mcp-server/src/tool-filter.ts at b9684cb234edf221cf1f963a39cf367f476ca47c · Iterable/mcp-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
/**
 * Tool filtering system for MCP server restrictions
 * Uses safe-list approach: explicitly allow safe tools, block everything else
 */

import type { Tool } from "@modelcontextprotocol/sdk/types.js";

import type { McpServerConfig } from "./config.js";

export const NON_PII_TOOLS: Set<string> = new Set([
  "abort_campaign",
  "activate_triggered_campaign",
  "archive_campaigns",
  "bulk_delete_catalog_items",
  "cancel_campaign",
  "create_blast_campaign",
  "create_triggered_campaign",
  "create_catalog",
  "create_list",
  "create_snippet",
  "deactivate_triggered_campaign",
  "delete_catalog",
  "delete_catalog_item",
  "delete_list",
  "delete_snippet",
  "delete_templates",
  "get_campaign",
  "get_campaign_metrics",
  "get_campaigns",
  "get_catalog_field_mappings",
  "get_catalog_item",
  "get_catalog_items",
  "get_catalogs",
  "get_channels",
  "get_child_campaigns",
  "get_email_template",
  "get_experiment",
  "get_experiment_metrics",
  "get_experiment_variants",
  "get_inapp_template",
  "get_journeys",
  "get_list_size",
  "get_lists",
  "get_message_types",
  "get_push_template",
  "get_sms_template",
  "get_snippet",
  "get_snippets",
  "get_template_by_client_id",
  "get_templates",
  "get_user_fields",
  "get_webhooks",
  "list_experiments",
  "partial_update_catalog_item",
  "preview_email_template",
  "preview_inapp_template",
  "replace_catalog_item",
  "schedule_campaign",
  "send_campaign",
  "trigger_campaign",
  "update_catalog_field_mappings",
  "update_catalog_items",
  "update_email_template",
  "update_inapp_template",
  "update_push_template",
  "update_sms_template",
  "update_snippet",
  "update_webhook",
  "upsert_email_template",
  "upsert_inapp_template",
  "upsert_push_template",
  "upsert_sms_template",
]);

export const READ_ONLY_TOOLS: Set<string> = new Set([
  "get_campaign",
  "get_campaign_metrics",
  "get_campaigns",
  "get_catalog_field_mappings",
  "get_catalog_item",
  "get_catalog_items",
  "get_catalogs",
  "get_channels",
  "get_child_campaigns",
  "get_email_template",
  "get_embedded_messages",
  "get_experiment",
  "get_experiment_metrics",
  "get_experiment_variants",
  "get_export_files",
  "get_export_jobs",
  "get_in_app_messages",
  "get_inapp_template",
  "get_journeys",
  "get_list_preview_users",
  "get_list_size",
  "get_list_users",
  "get_lists",
  "get_message_types",
  "get_push_template",
  "get_sent_messages",
  "get_sms_template",
  "get_snippet",
  "get_snippets",
  "get_template_by_client_id",
  "get_templates",
  "get_user_by_email",
  "get_user_by_user_id",
  "get_user_events_by_email",
  "get_user_events_by_user_id",
  "get_user_fields",
  "get_webhooks",
  "list_experiments",
  "preview_email_template",
  "preview_inapp_template",
]);

/**
 * Tools that can directly or indirectly trigger sending messages.
 * Conservative: includes immediate sends, scheduling, triggers, and event/journey triggers.
 */
export const SEND_TOOLS: Set<string> = new Set([
  // Campaign sends and enablers
  "send_campaign",
  "trigger_campaign",
  "schedule_campaign",
  // Creating a blast campaign schedules a send
  "create_blast_campaign",
  // Triggered campaigns can cause sends upon activation; block unless explicitly allowed
  "activate_triggered_campaign",
  // Journey triggers enqueue users which may send
  "trigger_journey",
  // Events may drive sends via triggers/journeys
  "track_event",
  "track_bulk_events",
  // Direct per-user messaging sends
  "send_email",
  "send_sms",
  "send_whatsapp",
  "send_web_push",
  "send_push",
  "send_in_app",
  // Template proof sends (send to specific test recipient)
  "send_email_template_proof",
  "send_sms_template_proof",
  "send_push_template_proof",
  "send_inapp_template_proof",
]);

/**
 * Filter tools based on configuration restrictions
 * Uses safe-list approach: only allow explicitly safe tools
 */
export function filterTools(tools: Tool[], config: McpServerConfig): Tool[] {
  return tools.filter(
    (tool) =>
      (config.allowUserPii || NON_PII_TOOLS.has(tool.name)) &&
      (config.allowWrites || READ_ONLY_TOOLS.has(tool.name)) &&
      (config.allowSends || !SEND_TOOLS.has(tool.name))
  );
}