You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|`GET /api/v1/servers/{id}/tools/export`| Export tool approval records (Spec 032) |
336
342
|`GET /events`| SSE stream for live updates |
337
343
338
344
**Authentication**: Use `X-API-Key` header or `?apikey=` query parameter.
@@ -439,6 +445,7 @@ See `docs/code_execution/` for complete guides:
439
445
-**`require_mcp_auth`**: When enabled, `/mcp` endpoint rejects unauthenticated requests (default: false for backward compatibility)
440
446
-**Quarantine system**: New servers quarantined until manually approved
441
447
-**Tool Poisoning Attack (TPA) protection**: Automatic detection of malicious descriptions
448
+
-**Tool-level quarantine (Spec 032)**: SHA-256 hash-based change detection for individual tool descriptions/schemas. New tools start as "pending", changed tools marked as "changed" (rug pull detection). Configurable via `quarantine_enabled` (global) and `skip_quarantine` (per-server).
442
449
443
450
See [docs/features/agent-tokens.md](docs/features/agent-tokens.md) and [docs/features/security-quarantine.md](docs/features/security-quarantine.md) for details.
444
451
@@ -562,6 +569,17 @@ Exponential backoff, separate contexts for app vs server lifecycle, state machin
562
569
### Tool Indexing
563
570
Full rebuild on server changes, hash-based change detection, background indexing.
564
571
572
+
### Tool-Level Quarantine (Spec 032)
573
+
SHA-256 hash-based approval system for individual tools. Key files:
574
+
-`internal/storage/models.go` - `ToolApprovalRecord` model and `ToolApprovalBucket`
575
+
-`internal/storage/bbolt.go` - CRUD operations for tool approvals
0 commit comments