Merged
Conversation
Member
|
Thanks for the Cedar plugin optimization, @monshri. The async conversion, batch evaluation, and compile-once regex are solid performance improvements. This has been open for a while with the |
…tch support - Convert synchronous CedarPy calls to async via asyncio.to_thread - Implement batch policy evaluation using is_authorized_batch - Move regex compilation and policy parsing to plugin initialization - Add user context handling from gateway (is_admin role detection) - Add recursive output redaction with configurable redaction string - Add server_id extraction from gateway metadata with fallback - Add correlation_id support for batch request tracking - Add example configs and end-to-end testing documentation - Update tests for new redaction_str configuration field Signed-off-by: Shriti Priya <shritip@ibm.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
- Initialize _output_redaction_string with default to prevent AttributeError - Replace mutable default arguments (dict) with None in _preprocess_request - Use public diagnostics attribute instead of private _diagnostics - Use ToolHookType enums consistently instead of hardcoded strings - Fix wrong docstring on _create_dsl_policy_template (was copy-pasted) - Remove duplicate docstring in tool_post_invoke - Simplify redundant conditionals in _get_output_request_list - Fix stale OPA references in resource hook docstrings - Remove near-duplicate example config (keep config-cedar.yaml) Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
c6a15e4 to
79e2f3b
Compare
Member
Rebase & Review ChangesRebased onto Bugs Fixed
Consistency Fixes
Cleanup
Tests
|
crivetimihai
approved these changes
Feb 7, 2026
30 tasks
kcostell06
pushed a commit
to kcostell06/mcp-context-forge
that referenced
this pull request
Feb 24, 2026
* fix(cedar-plugin): optimize Cedar policy evaluation with async and batch support - Convert synchronous CedarPy calls to async via asyncio.to_thread - Implement batch policy evaluation using is_authorized_batch - Move regex compilation and policy parsing to plugin initialization - Add user context handling from gateway (is_admin role detection) - Add recursive output redaction with configurable redaction string - Add server_id extraction from gateway metadata with fallback - Add correlation_id support for batch request tracking - Add example configs and end-to-end testing documentation - Update tests for new redaction_str configuration field Signed-off-by: Shriti Priya <shritip@ibm.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix(cedar-plugin): address review issues in cedar plugin optimization - Initialize _output_redaction_string with default to prevent AttributeError - Replace mutable default arguments (dict) with None in _preprocess_request - Use public diagnostics attribute instead of private _diagnostics - Use ToolHookType enums consistently instead of hardcoded strings - Fix wrong docstring on _create_dsl_policy_template (was copy-pasted) - Remove duplicate docstring in tool_post_invoke - Simplify redundant conditionals in _get_output_request_list - Fix stale OPA references in resource hook docstrings - Remove near-duplicate example config (keep config-cedar.yaml) Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * lint Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Shriti Priya <shritip@ibm.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR introduces a set of performance, functionality, and documentation enhancements to improve the Cedar policy plugin’s efficiency, reliability, and integration with the gateway.
Key Changes
Performance Optimizations:
Converted synchronous CedarPy calls to asynchronous execution, implemented batch-based policy evaluation, moved regex compilation to the plugin initialization phase (single-run execution), improved error handling, and aligned the plugin with the latest plugin framework updates.
User Context & Role Handling:
Added logic to process user context propagated from the gateway and determine administrative roles dynamically based on that context.
End-to-End Policy Flow & Documentation:
Verified end-to-end policy evaluation from the gateway UI and updated documentation to reflect the configuration and usage steps.
User context in Plugins Performance
Minor change in adding user context in
test_plugins_performance.pyHere, is the performance detail in
permissivemode: