cedar-mcp-server 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.editorconfig +12 -0
- package/.github/workflows/ci.yml +31 -0
- package/.github/workflows/release.yml +42 -0
- package/.nvmrc +1 -0
- package/CHANGELOG.md +241 -0
- package/CONTRIBUTING.md +83 -0
- package/LICENSE +182 -0
- package/README.md +1635 -0
- package/SECURITY.md +37 -0
- package/dist/http-server.d.ts +61 -0
- package/dist/http-server.d.ts.map +1 -0
- package/dist/http-server.js +194 -0
- package/dist/http-server.js.map +1 -0
- package/dist/index.d.ts +32 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +270 -0
- package/dist/index.js.map +1 -0
- package/dist/parser/policy-ast.d.ts +49 -0
- package/dist/parser/policy-ast.d.ts.map +1 -0
- package/dist/parser/policy-ast.js +311 -0
- package/dist/parser/policy-ast.js.map +1 -0
- package/dist/prompts/index.d.ts +38 -0
- package/dist/prompts/index.d.ts.map +1 -0
- package/dist/prompts/index.js +172 -0
- package/dist/prompts/index.js.map +1 -0
- package/dist/resources/ref-resolver.d.ts +23 -0
- package/dist/resources/ref-resolver.d.ts.map +1 -0
- package/dist/resources/ref-resolver.js +128 -0
- package/dist/resources/ref-resolver.js.map +1 -0
- package/dist/resources/store-manager.d.ts +64 -0
- package/dist/resources/store-manager.d.ts.map +1 -0
- package/dist/resources/store-manager.js +221 -0
- package/dist/resources/store-manager.js.map +1 -0
- package/dist/server.d.ts +18 -0
- package/dist/server.d.ts.map +1 -0
- package/dist/server.js +539 -0
- package/dist/server.js.map +1 -0
- package/dist/tools/advise/avp-rules.d.ts +49 -0
- package/dist/tools/advise/avp-rules.d.ts.map +1 -0
- package/dist/tools/advise/avp-rules.js +59 -0
- package/dist/tools/advise/avp-rules.js.map +1 -0
- package/dist/tools/advise/cedar-patterns.d.ts +24 -0
- package/dist/tools/advise/cedar-patterns.d.ts.map +1 -0
- package/dist/tools/advise/cedar-patterns.js +57 -0
- package/dist/tools/advise/cedar-patterns.js.map +1 -0
- package/dist/tools/advise/context-builder.d.ts +28 -0
- package/dist/tools/advise/context-builder.d.ts.map +1 -0
- package/dist/tools/advise/context-builder.js +89 -0
- package/dist/tools/advise/context-builder.js.map +1 -0
- package/dist/tools/advise/gotchas.d.ts +15 -0
- package/dist/tools/advise/gotchas.d.ts.map +1 -0
- package/dist/tools/advise/gotchas.js +83 -0
- package/dist/tools/advise/gotchas.js.map +1 -0
- package/dist/tools/advise.d.ts +96 -0
- package/dist/tools/advise.d.ts.map +1 -0
- package/dist/tools/advise.js +258 -0
- package/dist/tools/advise.js.map +1 -0
- package/dist/tools/authorize-batch.d.ts +35 -0
- package/dist/tools/authorize-batch.d.ts.map +1 -0
- package/dist/tools/authorize-batch.js +262 -0
- package/dist/tools/authorize-batch.js.map +1 -0
- package/dist/tools/authorize.d.ts +115 -0
- package/dist/tools/authorize.d.ts.map +1 -0
- package/dist/tools/authorize.js +373 -0
- package/dist/tools/authorize.js.map +1 -0
- package/dist/tools/check-change.d.ts +19 -0
- package/dist/tools/check-change.d.ts.map +1 -0
- package/dist/tools/check-change.js +91 -0
- package/dist/tools/check-change.js.map +1 -0
- package/dist/tools/diff-schema.d.ts +103 -0
- package/dist/tools/diff-schema.d.ts.map +1 -0
- package/dist/tools/diff-schema.js +379 -0
- package/dist/tools/diff-schema.js.map +1 -0
- package/dist/tools/diff-stores.d.ts +45 -0
- package/dist/tools/diff-stores.d.ts.map +1 -0
- package/dist/tools/diff-stores.js +222 -0
- package/dist/tools/diff-stores.js.map +1 -0
- package/dist/tools/explain.d.ts +80 -0
- package/dist/tools/explain.d.ts.map +1 -0
- package/dist/tools/explain.js +187 -0
- package/dist/tools/explain.js.map +1 -0
- package/dist/tools/format.d.ts +11 -0
- package/dist/tools/format.d.ts.map +1 -0
- package/dist/tools/format.js +20 -0
- package/dist/tools/format.js.map +1 -0
- package/dist/tools/generate-sample.d.ts +28 -0
- package/dist/tools/generate-sample.d.ts.map +1 -0
- package/dist/tools/generate-sample.js +568 -0
- package/dist/tools/generate-sample.js.map +1 -0
- package/dist/tools/link-template.d.ts +17 -0
- package/dist/tools/link-template.d.ts.map +1 -0
- package/dist/tools/link-template.js +78 -0
- package/dist/tools/link-template.js.map +1 -0
- package/dist/tools/list-template-links.d.ts +16 -0
- package/dist/tools/list-template-links.d.ts.map +1 -0
- package/dist/tools/list-template-links.js +22 -0
- package/dist/tools/list-template-links.js.map +1 -0
- package/dist/tools/list-templates.d.ts +16 -0
- package/dist/tools/list-templates.d.ts.map +1 -0
- package/dist/tools/list-templates.js +36 -0
- package/dist/tools/list-templates.js.map +1 -0
- package/dist/tools/translate.d.ts +11 -0
- package/dist/tools/translate.d.ts.map +1 -0
- package/dist/tools/translate.js +53 -0
- package/dist/tools/translate.js.map +1 -0
- package/dist/tools/validate-entities.d.ts +19 -0
- package/dist/tools/validate-entities.d.ts.map +1 -0
- package/dist/tools/validate-entities.js +88 -0
- package/dist/tools/validate-entities.js.map +1 -0
- package/dist/tools/validate-schema.d.ts +22 -0
- package/dist/tools/validate-schema.d.ts.map +1 -0
- package/dist/tools/validate-schema.js +89 -0
- package/dist/tools/validate-schema.js.map +1 -0
- package/dist/tools/validate-template.d.ts +18 -0
- package/dist/tools/validate-template.d.ts.map +1 -0
- package/dist/tools/validate-template.js +59 -0
- package/dist/tools/validate-template.js.map +1 -0
- package/dist/tools/validate.d.ts +90 -0
- package/dist/tools/validate.d.ts.map +1 -0
- package/dist/tools/validate.js +351 -0
- package/dist/tools/validate.js.map +1 -0
- package/dist/utils/format-detector.d.ts +49 -0
- package/dist/utils/format-detector.d.ts.map +1 -0
- package/dist/utils/format-detector.js +298 -0
- package/dist/utils/format-detector.js.map +1 -0
- package/examples/README.md +36 -0
- package/examples/abac-multi-tenant/README.md +150 -0
- package/examples/abac-multi-tenant/entities/users-and-docs.json +33 -0
- package/examples/abac-multi-tenant/policies/member-read-internal.cedar +9 -0
- package/examples/abac-multi-tenant/policies/owner-full-access.cedar +9 -0
- package/examples/abac-multi-tenant/policies/premium-share-guard.cedar +9 -0
- package/examples/abac-multi-tenant/policies/private-doc-guard.cedar +13 -0
- package/examples/abac-multi-tenant/run.ts +92 -0
- package/examples/abac-multi-tenant/schema.json +60 -0
- package/examples/api-gateway-path-routing/README.md +154 -0
- package/examples/api-gateway-path-routing/entities/users-and-roles.json +20 -0
- package/examples/api-gateway-path-routing/policies/admin-full-access.cedar +6 -0
- package/examples/api-gateway-path-routing/policies/developer-projects.cedar +14 -0
- package/examples/api-gateway-path-routing/policies/viewer-readonly.cedar +10 -0
- package/examples/api-gateway-path-routing/run.ts +108 -0
- package/examples/api-gateway-path-routing/schema.json +54 -0
- package/examples/rbac-document-management/README.md +167 -0
- package/examples/rbac-document-management/entities/users-and-docs.json +43 -0
- package/examples/rbac-document-management/policies/admin.cedar +6 -0
- package/examples/rbac-document-management/policies/editor.cedar +6 -0
- package/examples/rbac-document-management/policies/top-secret-forbid.cedar +13 -0
- package/examples/rbac-document-management/policies/viewer.cedar +6 -0
- package/examples/rbac-document-management/run.ts +87 -0
- package/examples/rbac-document-management/schema.json +57 -0
- package/package.json +50 -0
- package/src/http-server.ts +239 -0
- package/src/index.ts +294 -0
- package/src/parser/policy-ast.ts +345 -0
- package/src/prompts/README.md +3 -0
- package/src/prompts/index.ts +217 -0
- package/src/resources/ref-resolver.ts +134 -0
- package/src/resources/store-manager.ts +248 -0
- package/src/server.ts +711 -0
- package/src/tools/advise/avp-rules.ts +70 -0
- package/src/tools/advise/cedar-patterns.ts +73 -0
- package/src/tools/advise/context-builder.ts +109 -0
- package/src/tools/advise/gotchas.ts +92 -0
- package/src/tools/advise.ts +366 -0
- package/src/tools/authorize-batch.ts +345 -0
- package/src/tools/authorize.ts +464 -0
- package/src/tools/check-change.ts +119 -0
- package/src/tools/diff-schema.ts +510 -0
- package/src/tools/diff-stores.ts +298 -0
- package/src/tools/explain.ts +278 -0
- package/src/tools/format.ts +33 -0
- package/src/tools/generate-sample.ts +665 -0
- package/src/tools/link-template.ts +109 -0
- package/src/tools/list-template-links.ts +41 -0
- package/src/tools/list-templates.ts +55 -0
- package/src/tools/translate.ts +66 -0
- package/src/tools/validate-entities.ts +125 -0
- package/src/tools/validate-schema.ts +128 -0
- package/src/tools/validate-template.ts +72 -0
- package/src/tools/validate.ts +459 -0
- package/src/utils/format-detector.ts +356 -0
- package/test/fixtures/docmgmt.ts +121 -0
- package/test/fixtures/multitenant.ts +163 -0
- package/test/index.test.ts +96 -0
- package/test/integration/e2e/behavior.test.ts +359 -0
- package/test/integration/e2e/edge-cases.test.ts +365 -0
- package/test/integration/e2e/failure-modes.test.ts +266 -0
- package/test/integration/e2e/protocol.test.ts +252 -0
- package/test/integration/http-smoke.test.ts +588 -0
- package/test/integration/smoke.test.ts +475 -0
- package/test/prompts/prompts.test.ts +173 -0
- package/test/property/properties.test.ts +234 -0
- package/test/resources/ref-resolver.test.ts +186 -0
- package/test/resources/store-manager.test.ts +344 -0
- package/test/setup.test.ts +7 -0
- package/test/tools/advise/avp-rules.test.ts +76 -0
- package/test/tools/advise.test.ts +339 -0
- package/test/tools/authorize-batch.test.ts +459 -0
- package/test/tools/authorize.test.ts +682 -0
- package/test/tools/check-change.test.ts +104 -0
- package/test/tools/cross-fixture.test.ts +170 -0
- package/test/tools/diff-schema.test.ts +355 -0
- package/test/tools/diff-stores.test.ts +291 -0
- package/test/tools/explain.test.ts +221 -0
- package/test/tools/format.test.ts +33 -0
- package/test/tools/generate-sample.test.ts +480 -0
- package/test/tools/link-template.test.ts +90 -0
- package/test/tools/list-templates.test.ts +151 -0
- package/test/tools/translate.test.ts +89 -0
- package/test/tools/validate-entities.test.ts +178 -0
- package/test/tools/validate-schema.test.ts +86 -0
- package/test/tools/validate-template.test.ts +89 -0
- package/test/tools/validate.test.ts +331 -0
- package/test/utils/format-detector.test.ts +518 -0
- package/tsconfig.json +17 -0
- package/vitest.config.ts +13 -0
|
@@ -0,0 +1,128 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Resolves cedar:// resource references to their content.
|
|
3
|
+
* Allows tools to accept policy_ref / schema_ref as alternatives to inline text.
|
|
4
|
+
*
|
|
5
|
+
* URI patterns:
|
|
6
|
+
* cedar://policies/{store} → all policies in store concatenated
|
|
7
|
+
* cedar://policies/{store}/{id} → single policy content
|
|
8
|
+
* cedar://schema/{store} → schema content
|
|
9
|
+
* cedar://templates/{store} → template ID list as JSON array
|
|
10
|
+
* cedar://templates/{store}/{template_id} → single template content
|
|
11
|
+
* cedar://template-links/{store} → link ID list as JSON array
|
|
12
|
+
* cedar://template-links/{store}/{link_id}→ single template-link JSON content
|
|
13
|
+
* cedar://entities/{store} → merged entity arrays as JSON
|
|
14
|
+
* cedar://entities/{store}/{file_id} → single entity file content
|
|
15
|
+
*/
|
|
16
|
+
import { storeManager } from "./store-manager.js";
|
|
17
|
+
export function resolveRef(ref) {
|
|
18
|
+
const match = ref.match(/^cedar:\/\/(.+)$/);
|
|
19
|
+
if (!match)
|
|
20
|
+
return { error: `Invalid cedar:// reference: "${ref}"` };
|
|
21
|
+
const path = match[1];
|
|
22
|
+
// cedar://schema/{store}
|
|
23
|
+
const schemaMatch = path.match(/^schema\/([^/]+)$/);
|
|
24
|
+
if (schemaMatch) {
|
|
25
|
+
const storeName = schemaMatch[1];
|
|
26
|
+
try {
|
|
27
|
+
return { content: storeManager.readSchema(storeName), resolved_from: ref };
|
|
28
|
+
}
|
|
29
|
+
catch (e) {
|
|
30
|
+
return { error: e instanceof Error ? e.message : String(e) };
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
// cedar://policies/{store}/{policy_id}
|
|
34
|
+
const singlePolicyMatch = path.match(/^policies\/([^/]+)\/([^/]+)$/);
|
|
35
|
+
if (singlePolicyMatch) {
|
|
36
|
+
const storeName = singlePolicyMatch[1];
|
|
37
|
+
const policyId = singlePolicyMatch[2];
|
|
38
|
+
try {
|
|
39
|
+
return { content: storeManager.readPolicy(storeName, policyId), resolved_from: ref };
|
|
40
|
+
}
|
|
41
|
+
catch (e) {
|
|
42
|
+
return { error: e instanceof Error ? e.message : String(e) };
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
// cedar://policies/{store} — all policies concatenated
|
|
46
|
+
const allPoliciesMatch = path.match(/^policies\/([^/]+)$/);
|
|
47
|
+
if (allPoliciesMatch) {
|
|
48
|
+
const storeName = allPoliciesMatch[1];
|
|
49
|
+
try {
|
|
50
|
+
return { content: storeManager.readAllPolicies(storeName), resolved_from: ref };
|
|
51
|
+
}
|
|
52
|
+
catch (e) {
|
|
53
|
+
return { error: e instanceof Error ? e.message : String(e) };
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
// cedar://templates/{store}/{template_id}
|
|
57
|
+
const singleTemplateMatch = path.match(/^templates\/([^/]+)\/([^/]+)$/);
|
|
58
|
+
if (singleTemplateMatch) {
|
|
59
|
+
const storeName = singleTemplateMatch[1];
|
|
60
|
+
const templateId = singleTemplateMatch[2];
|
|
61
|
+
try {
|
|
62
|
+
return { content: storeManager.readTemplate(storeName, templateId), resolved_from: ref };
|
|
63
|
+
}
|
|
64
|
+
catch (e) {
|
|
65
|
+
return { error: e instanceof Error ? e.message : String(e) };
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
// cedar://templates/{store} — template ID list as JSON
|
|
69
|
+
const allTemplatesMatch = path.match(/^templates\/([^/]+)$/);
|
|
70
|
+
if (allTemplatesMatch) {
|
|
71
|
+
const storeName = allTemplatesMatch[1];
|
|
72
|
+
try {
|
|
73
|
+
return { content: JSON.stringify(storeManager.listTemplates(storeName)), resolved_from: ref };
|
|
74
|
+
}
|
|
75
|
+
catch (e) {
|
|
76
|
+
return { error: e instanceof Error ? e.message : String(e) };
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
// cedar://template-links/{store}/{link_id}
|
|
80
|
+
const singleLinkMatch = path.match(/^template-links\/([^/]+)\/([^/]+)$/);
|
|
81
|
+
if (singleLinkMatch) {
|
|
82
|
+
const storeName = singleLinkMatch[1];
|
|
83
|
+
const linkId = singleLinkMatch[2];
|
|
84
|
+
try {
|
|
85
|
+
const link = storeManager.readTemplateLink(storeName, linkId);
|
|
86
|
+
return { content: JSON.stringify(link), resolved_from: ref };
|
|
87
|
+
}
|
|
88
|
+
catch (e) {
|
|
89
|
+
return { error: e instanceof Error ? e.message : String(e) };
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
// cedar://template-links/{store} — link ID list as JSON
|
|
93
|
+
const allLinksMatch = path.match(/^template-links\/([^/]+)$/);
|
|
94
|
+
if (allLinksMatch) {
|
|
95
|
+
const storeName = allLinksMatch[1];
|
|
96
|
+
try {
|
|
97
|
+
return { content: JSON.stringify(storeManager.listTemplateLinks(storeName)), resolved_from: ref };
|
|
98
|
+
}
|
|
99
|
+
catch (e) {
|
|
100
|
+
return { error: e instanceof Error ? e.message : String(e) };
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
// cedar://entities/{store}/{file_id}
|
|
104
|
+
const singleEntityMatch = path.match(/^entities\/([^/]+)\/([^/]+)$/);
|
|
105
|
+
if (singleEntityMatch) {
|
|
106
|
+
const storeName = singleEntityMatch[1];
|
|
107
|
+
const fileId = singleEntityMatch[2];
|
|
108
|
+
try {
|
|
109
|
+
return { content: storeManager.readEntities(storeName, fileId), resolved_from: ref };
|
|
110
|
+
}
|
|
111
|
+
catch (e) {
|
|
112
|
+
return { error: e instanceof Error ? e.message : String(e) };
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
// cedar://entities/{store} — merged entity arrays as JSON
|
|
116
|
+
const allEntitiesMatch = path.match(/^entities\/([^/]+)$/);
|
|
117
|
+
if (allEntitiesMatch) {
|
|
118
|
+
const storeName = allEntitiesMatch[1];
|
|
119
|
+
try {
|
|
120
|
+
return { content: storeManager.readAllEntities(storeName), resolved_from: ref };
|
|
121
|
+
}
|
|
122
|
+
catch (e) {
|
|
123
|
+
return { error: e instanceof Error ? e.message : String(e) };
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
return { error: `Unrecognized cedar:// URI pattern: "${ref}". Supported: cedar://policies/{store}[/{id}], cedar://schema/{store}, cedar://templates/{store}[/{id}], cedar://template-links/{store}[/{id}], cedar://entities/{store}[/{id}]` };
|
|
127
|
+
}
|
|
128
|
+
//# sourceMappingURL=ref-resolver.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ref-resolver.js","sourceRoot":"","sources":["../../src/resources/ref-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAMlD,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAC5C,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,KAAK,EAAE,gCAAgC,GAAG,GAAG,EAAE,CAAC;IAErE,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IAEvB,yBAAyB;IACzB,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACpD,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,SAAS,GAAG,WAAW,CAAC,CAAC,CAAE,CAAC;QAClC,IAAI,CAAC;YACH,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,aAAa,EAAE,GAAG,EAAE,CAAC;QAC7E,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,EAAE,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,MAAM,iBAAiB,GAAG,IAAI,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;IACrE,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,SAAS,GAAG,iBAAiB,CAAC,CAAC,CAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,iBAAiB,CAAC,CAAC,CAAE,CAAC;QACvC,IAAI,CAAC;YACH,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,UAAU,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE,aAAa,EAAE,GAAG,EAAE,CAAC;QACvF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,EAAE,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAC3D,IAAI,gBAAgB,EAAE,CAAC;QACrB,MAAM,SAAS,GAAG,gBAAgB,CAAC,CAAC,CAAE,CAAC;QACvC,IAAI,CAAC;YACH,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,eAAe,CAAC,SAAS,CAAC,EAAE,aAAa,EAAE,GAAG,EAAE,CAAC;QAClF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,EAAE,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,MAAM,mBAAmB,GAAG,IAAI,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACxE,IAAI,mBAAmB,EAAE,CAAC;QACxB,MAAM,SAAS,GAAG,mBAAmB,CAAC,CAAC,CAAE,CAAC;QAC1C,MAAM,UAAU,GAAG,mBAAmB,CAAC,CAAC,CAAE,CAAC;QAC3C,IAAI,CAAC;YACH,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,YAAY,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,aAAa,EAAE,GAAG,EAAE,CAAC;QAC3F,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,EAAE,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,MAAM,iBAAiB,GAAG,IAAI,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC7D,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,SAAS,GAAG,iBAAiB,CAAC,CAAC,CAAE,CAAC;QACxC,IAAI,CAAC;YACH,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,EAAE,aAAa,EAAE,GAAG,EAAE,CAAC;QAChG,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,EAAE,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACzE,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,SAAS,GAAG,eAAe,CAAC,CAAC,CAAE,CAAC;QACtC,MAAM,MAAM,GAAG,eAAe,CAAC,CAAC,CAAE,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,YAAY,CAAC,gBAAgB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YAC9D,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,aAAa,EAAE,GAAG,EAAE,CAAC;QAC/D,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,EAAE,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,yDAAyD;IACzD,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC9D,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,SAAS,GAAG,aAAa,CAAC,CAAC,CAAE,CAAC;QACpC,IAAI,CAAC;YACH,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC,EAAE,aAAa,EAAE,GAAG,EAAE,CAAC;QACpG,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,EAAE,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,MAAM,iBAAiB,GAAG,IAAI,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;IACrE,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,SAAS,GAAG,iBAAiB,CAAC,CAAC,CAAE,CAAC;QACxC,MAAM,MAAM,GAAG,iBAAiB,CAAC,CAAC,CAAE,CAAC;QACrC,IAAI,CAAC;YACH,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,YAAY,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,aAAa,EAAE,GAAG,EAAE,CAAC;QACvF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,EAAE,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,2DAA2D;IAC3D,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAC3D,IAAI,gBAAgB,EAAE,CAAC;QACrB,MAAM,SAAS,GAAG,gBAAgB,CAAC,CAAC,CAAE,CAAC;QACvC,IAAI,CAAC;YACH,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,eAAe,CAAC,SAAS,CAAC,EAAE,aAAa,EAAE,GAAG,EAAE,CAAC;QAClF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,EAAE,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,uCAAuC,GAAG,iLAAiL,EAAE,CAAC;AAChP,CAAC"}
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* StoreManager maps MCP root URIs to named Cedar policy stores.
|
|
3
|
+
*
|
|
4
|
+
* Convention for a policy store directory:
|
|
5
|
+
* <root>/
|
|
6
|
+
* policies/ ← .cedar files, one per policy
|
|
7
|
+
* schema.cedarschema ← Cedar schema text (preferred)
|
|
8
|
+
* schema.json ← Cedar JSON schema (fallback)
|
|
9
|
+
*
|
|
10
|
+
* Security: isPathAllowed() checks that any file access stays within a loaded root.
|
|
11
|
+
* The SDK does not enforce roots automatically — every file operation calls this check.
|
|
12
|
+
*/
|
|
13
|
+
export interface PolicyStore {
|
|
14
|
+
name: string;
|
|
15
|
+
uri: string;
|
|
16
|
+
path: string;
|
|
17
|
+
}
|
|
18
|
+
export declare class StoreManager {
|
|
19
|
+
private stores;
|
|
20
|
+
loadFromRoots(roots: Array<{
|
|
21
|
+
uri: string;
|
|
22
|
+
name?: string;
|
|
23
|
+
}>): void;
|
|
24
|
+
listStoreNames(): string[];
|
|
25
|
+
getStore(name: string): PolicyStore | undefined;
|
|
26
|
+
/**
|
|
27
|
+
* Workspace auto-discovery (10d) helper. Returns:
|
|
28
|
+
* - { kind: "none" } when no stores are loaded.
|
|
29
|
+
* - { kind: "single", ... } when exactly one store is loaded.
|
|
30
|
+
* - { kind: "ambiguous", names } when multiple stores are loaded and the
|
|
31
|
+
* caller did not pass an explicit `store` name to disambiguate.
|
|
32
|
+
*
|
|
33
|
+
* Tools call this when a required input ref is missing. Single-store
|
|
34
|
+
* deployments resolve cleanly; multi-store deployments surface an
|
|
35
|
+
* actionable error listing the candidates rather than guessing.
|
|
36
|
+
*/
|
|
37
|
+
getDefaultStore(): {
|
|
38
|
+
kind: "none";
|
|
39
|
+
} | {
|
|
40
|
+
kind: "single";
|
|
41
|
+
store: PolicyStore;
|
|
42
|
+
} | {
|
|
43
|
+
kind: "ambiguous";
|
|
44
|
+
names: string[];
|
|
45
|
+
};
|
|
46
|
+
listPolicies(storeName: string): string[];
|
|
47
|
+
readPolicy(storeName: string, policyId: string): string;
|
|
48
|
+
readAllPolicies(storeName: string): string;
|
|
49
|
+
listTemplates(storeName: string): string[];
|
|
50
|
+
readTemplate(storeName: string, templateId: string): string;
|
|
51
|
+
listTemplateLinks(storeName: string): string[];
|
|
52
|
+
readTemplateLink(storeName: string, linkId: string): {
|
|
53
|
+
template_id: string;
|
|
54
|
+
slot_values: Record<string, string>;
|
|
55
|
+
};
|
|
56
|
+
listEntities(storeName: string): string[];
|
|
57
|
+
readEntities(storeName: string, entityFileId: string): string;
|
|
58
|
+
readAllEntities(storeName: string): string;
|
|
59
|
+
readSchema(storeName: string): string;
|
|
60
|
+
isPathAllowed(filePath: string): boolean;
|
|
61
|
+
requireStore(name: string): PolicyStore;
|
|
62
|
+
}
|
|
63
|
+
export declare const storeManager: StoreManager;
|
|
64
|
+
//# sourceMappingURL=store-manager.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"store-manager.d.ts","sourceRoot":"","sources":["../../src/resources/store-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAKH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;CACd;AAED,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAAkC;IAIhD,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,GAAG,IAAI;IAoCjE,cAAc,IAAI,MAAM,EAAE;IAI1B,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS;IAI/C;;;;;;;;;;OAUG;IACH,eAAe,IAAI;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,GAAG;QAAE,IAAI,EAAE,QAAQ,CAAC;QAAC,KAAK,EAAE,WAAW,CAAA;KAAE,GAAG;QAAE,IAAI,EAAE,WAAW,CAAC;QAAC,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE;IASrH,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,EAAE;IAUzC,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM;IAavD,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;IAO1C,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,EAAE;IAU1C,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM;IAc3D,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,EAAE;IAU9C,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE;IAejH,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,EAAE;IAUzC,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,MAAM;IAY7D,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;IAqB1C,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;IAWrC,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAUxC,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,WAAW;CAWxC;AAED,eAAO,MAAM,YAAY,cAAqB,CAAC"}
|
|
@@ -0,0 +1,221 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* StoreManager maps MCP root URIs to named Cedar policy stores.
|
|
3
|
+
*
|
|
4
|
+
* Convention for a policy store directory:
|
|
5
|
+
* <root>/
|
|
6
|
+
* policies/ ← .cedar files, one per policy
|
|
7
|
+
* schema.cedarschema ← Cedar schema text (preferred)
|
|
8
|
+
* schema.json ← Cedar JSON schema (fallback)
|
|
9
|
+
*
|
|
10
|
+
* Security: isPathAllowed() checks that any file access stays within a loaded root.
|
|
11
|
+
* The SDK does not enforce roots automatically — every file operation calls this check.
|
|
12
|
+
*/
|
|
13
|
+
import { readdirSync, readFileSync, existsSync } from "node:fs";
|
|
14
|
+
import { join, basename } from "node:path";
|
|
15
|
+
export class StoreManager {
|
|
16
|
+
stores = new Map();
|
|
17
|
+
// ─── Store lifecycle ────────────────────────────────────────────────────────
|
|
18
|
+
loadFromRoots(roots) {
|
|
19
|
+
this.stores.clear();
|
|
20
|
+
const usedNames = new Map(); // tracks how many times each base name is used
|
|
21
|
+
for (const root of roots) {
|
|
22
|
+
if (!root.uri.startsWith("file://")) {
|
|
23
|
+
console.error(`[cedar-mcp-server] Skipping unsupported root URI scheme: ${root.uri} (only file:// is supported)`);
|
|
24
|
+
continue;
|
|
25
|
+
}
|
|
26
|
+
const rawPath = root.uri.replace(/^file:\/\//, "").replace(/\/$/, "");
|
|
27
|
+
// Security: refuse to load a root that resolves to an empty filesystem
|
|
28
|
+
// path (uri === "file:///" or similar). isPathAllowed below uses
|
|
29
|
+
// `startsWith(store.path)`, and `<anything>.startsWith("")` is true,
|
|
30
|
+
// so an empty-path store would silently let every Cedar file operation
|
|
31
|
+
// touch any path on the filesystem. The fix is defense-in-depth: this
|
|
32
|
+
// skips at the StoreManager boundary regardless of which caller
|
|
33
|
+
// (cwd-fallback, --root flag, or client listRoots) produced the URI.
|
|
34
|
+
if (rawPath.length === 0) {
|
|
35
|
+
console.error(`[cedar-mcp-server] Refusing to load root with empty path after URI normalization (uri: "${root.uri}"). Filesystem-root URIs (file:///) are unsafe — they would bypass the per-store path sandbox.`);
|
|
36
|
+
continue;
|
|
37
|
+
}
|
|
38
|
+
const baseName = root.name ?? basename(rawPath) ?? "default";
|
|
39
|
+
// Disambiguate collisions with a numeric suffix
|
|
40
|
+
const count = usedNames.get(baseName) ?? 0;
|
|
41
|
+
usedNames.set(baseName, count + 1);
|
|
42
|
+
const name = count === 0 ? baseName : `${baseName}-${count + 1}`;
|
|
43
|
+
if (count > 0) {
|
|
44
|
+
console.error(`[cedar-mcp-server] Store name collision: "${baseName}" is used by multiple roots. Renamed to "${name}". Consider giving roots explicit names.`);
|
|
45
|
+
}
|
|
46
|
+
this.stores.set(name, { name, uri: root.uri, path: rawPath });
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
listStoreNames() {
|
|
50
|
+
return [...this.stores.keys()];
|
|
51
|
+
}
|
|
52
|
+
getStore(name) {
|
|
53
|
+
return this.stores.get(name);
|
|
54
|
+
}
|
|
55
|
+
/**
|
|
56
|
+
* Workspace auto-discovery (10d) helper. Returns:
|
|
57
|
+
* - { kind: "none" } when no stores are loaded.
|
|
58
|
+
* - { kind: "single", ... } when exactly one store is loaded.
|
|
59
|
+
* - { kind: "ambiguous", names } when multiple stores are loaded and the
|
|
60
|
+
* caller did not pass an explicit `store` name to disambiguate.
|
|
61
|
+
*
|
|
62
|
+
* Tools call this when a required input ref is missing. Single-store
|
|
63
|
+
* deployments resolve cleanly; multi-store deployments surface an
|
|
64
|
+
* actionable error listing the candidates rather than guessing.
|
|
65
|
+
*/
|
|
66
|
+
getDefaultStore() {
|
|
67
|
+
const names = this.listStoreNames();
|
|
68
|
+
if (names.length === 0)
|
|
69
|
+
return { kind: "none" };
|
|
70
|
+
if (names.length === 1)
|
|
71
|
+
return { kind: "single", store: this.stores.get(names[0]) };
|
|
72
|
+
return { kind: "ambiguous", names };
|
|
73
|
+
}
|
|
74
|
+
// ─── Policy access ──────────────────────────────────────────────────────────
|
|
75
|
+
listPolicies(storeName) {
|
|
76
|
+
const store = this.requireStore(storeName);
|
|
77
|
+
const policiesDir = join(store.path, "policies");
|
|
78
|
+
if (!existsSync(policiesDir))
|
|
79
|
+
return [];
|
|
80
|
+
return readdirSync(policiesDir)
|
|
81
|
+
.filter((f) => f.endsWith(".cedar"))
|
|
82
|
+
.map((f) => f.replace(/\.cedar$/, ""))
|
|
83
|
+
.sort();
|
|
84
|
+
}
|
|
85
|
+
readPolicy(storeName, policyId) {
|
|
86
|
+
const store = this.requireStore(storeName);
|
|
87
|
+
// Prevent path traversal — policy IDs must be simple filenames with no slashes or dots
|
|
88
|
+
if (!/^[a-zA-Z0-9_-]+$/.test(policyId)) {
|
|
89
|
+
throw new Error(`Invalid policy ID: "${policyId}". Policy IDs must contain only letters, digits, hyphens, and underscores.`);
|
|
90
|
+
}
|
|
91
|
+
const filePath = join(store.path, "policies", `${policyId}.cedar`);
|
|
92
|
+
if (!existsSync(filePath)) {
|
|
93
|
+
throw new Error(`Policy not found: "${policyId}" in store "${storeName}"`);
|
|
94
|
+
}
|
|
95
|
+
return readFileSync(filePath, "utf8");
|
|
96
|
+
}
|
|
97
|
+
readAllPolicies(storeName) {
|
|
98
|
+
const ids = this.listPolicies(storeName);
|
|
99
|
+
return ids.map((id) => this.readPolicy(storeName, id)).join("\n\n");
|
|
100
|
+
}
|
|
101
|
+
// ─── Template access ────────────────────────────────────────────────────────
|
|
102
|
+
listTemplates(storeName) {
|
|
103
|
+
const store = this.requireStore(storeName);
|
|
104
|
+
const templatesDir = join(store.path, "templates");
|
|
105
|
+
if (!existsSync(templatesDir))
|
|
106
|
+
return [];
|
|
107
|
+
return readdirSync(templatesDir)
|
|
108
|
+
.filter((f) => f.endsWith(".cedar"))
|
|
109
|
+
.map((f) => f.replace(/\.cedar$/, ""))
|
|
110
|
+
.sort();
|
|
111
|
+
}
|
|
112
|
+
readTemplate(storeName, templateId) {
|
|
113
|
+
const store = this.requireStore(storeName);
|
|
114
|
+
if (!/^[a-zA-Z0-9_-]+$/.test(templateId)) {
|
|
115
|
+
throw new Error(`Invalid template ID: "${templateId}". Template IDs must contain only letters, digits, hyphens, and underscores.`);
|
|
116
|
+
}
|
|
117
|
+
const filePath = join(store.path, "templates", `${templateId}.cedar`);
|
|
118
|
+
if (!existsSync(filePath)) {
|
|
119
|
+
throw new Error(`Template not found: "${templateId}" in store "${storeName}"`);
|
|
120
|
+
}
|
|
121
|
+
return readFileSync(filePath, "utf8");
|
|
122
|
+
}
|
|
123
|
+
// ─── Template link access ────────────────────────────────────────────────────
|
|
124
|
+
listTemplateLinks(storeName) {
|
|
125
|
+
const store = this.requireStore(storeName);
|
|
126
|
+
const linksDir = join(store.path, "template-links");
|
|
127
|
+
if (!existsSync(linksDir))
|
|
128
|
+
return [];
|
|
129
|
+
return readdirSync(linksDir)
|
|
130
|
+
.filter((f) => f.endsWith(".json"))
|
|
131
|
+
.map((f) => f.replace(/\.json$/, ""))
|
|
132
|
+
.sort();
|
|
133
|
+
}
|
|
134
|
+
readTemplateLink(storeName, linkId) {
|
|
135
|
+
const store = this.requireStore(storeName);
|
|
136
|
+
if (!/^[a-zA-Z0-9_-]+$/.test(linkId)) {
|
|
137
|
+
throw new Error(`Invalid link ID: "${linkId}". Link IDs must contain only letters, digits, hyphens, and underscores.`);
|
|
138
|
+
}
|
|
139
|
+
const filePath = join(store.path, "template-links", `${linkId}.json`);
|
|
140
|
+
if (!existsSync(filePath)) {
|
|
141
|
+
throw new Error(`Template link not found: "${linkId}" in store "${storeName}"`);
|
|
142
|
+
}
|
|
143
|
+
const raw = readFileSync(filePath, "utf8");
|
|
144
|
+
return JSON.parse(raw);
|
|
145
|
+
}
|
|
146
|
+
// ─── Entities access ────────────────────────────────────────────────────────
|
|
147
|
+
listEntities(storeName) {
|
|
148
|
+
const store = this.requireStore(storeName);
|
|
149
|
+
const entitiesDir = join(store.path, "entities");
|
|
150
|
+
if (!existsSync(entitiesDir))
|
|
151
|
+
return [];
|
|
152
|
+
return readdirSync(entitiesDir)
|
|
153
|
+
.filter((f) => f.endsWith(".json"))
|
|
154
|
+
.map((f) => f.replace(/\.json$/, ""))
|
|
155
|
+
.sort();
|
|
156
|
+
}
|
|
157
|
+
readEntities(storeName, entityFileId) {
|
|
158
|
+
const store = this.requireStore(storeName);
|
|
159
|
+
if (!/^[a-zA-Z0-9_-]+$/.test(entityFileId)) {
|
|
160
|
+
throw new Error(`Invalid entity file ID: "${entityFileId}". Entity file IDs must contain only letters, digits, hyphens, and underscores.`);
|
|
161
|
+
}
|
|
162
|
+
const filePath = join(store.path, "entities", `${entityFileId}.json`);
|
|
163
|
+
if (!existsSync(filePath)) {
|
|
164
|
+
throw new Error(`Entity file not found: "${entityFileId}" in store "${storeName}"`);
|
|
165
|
+
}
|
|
166
|
+
return readFileSync(filePath, "utf8");
|
|
167
|
+
}
|
|
168
|
+
readAllEntities(storeName) {
|
|
169
|
+
const ids = this.listEntities(storeName);
|
|
170
|
+
const merged = [];
|
|
171
|
+
for (const id of ids) {
|
|
172
|
+
const raw = this.readEntities(storeName, id);
|
|
173
|
+
let parsed;
|
|
174
|
+
try {
|
|
175
|
+
parsed = JSON.parse(raw);
|
|
176
|
+
}
|
|
177
|
+
catch {
|
|
178
|
+
throw new Error(`Entity file "${id}" in store "${storeName}" contains invalid JSON.`);
|
|
179
|
+
}
|
|
180
|
+
if (!Array.isArray(parsed)) {
|
|
181
|
+
throw new Error(`Entity file "${id}" in store "${storeName}" must contain a JSON array at the top level, got ${typeof parsed}.`);
|
|
182
|
+
}
|
|
183
|
+
merged.push(...parsed);
|
|
184
|
+
}
|
|
185
|
+
return JSON.stringify(merged);
|
|
186
|
+
}
|
|
187
|
+
// ─── Schema access ──────────────────────────────────────────────────────────
|
|
188
|
+
readSchema(storeName) {
|
|
189
|
+
const store = this.requireStore(storeName);
|
|
190
|
+
const cedarSchema = join(store.path, "schema.cedarschema");
|
|
191
|
+
if (existsSync(cedarSchema))
|
|
192
|
+
return readFileSync(cedarSchema, "utf8");
|
|
193
|
+
const jsonSchema = join(store.path, "schema.json");
|
|
194
|
+
if (existsSync(jsonSchema))
|
|
195
|
+
return readFileSync(jsonSchema, "utf8");
|
|
196
|
+
throw new Error(`Schema not found in store "${storeName}". Expected schema.cedarschema or schema.json at ${store.path}`);
|
|
197
|
+
}
|
|
198
|
+
// ─── Security ───────────────────────────────────────────────────────────────
|
|
199
|
+
isPathAllowed(filePath) {
|
|
200
|
+
const normalizedRequest = filePath.replace(/\/$/, "");
|
|
201
|
+
for (const store of this.stores.values()) {
|
|
202
|
+
if (normalizedRequest.startsWith(store.path))
|
|
203
|
+
return true;
|
|
204
|
+
}
|
|
205
|
+
return false;
|
|
206
|
+
}
|
|
207
|
+
// ─── Private ────────────────────────────────────────────────────────────────
|
|
208
|
+
requireStore(name) {
|
|
209
|
+
const store = this.stores.get(name);
|
|
210
|
+
if (!store) {
|
|
211
|
+
const available = [...this.stores.keys()].join(", ") || "none";
|
|
212
|
+
const hint = this.stores.size === 0
|
|
213
|
+
? " No roots are configured. Add MCP roots in your client settings, each pointing at a directory with a policies/ subdirectory and a schema.cedarschema or schema.json file."
|
|
214
|
+
: ` Available stores: ${available}.`;
|
|
215
|
+
throw new Error(`Store not found: "${name}".${hint}`);
|
|
216
|
+
}
|
|
217
|
+
return store;
|
|
218
|
+
}
|
|
219
|
+
}
|
|
220
|
+
export const storeManager = new StoreManager();
|
|
221
|
+
//# sourceMappingURL=store-manager.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"store-manager.js","sourceRoot":"","sources":["../../src/resources/store-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAChE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAQ3C,MAAM,OAAO,YAAY;IACf,MAAM,GAAG,IAAI,GAAG,EAAuB,CAAC;IAEhD,+EAA+E;IAE/E,aAAa,CAAC,KAA4C;QACxD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QACpB,MAAM,SAAS,GAAG,IAAI,GAAG,EAAkB,CAAC,CAAC,+CAA+C;QAE5F,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBACpC,OAAO,CAAC,KAAK,CAAC,4DAA4D,IAAI,CAAC,GAAG,8BAA8B,CAAC,CAAC;gBAClH,SAAS;YACX,CAAC;YACD,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACtE,uEAAuE;YACvE,iEAAiE;YACjE,qEAAqE;YACrE,uEAAuE;YACvE,sEAAsE;YACtE,gEAAgE;YAChE,qEAAqE;YACrE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzB,OAAO,CAAC,KAAK,CAAC,2FAA2F,IAAI,CAAC,GAAG,gGAAgG,CAAC,CAAC;gBACnN,SAAS;YACX,CAAC;YACD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,IAAI,QAAQ,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;YAE7D,gDAAgD;YAChD,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC3C,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YACnC,MAAM,IAAI,GAAG,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,QAAQ,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YAEjE,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBACd,OAAO,CAAC,KAAK,CAAC,6CAA6C,QAAQ,4CAA4C,IAAI,0CAA0C,CAAC,CAAC;YACjK,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED,cAAc;QACZ,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IACjC,CAAC;IAED,QAAQ,CAAC,IAAY;QACnB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;IAED;;;;;;;;;;OAUG;IACH,eAAe;QACb,MAAM,KAAK,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAChD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAE,CAAE,EAAE,CAAC;QACtF,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC;IACtC,CAAC;IAED,+EAA+E;IAE/E,YAAY,CAAC,SAAiB;QAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QACjD,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;YAAE,OAAO,EAAE,CAAC;QACxC,OAAO,WAAW,CAAC,WAAW,CAAC;aAC5B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;aACnC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;aACrC,IAAI,EAAE,CAAC;IACZ,CAAC;IAED,UAAU,CAAC,SAAiB,EAAE,QAAgB;QAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAC3C,uFAAuF;QACvF,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,uBAAuB,QAAQ,4EAA4E,CAAC,CAAC;QAC/H,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,UAAU,EAAE,GAAG,QAAQ,QAAQ,CAAC,CAAC;QACnE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,sBAAsB,QAAQ,eAAe,SAAS,GAAG,CAAC,CAAC;QAC7E,CAAC;QACD,OAAO,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACxC,CAAC;IAED,eAAe,CAAC,SAAiB;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QACzC,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACtE,CAAC;IAED,+EAA+E;IAE/E,aAAa,CAAC,SAAiB;QAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAC3C,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QACnD,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;YAAE,OAAO,EAAE,CAAC;QACzC,OAAO,WAAW,CAAC,YAAY,CAAC;aAC7B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;aACnC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;aACrC,IAAI,EAAE,CAAC;IACZ,CAAC;IAED,YAAY,CAAC,SAAiB,EAAE,UAAkB;QAChD,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,yBAAyB,UAAU,8EAA8E,CAAC,CAAC;QACrI,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,UAAU,QAAQ,CAAC,CAAC;QACtE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,wBAAwB,UAAU,eAAe,SAAS,GAAG,CAAC,CAAC;QACjF,CAAC;QACD,OAAO,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACxC,CAAC;IAED,gFAAgF;IAEhF,iBAAiB,CAAC,SAAiB;QACjC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;QACpD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,OAAO,EAAE,CAAC;QACrC,OAAO,WAAW,CAAC,QAAQ,CAAC;aACzB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;aAClC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;aACpC,IAAI,EAAE,CAAC;IACZ,CAAC;IAED,gBAAgB,CAAC,SAAiB,EAAE,MAAc;QAChD,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,qBAAqB,MAAM,0EAA0E,CAAC,CAAC;QACzH,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,gBAAgB,EAAE,GAAG,MAAM,OAAO,CAAC,CAAC;QACtE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,6BAA6B,MAAM,eAAe,SAAS,GAAG,CAAC,CAAC;QAClF,CAAC;QACD,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC3C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAiE,CAAC;IACzF,CAAC;IAED,+EAA+E;IAE/E,YAAY,CAAC,SAAiB;QAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QACjD,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;YAAE,OAAO,EAAE,CAAC;QACxC,OAAO,WAAW,CAAC,WAAW,CAAC;aAC5B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;aAClC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;aACpC,IAAI,EAAE,CAAC;IACZ,CAAC;IAED,YAAY,CAAC,SAAiB,EAAE,YAAoB;QAClD,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CAAC,4BAA4B,YAAY,iFAAiF,CAAC,CAAC;QAC7I,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,UAAU,EAAE,GAAG,YAAY,OAAO,CAAC,CAAC;QACtE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,2BAA2B,YAAY,eAAe,SAAS,GAAG,CAAC,CAAC;QACtF,CAAC;QACD,OAAO,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACxC,CAAC;IAED,eAAe,CAAC,SAAiB;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QACzC,MAAM,MAAM,GAAc,EAAE,CAAC;QAC7B,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;YACrB,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YAC7C,IAAI,MAAe,CAAC;YACpB,IAAI,CAAC;gBACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC3B,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,KAAK,CAAC,gBAAgB,EAAE,eAAe,SAAS,0BAA0B,CAAC,CAAC;YACxF,CAAC;YACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,gBAAgB,EAAE,eAAe,SAAS,qDAAqD,OAAO,MAAM,GAAG,CAAC,CAAC;YACnI,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC;QACzB,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAChC,CAAC;IAED,+EAA+E;IAE/E,UAAU,CAAC,SAAiB;QAC1B,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;QAC3D,IAAI,UAAU,CAAC,WAAW,CAAC;YAAE,OAAO,YAAY,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QACtE,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACnD,IAAI,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACpE,MAAM,IAAI,KAAK,CAAC,8BAA8B,SAAS,oDAAoD,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3H,CAAC;IAED,+EAA+E;IAE/E,aAAa,CAAC,QAAgB;QAC5B,MAAM,iBAAiB,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACtD,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;YACzC,IAAI,iBAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC;gBAAE,OAAO,IAAI,CAAC;QAC5D,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,+EAA+E;IAE/E,YAAY,CAAC,IAAY;QACvB,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACpC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,SAAS,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC;YAC/D,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC;gBACjC,CAAC,CAAC,2KAA2K;gBAC7K,CAAC,CAAC,sBAAsB,SAAS,GAAG,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,KAAK,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,IAAI,YAAY,EAAE,CAAC"}
|
package/dist/server.d.ts
ADDED
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
|
|
2
|
+
export declare const SERVER_NAME = "cedar-mcp-server";
|
|
3
|
+
export declare const SERVER_VERSION = "0.0.1";
|
|
4
|
+
/**
|
|
5
|
+
* Server-level instructions returned in the MCP `initialize` response. Surfaced
|
|
6
|
+
* by the client (Claude Code, Claude Desktop, Cursor) as a system-prompt hint
|
|
7
|
+
* for when to reach for this server's tools. Truncated at 2KB in Claude Code,
|
|
8
|
+
* so critical routing guidance is front-loaded.
|
|
9
|
+
*
|
|
10
|
+
* Added in response to the 2026-05-21 falsification test result: tool-level
|
|
11
|
+
* descriptions alone (kickoff-08 sub-phase 8b) did not stop Claude from
|
|
12
|
+
* bypassing the cedar_* tools via Read + Bash. See
|
|
13
|
+
* projects/cedar-mcp-server/research-mcp-discoverability-patterns.md
|
|
14
|
+
* "Path 0" for the rationale.
|
|
15
|
+
*/
|
|
16
|
+
export declare const SERVER_INSTRUCTIONS = "cedar-mcp-server provides Cedar policy language and AWS Verified Permissions tooling.\n\nFor ANY question about Cedar policies, schemas, entities, or authorization decisions, you MUST call the appropriate cedar_* tool rather than reading files and reasoning natively. The Cedar engine, AST parser, and AVP rules encoded in this server are the authoritative source; reading .cedar files alone is insufficient because pattern classification, policy evaluation, AVP UpdatePolicy mutability, and gotchas catalog cannot be reconstructed from file text.\n\nTool routing:\n- \"Plan a Cedar change\" / \"how do I add X rule\" / \"help me restrict Y\" -> cedar_advise FIRST. Returns structured context bundle (gotchas, AVP rules, Cedar patterns, current policy classification). Reason from the bundle.\n- \"What does this policy do?\" / \"explain this Cedar\" -> cedar_explain\n- \"Is this policy valid?\" / \"check my Cedar syntax\" -> cedar_validate\n- \"Would X be allowed to do Y on Z?\" / \"test this authorization\" -> cedar_authorize\n- \"Compare two policy stores\" / \"is it safe to deploy\" -> cedar_diff_policy_stores\n- \"Why was X denied?\" -> cedar_authorize then cedar_explain (positional policy IDs need explanation lookup)\n- \"Generate a test payload\" -> cedar_generate_sample_request\n- \"Migrating from AVP\" / \"is my schema AVP-compatible\" -> cedar_project_intelligence (when shipped) or cedar_validate_schema\n- \"Modify an existing policy\" -> cedar_check_policy_change FIRST (returns AVP UpdatePolicy classification)\n\nWorkspace auto-discovery: if cedar_validate / cedar_authorize / cedar_explain reports missing schema, policies, or entities, retry with the field omitted; the tool auto-discovers from the loaded workspace store (schema.cedarschema, policies/, entities/). Pass store: \"<name>\" for multi-store deployments. Ask the user for inline input only as a last resort.\n\nDo NOT use Read or Bash to inspect Cedar policy semantics. The server tools encode Cedar/AVP knowledge that does not live in the files.";
|
|
17
|
+
export declare function createServer(): McpServer;
|
|
18
|
+
//# sourceMappingURL=server.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAmGpE,eAAO,MAAM,WAAW,qBAAqB,CAAC;AAC9C,eAAO,MAAM,cAAc,UAAU,CAAC;AAEtC;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,mBAAmB,y/DAiBwG,CAAC;AAEzI,wBAAgB,YAAY,IAAI,SAAS,CAikBxC"}
|