Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 48 additions & 1 deletion docs/public/schemas/mcp-gateway-config.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,16 @@
"type": "string"
},
"default": ["*"]
},
"guard-policies": {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice addition of the write-sink guard policy reference here — consider adding a schema example in the description for clarity.

"type": "object",
"description": "Guard policies for access control at the MCP gateway level. Supports a 'write-sink' policy for DIFC-based output filtering. Additional server-specific policies may be provided.",
"properties": {
"write-sink": {
"$ref": "#/definitions/writeSinkGuardPolicyConfig"
}
},
"additionalProperties": true
}
},
"required": ["container"],
Expand Down Expand Up @@ -163,7 +173,12 @@
},
"guard-policies": {
"type": "object",
"description": "Guard policies for access control at the MCP gateway level. The structure of guard policies is server-specific. For GitHub MCP server, see the GitHub guard policy schema. For other servers (Jira, WorkIQ), different policy schemas will apply.",
"description": "Guard policies for access control at the MCP gateway level. Supports a 'write-sink' policy for DIFC-based output filtering. Additional server-specific policies may be provided.",
"properties": {
"write-sink": {
"$ref": "#/definitions/writeSinkGuardPolicyConfig"
}
},
"additionalProperties": true
},
"auth": {
Expand Down Expand Up @@ -282,11 +297,43 @@
"opentelemetry": {
"$ref": "#/definitions/opentelemetryConfig",
"description": "Optional OpenTelemetry configuration for emitting distributed tracing spans for MCP calls. When configured, the gateway exports OTLP/HTTP traces to the specified collector endpoint."
},
"forcePublicRepos": {
"type": "boolean",
"description": "When true (default), forces the allow-only policy to repos=\"public\" at runtime if the gateway detects it is running in a public repository. Set to false by the compiler when private-to-public-flows: allow is declared in workflow frontmatter, or via MCP_GATEWAY_FORCE_PUBLIC_REPOS=false environment variable. See MCP Gateway Specification section 4.1.3.8.",
"default": true
},
"sinkVisibilityExemptServers": {
"type": "array",
"description": "List of server IDs exempt from the default sink-visibility=\"public\" enforcement. Use [\"*\"] to exempt all servers. Set by the compiler when private-to-public-flows lists specific server IDs in workflow frontmatter. See MCP Gateway Specification section 10.9.",
"items": {
"type": "string"
}
}
},
"required": ["port", "domain", "apiKey"],
"additionalProperties": false
},
"writeSinkGuardPolicyConfig": {
"type": "object",
"description": "Write-sink guard policy for DIFC-based output filtering. Controls whether an agent may write to the safe-outputs sink based on the agent's accumulated secrecy tags and the target repository visibility. Per MCP Gateway Specification section 10.8.",
"properties": {
"accept": {
"type": "array",
"description": "Secrecy tag patterns that are permitted to write to this sink. Use [\"*\"] to accept all secrecy levels. Required for all write-sink policies. When sink-visibility is \"public\", this field is syntactically required but has no runtime effect — resource secrecy is unconditionally set to empty.",
"items": {
"type": "string"
}
},
"sink-visibility": {
"type": "string",
"description": "Declares the visibility of the safe-outputs target repository (always the workflow's own repo, i.e. GITHUB_REPOSITORY). When \"public\", agents with non-empty secrecy are blocked regardless of accept patterns. When \"private\" or \"internal\", standard accept-pattern matching applies. When omitted, backward-compatible accept-pattern matching applies.",
"enum": ["public", "private", "internal"]
}
},
"required": ["accept"],
"additionalProperties": false
},
"opentelemetryConfig": {
"type": "object",
"description": "OpenTelemetry configuration for the MCP Gateway. When present, the gateway emits distributed tracing spans for each MCP tool invocation and exports them via OTLP/HTTP to the configured collector endpoint. Per MCP Gateway Specification section 4.1.3.6.",
Expand Down
Loading
Loading