megaproxy/tiletopia
1
0
Fork 0
Code Issues Pull requests Projects Releases 8 Packages Wiki Activity Actions
tiletopia/src-tauri/Cargo.toml
megaproxy 464c576b79 MCP v2 PR-1: policy engine + audit log + Config/Audit/Policy panel tabs 
Foundation for Claude-drives-the-workspace writes. Nothing wired
end-to-end yet (App.tsx dispatcher comes next); this lands the
machinery + UI.

mcp_policy.rs (new) — three-tier allow/ask/deny policy with
deny-first precedence and a compiled-in non-overridable hard-deny
list (10 patterns covering rm -rf /, fork bombs, mkfs on device, dd
to raw disk, /etc/passwd overwrite, curl|sh, chmod -R 777 /, etc.).
Shell-operator-aware glob matcher mirroring Claude Code's Bash(*)
syntax. Restrictive default — empty policy means every non-hard-
denied call falls to Ask. Persisted to mcp-policy.json in
app_config_dir. Includes a PolicyClassifier scaffold (no-op) for a
future v2.1 LLM-classifier hook. 1152 lines incl. ~100 unit + fuzz
tests covering the matchers and lookalike negatives.

mcp.rs — TileService now holds AppHandle + Arc<PendingActions>
(oneshot registry keyed by uuid). New async dispatch_action helper
runs the policy check, emits "mcp://request" for the frontend to
handle, awaits a oneshot reply (30s timeout), then emits "mcp://
audit" with the outcome regardless. set_label tool wired through
this path as the demo for PR-1b's dispatcher.

commands.rs / lib.rs — new Tauri commands mcp_action_reply,
mcp_policy_load, mcp_policy_save; PendingActions registered as
managed state.

McpPanel.tsx — refactored into Config / Audit / Policy tabs.
AuditTab listens on mcp://audit, keeps a 200-entry ring with
ok/denied/failed chips. PolicyTab edits the allow/ask/deny buckets
(stacked vertically — three columns overflowed the panel) and shows
the hard-deny rules read-only at the bottom with "Cannot be
disabled" badges. Themed scrollbar on mcp-body to match xterm panes.

Caveat: set_label calls from Claude will currently time out — the
App.tsx side that listens on mcp://request and replies via
mcp_action_reply lands in PR-1b.

Co-authored by Sonnet (policy engine, backend plumbing, panel UI)
and Haiku (hard-deny fuzz test suite); integration + bug fixes here.
2026-05-26 12:05:31 +01:00

63 lines
1.5 KiB
TOML
Raw Blame History

[package]
name = "tiletopia"
version = "0.2.3"
description = "Tiling multi-terminal manager for WSL"
authors = ["megaproxy"]
edition = "2021"
rust-version = "1.77"
[lib]
name = "tiletopia_lib"
crate-type = ["staticlib", "cdylib", "rlib"]
[build-dependencies]
tauri-build = { version = "2", features = [] }
[dependencies]
tauri = { version = "2", features = [] }
tauri-plugin-clipboard-manager = "2"
tauri-plugin-opener = "2"
# Saved-credential storage (Windows Credential Manager / DPAPI).
keyring-core = "1"
windows-native-keyring-store = "1"
# Embedded MCP server: lets a Claude session drive the workspace
# (list panes, read scrollback, etc.). Streamable HTTP transport mounted
# on an Axum router so we can add a bearer-auth middleware in front.
rmcp = { version = "=1.7.0", features = [
"server",
"macros",
"schemars",
"transport-streamable-http-server",
] }
schemars = "1"
axum = { version = "0.8", default-features = false, features = ["http1", "tokio"] }
tower = "0.5"
tokio-util = { version = "0.7", features = ["rt"] }
rand = "0.9"
hex = "0.4"
regex = "1"
serde = { version = "1", features = ["derive"] }
serde_json = "1"
portable-pty = "0.8"
anyhow = "1"
tokio = { version = "1", features = ["full"] }
once_cell = "1"
parking_lot = "0.12"
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
base64 = "0.22"
[features]
default = ["custom-protocol"]
custom-protocol = ["tauri/custom-protocol"]
[profile.release]
panic = "abort"
codegen-units = 1
lto = true
opt-level = "s"
strip = true
Reference in a new issue View git blame Copy permalink