Add support tools filtering.

Add tool filtering functionality that intercepts MCP tools/list and
tools/call requests using Cedar policies; unauthorized tool calls
return HTTP 200 with JSON-RPC "Invalid params" error (-32602);
includes template-based policy generation, response filtering, and
extensive test coverage for both allowed and denied scenarios.

An additional option `--tools` is available for the `thv run` command.

Author: blkt

cmd/thv/app/run.go

@@ -92,6 +92,9 @@ var (
 
 	// Network isolation flag
 	runIsolateNetwork bool
+
+	// Tool filtering flag
+	runTools []string
 )
 
 func init() {
@@ -225,6 +228,10 @@ func init() {
 	runCmd.Flags().BoolVar(&runIsolateNetwork, "isolate-network", false,
 		"Isolate the container network from the host (default: false)")
 
+	// Tool filtering flag
+	runCmd.Flags().StringArrayVar(&runTools, "tools", []string{},
+		"Comma-separated list of tools to enable (e.g., --tools=weather,calculator). If not specified, all tools are enabled.")
+
 }
 
 func getOidcFromFlags(cmd *cobra.Command) (string, string, string, string, bool, error) {
@@ -383,6 +390,7 @@ func runCmdFunc(cmd *cobra.Command, args []string) error {
 		runThvCABundle,
 		runJWKSAuthTokenFile,
 		runJWKSAllowPrivateIP,
+		runTools,
 		envVarValidator,
 		types.ProxyMode(runProxyMode),
 	)

pkg/authz/middleware.go

@@ -30,9 +30,8 @@ var MCPMethodToFeatureOperation = map[string]struct {
 	"initialize":      {Feature: "", Operation: ""}, // Always allowed
 }
 
-// shouldSkipInitialAuthorization checks if the request should skip authorization
-// before reading the request body.
-func shouldSkipInitialAuthorization(r *http.Request) bool {
+// shouldSkip checks if the request should skip authorization
+func shouldSkip(r *http.Request) bool {
 	// Skip authorization for non-POST requests and non-JSON content types
 	if r.Method != http.MethodPost || !strings.HasPrefix(r.Header.Get("Content-Type"), "application/json") {
 		return true
@@ -138,7 +137,7 @@ func handleUnauthorized(w http.ResponseWriter, msgID interface{}, err error) {
 func (a *CedarAuthorizer) Middleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// Check if we should skip authorization before checking parsed data
-		if shouldSkipInitialAuthorization(r) {
+		if shouldSkip(r) {
 			next.ServeHTTP(w, r)
 			return
 		}

pkg/authz/templates/tool_filtering_policy.cedar

@@ -0,0 +1,9 @@
+// Tool filtering policy template
+// This policy allows access to specific tools based on the --tools flag
+// The tools are interpolated into this template at runtime
+
+// Allow access to specific tools only{{range .Tools}}
+permit(principal, action == Action::"call_tool", resource == Tool::"{{.}}");{{end}}
+
+// Allow listing of tools (for tools/list operations)
+permit(principal, action == Action::"list_tools", resource == FeatureType::"tool");