Part of #1159 Add per-server tool policy enforcement to MCP multi-server client. **Crates**: zeph-mcp **Priority**: P1 (pre-1.0) **Tasks**: - [ ] `McpPolicy` struct: `server_name` → allowed tools, denied tools, rate limits - [ ] `PolicyEnforcer` middleware: intercept tool calls, check policy, reject violations - [ ] Config: `[[mcp.servers.policies]]` TOML sections per server - [ ] Audit log: violations via `tracing::warn!` with structured fields (server, tool, action, reason) **Files**: `crates/zeph-mcp/src/policy.rs` (new), `crates/zeph-mcp/src/client.rs`, `crates/zeph-core/src/config/types.rs`
Part of #1159
Add per-server tool policy enforcement to MCP multi-server client.
Crates: zeph-mcp
Priority: P1 (pre-1.0)
Tasks:
McpPolicystruct:server_name→ allowed tools, denied tools, rate limitsPolicyEnforcermiddleware: intercept tool calls, check policy, reject violations[[mcp.servers.policies]]TOML sections per servertracing::warn!with structured fields (server, tool, action, reason)Files:
crates/zeph-mcp/src/policy.rs(new),crates/zeph-mcp/src/client.rs,crates/zeph-core/src/config/types.rs