Skip to main content

PolicyEvaluator

pmcp_code_mode::policy

Trait PolicyEvaluator 

Source 
pub trait PolicyEvaluator: Send + Sync {
    // Required methods
    fn evaluate_operation<'life0, 'life1, 'life2, 'async_trait>(
        &'life0 self,
        operation: &'life1 OperationEntity,
        server_config: &'life2 ServerConfigEntity,
    ) -> Pin<Box<dyn Future<Output = Result<AuthorizationDecision, PolicyEvaluationError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait,
             'life2: 'async_trait;
    fn name(&self) -> &str;

    // Provided methods
    fn batch_evaluate<'life0, 'async_trait>(
        &'life0 self,
        requests: Vec<(OperationEntity, ServerConfigEntity)>,
    ) -> Pin<Box<dyn Future<Output = Result<Vec<AuthorizationDecision>, PolicyEvaluationError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait { ... }
    fn is_configured(&self) -> bool { ... }
}
Expand description

Trait for policy evaluation backends.

Implementations can use different backends:

  • AvpPolicyEvaluator (in mcp-server-common): Uses AWS AVP
  • CedarPolicyEvaluator (in this crate): Uses local Cedar engine
  • Custom implementations for testing or other policy engines

Required Methods§

Source

fn evaluate_operation<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, operation: &'life1 OperationEntity, server_config: &'life2 ServerConfigEntity, ) -> Pin<Box<dyn Future<Output = Result<AuthorizationDecision, PolicyEvaluationError>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Evaluate a GraphQL operation against policies.

Source

fn name(&self) -> &str

Human-readable name for logging.

Provided Methods§

Source

fn batch_evaluate<'life0, 'async_trait>( &'life0 self, requests: Vec<(OperationEntity, ServerConfigEntity)>, ) -> Pin<Box<dyn Future<Output = Result<Vec<AuthorizationDecision>, PolicyEvaluationError>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait,

Batch evaluation (default: sequential).

Source

fn is_configured(&self) -> bool

Whether this evaluator is configured and ready.

Implementors§