Skip to content

feat(mcp): declarative per-server tool policy layer with rate limiting#1191

Merged
bug-ops merged 3 commits intomainfrom
feat/m29/mcp-policy
Mar 4, 2026
Merged

feat(mcp): declarative per-server tool policy layer with rate limiting#1191
bug-ops merged 3 commits intomainfrom
feat/m29/mcp-policy

Conversation

@bug-ops
Copy link
Copy Markdown
Owner

@bug-ops bug-ops commented Mar 4, 2026
edited
Loading

Summary

Implements task 5.1 from the infrastructure hardening roadmap (epic #1159).

Adds a declarative policy enforcement layer for MCP multi-server setups. Previously any connected server could invoke any tool without restriction.

  • McpPolicy struct: per-server allowed/denied tool lists and rate limits
  • PolicyEnforcer intercepts every call_tool() invocation before execution
  • Per-server DashMap<String, VecDeque<Instant>> for lock-free rate limiting (no global contention)
  • Policy violations logged via tracing::warn! with structured fields (server, tool, action, reason)
  • Config via [policy] sub-table inside each [[mcp.servers]] TOML section
  • Empty allowed_tools means allow all; non-empty is an allowlist
  • unwrap_or(now) guard on rate limit window calculation (no panic within 60s of boot)

Test plan

  • cargo nextest run --config-file .github/nextest.toml --workspace --lib --bins — all tests pass
  • cargo +nightly fmt --check passes
  • cargo clippy --workspace -- -D warnings passes

Closes #1175

@github-actions github-actions Bot added documentation Improvements or additions to documentation rust Rust code changes core zeph-core crate dependencies Dependency updates enhancement New feature or request size/L Large PR (201-500 lines) labels Mar 4, 2026
@bug-ops bug-ops force-pushed the feat/m29/mcp-policy branch 2 times, most recently from c644c55 to 93f8abb Compare March 4, 2026 16:05
bug-ops added 2 commits March 4, 2026 17:36
@bug-ops
feat(mcp): add declarative per-server policy layer
e98b771 
Adds McpPolicy (allowlist, denylist, rate limit) and PolicyEnforcer
backed by DashMap per-server mutexes. Enforcer runs before each
call_tool() in McpManager. Policy configured via [mcp.servers.policy]
TOML sub-table; servers with no policy allow all tools (backward
compatible). Rate limiting uses a sliding 60s window.
@bug-ops
fix(mcp): replace unwrap() with unwrap_or(now) in rate limit window c…
2b2b4d8 
…alculation
@bug-ops bug-ops force-pushed the feat/m29/mcp-policy branch from 93f8abb to 2b2b4d8 Compare March 4, 2026 16:36
@bug-ops bug-ops merged commit 9ce7963 into main Mar 4, 2026
25 checks passed
@bug-ops bug-ops deleted the feat/m29/mcp-policy branch March 4, 2026 16:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

core zeph-core crate dependencies Dependency updates documentation Improvements or additions to documentation enhancement New feature or request rust Rust code changes size/L Large PR (201-500 lines)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[I-5.1] MCP declarative policy layer (DALIA)

1 participant

@bug-ops