Delete OPA policy

Instructions

Implementation Reference

• src/tools/server-management/policies.ts:108-120 (handler)

  Handler function for opa_delete_policy. Sends a DELETE request to OPA's /v1/policies/{id} endpoint. Returns { id, deleted: true } on success, or maps OPA client errors (with POLICY_NOT_FOUND for 404).

  async ({ id }) => {
    return withToolEnvelope<{ id: string; deleted: boolean }>(config, async () => {
      try {
        await opa.request({
          method: 'DELETE',
          path: `/v1/policies/${encodeURIComponent(id)}`,
        });
        return ok({ id, deleted: true });
      } catch (e) {
        return mapOpaClientError(e, 'POLICY_NOT_FOUND');
      }
    });
  },

• src/tools/server-management/policies.ts:99-107 (schema)

  Registration and input schema for opa_delete_policy. Accepts a single 'id' parameter (string, min 1) describing the Policy ID to delete.

  server.registerTool(
    'opa_delete_policy',
    {
      title: 'Delete OPA policy',
      description: 'Delete a policy by ID from the running OPA server.',
      inputSchema: {
        id: z.string().min(1).describe('Policy ID to delete.'),
      },
    },

• src/tools/index.ts:37-43 (registration)

  Top-level registration entry point. registerTools() calls registerServerManagementTools() which in turn calls registerPolicyTools() that registers opa_delete_policy on the MCP server.

  export function registerTools(server: McpServer, config: Config): void {
    registerAuthoringTools(server, config);
    registerEvaluationTools(server, config);
    registerBundleTools(server, config);
    registerServerManagementTools(server, config);
    registerHelperTools(server, config);
  }

• src/tools/server-management/index.ts:16-21 (registration)

  Server management registration dispatcher. registerServerManagementTools() calls registerPolicyTools() to register policy tools including opa_delete_policy.

  export function registerServerManagementTools(server: McpServer, config: Config): void {
    registerPolicyTools(server, config);
    registerDataTools(server, config);
    registerDecisionTools(server, config);
    registerStatusTools(server, config);
  }

• src/tools/server-management/_shared.ts:16-45 (helper)

  mapOpaClientError helper used by opa_delete_policy handler to translate OPA client errors into structured error envelopes (e.g., POLICY_NOT_FOUND for 404).

  export function mapOpaClientError(
    e: unknown,
    notFoundCode: ToolErrorCode = 'UNKNOWN_ERROR',
  ): ToolEnvelope<never> {
    if (e instanceof OpaUnreachableError) {
      return err('OPA_UNREACHABLE', `OPA server unreachable at ${e.url}`, {
        hint: 'Confirm OPA_URL points at a running OPA server (e.g. `curl $OPA_URL/health`).',
        details: { url: e.url },
      });
    }
    if (e instanceof OpaAuthError) {
      return err('OPA_AUTH_FAILED', 'OPA rejected the request with 401 Unauthorized.', {
        hint: 'Set OPA_TOKEN to a valid bearer token, or remove the auth requirement on the OPA server.',
      });
    }
    if (e instanceof OpaHttpError) {
      if (e.status === 404) {
        return err(notFoundCode, `OPA returned 404 Not Found.`, {
          details: { status: e.status, body: e.body },
        });
      }
      return err('UNKNOWN_ERROR', `OPA returned HTTP ${e.status}.`, {
        details: { status: e.status, body: e.body },
      });
    }
    const message = e instanceof Error ? e.message : 'Unknown error';
    return err('UNKNOWN_ERROR', message, {
      details: e instanceof Error ? { stack: e.stack } : { value: e },
    });
  }