Trait PolicyEvaluator 

pub trait PolicyEvaluator: Send + Sync {
    // Required methods
    fn evaluate_operation<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        operation: &'life1 OperationEntity,
        server_config: &'life2 ServerConfigEntity,
    ) -> Pin<Box<dyn Future<Output = Result<AuthorizationDecision, PolicyEvaluationError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait;
    fn name(&self) -> &str;

    // Provided methods
    fn evaluate_script<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        _script: &'life1 ScriptEntity,
        _server: &'life2 OpenAPIServerEntity,
    ) -> Pin<Box<dyn Future<Output = Result<AuthorizationDecision, PolicyEvaluationError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait { ... }
    fn evaluate_statement<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        _statement: &'life1 StatementEntity,
        _server: &'life2 SqlServerEntity,
    ) -> Pin<Box<dyn Future<Output = Result<AuthorizationDecision, PolicyEvaluationError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait { ... }
    fn batch_evaluate<'life0, 'async_trait>(
        &'life0 self,
        requests: Vec<(OperationEntity, ServerConfigEntity)>,
    ) -> Pin<Box<dyn Future<Output = Result<Vec<AuthorizationDecision>, PolicyEvaluationError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait { ... }
    fn is_configured(&self) -> bool { ... }
}

Trait for policy evaluation backends.

Implementations can use different backends:

• AvpPolicyEvaluator (in mcp-server-common): Uses AWS AVP
• CedarPolicyEvaluator (in this crate): Uses local Cedar engine
• Custom implementations for testing or other policy engines

Required Methods

fn evaluate_operation<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, operation: &'life1 OperationEntity, server_config: &'life2 ServerConfigEntity, ) -> Pin<Box<dyn Future<Output = Result<AuthorizationDecision, PolicyEvaluationError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Evaluate a GraphQL operation against policies.

fn name(&self) -> &str

Human-readable name for logging.

Provided Methods

fn evaluate_script<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, _script: &'life1 ScriptEntity, _server: &'life2 OpenAPIServerEntity, ) -> Pin<Box<dyn Future<Output = Result<AuthorizationDecision, PolicyEvaluationError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Evaluate a JavaScript script against policies (OpenAPI Code Mode). Default: denies all scripts (override for OpenAPI support).

fn evaluate_statement<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, _statement: &'life1 StatementEntity, _server: &'life2 SqlServerEntity, ) -> Pin<Box<dyn Future<Output = Result<AuthorizationDecision, PolicyEvaluationError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Evaluate a SQL statement against policies (SQL Code Mode). Default: denies all statements (override for SQL support).

fn batch_evaluate<'life0, 'async_trait>( &'life0 self, requests: Vec<(OperationEntity, ServerConfigEntity)>, ) -> Pin<Box<dyn Future<Output = Result<Vec<AuthorizationDecision>, PolicyEvaluationError>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait,

Batch evaluation (default: sequential).

fn is_configured(&self) -> bool

Whether this evaluator is configured and ready.

Implementors

impl PolicyEvaluator for AvpPolicyEvaluator

impl PolicyEvaluator for CedarPolicyEvaluator

impl PolicyEvaluator for NoopPolicyEvaluator