Files
Beyhan Oğur 880f412e2c first commit
2026-04-26 21:52:23 +03:00

113 lines
2.5 KiB
Markdown

# MCP-Only Plugin Example
This example demonstrates a plugin that only implements the `MCPPlugin` interface for Model Context Protocol governance.
## Features
- **PreMCPHook**: Intercepts MCP requests before execution
- Validates tool/resource calls
- Implements governance policies (blocking dangerous tools)
- Adds audit trails
- Can short-circuit calls with custom responses
- **PostMCPHook**: Intercepts MCP responses after execution
- Logs responses
- Transforms error messages
- Accesses audit trails from context
## Use Cases
- **Security & Governance**
- Block unauthorized tool calls
- Enforce access control policies
- Validate tool parameters
- **Observability**
- Log all MCP interactions
- Track tool usage
- Monitor resource access
- **Error Handling**
- Transform error messages
- Add retry logic
- Provide fallback responses
## Building
```bash
make build
```
This creates `build/mcp-only.so`
## Configuration
Add to your Bifrost config:
```json
{
"plugins": [
{
"path": "/path/to/mcp-only.so",
"name": "mcp-only",
"display_name": "MCP Tool Governance",
"enabled": true,
"type": "mcp",
"config": {
"blocked_tools": ["dangerous_tool", "risky_operation"],
"enable_audit": true,
"enable_logging": true,
"transform_errors": true,
"custom_error_message": "Tool is not allowed by security policy"
}
}
]
}
```
**Note:**
- `name` is the system identifier (from `GetName()`) and is **not editable**
- `display_name` is shown in the UI and is **editable** by users
### Configuration Options
| Option | Type | Default | Description |
|--------|------|---------|-------------|
| `blocked_tools` | array of strings | `["dangerous_tool"]` | List of tool names to block |
| `enable_audit` | boolean | `true` | Enable audit trail logging |
| `enable_logging` | boolean | `true` | Enable detailed logging |
| `transform_errors` | boolean | `true` | Transform 404 errors to user-friendly messages |
| `custom_error_message` | string | `"Tool is not allowed..."` | Custom error message for blocked tools |
### Example Configurations
**Block multiple tools:**
```json
{
"config": {
"blocked_tools": ["delete_data", "modify_system", "unsafe_exec"],
"custom_error_message": "This tool is disabled for security reasons"
}
}
```
**Minimal logging:**
```json
{
"config": {
"enable_audit": false,
"enable_logging": false,
"transform_errors": false
}
}
```
**Allow all tools:**
```json
{
"config": {
"blocked_tools": []
}
}
```