Skip to content

auth_policy: add tool exclusion support to policy rules#523

Merged
owtaylor merged 1 commit into
rhel-lightspeed:mainfrom
owtaylor:auth-policy-tool-exclusion
Jul 7, 2026
Merged

auth_policy: add tool exclusion support to policy rules#523
owtaylor merged 1 commit into
rhel-lightspeed:mainfrom
owtaylor:auth-policy-tool-exclusion

Conversation

@owtaylor

@owtaylor owtaylor commented Jul 6, 2026

Copy link
Copy Markdown
Collaborator

Tools prefixed with - in a rule's tools list now exclude that tool from matching. Exclusions take precedence over inclusions regardless of order. This makes the code match what has already been documented.

Assisted-By: Claude Opus 4.6 noreply@anthropic.com

@owtaylor owtaylor requested a review from a team as a code owner July 6, 2026 18:05
@owtaylor owtaylor requested a review from panyamkeerthana July 6, 2026 18:07
@codecov

codecov Bot commented Jul 6, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 95.08197% with 3 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
src/linux_mcp_server/auth_policy.py 88.88% 2 Missing and 1 partial ⚠️
Flag Coverage Δ
unittests 97.41% <95.08%> (+0.02%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
tests/test_auth_policy.py 100.00% <100.00%> (ø)
src/linux_mcp_server/auth_policy.py 82.08% <88.88%> (+2.25%) ⬆️
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Comment thread src/linux_mcp_server/auth_policy.py Outdated
if denied_tool == tool_name:
return False

for allowed_tool in (t for t in self.tools if not t.startswith("-")):

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The the tool exclusion logic looks solid but I want to understand if this matches a specific requirement or if its general infrastructure

@owtaylor owtaylor Jul 7, 2026

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's something I had in my early notes, and thought it had been implemented, so documented it. And decided to leave it in the documentation when I realized that it actually hadn't been implemented, and do it later.

The reason I decided to make excluding groups disallowed is it seemed to me that ['*', "-@run_script"] was just a confusing way to write ["@fixed"]

But actually, there's a worse problem now ['*', "-@run_script"] is just a confusing way to write ['*']. Which is a trap. We should either make it work or add validation to catch it. Probably just making it work is easiest.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we add validation to reject -@ patterns with an error or actually handle excluding tool groups?

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I went ahead and implemented excluding tool groups to remove a corner case. Then I went ahead and implemented basic validation to avoid people using -get_* or something like that...

[I didn't validate that tool names and group names actually existed - to keep things simple and because that makes it more robust if your config file slightly mismatches your MCP server version ... but perhaps that would be a good idea as well. Not sure.]

panyamkeerthana
panyamkeerthana previously approved these changes Jul 7, 2026

@panyamkeerthana panyamkeerthana left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice implementation! And the test coverage looks good too! LGTM ✅

Tools or toolsets prefixed with `-` in a rule's tools list now exclude
that tool or toolset from matching. Exclusions take precedence over
inclusions regardless of order. This makes the code match what has already
been documented, except that the toolset exclusion is added compared to the
documentation (which is updated for that.)

Entries in the rule tool list are now syntactically validated (but not checked
whether tools/toolsets actually exist.)

Assisted-By: Claude Opus 4.6 <noreply@anthropic.com>
@owtaylor owtaylor force-pushed the auth-policy-tool-exclusion branch from 0b6d5aa to d449b4e Compare July 7, 2026 17:07

@panyamkeerthana panyamkeerthana left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perfect! The toolset exclusion support fixes the security trap I was worried about. Love the validation that rejects patterns like get_* - makes it fail-fast instead of silently doing nothing.

The refactored matches() helper is clean and the test coverage is comprehensive. Ready to merge. 🚀

@owtaylor owtaylor merged commit a4c6bd3 into rhel-lightspeed:main Jul 7, 2026
35 of 36 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants