brainwires-mcp-server 0.8.0

MCP server framework with middleware pipeline for the Brainwires Agent Framework
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

use async_trait::async_trait;
use brainwires_mcp::{JsonRpcError, JsonRpcRequest};
use std::collections::HashSet;

use super::{Middleware, MiddlewareResult};
use crate::connection::RequestContext;

/// Tool filtering mode.
pub enum FilterMode {
    /// Only allow listed tools.
    AllowList(HashSet<String>),
    /// Deny listed tools, allow all others.
    DenyList(HashSet<String>),
}

/// Middleware that filters tool calls by allow/deny lists.
pub struct ToolFilterMiddleware {
    mode: FilterMode,
}

impl ToolFilterMiddleware {
    /// Create a filter that only allows the specified tools.
    pub fn allow_only(tools: impl IntoIterator<Item = impl Into<String>>) -> Self {
        Self {
            mode: FilterMode::AllowList(tools.into_iter().map(|t| t.into()).collect()),
        }
    }

    /// Create a filter that denies the specified tools.
    pub fn deny(tools: impl IntoIterator<Item = impl Into<String>>) -> Self {
        Self {
            mode: FilterMode::DenyList(tools.into_iter().map(|t| t.into()).collect()),
        }
    }

    fn is_allowed(&self, tool_name: &str) -> bool {
        match &self.mode {
            FilterMode::AllowList(allowed) => allowed.contains(tool_name),
            FilterMode::DenyList(denied) => !denied.contains(tool_name),
        }
    }
}

#[async_trait]
impl Middleware for ToolFilterMiddleware {
    async fn process_request(
        &self,
        request: &JsonRpcRequest,
        _ctx: &mut RequestContext,
    ) -> MiddlewareResult {
        // Only filter tools/call
        if request.method != "tools/call" {
            return MiddlewareResult::Continue;
        }

        let tool_name = request
            .params
            .as_ref()
            .and_then(|p| p.get("name"))
            .and_then(|n| n.as_str())
            .unwrap_or("unknown");

        if self.is_allowed(tool_name) {
            MiddlewareResult::Continue
        } else {
            MiddlewareResult::Reject(JsonRpcError {
                code: -32001,
                message: format!("Tool '{tool_name}' is not allowed by filter policy"),
                data: None,
            })
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_allow_list() {
        let filter = ToolFilterMiddleware::allow_only(["agent_spawn", "agent_list"]);
        assert!(filter.is_allowed("agent_spawn"));
        assert!(filter.is_allowed("agent_list"));
        assert!(!filter.is_allowed("bash"));
    }

    #[test]
    fn test_deny_list() {
        let filter = ToolFilterMiddleware::deny(["bash", "write_file"]);
        assert!(!filter.is_allowed("bash"));
        assert!(!filter.is_allowed("write_file"));
        assert!(filter.is_allowed("agent_spawn"));
    }
}