use policies for server load and config set#523
Conversation
this provides defense-in-depth
kgprs
left a comment
kgprs
left a comment
There was a problem hiding this comment.
I found one issue in the activate-profile policy path.
| var validationErrors []serverValidation | ||
|
|
||
| for _, serverName := range serversToActivate { | ||
| if err := g.checkServerLoadPolicy(ctx, serverName, nil); err != nil { |
There was a problem hiding this comment.
Because checkServerLoadPolicy always builds the request from g.configuration, this path evaluates profile servers before they have been merged into that configuration. For a newly activated profile server, Configuration.policyRequest hits the missing-server branch and sends only the server/action, without the target, server type, server source, transport, catalog, or working-set metadata that policy rules may depend on. That means policies matching those fields can fail to block activate-profile. Consider evaluating against profileConfig here, or passing an already-built policy.Request into the shared helper.
2 participants
mirrors the behaviour of
mcp-addand provides defense-in-depth