21827497925

Committed 09 Feb 2026 01:44PM UTC coverage: 61.341% (+0.1%) from 61.201%

Build # 21827497925

Build Type

push

github

Committed by

web-flow

Commit Message

Add HTTP-based PDP authorizer (#3315)

* Add HTTP-based PDP authorizer

Introduce a general-purpose authorization backend using HTTP-based Policy
Decision Points (PDPs). This authorizer can work with any PDP server that
implements the PORC (Principal-Operation-Resource-Context) decision endpoint.

Key features:
- HTTP client for connecting to PDP servers via /decision endpoint
- PORC mapping for MCP requests (Principal, Operation, Resource, Context)
- Configurable context inclusion (args, operation metadata)
- JWT claim extraction for principal attributes (roles, groups, scopes)

The authorizer uses a simple API contract:
- POST /decision with PORC JSON body
- Response: {"allow": true/false}

Compatible with Manetu PolicyEngine (MPE) and any custom PDP implementing
the same API.

Signed-off-by: Greg Haskins <greg@manetu.com>

* changes from review

* fix ci

---------

Signed-off-by: Greg Haskins <greg@manetu.com>
Co-authored-by: taskbot <taskbot@users.noreply.github.com>

Run Details

301 of 326 new or added lines in 5 files covered. (92.33%)

9 existing lines in 4 files now uncovered.

42265 of 68902 relevant lines covered (61.34%)

78.36 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

79.58

/pkg/transport/proxy/httpsse/http_proxy.go

stacklok / toolhive / 21827497925

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source Not Available

Source File
Press 'n' to go to next uncovered line, 'b' for previous