Skip to content

chore(tools): Adding guardrails to MCP server tools #96

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
irfan-ahmed wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(tools): Adding guardrails to MCP server tools #96

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,6 @@ venv.bak/

# test environments
.env

.coverage*
htmlcov/
mcphost.json
4 changes: 4 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,3 +67,7 @@ format:

e2e-tests: build install
behave tests/e2e/features && cd ..

generate-denylist:
cd scripts && python oci-api-denylist-generator.py
cp scripts/denylist src/oci-api-mcp-server/oracle/oci_api_mcp_server/denylist
3 changes: 2 additions & 1 deletion scripts/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
*_backup*
denylist_*
denylist*
commands*
11 changes: 4 additions & 7 deletions scripts/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,24 +2,21 @@

## Overview

The `oci-api-denylist-generator.py` script generates a deny list of OCI CLI commands that can modify the cloud system's configuration. It creates a list of commands to be denied execution by filtering out commands containing actions like "delete", "terminate", "put", "update", "replace", "remove", and "patch".
The `oci-api-denylist-generator.py` script generates a deny list from OCI CLI commands that can modify the cloud system's configuration. It creates a list of commands to be denied execution by filtering out commands containing actions like "delete", "terminate", "put", "update", "replace", "remove", and "patch".

## Usage

To generate an updated version of the deny list, follow these steps:

1. Ensure you have the OCI CLI installed and configured on your system.
2. Navigate to the `scripts` directory.
3. Run the `oci-api-denylist-generator.py` script using Python:
```bash
python oci-api-denylist-generator.py
pip install oci-cli
make generate-denylist
```
4. The script will generate a new `denylist_<version>` file and update the `denylist` file with the latest deny list based on the current OCI CLI version.
5. To use the newly generated deny list, copy the denylist to the [oci-api-mcp-server denylist](../src/oci-api-mcp-server/oracle/oci_api_mcp_server/denylist) and restart the `oci-api-mcp-server`.
2. The above command will generate a new denylist and copy it to [oci-api-mcp-server denylist](../src/oci-api-mcp-server/oracle/oci_api_mcp_server/denylist). To use the newly generated denylist, restart the `oracle.oci-api-mcp-server`.

## Notes

- The script automatically backs up the existing deny list file if it already exists for the current OCI CLI version.
- The deny list includes commands that can potentially change the configuration of the cloud system.
- The generated `denylist` file is used by the AI client to determine which commands to deny execution for.

Expand Down
Loading