Skip to main content

CapabilityFilter

tower_mcp::filter

Struct CapabilityFilter 

Source 
pub struct CapabilityFilter<T: Filterable> { /* private fields */ }
Expand description

A filter for capabilities based on session state.

Use this to control which tools, resources, or prompts are visible to each session.

§Example

use tower_mcp::{CapabilityFilter, DenialBehavior, Tool, Filterable};

// Filter that only shows tools starting with "public_"
let filter = CapabilityFilter::new(|_session, tool: &Tool| {
    tool.name().starts_with("public_")
});

// Filter with custom denial behavior
let filter_with_401 = CapabilityFilter::new(|_session, tool: &Tool| {
    tool.name() != "admin"
}).denial_behavior(DenialBehavior::Unauthorized);

Implementations§

Source§

impl<T: Filterable> CapabilityFilter<T>

Source

pub fn new<F>(filter: F) -> Self
where F: Fn(&SessionState, &T) -> bool + Send + Sync + 'static,

Create a new capability filter with the given predicate.

The predicate receives the session state and capability, and returns true if the capability should be visible to the session.

§Example
use tower_mcp::{CapabilityFilter, Tool, Filterable};

let filter = CapabilityFilter::new(|_session, tool: &Tool| {
    // Check session extensions for auth claims
    // session.extensions().get::<UserClaims>()...
    tool.name() != "admin_only"
});
Source

pub fn denial_behavior(self, behavior: DenialBehavior) -> Self

Set the behavior when a filtered capability is accessed directly.

Default is DenialBehavior::NotFound.

§Example
use tower_mcp::{CapabilityFilter, DenialBehavior, Tool, Filterable};

let filter = CapabilityFilter::new(|_, tool: &Tool| tool.name() != "secret")
    .denial_behavior(DenialBehavior::Unauthorized);
Source

pub fn is_visible(&self, session: &SessionState, capability: &T) -> bool

Check if the given capability is visible to the session.

Source

pub fn denial_error(&self, name: &str) -> Error

Get the error to return when access is denied.

Source

pub fn allow_list(names: &[&str]) -> Self
where T: 'static,

Create a filter that only shows capabilities whose names are in the list.

Capabilities not in the list are hidden. This is useful for exposing a curated subset of capabilities (e.g., from a config file or CLI flag).

§Example
use tower_mcp::{CapabilityFilter, Tool};

// Only expose these two tools
let filter = CapabilityFilter::<Tool>::allow_list(&["query", "list_tables"]);
Source

pub fn deny_list(names: &[&str]) -> Self
where T: 'static,

Create a filter that hides capabilities whose names are in the list.

All capabilities are visible except those explicitly listed. This is useful for blocking specific dangerous or irrelevant capabilities.

§Example
use tower_mcp::{CapabilityFilter, Tool};

// Hide these destructive tools
let filter = CapabilityFilter::<Tool>::deny_list(&["delete", "drop_table"]);
Source§

impl CapabilityFilter<Tool>

Source

pub fn write_guard<F>(is_write_allowed: F) -> Self
where F: Fn(&SessionState) -> bool + Send + Sync + 'static,

Create a filter that blocks non-read-only tools when the predicate returns false.

Read-only tools (those with read_only_hint = true) are always allowed. Non-read-only tools are only allowed when is_write_allowed returns true for the current session.

This provides annotation-based write protection without requiring manual guards in every write tool handler.

§Example
use tower_mcp::{CapabilityFilter, Tool};

// Block all write tools unconditionally
let filter = CapabilityFilter::<Tool>::write_guard(|_session| false);

// Allow writes based on session state
// let filter = CapabilityFilter::<Tool>::write_guard(|session| {
//     session.get::<WriteEnabled>().is_some()
// });

Trait Implementations§

Source§

impl<T: Filterable> Clone for CapabilityFilter<T>

Source§

fn clone(&self) -> Self

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<T: Filterable> Debug for CapabilityFilter<T>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more