mcp-authorization 0.2.0

Type-state authorization for MCP tool servers — compile-time proof that auth checks cannot be skipped
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

/// Compile-time metadata about which fields or variants require capabilities.
///
/// This trait is generated by `#[derive(AuthSchema)]` from the
/// `mcp-authorization-macros` crate. Each `#[requires("capability")]`
/// annotation on a struct field or enum variant produces an entry in the
/// returned static slice.
///
/// You can also implement this manually:
///
/// ```
/// use mcp_authorization::AuthSchemaMetadata;
///
/// struct MyInput {
///     pub name: String,
///     pub secret_field: Option<String>,
/// }
///
/// impl AuthSchemaMetadata for MyInput {
///     fn requirements() -> &'static [(&'static str, &'static str)] {
///         &[("secret_field", "admin")]
///     }
/// }
/// ```
pub trait AuthSchemaMetadata {
    /// Returns `(field_or_variant_name, capability_name)` pairs.
    ///
    /// For structs, the first element is the field name (matching the JSON property name).
    /// For enums, the first element is the variant name.
    fn requirements() -> &'static [(&'static str, &'static str)];
}