Class: McpToolkit::Authority::Context
- Inherits:
-
Object
- Object
- McpToolkit::Authority::Context
- Defined in:
- lib/mcp_toolkit/authority/context.rb
Overview
The per-JSON-RPC-request context the authority transport threads into the dispatcher and, through it, into each host tool. Re-created for EVERY element of a batch so each call carries its own resolved account (the property usage metering relies on).
It carries three host-supplied values and derives one:
* `account` — the tenant resolved for THIS call (nil when none applies).
The object need only respond to `#id` (forwarded upstream
as the account selector).
* `principal` — the authenticated caller (the token object). Duck-typed;
the gem calls `#authorized_for_scope?(scope)` (tool scope
gate) and, optionally, `#superuser?` (see `#superuser?`).
The transport's account resolution additionally uses
`#default_account` / `#authorize_account(id)`.
* `bearer_token` — the raw bearer, forwarded to upstream MCP servers so they
introspect the same token and resolve the same account.
* `superuser?` — derived. When `config.superuser_resolver` is set, it is the
truth of `resolver.call(principal)`; otherwise the context
duck-types `principal.superuser?` (false when the principal
doesn't respond to it). Lets a host tool base
(McpToolkit::Tools::AuthorityBase) gate `superusers_only!`
resources without the gem naming any app concept. Superuser
is fully OPTIONAL — with no resolver and a principal that
isn't superuser-aware, it is always false.
Instance Attribute Summary collapse
-
#account ⇒ Object
readonly
Returns the value of attribute account.
-
#bearer_token ⇒ Object
readonly
Returns the value of attribute bearer_token.
-
#principal ⇒ Object
readonly
Returns the value of attribute principal.
Instance Method Summary collapse
-
#initialize(account:, principal:, bearer_token: nil) ⇒ Context
constructor
A new instance of Context.
-
#superuser? ⇒ Boolean
Superuser-ness of the caller.
Constructor Details
#initialize(account:, principal:, bearer_token: nil) ⇒ Context
Returns a new instance of Context.
30 31 32 33 34 |
# File 'lib/mcp_toolkit/authority/context.rb', line 30 def initialize(account:, principal:, bearer_token: nil) @account = account @principal = principal @bearer_token = bearer_token end |
Instance Attribute Details
#account ⇒ Object (readonly)
Returns the value of attribute account.
28 29 30 |
# File 'lib/mcp_toolkit/authority/context.rb', line 28 def account @account end |
#bearer_token ⇒ Object (readonly)
Returns the value of attribute bearer_token.
28 29 30 |
# File 'lib/mcp_toolkit/authority/context.rb', line 28 def bearer_token @bearer_token end |
#principal ⇒ Object (readonly)
Returns the value of attribute principal.
28 29 30 |
# File 'lib/mcp_toolkit/authority/context.rb', line 28 def principal @principal end |
Instance Method Details
#superuser? ⇒ Boolean
Superuser-ness of the caller. A configured superuser_resolver is the
first-class hook; absent one, we fall back to duck-typing principal.superuser?
so a host that just defines that method on its token still works.
39 40 41 42 43 44 |
# File 'lib/mcp_toolkit/authority/context.rb', line 39 def superuser? resolver = McpToolkit.config.superuser_resolver return !!resolver.call(principal) if resolver principal.respond_to?(:superuser?) ? !!principal.superuser? : false end |