Struct PrivacyConfig 

pub struct PrivacyConfig {
    pub profile: PrivacyProfile,
    pub command_allowlist: Option<HashSet<String>>,
    pub command_blocklist: HashSet<String>,
    pub disabled_tools: HashSet<String>,
    pub redactor: Redactor,
    pub redaction_enabled: bool,
}

Privacy controls for the MCP server.

Combines a PrivacyProfile (tiered permission matrix) with fine-grained overrides: command allowlists/blocklists, per-tool disabling, and output redaction.

Precedence: explicit disabled_tools overrides → profile matrix → allowlist/blocklist.

Fields

profile: PrivacyProfile

The active privacy profile tier.

command_allowlist: Option<HashSet<String>>

If set, only these Tauri commands can be invoked (positive allowlist).

command_blocklist: HashSet<String>

Tauri commands that are always blocked, even if on the allowlist.

disabled_tools: HashSet<String>

MCP tool/action names explicitly disabled (override layer on top of profile).

redactor: Redactor

Output redactor with regex and JSON-key matching.

redaction_enabled: bool

Whether output redaction is active.

Implementations

impl PrivacyConfig

pub fn is_command_allowed(&self, command: &str) -> bool

Returns true if the Tauri command passes both the allowlist and blocklist.

pub fn is_tool_enabled(&self, tool_or_action: &str) -> bool

Returns true if the given tool or qualified action (e.g. "window.manage") is permitted by the current profile AND not in the explicit disabled set.

pub fn is_invoke_allowed(&self, command: &str) -> bool

Check whether invoke_command is allowed for a specific command name.

In Test profile, invoke_command is only allowed if the command is on the allowlist. In FullControl, it’s always allowed. In Observe, always blocked.

pub fn redact_output(&self, output: &str) -> String

Apply redaction rules to the output string if redaction is enabled.

Trait Implementations

impl Default for PrivacyConfig

fn default() -> PrivacyConfig

Returns the “default value” for a type.