feat(browser): add sensitive action controls and read-only noise reduction (#22867)

2026-04-19 09:41:17 -07:00 · 2026-03-20 15:34:04 -07:00
parent 11ec4ac2f8
commit e8fe43bd69
11 changed files with 342 additions and 1 deletions
--- a/packages/core/src/policy/policy-engine.test.ts
+++ b/packages/core/src/policy/policy-engine.test.ts
@@ -160,6 +160,11 @@ describe('PolicyEngine', () => {

      engine = new PolicyEngine({ rules });

+      // Match with unqualified name + serverName
+      expect((await engine.check({ name: 'tool' }, 'my-server')).decision).toBe(
+        PolicyDecision.ALLOW,
+      );
+
      // Match with qualified name (standard)
      expect(
        (await engine.check({ name: 'mcp_my-server_tool' }, 'my-server'))
--- a/packages/core/src/policy/policy-engine.ts
+++ b/packages/core/src/policy/policy-engine.ts
@@ -30,6 +30,8 @@ import {
  MCP_TOOL_PREFIX,
  isMcpToolAnnotation,
  parseMcpToolName,
+  formatMcpToolName,
+  isMcpToolName,
 } from '../tools/mcp-tool.js';

 function isWildcardPattern(name: string): boolean {
@@ -116,7 +118,28 @@ function ruleMatches(
        return false;
      }
    } else if (toolCall.name !== rule.toolName) {
-      return false;
+      // If names don't match exactly, check for MCP short/full name mismatches
+      let mcpMatch = false;
+      if (serverName && toolCall.name) {
+        // Case 1: Rule uses short name + mcpName -> match FQN tool call
+        if (rule.mcpName && !isMcpToolName(rule.toolName)) {
+          if (
+            toolCall.name === formatMcpToolName(rule.mcpName, rule.toolName)
+          ) {
+            mcpMatch = true;
+          }
+        }
+        // Case 2: Rule uses FQN -> match short tool call (qualified by serverName)
+        if (!mcpMatch && isMcpToolName(rule.toolName)) {
+          if (rule.toolName === formatMcpToolName(serverName, toolCall.name)) {
+            mcpMatch = true;
+          }
+        }
+      }
+
+      if (!mcpMatch) {
+        return false;
+      }
    }
  }