@zuplo/runtime 6.71.26 → 6.71.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,5 +1,57 @@
1
1
  import { z } from "zod/v4";
2
2
 
3
+ /**
4
+ * Optional per-caller access control. Defaults to mode 'allPublic' (no access control). Set mode to 'rolesAndGroups' to match the caller's role/group claims against each capability's markup (every capability must then set roles/groups or public: true), or 'function' to delegate to a custom resolver.
5
+ * @public
6
+ */
7
+ declare interface AccessControl {
8
+ /**
9
+ * Access-control strategy. 'allPublic' (default): no access control; roles/groups/public markup is not allowed. 'rolesAndGroups': match the caller's role and group claims against each capability's markup. 'function': delegate to the resolver named by 'identifier'.
10
+ */
11
+ mode?: "allPublic" | "rolesAndGroups" | "function";
12
+ /**
13
+ * Property on request.user.data holding the caller's roles (commonly a JWT 'roles' claim, but request.user.data is set by whichever auth policy ran — JWT, API key, etc.), matched against each capability's 'roles'. Supports a dot-path for nested values, e.g. 'realm_access.roles'. Used in mode 'rolesAndGroups'. Defaults to 'roles'.
14
+ */
15
+ roleClaim?: string;
16
+ /**
17
+ * Property on request.user.data holding the caller's groups (commonly a JWT 'groups' claim, but request.user.data is set by whichever auth policy ran — JWT, API key, etc.), matched against each capability's 'groups'. Supports a dot-path for nested values, e.g. 'cognito:groups'. Used in mode 'rolesAndGroups'. Defaults to 'groups'.
18
+ */
19
+ groupClaim?: string;
20
+ /**
21
+ * Custom capability resolver, required when mode is 'function'. It fully replaces built-in roles/groups matching.
22
+ */
23
+ identifier?: {
24
+ /**
25
+ * Module to load the resolver from, e.g. $import(./modules/mcp-access-control).
26
+ */
27
+ module: string;
28
+ /**
29
+ * Named export of the resolver function, e.g. 'default'.
30
+ */
31
+ export: string;
32
+ };
33
+ }
34
+
35
+ /**
36
+ * The set of MCP capabilities a caller is permitted to see and invoke, returned
37
+ * by an {@link McpCapabilityResolver}. Each array lists the allowed identifiers
38
+ * (tool/prompt names, resource/template URIs).
39
+ *
40
+ * Omit a property to leave that capability type unrestricted (it falls back to
41
+ * the static allowlist). Return an empty array to expose none of that type.
42
+ * Returned identifiers are always clamped to the policy's configured catalog, so
43
+ * a resolver can only ever narrow access, never widen it — a capability type
44
+ * left as passthrough (no static allowlist) is therefore not narrowed at all.
45
+ *
46
+ * @public
47
+ */
48
+ export declare interface AllowedCapabilities {
49
+ tools?: string[];
50
+ prompts?: string[];
51
+ resources?: string[];
52
+ resourceTemplates?: string[];
53
+ }
54
+
3
55
  /**
4
56
  * MCP tool annotations to expose downstream.
5
57
  * @public
@@ -68,6 +120,22 @@ declare interface BuildRouteConfiguration {
68
120
  /* Excluded from this release type: raw */
69
121
  }
70
122
 
123
+ /**
124
+ * Built-in resolver for `accessControl.mode: "rolesAndGroups"`.
125
+ *
126
+ * Reads the caller's roles and groups from two properties on `request.user.data`
127
+ * (`accessControl.roleClaim` / `accessControl.groupClaim`, defaulting to
128
+ * `roles`/`groups`, each allowing a dot-path such as `realm_access.roles`).
129
+ * `request.user.data` is populated by whichever auth policy ran (JWT claims,
130
+ * API-key metadata, etc.). A capability marked `public: true` is allowed for
131
+ * everyone; otherwise the caller must match any listed role or group. In this
132
+ * mode every capability must be classified (see {@link assertClassified}), so
133
+ * nothing is public by omission.
134
+ *
135
+ * @public
136
+ */
137
+ export declare const claimsCapabilityResolver: McpCapabilityResolver;
138
+
71
139
  /**
72
140
  * The 2-letter continent codes Cloudflare uses
73
141
  * @public
@@ -135,6 +203,14 @@ declare const EventType: {
135
203
 
136
204
  declare type EventType = (typeof EventType)[keyof typeof EventType];
137
205
 
206
+ /**
207
+ * Access control: groups allowed to see and invoke this capability. Matched against the caller's groups on request.user.data (accessControl.groupClaim, default 'groups'). Used when accessControl.mode is 'rolesAndGroups'.
208
+ *
209
+ * @minItems 1
210
+ * @public
211
+ */
212
+ declare type Groups = [string, ...string[]];
213
+
138
214
  /**
139
215
  * @public
140
216
  */
@@ -1138,6 +1214,10 @@ declare const mcpAuth0OAuthOptionsSchema: z.ZodObject<
1138
1214
  * with a customer-facing `ConfigurationError` instead of failing at module
1139
1215
  * load.
1140
1216
  *
1217
+ * Optional per-caller access control (`accessControl`) narrows the curated
1218
+ * catalog. See {@link claimsCapabilityResolver} for built-in role/group matching
1219
+ * and {@link McpCapabilityResolver} for custom resolvers.
1220
+ *
1141
1221
  * @public
1142
1222
  * @title MCP Capability Filter
1143
1223
  * @product mcp-gateway
@@ -1173,6 +1253,7 @@ export declare interface McpCapabilityFilterInboundPolicyOptions {
1173
1253
  * Resource templates to expose. Use a string for URI-template-only filtering, or an object to expose and project template name, description, MIME type, and _meta. Omit to pass through all upstream resource templates; use an empty array to expose no resource templates.
1174
1254
  */
1175
1255
  resourceTemplates?: (string | ResourceTemplateProjection)[];
1256
+ accessControl?: AccessControl;
1176
1257
  }
1177
1258
 
1178
1259
  declare const mcpCapabilityFilterOptionsSchema: z.ZodObject<
@@ -1190,6 +1271,9 @@ declare const mcpCapabilityFilterOptionsSchema: z.ZodObject<
1190
1271
  z.ZodRecord<z.ZodString, z.ZodUnknown>
1191
1272
  >;
1192
1273
  _meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
1274
+ roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
1275
+ groups: z.ZodOptional<z.ZodArray<z.ZodString>>;
1276
+ public: z.ZodOptional<z.ZodBoolean>;
1193
1277
  },
1194
1278
  z.core.$strict
1195
1279
  >,
@@ -1207,6 +1291,9 @@ declare const mcpCapabilityFilterOptionsSchema: z.ZodObject<
1207
1291
  name: z.ZodString;
1208
1292
  description: z.ZodOptional<z.ZodString>;
1209
1293
  _meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
1294
+ roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
1295
+ groups: z.ZodOptional<z.ZodArray<z.ZodString>>;
1296
+ public: z.ZodOptional<z.ZodBoolean>;
1210
1297
  },
1211
1298
  z.core.$strict
1212
1299
  >,
@@ -1226,6 +1313,9 @@ declare const mcpCapabilityFilterOptionsSchema: z.ZodObject<
1226
1313
  description: z.ZodOptional<z.ZodString>;
1227
1314
  mimeType: z.ZodOptional<z.ZodString>;
1228
1315
  _meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
1316
+ roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
1317
+ groups: z.ZodOptional<z.ZodArray<z.ZodString>>;
1318
+ public: z.ZodOptional<z.ZodBoolean>;
1229
1319
  },
1230
1320
  z.core.$strict
1231
1321
  >,
@@ -1245,6 +1335,9 @@ declare const mcpCapabilityFilterOptionsSchema: z.ZodObject<
1245
1335
  description: z.ZodOptional<z.ZodString>;
1246
1336
  mimeType: z.ZodOptional<z.ZodString>;
1247
1337
  _meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
1338
+ roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
1339
+ groups: z.ZodOptional<z.ZodArray<z.ZodString>>;
1340
+ public: z.ZodOptional<z.ZodBoolean>;
1248
1341
  },
1249
1342
  z.core.$strict
1250
1343
  >,
@@ -1252,10 +1345,53 @@ declare const mcpCapabilityFilterOptionsSchema: z.ZodObject<
1252
1345
  >
1253
1346
  >
1254
1347
  >;
1348
+ accessControl: z.ZodOptional<
1349
+ z.ZodObject<
1350
+ {
1351
+ mode: z.ZodOptional<
1352
+ z.ZodEnum<{
1353
+ function: "function";
1354
+ allPublic: "allPublic";
1355
+ rolesAndGroups: "rolesAndGroups";
1356
+ }>
1357
+ >;
1358
+ roleClaim: z.ZodOptional<z.ZodString>;
1359
+ groupClaim: z.ZodOptional<z.ZodString>;
1360
+ identifier: z.ZodOptional<
1361
+ z.ZodObject<
1362
+ {
1363
+ module: z.ZodUnknown;
1364
+ export: z.ZodString;
1365
+ },
1366
+ z.core.$strict
1367
+ >
1368
+ >;
1369
+ },
1370
+ z.core.$strict
1371
+ >
1372
+ >;
1255
1373
  },
1256
1374
  z.core.$strict
1257
1375
  >;
1258
1376
 
1377
+ /**
1378
+ * Resolves, per request, which MCP capabilities a caller may see and invoke.
1379
+ *
1380
+ * The built-in {@link claimsCapabilityResolver} (used for
1381
+ * `accessControl.mode: "rolesAndGroups"`) matches the caller's role and group
1382
+ * claims against each capability's `roles`/`groups` markup. Provide a custom
1383
+ * resolver with `accessControl.mode: "function"` and
1384
+ * `accessControl.identifier: { module, export }` to derive access any other way,
1385
+ * e.g. from an external entitlements API.
1386
+ *
1387
+ * @public
1388
+ */
1389
+ export declare type McpCapabilityResolver = (
1390
+ request: ZuploRequest,
1391
+ context: ZuploContext,
1392
+ options: McpCapabilityFilterInboundPolicyOptions
1393
+ ) => AllowedCapabilities | Promise<AllowedCapabilities>;
1394
+
1259
1395
  /**
1260
1396
  * Authenticate MCP gateway requests using a gateway-issued OAuth access token,
1261
1397
  * with browser login delegated to Clerk.
@@ -3217,8 +3353,17 @@ declare interface PromptProjection {
3217
3353
  */
3218
3354
  description?: string;
3219
3355
  _meta?: Metadata;
3356
+ roles?: Roles;
3357
+ groups?: Groups;
3358
+ public?: Public;
3220
3359
  }
3221
3360
 
3361
+ /**
3362
+ * Access control: mark this capability as available to all callers. In mode 'rolesAndGroups' every capability must set roles/groups OR public: true (not both) — an unclassified capability is a configuration error, so nothing is ever exposed by omission.
3363
+ * @public
3364
+ */
3365
+ declare type Public = boolean;
3366
+
3222
3367
  /**
3223
3368
  * Generic type parameters for a request.
3224
3369
  * Extends RequestInitGeneric and adds query parameter typing.
@@ -3298,6 +3443,9 @@ declare interface ResourceProjection {
3298
3443
  */
3299
3444
  mimeType?: string;
3300
3445
  _meta?: Metadata;
3446
+ roles?: Roles;
3447
+ groups?: Groups;
3448
+ public?: Public;
3301
3449
  }
3302
3450
 
3303
3451
  declare interface ResourceTemplateProjection {
@@ -3318,6 +3466,9 @@ declare interface ResourceTemplateProjection {
3318
3466
  */
3319
3467
  mimeType?: string;
3320
3468
  _meta?: Metadata;
3469
+ roles?: Roles;
3470
+ groups?: Groups;
3471
+ public?: Public;
3321
3472
  }
3322
3473
 
3323
3474
  /**
@@ -3336,6 +3487,14 @@ declare type ResponsesDefinition = Record<
3336
3487
  >
3337
3488
  >;
3338
3489
 
3490
+ /**
3491
+ * Access control: roles allowed to see and invoke this capability. Matched against the caller's roles on request.user.data (accessControl.roleClaim, default 'roles'). Used when accessControl.mode is 'rolesAndGroups'.
3492
+ *
3493
+ * @minItems 1
3494
+ * @public
3495
+ */
3496
+ declare type Roles = [string, ...string[]];
3497
+
3339
3498
  /**
3340
3499
  * @public
3341
3500
  */
@@ -3449,6 +3608,9 @@ declare interface ToolProjection {
3449
3608
  description?: string;
3450
3609
  annotations?: Annotations;
3451
3610
  _meta?: Metadata;
3611
+ roles?: Roles;
3612
+ groups?: Groups;
3613
+ public?: Public;
3452
3614
  }
3453
3615
 
3454
3616
  declare type UpstreamTokenExchangePolicyOptions = z.infer<
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@zuplo/runtime",
3
3
  "type": "module",
4
- "version": "6.71.26",
4
+ "version": "6.71.27",
5
5
  "repository": "https://github.com/zuplo/zuplo",
6
6
  "author": "Zuplo, Inc.",
7
7
  "exports": {