Struct Policy 

pub struct Policy {
    pub allowed: HashSet<PolicyRule>,
    pub allowed_zones: Option<Vec<String>>,
}

Governs what the MCP server is permitted to do.

Fields

allowed: HashSet<PolicyRule>

Set of permitted operation classes.

allowed_zones: Option<Vec<String>>

If Some, only zones in this list (case-insensitive) are accessible. None means unrestricted.

Implementations

impl Policy

pub fn new( allowed: impl IntoIterator<Item = PolicyRule>, allowed_zones: Option<Vec<String>>, ) -> Self

Construct a new policy from its constituent parts.

pub fn check(&self, rule: PolicyRule) -> Result<()>

pub fn check_read(&self) -> Result<()>

Assert that the active policy permits read operations. Shorthand for check(PolicyRule::Read).

pub fn check_write(&self) -> Result<()>

Assert that the active policy permits write operations. Shorthand for check(PolicyRule::Write).

pub fn check_delete(&self) -> Result<()>

pub fn check_zone(&self, zone: &str) -> Result<()>

pub fn instructions_suffix(&self) -> String

Returns a human-readable summary of active restrictions, used in the MCP ServerInfo.instructions field so Claude knows upfront what it can do.

impl Policy

pub fn for_server( server: &DnsServerConfig, cli_access: &[PolicyRule], cli_allow_zone: &[String], ) -> Result<Self>

Constructs an effective Policy for a single DNS server by combining the server’s MCP access configuration with CLI-provided access and zone overrides.

• Operation permissions: if cli_access is empty the server’s MCP access is used; otherwise the resulting allowed operations are the intersection of cli_access and the server’s MCP access (the CLI cannot broaden permissions beyond the server’s config).
• Zone restrictions: if cli_allow_zone is empty the server’s configured allowed_zones (if any) is used; if cli_allow_zone is non-empty it becomes the resulting zone list. When the server has configured allowed zones, each CLI-provided zone is validated against the server’s allowed zones (subdomains and case-insensitive matches are permitted); a CLI zone outside the server’s configured zones causes a PolicyViolation error.

Errors

Returns Error::PolicyViolation when any entry in cli_allow_zone is not permitted by the server’s MCP configured allowed zones (when that restriction exists).

Examples

use crate::control_plane::policy::Policy;
use crate::control_plane::config::DnsServerConfig;

// Construct `server`, `cli_access`, and `cli_allow_zone` according to your application.
let server: DnsServerConfig = /* server from config */ unimplemented!();
let cli_access = vec![]; // empty means "use server MCP access"
let cli_allow_zone: Vec<String> = vec![]; // empty means "use server MCP zones"

let policy = Policy::for_server(&server, &cli_access, &cli_allow_zone)?;
```ignore

pub fn from_cli_and_config( cli: &Cli, config: Option<&AppConfig>, ) -> Result<Self>

Build a Policy from CLI options and config.

pub fn allowed_zones_from_cli_and_mcp( cli: &Cli, mcp: Option<&McpPermissions>, ) -> Result<Option<Vec<String>>>

Build allowed zones from CLI and MCP config.

Trait Implementations

impl Clone for Policy

fn clone(&self) -> Policy

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Policy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for Policy

fn default() -> Self

Returns the “default value” for a type.