Module: McpAuthorization

Defined in:: lib/mcp_authorization.rb,
lib/mcp_authorization/dsl.rb,
lib/mcp_authorization/tool.rb,
lib/mcp_authorization/engine.rb,
lib/mcp_authorization/version.rb,
lib/mcp_authorization/configuration.rb,
lib/mcp_authorization/tool_registry.rb,
lib/mcp_authorization/rbs_schema_compiler.rb,
app/controllers/mcp_authorization/mcp_controller.rb

Overview

MCP Authorization — schema-shaping authorization for MCP tool servers.

Instead of rejecting unauthorized requests after the fact, this gem shapes the JSON Schema that each user sees so that fields and output variants they are not permitted to use never appear in the schema at all. The LLM (or any MCP client) therefore never knows those options exist.

Quick start (Rails)

# config/initializers/mcp_authorization.rb
McpAuthorization.configure do |c|
  c.server_name    = "my-app"
  c.server_version = "1.0.0"
  c.context_builder = ->(request) {
    ServerContext.new(current_user: current_user_from(request))
  }
end

How it works

Tool classes inherit from McpAuthorization::Tool and declare a handler class via dynamic_contract.
Handler classes use @rbs type comments and #: annotations to define input/output schemas. Fields can be tagged with @requires(:flag) to gate them on user permissions.
On each request the RbsSchemaCompiler compiles a per-user JSON Schema by filtering out fields whose @requires flag the user lacks.
A fresh set of MCP::Tool subclasses is materialized with the filtered schemas baked in, and handed to a stateless MCP::Server.

See CLAUDE.md for the full architecture walkthrough.

Defined Under Namespace

Modules: DSL Classes: Configuration, Engine, McpController, RbsSchemaCompiler, Tool, ToolRegistry

Constant Summary collapse

VERSION =

"0.3.0"

Class Method Summary collapse

.configuration ⇒ Object (also: config)

Returns the global Configuration instance, creating it with defaults on first access.
.configure {|configuration| ... } ⇒ Object

Yields the global Configuration instance for block-style setup.

Class Method Details

.configuration ⇒ `Object` Also known as: config

Returns the global Configuration instance, creating it with defaults on first access. : () -> Configuration



52
53
54

# File 'lib/mcp_authorization.rb', line 52

def configuration
  @configuration ||= Configuration.new
end

.configure {|configuration| ... } ⇒ `Object`

Yields the global Configuration instance for block-style setup. : () { (Configuration) -> void } -> void

Yields:

(configuration)



45
46
47

# File 'lib/mcp_authorization.rb', line 45

def configure
  yield configuration
end