feat: add OPA plugin for policy enforcement (IBM#853)

* Initial OPA plugin template

Signed-off-by: Shriti Priya <[email protected]>

* Adding opa server installation, tool invoke with policy evaluations

Signed-off-by: Shriti Priya <[email protected]>

* Sample policy holders for pre/post tool, resource and prompt invocations, url changes and opa version (arm architecture 1.7.0)

Signed-off-by: Shriti Priya <[email protected]>

* feat: add shared context capabilities and fixed error issues.

Signed-off-by: Teryl Taylor <[email protected]>

* fix: plugin cleanup to support multiple external plugins.

Signed-off-by: Teryl Taylor <[email protected]>

* fix(lint): fixed linting issues

Signed-off-by: Teryl Taylor <[email protected]>

* feat(error): update error handling with enforce_ignore_error

Signed-off-by: Teryl Taylor <[email protected]>

* Additiona of context-tool-policy mapping using applied_to

Signed-off-by: Shriti Priya <[email protected]>

* Changes in plugin config schema

Signed-off-by: Shriti Priya <[email protected]>

* Schema update models.py

Signed-off-by: Shriti Priya <[email protected]>

* updated schema

Signed-off-by: Shriti Priya <[email protected]>

* Adding endpoint to policy

Signed-off-by: Shriti Priya <[email protected]>

* documentation for OPA Plugin

Signed-off-by: Shriti Priya <[email protected]>

* documentation update

Signed-off-by: Shriti Priya <[email protected]>

* documentation update

Signed-off-by: Shriti Priya <[email protected]>

* documentation update

Signed-off-by: Shriti Priya <[email protected]>

* documentation update

Signed-off-by: Shriti Priya <[email protected]>

* fix: flake8 and doctest

Signed-off-by: Shriti Priya <[email protected]>

* fix: solving doctest errors

Signed-off-by: Shriti Priya <[email protected]>

* fix:doctest

Signed-off-by: Shriti Priya <[email protected]>

* Adding tool_name variable change

Signed-off-by: Shriti Priya <[email protected]>

* test cases for opapluginfilter

Signed-off-by: Shriti Priya <[email protected]>

* Update manifest.in with exclude

Signed-off-by: Shriti Priya <[email protected]>

* updated prehook

Signed-off-by: Shriti Priya <[email protected]>

* updating documentation

Signed-off-by: Shriti Priya <[email protected]>

* rebase

Signed-off-by: Mihai Criveti <[email protected]>

---------

Signed-off-by: Shriti Priya <[email protected]>
Signed-off-by: Teryl Taylor <[email protected]>
Signed-off-by: Mihai Criveti <[email protected]>
Co-authored-by: Teryl Taylor <[email protected]>
Co-authored-by: Mihai Criveti <[email protected]>

Author: 3 people

MANIFEST.in

@@ -96,3 +96,13 @@ exclude llms-full.txt
 prune deployment
 prune mcp-servers
 prune agent_runtimes
+
+# Exclude opa
+exclude  plugins/external/opa/.dockerignore
+exclude plugins/external/opa/.env.template
+exclude plugins/external/opa/.ruff.toml
+exclude plugins/external/opa/Containerfile
+exclude plugins/external/opa/MANIFEST.in
+exclude plugins/external/opa/opaserver/rego/example.rego
+exclude plugins/external/opa/pyproject.toml
+exclude plugins/external/opa/run-server.sh

mcpgateway/main.py

@@ -3151,6 +3151,8 @@ async def handle_rpc(request: Request, db: Session = Depends(get_db), user=Depen
                 result = await tool_service.invoke_tool(db=db, name=method, arguments=params, request_headers=headers)
                 if hasattr(result, "model_dump"):
                     result = result.model_dump(by_alias=True, exclude_none=True)
+            except PluginViolationError:
+                return JSONResponse(status_code=403, content={"detail": "policy_deny"})
             except (ValueError, Exception):
                 # If not a tool, try forwarding to gateway
                 try:

mcpgateway/plugins/framework/models.py

@@ -84,7 +84,29 @@ class PluginMode(str, Enum):
     DISABLED = "disabled"
 
 
-class ToolTemplate(BaseModel):
+class BaseTemplate(BaseModel):
+    """Base Template.The ToolTemplate, PromptTemplate and ResourceTemplate could be extended using this
+
+    Attributes:
+        context (Optional[list[str]]): specifies the keys of context to be extracted. The context could be global (shared between the plugins) or
+        local (shared within the plugin). Example: global.key1.
+        extensions (Optional[dict[str, Any]]): add custom keys for your specific plugin. Example - 'policy'
+        key for opa plugin.
+
+    Examples:
+        >>> base = BaseTemplate(context=["global.key1.key2", "local.key1.key2"])
+        >>> base.context
+        ['global.key1.key2', 'local.key1.key2']
+        >>> base = BaseTemplate(context=["global.key1.key2"], extensions={"policy" : "sample policy"})
+        >>> base.extensions
+        {'policy': 'sample policy'}
+    """
+
+    context: Optional[list[str]] = None
+    extensions: Optional[dict[str, Any]] = None
+
+
+class ToolTemplate(BaseTemplate):
     """Tool Template.
 
     Attributes:
@@ -110,7 +132,7 @@ class ToolTemplate(BaseModel):
     result: bool = False
 
 
-class PromptTemplate(BaseModel):
+class PromptTemplate(BaseTemplate):
     """Prompt Template.
 
     Attributes:
@@ -134,7 +156,7 @@ class PromptTemplate(BaseModel):
     result: bool = False
 
 
-class ResourceTemplate(BaseModel):
+class ResourceTemplate(BaseTemplate):
     """Resource Template.
 
     Attributes:
@@ -215,6 +237,8 @@ class AppliedTo(BaseModel):
         tools (Optional[list[ToolTemplate]]): tools and fields to be applied.
         prompts (Optional[list[PromptTemplate]]): prompts and fields to be applied.
         resources (Optional[list[ResourceTemplate]]): resources and fields to be applied.
+        global_context (Optional[list[str]]): keys in the context to be applied on globally
+        local_context(Optional[list[str]]): keys in the context to be applied on locally
     """
 
     tools: Optional[list[ToolTemplate]] = None
@@ -308,7 +332,7 @@ class PluginConfig(BaseModel):
     mode: PluginMode = PluginMode.ENFORCE
     priority: Optional[int] = None  # Lower = higher priority
     conditions: Optional[list[PluginCondition]] = None  # When to apply
-    applied_to: Optional[list[AppliedTo]] = None  # Fields to apply to.
+    applied_to: Optional[AppliedTo] = None  # Fields to apply to.
     config: Optional[dict[str, Any]] = None
     mcp: Optional[MCPConfig] = None
 

plugins/config.yaml

@@ -110,6 +110,13 @@ plugins:
         - pattern: "secret\\s*[:=]\\s*\\S+"
           replacement: "secret: [REDACTED]"
 
+  - name: "OPAPluginFilter"
+    kind: "external"
+    priority: 10 # adjust the priority
+    mcp:
+      proto: STREAMABLEHTTP
+      url: http://127.0.0.1:8000/mcp
+
 # Plugin directories to scan
 plugin_dirs:
   - "plugins/native"      # Built-in plugins

plugins/external/config.yaml

@@ -7,6 +7,13 @@ plugins:
       proto: STREAMABLEHTTP
       url: http://127.0.0.1:3000/mcp
 
+  - name: "OPAPluginFilter"
+    kind: "external"
+    priority: 10 # adjust the priority
+    mcp:
+      proto: STREAMABLEHTTP
+      url: http://127.0.0.1:8000/mcp
+
 # Plugin directories to scan
 plugin_dirs:
   - "plugins/native"      # Built-in plugins