MCPcopy
hub / github.com/coder/mux / refreshPolicyOnce

Method refreshPolicyOnce

src/node/services/policyService.ts:358–461  ·  view source on GitHub ↗
(options: { isStartup: boolean })

Source from the content-addressed store, hash-verified

356 }
357
358 private async refreshPolicyOnce(options: { isStartup: boolean }): Promise<Result<void, string>> {
359 const policySource = this.getActivePolicySource();
360 if (policySource.kind === "none") {
361 // Policy is opt-in.
362 this.updateState({ source: "none", status: { state: "disabled" }, policy: null });
363 return Ok(undefined);
364 }
365
366 const schemaSource: PolicySource = policySource.kind === "env" ? "env" : "governor";
367
368 try {
369 const [clientVersion, fileText] = await Promise.all([
370 getClientVersion(),
371 policySource.kind === "env"
372 ? loadPolicyText(policySource.value)
373 : loadGovernorPolicyText({
374 governorOrigin: policySource.origin,
375 token: policySource.token,
376 }),
377 ]);
378
379 const raw = parsePolicyFile(fileText);
380 const parsed = PolicyFileSchema.parse(raw);
381
382 // Version gates
383 if (parsed.minimum_client_version) {
384 const min = parsed.minimum_client_version;
385 if (compareVersions(clientVersion, min) < 0) {
386 this.updateState({
387 source: schemaSource,
388 status: {
389 state: "blocked",
390 reason: `Mux ${clientVersion} is below required minimum_client_version ${min}`,
391 },
392 policy: null,
393 });
394 return Ok(undefined);
395 }
396 }
397
398 const providerAccess = (() => {
399 const list = parsed.provider_access;
400 if (!list || list.length === 0) {
401 return null;
402 }
403
404 return list.map((p) => {
405 const forcedBaseUrl = normalizeForcedBaseUrl(p.base_url);
406
407 const models = p.model_access;
408 if (!models || models.length === 0) {
409 return { id: p.id, forcedBaseUrl, allowedModels: null };
410 }
411
412 // Normalize + drop empties. An empty list means "allow all".
413 const normalized = models.map((m) => m.trim()).filter(Boolean);
414 if (normalized.length === 0) {
415 return { id: p.id, forcedBaseUrl, allowedModels: null };

Callers 1

refreshPolicyMethod · 0.95

Calls 12

getActivePolicySourceMethod · 0.95
updateStateMethod · 0.95
OkFunction · 0.90
compareVersionsFunction · 0.90
getErrorMessageFunction · 0.90
ErrFunction · 0.90
getClientVersionFunction · 0.85
loadPolicyTextFunction · 0.85
loadGovernorPolicyTextFunction · 0.85
parsePolicyFileFunction · 0.85
normalizeForcedBaseUrlFunction · 0.85
parseMethod · 0.45

Tested by

no test coverage detected