| 271 | } |
| 272 | |
| 273 | async requestConsent(consentRequest: McpConsentRequest): Promise<McpConsentResponse> { |
| 274 | if (!this.securityPolicy.requireConsent) { |
| 275 | return { granted: true, auditId: `audit-${Date.now()}` } |
| 276 | } |
| 277 | |
| 278 | const { serverId, serverName, action, sideEffects } = consentRequest.context |
| 279 | |
| 280 | if (this.securityPolicy.blockedOrigins?.includes(this.config.url || '')) { |
| 281 | logger.warn(`Tool execution blocked: Server ${serverName} is in blocked origins`) |
| 282 | return { |
| 283 | granted: false, |
| 284 | auditId: `audit-blocked-${Date.now()}`, |
| 285 | } |
| 286 | } |
| 287 | |
| 288 | if (this.securityPolicy.auditLevel === 'detailed') { |
| 289 | logger.info(`Consent requested for ${action} on ${serverName}`, { |
| 290 | serverId, |
| 291 | action, |
| 292 | sideEffects, |
| 293 | timestamp: new Date().toISOString(), |
| 294 | }) |
| 295 | } |
| 296 | |
| 297 | return { |
| 298 | granted: true, |
| 299 | expires: consentRequest.expires, |
| 300 | auditId: `audit-${serverId}-${Date.now()}`, |
| 301 | } |
| 302 | } |
| 303 | } |