 +3466,9 @@ declare interface ResourceTemplateProjection {
|
|
|
3318
3466
|
*/
|
|
3319
3467
|
mimeType?: string;
|
|
3320
3468
|
_meta?: Metadata;
|
|
3469
|
+
roles?: Roles;
|
|
3470
|
+
groups?: Groups;
|
|
3471
|
+
public?: Public;
|
|
3321
3472
|
}
|
|
3322
3473
|
|
|
3323
3474
|
/**
|
|
@@ -3336,6 +3487,14 @@ declare type ResponsesDefinition = Record<
|
|
|
3336
3487
|
>
|
|
3337
3488
|
>;
|
|
3338
3489
|
|
|
3490
|
+
/**
|
|
3491
|
+
* Access control: roles allowed to see and invoke this capability. Matched against the caller's roles on request.user.data (accessControl.roleClaim, default 'roles'). Used when accessControl.mode is 'rolesAndGroups'.
|
|
3492
|
+
*
|
|
3493
|
+
* @minItems 1
|
|
3494
|
+
* @public
|
|
3495
|
+
*/
|
|
3496
|
+
declare type Roles = [string, ...string[]];
|
|
3497
|
+
|
|
3339
3498
|
/**
|
|
3340
3499
|
* @public
|
|
3341
3500
|
*/
|
|
@@ -3449,6 +3608,9 @@ declare interface ToolProjection {
|
|
|
3449
3608
|
description?: string;
|
|
3450
3609
|
annotations?: Annotations;
|
|
3451
3610
|
_meta?: Metadata;
|
|
3611
|
+
roles?: Roles;
|
|
3612
|
+
groups?: Groups;
|
|
3613
|
+
public?: Public;
|
|
3452
3614
|
}
|
|
3453
3615
|
|
|
3454
3616
|
declare type UpstreamTokenExchangePolicyOptions = z.infer<
|