@undisk-mcp/policy

Policy evaluation engine for Undisk MCP workspaces — path ACLs, size limits, extension rules, rate limiting, and secret scanning.

Installation

npm install @undisk-mcp/policy

Usage

import { PolicyEngine } from "@undisk-mcp/policy";

const engine = new PolicyEngine(workspacePolicy);

// Check if a write is allowed
const result = engine.evaluate({
  operation: "write",
  path: "src/config.json",
  agentId: "agent-123",
  sizeBytes: 1024,
});

if (!result.allowed) {
  console.error(result.reason);
}

Features

• Path ACLs — glob-based read/write/append/none permissions, optionally scoped to specific agents
• Size limits — enforce maximum file sizes
• Extension rules — allow/deny lists for file extensions
• Rate limiting — per-agent and per-workspace operation throttling
• Secret scanning — detect and block accidental secret commits

License

MIT — see LICENSE.