@plasius/ai-mcp
v0.1.6
Published
MCP tool registry, per-call allowlist, and tool audit contracts for Plasius agentic AI.
Maintainers
Readme
@plasius/ai-mcp
MCP tool registry, per-call allowlist, and tool audit contracts for Plasius AI orchestration.
Scope
This package is part of the layered @plasius/ai-* package family. It defines the external contracts for MCP tool registration, per-call allowlisting, role-gated risk decisions, and audit metadata.
Install
npm install @plasius/ai-mcpContracts
AI_MCP_FEATURE_FLAGSdeclares the feature flags that gate MCP behavior.resolveAiMcpToolAllowlistevaluates requested tool IDs against registry descriptors, feature flags, and actor roles.isAiMcpToolAllowedandisAiMcpToolRiskAllowedprovide lightweight policy predicates for callers.packageDescriptorexposes package name, primary flag, env prefix, and summary.
Usage
import {
AI_MCP_FEATURE_FLAGS,
resolveAiMcpToolAllowlist,
} from "@plasius/ai-mcp";
const result = resolveAiMcpToolAllowlist({
requestedTools: ["rag.search", "admin.kill-switch"],
actorRole: "operator",
featureFlags: {
[AI_MCP_FEATURE_FLAGS.mcp]: true,
},
toolRegistry: [
{
toolId: "rag.search",
toolName: "RAG Search",
riskClass: "safe",
},
{
toolId: "admin.kill-switch",
toolName: "Admin Kill Switch",
riskClass: "restricted",
},
],
});
console.log(result.allowedTools);
console.log(result.blockedTools);Development
npm install
npm run build
npm test
npm run test:coverage
npm run pack:checkRelease Workflow
Protected main releases use a two-step flow:
- Run
.github/workflows/cd.ymlwithbump=patch|minor|majorto open or refresh arelease/vX.Y.Zprep PR. - Merge that PR to
main. - Rerun
.github/workflows/cd.ymlonmainwithbump=noneto tag, draft the GitHub release, and publish to npm.
Governance
- Security policy: SECURITY.md
- Code of conduct: CODE_OF_CONDUCT.md
- ADRs: docs/adrs
- CLA and legal docs: legal
License
Apache-2.0
