MCP SSH Orchestrator

policy-engine-flowchart.md•7.52 KiB

# Policy Engine Flowchart This flowchart visualizes the policy engine logic in mcp-ssh-orchestrator. ## Command Execution Flow ```mermaid flowchart TD Start([ssh_run called]) --> ValidateInput{Valid alias and command?} ValidateInput -->|No| ErrorInput[Return: Error] ValidateInput -->|Yes| CheckDenySubstrings[Check deny_substrings from limits] CheckDenySubstrings --> HasDeniedSubstring{Command contains denied substring?} HasDeniedSubstring -->|Yes| DenySubstring[Log decision: denied Return: Denied by policy] HasDeniedSubstring -->|No| CheckRules[Iterate through policy rules] CheckRules --> MatchRule{Find matching rule? Check: aliases, tags, commands} MatchRule -->|No match found| DenyDefault[matched = None Log decision: denied Return: Denied by policy] MatchRule -->|Match found| CheckAction{Action type?} CheckAction -->|deny| DenyRule[Log decision: denied Return: Denied by policy] CheckAction -->|allow| AllowPolicy[Log decision: allowed Policy check passed] AllowPolicy --> NetworkPrecheck[DNS resolution Resolve hostname to IPs] NetworkPrecheck --> HasIPs{IPs resolved?} HasIPs -->|No| DenyDNS[Return: Denied by network DNS resolution failed] HasIPs -->|Yes| CheckIPAllowlist[Check each IP against network policy] CheckIPAllowlist --> CheckBlockIP{IP in block_ips?} CheckBlockIP -->|Yes| DenyBlockIP[Return: Denied by network IP blocked] CheckBlockIP -->|No| CheckBlockCIDR{IP in block_cidrs?} CheckBlockCIDR -->|Yes| DenyBlockCIDR[Return: Denied by network CIDR blocked] CheckBlockCIDR -->|No| HasAllowLists{Allow lists configured?} HasAllowLists -->|Yes| CheckAllowIP{IP in allow_ips or allow_cidrs?} CheckAllowIP -->|No| DenyNotAllowed[Return: Denied by network IP not in allowlist] CheckAllowIP -->|Yes| NetworkOK[Network precheck passed] HasAllowLists -->|No| NetworkOK NetworkOK --> CreateTask[Create task with cancel event] CreateTask --> GetLimits[Get effective limits: max_seconds, max_output_bytes host_key_auto_add, require_known_host] GetLimits --> CreateClient[Create SSH client with credentials and limits] CreateClient --> ExecuteCommand[Execute command with streaming, timeout, cancel] ExecuteCommand --> PostConnectCheck[Post-connect enforcement Check actual peer IP] PostConnectCheck --> PeerIPAllowed{Peer IP allowed by network policy?} PeerIPAllowed -->|No| DenyPeerIP[Log audit Return: Denied by network peer IP not allowed] PeerIPAllowed -->|Yes| LogAudit[Log audit: exit_code, duration, bytes, etc.] LogAudit --> ReturnResult[Return execution result: output, exit_code, duration, etc.] ReturnResult --> End([End]) DenySubstring --> End DenyDefault --> End DenyRule --> End DenyDNS --> End DenyBlockIP --> End DenyBlockCIDR --> End DenyNotAllowed --> End DenyPeerIP --> End ErrorInput --> End style Start fill:#90EE90 style End fill:#FFB6C1 style DenySubstring fill:#FFA07A style DenyDefault fill:#FFA07A style DenyRule fill:#FFA07A style DenyDNS fill:#FFA07A style DenyBlockIP fill:#FFA07A style DenyBlockCIDR fill:#FFA07A style DenyNotAllowed fill:#FFA07A style DenyPeerIP fill:#FFA07A style ErrorInput fill:#FFA07A style AllowPolicy fill:#98FB98 style NetworkOK fill:#98FB98 style ReturnResult fill:#87CEEB ``` ## Limits Resolution Flow ```mermaid flowchart TD StartLimits([Get limits for alias/tags]) --> DefaultLimits[Start with default_limits: max_seconds: 60 max_output_bytes: 1MB host_key_auto_add: false require_known_host: true deny_substrings: extensive list] DefaultLimits --> GlobalLimits[Apply global policy.limits] GlobalLimits --> AliasOverride[Apply alias-specific overrides from policy.overrides.aliases] AliasOverride --> TagOverride[Apply tag-specific overrides from policy.overrides.tags Only if not set by alias] TagOverride --> ReturnLimits[Return effective limits] ReturnLimits --> EndLimits([End]) style StartLimits fill:#90EE90 style EndLimits fill:#FFB6C1 style ReturnLimits fill:#87CEEB ``` ## Rule Matching Logic ```mermaid flowchart TD StartMatch([Match command against rules]) --> IterateRules[For each rule in policy.rules] IterateRules --> CheckAliases{aliases specified?} CheckAliases -->|No| AliasOK[alias_ok = true] CheckAliases -->|Yes| MatchAlias{Alias matches any pattern?} MatchAlias -->|Yes| AliasOK MatchAlias -->|No| NextRule1[Skip to next rule] AliasOK --> CheckTags{tags specified?} CheckTags -->|No or empty| TagsOK[tags_ok = true] CheckTags -->|Yes| MatchTag{Any host tag matches any pattern?} MatchTag -->|Yes| TagsOK MatchTag -->|No| NextRule2[Skip to next rule] TagsOK --> CheckCommands{commands specified?} CheckCommands -->|No or empty| NextRule3[Skip to next rule cmd_ok = false] CheckCommands -->|Yes| MatchCommand{Command matches any pattern?} MatchCommand -->|Yes| RuleMatched[Rule matched! Return action: allow/deny] MatchCommand -->|No| NextRule4[Skip to next rule] NextRule1 --> MoreRules1{More rules?} NextRule2 --> MoreRules1 NextRule3 --> MoreRules1 NextRule4 --> MoreRules1 MoreRules1 -->|Yes| IterateRules MoreRules1 -->|No| NoMatch[No match found Return: deny default] RuleMatched --> EndMatch([End]) NoMatch --> EndMatch style StartMatch fill:#90EE90 style EndMatch fill:#FFB6C1 style RuleMatched fill:#98FB98 style NoMatch fill:#FFA07A ``` ## IP Network Policy Check ```mermaid flowchart TD StartIP([is_ip_allowed called]) --> CheckBlockIPs{IP in network.block_ips?} CheckBlockIPs -->|Yes| DenyIP[Return: false IP blocked] CheckBlockIPs -->|No| CheckBlockCIDRs{IP in network.block_cidrs?} CheckBlockCIDRs -->|Yes| DenyCIDR[Return: false CIDR blocked] CheckBlockCIDRs -->|No| HasAllowListsIP{network.allow_ips or network.allow_cidrs configured?} HasAllowListsIP -->|No| AllowByDefault[Return: true No allowlists = allow all blocks already applied] HasAllowListsIP -->|Yes| CheckAllowIPsIP{IP in network.allow_ips?} CheckAllowIPsIP -->|Yes| AllowIP[Return: true IP explicitly allowed] CheckAllowIPsIP -->|No| CheckAllowCIDRsIP{IP in network.allow_cidrs?} CheckAllowCIDRsIP -->|Yes| AllowCIDR[Return: true CIDR match allowed] CheckAllowCIDRsIP -->|No| DenyNotInAllowlist[Return: false Not in allowlist] DenyIP --> EndIP([End]) DenyCIDR --> EndIP AllowByDefault --> EndIP AllowIP --> EndIP AllowCIDR --> EndIP DenyNotInAllowlist --> EndIP style StartIP fill:#90EE90 style EndIP fill:#FFB6C1 style AllowByDefault fill:#98FB98 style AllowIP fill:#98FB98 style AllowCIDR fill:#98FB98 style DenyIP fill:#FFA07A style DenyCIDR fill:#FFA07A style DenyNotInAllowlist fill:#FFA07A ``` ## Key Principles 1. **Deny by default**: Commands must match an "allow" rule to execute 2. **Defense in depth**: Multiple layers of checks (deny_substrings → rules → network) 3. **Fail closed**: Any error in validation results in denial 4. **Pre and post checks**: Network policy enforced before and after connection 5. **Hierarchical limits**: Default → Global → Alias → Tags (with precedence rules) 6. **Audit logging**: All decisions and executions are logged with timestamps and hashes

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/samerfarida/mcp-ssh-orchestrator'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

policy-engine-flowchart.md•7.52 KiB