Per-identity MCP authorization with runtime grant/revoke. More...

#include <entropic/mcp/mcp_authorization.h>

Public Member Functions
void	register_identity (const std::string &identity_name)
	Register an empty key set for an identity.

bool	is_enforced (const std::string &identity_name) const
	Check if an identity has authorization enforcement enabled.

entropic_error_t	grant (const std::string &identity_name, const std::string &pattern, MCPAccessLevel level)
	Grant a tool key to an identity.

entropic_error_t	revoke (const std::string &identity_name, const std::string &pattern)
	Revoke a tool key from an identity.

bool	check_access (const std::string &identity_name, const std::string &tool_name, MCPAccessLevel required_level) const
	Check if a tool call is authorized for an identity.

entropic_error_t	grant_from (const std::string &granter_name, const std::string &grantee_name, const std::string &pattern, MCPAccessLevel level)
	One identity grants a key to another identity.

std::vector< MCPKey >	list_keys (const std::string &identity_name) const
	List all keys for an identity.

std::string	serialize_all () const
	Serialize all identity key sets to JSON.

bool	deserialize_all (const std::string &json)
	Deserialize all identity key sets from JSON.

void	unregister_identity (const std::string &identity_name)
	Remove an identity's key set (disables enforcement).

Detailed Description

Per-identity MCP authorization with runtime grant/revoke.

Version: 1.9.4

Definition at line 41 of file mcp_authorization.h.

Member Function Documentation

◆ check_access()

bool entropic::MCPAuthorizationManager::check_access	(	const std::string &	identity_name,
		const std::string &	tool_name,
		MCPAccessLevel	required_level
	)		const

Check if a tool call is authorized for an identity.

Parameters

identity_name	Caller identity.
tool_name	Fully-qualified tool name.
required_level	Minimum access level needed.

Returns: true if authorized (or if identity has no key set).

Version: 1.9.4

Parameters

identity_name	Caller identity.
tool_name	Fully-qualified tool name.
required_level	Minimum access level.

Returns: true if authorized or no enforcement.

Definition at line 94 of file mcp_authorization.cpp.

◆ deserialize_all()

bool entropic::MCPAuthorizationManager::deserialize_all ( const std::string & json )

Deserialize all identity key sets from JSON.

Parameters

json	JSON object string.

Returns: true if parsed successfully.

Version: 1.9.4

Parameters

json	JSON object string.

Returns: true if parsed successfully.

Definition at line 187 of file mcp_authorization.cpp.

◆ grant()

entropic_error_t entropic::MCPAuthorizationManager::grant	(	const std::string &	identity_name,
		const std::string &	pattern,
		MCPAccessLevel	level
	)

Grant a tool key to an identity.

Parameters

identity_name	Target identity.
pattern	Tool pattern string.
level	Access level to grant.

Returns: ENTROPIC_OK on success. ENTROPIC_ERROR_IDENTITY_NOT_FOUND if identity not registered.

Version: 1.9.4

Parameters

identity_name	Target identity.
pattern	Tool pattern.
level	Access level.

Returns: ENTROPIC_OK or ENTROPIC_ERROR_IDENTITY_NOT_FOUND.

Definition at line 52 of file mcp_authorization.cpp.

◆ grant_from()

entropic_error_t entropic::MCPAuthorizationManager::grant_from	(	const std::string &	granter_name,
		const std::string &	grantee_name,
		const std::string &	pattern,
		MCPAccessLevel	level
	)

One identity grants a key to another identity.

One identity grants a key to another.

Parameters

granter_name	Identity performing the grant.
grantee_name	Identity receiving the key.
pattern	Tool pattern to grant.
level	Access level to grant.

Returns: ENTROPIC_OK on success. ENTROPIC_ERROR_IDENTITY_NOT_FOUND if either not registered. ENTROPIC_ERROR_PERMISSION_DENIED if granter lacks the key.

Version: 1.9.4

Parameters

granter_name	Granting identity.
grantee_name	Receiving identity.
pattern	Tool pattern.
level	Access level.

Returns: ENTROPIC_OK, NOT_FOUND, or PERMISSION_DENIED.

Definition at line 123 of file mcp_authorization.cpp.

◆ is_enforced()

bool entropic::MCPAuthorizationManager::is_enforced ( const std::string & identity_name ) const

Check if an identity has authorization enforcement enabled.

Check if an identity has enforcement enabled.

Parameters

identity_name Identity/tier name.

Returns: true if the identity has a registered MCPKeySet.

Version: 1.9.4

Parameters

identity_name Identity/tier name.

Returns: true if registered.

Definition at line 37 of file mcp_authorization.cpp.

◆ list_keys()

std::vector< MCPKey > entropic::MCPAuthorizationManager::list_keys ( const std::string & identity_name ) const

List all keys for an identity.

Parameters

identity_name Identity to query.

Returns: Vector of MCPKey entries, or empty if not registered.

Version: 1.9.4

Parameters

identity_name Identity to query.

Returns: Vector of MCPKey entries.

Definition at line 154 of file mcp_authorization.cpp.

◆ register_identity()

void entropic::MCPAuthorizationManager::register_identity ( const std::string & identity_name )

Register an empty key set for an identity.

Parameters

identity_name Identity/tier name.

Version: 1.9.4

After registration, the identity has ZERO authorized tools.

Parameters

identity_name Identity/tier name.

Definition at line 23 of file mcp_authorization.cpp.

◆ revoke()

entropic_error_t entropic::MCPAuthorizationManager::revoke	(	const std::string &	identity_name,
		const std::string &	pattern
	)

Revoke a tool key from an identity.

Parameters

identity_name	Target identity.
pattern	Tool pattern string.

Returns: ENTROPIC_OK on success. ENTROPIC_ERROR_IDENTITY_NOT_FOUND if identity not registered.

Version: 1.9.4

Parameters

identity_name	Target identity.
pattern	Tool pattern.

Returns: ENTROPIC_OK or ENTROPIC_ERROR_IDENTITY_NOT_FOUND.

Definition at line 73 of file mcp_authorization.cpp.

◆ serialize_all()

std::string entropic::MCPAuthorizationManager::serialize_all ( ) const

Serialize all identity key sets to JSON.

Returns: JSON object: {"identity_name": [key_array], ...}

Version: 1.9.4

Returns: JSON object string.

Definition at line 170 of file mcp_authorization.cpp.

◆ unregister_identity()

void entropic::MCPAuthorizationManager::unregister_identity ( const std::string & identity_name )

Remove an identity's key set (disables enforcement).

Remove an identity's key set.

Parameters

identity_name Identity to unregister.

Version: 1.9.4

Parameters

identity_name Identity to unregister.

Definition at line 215 of file mcp_authorization.cpp.

The documentation for this class was generated from the following files:

entropic/mcp/mcp_authorization.h
mcp/mcp_authorization.cpp

Public Member Functions

Detailed Description

Member Function Documentation

◆ check_access()

◆ deserialize_all()

◆ grant()

◆ grant_from()

◆ is_enforced()

◆ list_keys()

◆ register_identity()

◆ revoke()

◆ serialize_all()

◆ unregister_identity()