entropic::PermissionManager Class Reference

Permission manager for MCP tool access control. More...

#include <entropic/mcp/permission_manager.h>

Public Member Functions
	PermissionManager (std::vector< std::string > allow_patterns={}, std::vector< std::string > deny_patterns={})
	Construct with initial allow/deny lists.
bool	is_denied (const std::string &tool_name, const std::string &pattern) const
	Check if a tool call is explicitly denied.
bool	is_allowed (const std::string &tool_name, const std::string &pattern) const
	Check if a tool call is explicitly allowed (skip prompting).
void	add_permission (const std::string &pattern, bool allow)
	Add a permission pattern at runtime.

Detailed Description

Permission manager for MCP tool access control.

Default-deny model. Deny list takes precedence over allow list. Only returns false for is_denied() if a deny pattern explicitly matches. Unknown tools are not denied — the engine handles prompting for tools not in either list.

Version

1.8.5

Definition at line 34 of file permission_manager.h.

Constructor & Destructor Documentation

PermissionManager()

entropic::PermissionManager::PermissionManager	(	std::vector< std::string >	allow_patterns = {},
		std::vector< std::string >	deny_patterns = {}
	)

Construct with initial allow/deny lists.

Parameters

allow_patterns	Allow list patterns.
deny_patterns	Deny list patterns.

Version

1.8.5

Parameters

allow_patterns	Allow list patterns.
deny_patterns	Deny list patterns.

Definition at line 24 of file permission_manager.cpp.

Member Function Documentation

add_permission()

void entropic::PermissionManager::add_permission	(	const std::string &	pattern,
		bool	allow
	)

Add a permission pattern at runtime.

Parameters

pattern	Permission pattern string.
allow	true for allow list, false for deny list.

Version

1.8.5

Parameters

pattern	Permission pattern string.
allow	true for allow list, false for deny list.

Definition at line 79 of file permission_manager.cpp.

is_allowed()

bool entropic::PermissionManager::is_allowed	(	const std::string &	tool_name,
		const std::string &	pattern
	)		const

Check if a tool call is explicitly allowed (skip prompting).

Check if a tool call is explicitly allowed.

Parameters

tool_name	Fully-qualified tool name.
pattern	Tool pattern with args.

Returns

true if explicitly in allow list.

Version

1.8.5

Parameters

tool_name	Fully-qualified tool name.
pattern	Tool pattern with args.

Returns

true if in allow list.

Definition at line 59 of file permission_manager.cpp.

is_denied()

bool entropic::PermissionManager::is_denied	(	const std::string &	tool_name,
		const std::string &	pattern
	)		const

Check if a tool call is explicitly denied.

Parameters

tool_name	Fully-qualified tool name (e.g., "filesystem.read_file").
pattern	Tool pattern with args (e.g., "filesystem.read_file:/path").

Returns

true if denied.

Version

1.8.5

Parameters

tool_name	Fully-qualified tool name.
pattern	Tool pattern with args.

Returns

true if denied.

Definition at line 38 of file permission_manager.cpp.

---

The documentation for this class was generated from the following files:

• entropic/mcp/permission_manager.h
• mcp/permission_manager.cpp