32#include <unordered_map>
58 bool is_enforced(
const std::string& identity_name)
const;
70 const std::string& pattern,
82 const std::string& pattern);
93 const std::string& tool_name,
108 const std::string& grantee_name,
109 const std::string& pattern,
119 const std::string& identity_name)
const;
145 std::unordered_map<std::string, MCPKeySet> key_sets_;
148 mutable std::mutex auth_mutex_;
Per-identity MCP authorization with runtime grant/revoke.
entropic_error_t grant(const std::string &identity_name, const std::string &pattern, MCPAccessLevel level)
Grant a tool key to an identity.
void register_identity(const std::string &identity_name)
Register an empty key set for an identity.
void unregister_identity(const std::string &identity_name)
Remove an identity's key set (disables enforcement).
bool deserialize_all(const std::string &json)
Deserialize all identity key sets from JSON.
bool is_enforced(const std::string &identity_name) const
Check if an identity has authorization enforcement enabled.
entropic_error_t revoke(const std::string &identity_name, const std::string &pattern)
Revoke a tool key from an identity.
std::string serialize_all() const
Serialize all identity key sets to JSON.
std::vector< MCPKey > list_keys(const std::string &identity_name) const
List all keys for an identity.
entropic_error_t grant_from(const std::string &granter_name, const std::string &grantee_name, const std::string &pattern, MCPAccessLevel level)
One identity grants a key to another identity.
bool check_access(const std::string &identity_name, const std::string &tool_name, MCPAccessLevel required_level) const
Check if a tool call is authorized for an identity.
Error types for cross-.so error reporting.
entropic_error_t
Error codes returned by all C API functions.
Per-identity set of authorized MCP tool keys.
Activate model on GPU (WARM → ACTIVE).
MCPAccessLevel
MCP tool access level for per-identity authorization.
1.9.8