options) {
+ return CompletableFuture.supplyAsync(() -> mcpCheckInput(connectorType, statement, options), asyncExecutor);
+ }
+
+ /**
+ * Validates MCP response data against configured policies.
+ *
+ * This method calls the agent's {@code /api/v1/mcp/check-output} endpoint to check
+ * response data for PII content, exfiltration limit violations, and other output
+ * policy violations. If PII redaction is active, {@code redactedData} contains the
+ * sanitized version.
+ *
+ * Example usage:
+ *
{@code
+ * List> rows = List.of(
+ * Map.of("name", "John", "ssn", "123-45-6789")
+ * );
+ * MCPCheckOutputResponse result = axonflow.mcpCheckOutput("postgres", rows);
+ * if (!result.isAllowed()) {
+ * System.out.println("Blocked: " + result.getBlockReason());
+ * }
+ * if (result.getRedactedData() != null) {
+ * System.out.println("Redacted: " + result.getRedactedData());
+ * }
+ * }
+ *
+ * @param connectorType name of the MCP connector type (e.g., "postgres")
+ * @param responseData the response data rows to validate
+ * @return MCPCheckOutputResponse with allowed status, redacted data, and policy info
+ * @throws ConnectorException if the request fails (note: 403 is not an error, it means blocked)
+ */
+ public MCPCheckOutputResponse mcpCheckOutput(String connectorType, List> responseData) {
+ return mcpCheckOutput(connectorType, responseData, null);
+ }
+
+ /**
+ * Validates MCP response data against configured policies with options.
+ *
+ * @param connectorType name of the MCP connector type (e.g., "postgres")
+ * @param responseData the response data rows to validate
+ * @param options optional parameters: "message" (String), "metadata" (Map), "row_count" (int)
+ * @return MCPCheckOutputResponse with allowed status, redacted data, and policy info
+ * @throws ConnectorException if the request fails (note: 403 is not an error, it means blocked)
+ */
+ public MCPCheckOutputResponse mcpCheckOutput(String connectorType, List> responseData, Map options) {
+ Objects.requireNonNull(connectorType, "connectorType cannot be null");
+ // responseData can be null for execute-style requests that use message instead
+
+ return retryExecutor.execute(() -> {
+ String message = options != null ? (String) options.get("message") : null;
+ @SuppressWarnings("unchecked")
+ Map metadata = options != null ? (Map) options.get("metadata") : null;
+ int rowCount = options != null ? (int) options.getOrDefault("row_count", 0) : 0;
+
+ MCPCheckOutputRequest request = new MCPCheckOutputRequest(connectorType, responseData, message, metadata, rowCount);
+
+ Request httpRequest = buildRequest("POST", "/api/v1/mcp/check-output", request);
+ try (Response response = httpClient.newCall(httpRequest).execute()) {
+ ResponseBody responseBody = response.body();
+ if (responseBody == null) {
+ throw new ConnectorException("Empty response from MCP check-output", connectorType, "mcpCheckOutput");
+ }
+ String responseJson = responseBody.string();
+
+ // 403 means policy blocked — the body is still a valid response
+ if (!response.isSuccessful() && response.code() != 403) {
+ try {
+ Map errorData = objectMapper.readValue(responseJson,
+ new TypeReference>() {});
+ String errorMsg = errorData.get("error") != null ?
+ errorData.get("error").toString() :
+ "MCP check-output failed: " + response.code();
+ throw new ConnectorException(errorMsg, connectorType, "mcpCheckOutput");
+ } catch (JsonProcessingException e) {
+ throw new ConnectorException("MCP check-output failed: " + response.code(), connectorType, "mcpCheckOutput");
+ }
+ }
+
+ return objectMapper.readValue(responseJson, MCPCheckOutputResponse.class);
+ }
+ }, "mcpCheckOutput");
+ }
+
+ /**
+ * Asynchronously validates MCP response data against configured policies.
+ *
+ * @param connectorType name of the MCP connector type
+ * @param responseData the response data rows to validate
+ * @return a future containing the check result
+ */
+ public CompletableFuture mcpCheckOutputAsync(String connectorType, List> responseData) {
+ return CompletableFuture.supplyAsync(() -> mcpCheckOutput(connectorType, responseData), asyncExecutor);
+ }
+
+ /**
+ * Asynchronously validates MCP response data against configured policies with options.
+ *
+ * @param connectorType name of the MCP connector type
+ * @param responseData the response data rows to validate
+ * @param options optional parameters
+ * @return a future containing the check result
+ */
+ public CompletableFuture mcpCheckOutputAsync(String connectorType, List> responseData, Map options) {
+ return CompletableFuture.supplyAsync(() -> mcpCheckOutput(connectorType, responseData, options), asyncExecutor);
+ }
+
// ========================================================================
// Policy CRUD - Static Policies
// ========================================================================
diff --git a/src/main/java/com/getaxonflow/sdk/types/MCPCheckInputRequest.java b/src/main/java/com/getaxonflow/sdk/types/MCPCheckInputRequest.java
new file mode 100644
index 0000000..4c4cc07
--- /dev/null
+++ b/src/main/java/com/getaxonflow/sdk/types/MCPCheckInputRequest.java
@@ -0,0 +1,112 @@
+/*
+ * Copyright 2026 AxonFlow
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.getaxonflow.sdk.types;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.util.Map;
+import java.util.Objects;
+
+/**
+ * Request to validate an MCP input against configured policies without executing it.
+ *
+ * Used with the {@code POST /api/v1/mcp/check-input} endpoint to pre-validate
+ * a statement before sending it to the connector.
+ */
+@JsonInclude(JsonInclude.Include.NON_NULL)
+public final class MCPCheckInputRequest {
+
+ @JsonProperty("connector_type")
+ private final String connectorType;
+
+ @JsonProperty("statement")
+ private final String statement;
+
+ @JsonProperty("parameters")
+ private final Map parameters;
+
+ @JsonProperty("operation")
+ private final String operation;
+
+ /**
+ * Creates a request with connector type and statement only.
+ * Operation defaults to "query".
+ *
+ * @param connectorType the MCP connector type (e.g., "postgres")
+ * @param statement the statement to validate
+ */
+ public MCPCheckInputRequest(String connectorType, String statement) {
+ this(connectorType, statement, null, "query");
+ }
+
+ /**
+ * Creates a request with all fields.
+ *
+ * @param connectorType the MCP connector type (e.g., "postgres")
+ * @param statement the statement to validate
+ * @param parameters optional query parameters
+ * @param operation the operation type (e.g., "query", "execute")
+ */
+ public MCPCheckInputRequest(String connectorType, String statement,
+ Map parameters, String operation) {
+ this.connectorType = connectorType;
+ this.statement = statement;
+ this.parameters = parameters;
+ this.operation = operation;
+ }
+
+ public String getConnectorType() {
+ return connectorType;
+ }
+
+ public String getStatement() {
+ return statement;
+ }
+
+ public Map getParameters() {
+ return parameters;
+ }
+
+ public String getOperation() {
+ return operation;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+ MCPCheckInputRequest that = (MCPCheckInputRequest) o;
+ return Objects.equals(connectorType, that.connectorType) &&
+ Objects.equals(statement, that.statement) &&
+ Objects.equals(parameters, that.parameters) &&
+ Objects.equals(operation, that.operation);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(connectorType, statement, parameters, operation);
+ }
+
+ @Override
+ public String toString() {
+ return "MCPCheckInputRequest{" +
+ "connectorType='" + connectorType + '\'' +
+ ", statement='" + statement + '\'' +
+ ", operation='" + operation + '\'' +
+ '}';
+ }
+}
diff --git a/src/main/java/com/getaxonflow/sdk/types/MCPCheckInputResponse.java b/src/main/java/com/getaxonflow/sdk/types/MCPCheckInputResponse.java
new file mode 100644
index 0000000..c1454fe
--- /dev/null
+++ b/src/main/java/com/getaxonflow/sdk/types/MCPCheckInputResponse.java
@@ -0,0 +1,111 @@
+/*
+ * Copyright 2026 AxonFlow
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.getaxonflow.sdk.types;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.util.Objects;
+
+/**
+ * Response from the MCP input policy check endpoint.
+ *
+ * Indicates whether the input statement is allowed by configured policies.
+ * A 403 HTTP response still returns a valid response body with {@code allowed=false}
+ * and details in {@code blockReason} and {@code policyInfo}.
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+public final class MCPCheckInputResponse {
+
+ @JsonProperty("allowed")
+ private final boolean allowed;
+
+ @JsonProperty("block_reason")
+ private final String blockReason;
+
+ @JsonProperty("policies_evaluated")
+ private final int policiesEvaluated;
+
+ @JsonProperty("policy_info")
+ private final ConnectorPolicyInfo policyInfo;
+
+ @JsonCreator
+ public MCPCheckInputResponse(
+ @JsonProperty("allowed") boolean allowed,
+ @JsonProperty("block_reason") String blockReason,
+ @JsonProperty("policies_evaluated") int policiesEvaluated,
+ @JsonProperty("policy_info") ConnectorPolicyInfo policyInfo) {
+ this.allowed = allowed;
+ this.blockReason = blockReason;
+ this.policiesEvaluated = policiesEvaluated;
+ this.policyInfo = policyInfo;
+ }
+
+ /**
+ * Returns whether the input is allowed by policies.
+ */
+ public boolean isAllowed() {
+ return allowed;
+ }
+
+ /**
+ * Returns the reason the input was blocked, or null if allowed.
+ */
+ public String getBlockReason() {
+ return blockReason;
+ }
+
+ /**
+ * Returns the number of policies evaluated.
+ */
+ public int getPoliciesEvaluated() {
+ return policiesEvaluated;
+ }
+
+ /**
+ * Returns detailed policy evaluation information.
+ */
+ public ConnectorPolicyInfo getPolicyInfo() {
+ return policyInfo;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+ MCPCheckInputResponse that = (MCPCheckInputResponse) o;
+ return allowed == that.allowed &&
+ policiesEvaluated == that.policiesEvaluated &&
+ Objects.equals(blockReason, that.blockReason) &&
+ Objects.equals(policyInfo, that.policyInfo);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(allowed, blockReason, policiesEvaluated, policyInfo);
+ }
+
+ @Override
+ public String toString() {
+ return "MCPCheckInputResponse{" +
+ "allowed=" + allowed +
+ ", blockReason='" + blockReason + '\'' +
+ ", policiesEvaluated=" + policiesEvaluated +
+ ", policyInfo=" + policyInfo +
+ '}';
+ }
+}
diff --git a/src/main/java/com/getaxonflow/sdk/types/MCPCheckOutputRequest.java b/src/main/java/com/getaxonflow/sdk/types/MCPCheckOutputRequest.java
new file mode 100644
index 0000000..3b12ac0
--- /dev/null
+++ b/src/main/java/com/getaxonflow/sdk/types/MCPCheckOutputRequest.java
@@ -0,0 +1,122 @@
+/*
+ * Copyright 2026 AxonFlow
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.getaxonflow.sdk.types;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+
+/**
+ * Request to validate MCP response data against configured policies.
+ *
+ * Used with the {@code POST /api/v1/mcp/check-output} endpoint to check
+ * response data for PII, exfiltration limits, and other policy violations.
+ */
+@JsonInclude(JsonInclude.Include.NON_NULL)
+public final class MCPCheckOutputRequest {
+
+ @JsonProperty("connector_type")
+ private final String connectorType;
+
+ @JsonProperty("response_data")
+ private final List> responseData;
+
+ @JsonProperty("message")
+ private final String message;
+
+ @JsonProperty("metadata")
+ private final Map metadata;
+
+ @JsonProperty("row_count")
+ private final int rowCount;
+
+ /**
+ * Creates a request with connector type and response data only.
+ *
+ * @param connectorType the MCP connector type (e.g., "postgres")
+ * @param responseData the response data rows to validate
+ */
+ public MCPCheckOutputRequest(String connectorType, List> responseData) {
+ this(connectorType, responseData, null, null, 0);
+ }
+
+ /**
+ * Creates a request with all fields.
+ *
+ * @param connectorType the MCP connector type (e.g., "postgres")
+ * @param responseData the response data rows to validate
+ * @param message optional message context
+ * @param metadata optional metadata
+ * @param rowCount the number of rows in the response
+ */
+ public MCPCheckOutputRequest(String connectorType, List> responseData,
+ String message, Map metadata, int rowCount) {
+ this.connectorType = connectorType;
+ this.responseData = responseData;
+ this.message = message;
+ this.metadata = metadata;
+ this.rowCount = rowCount;
+ }
+
+ public String getConnectorType() {
+ return connectorType;
+ }
+
+ public List> getResponseData() {
+ return responseData;
+ }
+
+ public String getMessage() {
+ return message;
+ }
+
+ public Map getMetadata() {
+ return metadata;
+ }
+
+ public int getRowCount() {
+ return rowCount;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+ MCPCheckOutputRequest that = (MCPCheckOutputRequest) o;
+ return rowCount == that.rowCount &&
+ Objects.equals(connectorType, that.connectorType) &&
+ Objects.equals(responseData, that.responseData) &&
+ Objects.equals(message, that.message) &&
+ Objects.equals(metadata, that.metadata);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(connectorType, responseData, message, metadata, rowCount);
+ }
+
+ @Override
+ public String toString() {
+ return "MCPCheckOutputRequest{" +
+ "connectorType='" + connectorType + '\'' +
+ ", rowCount=" + rowCount +
+ ", message='" + message + '\'' +
+ '}';
+ }
+}
diff --git a/src/main/java/com/getaxonflow/sdk/types/MCPCheckOutputResponse.java b/src/main/java/com/getaxonflow/sdk/types/MCPCheckOutputResponse.java
new file mode 100644
index 0000000..1d4a5a7
--- /dev/null
+++ b/src/main/java/com/getaxonflow/sdk/types/MCPCheckOutputResponse.java
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2026 AxonFlow
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.getaxonflow.sdk.types;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.util.Objects;
+
+/**
+ * Response from the MCP output policy check endpoint.
+ *
+ * Indicates whether the output data passes configured policies. May include
+ * redacted data if PII redaction policies are active, and exfiltration check
+ * information if data volume limits are configured.
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+public final class MCPCheckOutputResponse {
+
+ @JsonProperty("allowed")
+ private final boolean allowed;
+
+ @JsonProperty("block_reason")
+ private final String blockReason;
+
+ @JsonProperty("redacted_data")
+ private final Object redactedData;
+
+ @JsonProperty("policies_evaluated")
+ private final int policiesEvaluated;
+
+ @JsonProperty("exfiltration_info")
+ private final ExfiltrationCheckInfo exfiltrationInfo;
+
+ @JsonProperty("policy_info")
+ private final ConnectorPolicyInfo policyInfo;
+
+ @JsonCreator
+ public MCPCheckOutputResponse(
+ @JsonProperty("allowed") boolean allowed,
+ @JsonProperty("block_reason") String blockReason,
+ @JsonProperty("redacted_data") Object redactedData,
+ @JsonProperty("policies_evaluated") int policiesEvaluated,
+ @JsonProperty("exfiltration_info") ExfiltrationCheckInfo exfiltrationInfo,
+ @JsonProperty("policy_info") ConnectorPolicyInfo policyInfo) {
+ this.allowed = allowed;
+ this.blockReason = blockReason;
+ this.redactedData = redactedData;
+ this.policiesEvaluated = policiesEvaluated;
+ this.exfiltrationInfo = exfiltrationInfo;
+ this.policyInfo = policyInfo;
+ }
+
+ /**
+ * Returns whether the output data is allowed by policies.
+ */
+ public boolean isAllowed() {
+ return allowed;
+ }
+
+ /**
+ * Returns the reason the output was blocked, or null if allowed.
+ */
+ public String getBlockReason() {
+ return blockReason;
+ }
+
+ /**
+ * Returns the redacted version of the data, or null if no redaction was applied.
+ */
+ public Object getRedactedData() {
+ return redactedData;
+ }
+
+ /**
+ * Returns the number of policies evaluated.
+ */
+ public int getPoliciesEvaluated() {
+ return policiesEvaluated;
+ }
+
+ /**
+ * Returns exfiltration check information.
+ * May be null if exfiltration checking is disabled.
+ */
+ public ExfiltrationCheckInfo getExfiltrationInfo() {
+ return exfiltrationInfo;
+ }
+
+ /**
+ * Returns detailed policy evaluation information.
+ */
+ public ConnectorPolicyInfo getPolicyInfo() {
+ return policyInfo;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+ MCPCheckOutputResponse that = (MCPCheckOutputResponse) o;
+ return allowed == that.allowed &&
+ policiesEvaluated == that.policiesEvaluated &&
+ Objects.equals(blockReason, that.blockReason) &&
+ Objects.equals(redactedData, that.redactedData) &&
+ Objects.equals(exfiltrationInfo, that.exfiltrationInfo) &&
+ Objects.equals(policyInfo, that.policyInfo);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(allowed, blockReason, redactedData, policiesEvaluated,
+ exfiltrationInfo, policyInfo);
+ }
+
+ @Override
+ public String toString() {
+ return "MCPCheckOutputResponse{" +
+ "allowed=" + allowed +
+ ", blockReason='" + blockReason + '\'' +
+ ", policiesEvaluated=" + policiesEvaluated +
+ ", exfiltrationInfo=" + exfiltrationInfo +
+ ", policyInfo=" + policyInfo +
+ '}';
+ }
+}
diff --git a/src/test/java/com/getaxonflow/sdk/AxonFlowTest.java b/src/test/java/com/getaxonflow/sdk/AxonFlowTest.java
index 46560f3..338a01f 100644
--- a/src/test/java/com/getaxonflow/sdk/AxonFlowTest.java
+++ b/src/test/java/com/getaxonflow/sdk/AxonFlowTest.java
@@ -23,6 +23,7 @@
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.DisplayName;
+import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
@@ -1611,6 +1612,282 @@ void mcpExecuteShouldReturnResponseWithPolicyInfo() {
assertThat(response.getPolicyInfo().getPoliciesEvaluated()).isEqualTo(3);
}
+ // ========================================================================
+ // MCP Check Input/Output Tests (Policy Pre-validation)
+ // ========================================================================
+
+ @Test
+ @DisplayName("mcpCheckInput should return allowed response")
+ void mcpCheckInputShouldReturnAllowedResponse() {
+ stubFor(post(urlEqualTo("/api/v1/mcp/check-input"))
+ .willReturn(aResponse()
+ .withStatus(200)
+ .withHeader("Content-Type", "application/json")
+ .withBody("{\"allowed\": true, \"policies_evaluated\": 3, " +
+ "\"policy_info\": {\"policies_evaluated\": 3, \"blocked\": false, " +
+ "\"redactions_applied\": 0, \"processing_time_ms\": 1}}")));
+
+ MCPCheckInputResponse response = axonflow.mcpCheckInput("postgres", "SELECT * FROM users");
+
+ assertThat(response.isAllowed()).isTrue();
+ assertThat(response.getPoliciesEvaluated()).isEqualTo(3);
+ assertThat(response.getBlockReason()).isNull();
+ assertThat(response.getPolicyInfo()).isNotNull();
+ assertThat(response.getPolicyInfo().getPoliciesEvaluated()).isEqualTo(3);
+ }
+
+ @Test
+ @DisplayName("mcpCheckInput with options should send operation and parameters")
+ void mcpCheckInputWithOptionsShouldSendOperationAndParameters() {
+ stubFor(post(urlEqualTo("/api/v1/mcp/check-input"))
+ .willReturn(aResponse()
+ .withStatus(200)
+ .withHeader("Content-Type", "application/json")
+ .withBody("{\"allowed\": true, \"policies_evaluated\": 5, " +
+ "\"policy_info\": {\"policies_evaluated\": 5, \"blocked\": false, " +
+ "\"redactions_applied\": 0, \"processing_time_ms\": 2}}")));
+
+ Map options = Map.of(
+ "operation", "execute",
+ "parameters", Map.of("limit", 100)
+ );
+ MCPCheckInputResponse response = axonflow.mcpCheckInput("postgres", "UPDATE users SET name = $1", options);
+
+ assertThat(response.isAllowed()).isTrue();
+ assertThat(response.getPoliciesEvaluated()).isEqualTo(5);
+
+ verify(postRequestedFor(urlEqualTo("/api/v1/mcp/check-input"))
+ .withRequestBody(containing("\"connector_type\":\"postgres\""))
+ .withRequestBody(containing("\"statement\":\"UPDATE users SET name = $1\""))
+ .withRequestBody(containing("\"operation\":\"execute\"")));
+ }
+
+ @Test
+ @DisplayName("mcpCheckInput should handle 403 as blocked result")
+ void mcpCheckInputShouldHandle403AsBlockedResult() {
+ stubFor(post(urlEqualTo("/api/v1/mcp/check-input"))
+ .willReturn(aResponse()
+ .withStatus(403)
+ .withHeader("Content-Type", "application/json")
+ .withBody("{\"allowed\": false, \"block_reason\": \"SQL injection detected\", " +
+ "\"policies_evaluated\": 3, " +
+ "\"policy_info\": {\"policies_evaluated\": 3, \"blocked\": true, " +
+ "\"block_reason\": \"SQL injection detected\", " +
+ "\"redactions_applied\": 0, \"processing_time_ms\": 1}}")));
+
+ MCPCheckInputResponse response = axonflow.mcpCheckInput("postgres", "SELECT * FROM users; DROP TABLE users;--");
+
+ assertThat(response.isAllowed()).isFalse();
+ assertThat(response.getBlockReason()).isEqualTo("SQL injection detected");
+ assertThat(response.getPolicyInfo()).isNotNull();
+ assertThat(response.getPolicyInfo().isBlocked()).isTrue();
+ }
+
+ @Test
+ @DisplayName("mcpCheckInput should throw on 500 error")
+ void mcpCheckInputShouldThrowOn500Error() {
+ stubFor(post(urlEqualTo("/api/v1/mcp/check-input"))
+ .willReturn(aResponse()
+ .withStatus(500)
+ .withHeader("Content-Type", "application/json")
+ .withBody("{\"error\": \"Internal server error\"}")));
+
+ assertThatThrownBy(() -> axonflow.mcpCheckInput("postgres", "SELECT 1"))
+ .isInstanceOf(ConnectorException.class)
+ .hasMessageContaining("Internal server error");
+ }
+
+ @Test
+ @DisplayName("mcpCheckInput should require non-null connectorType")
+ void mcpCheckInputShouldRequireConnectorType() {
+ assertThatThrownBy(() -> axonflow.mcpCheckInput(null, "SELECT 1"))
+ .isInstanceOf(NullPointerException.class);
+ }
+
+ @Test
+ @DisplayName("mcpCheckInput should require non-null statement")
+ void mcpCheckInputShouldRequireStatement() {
+ assertThatThrownBy(() -> axonflow.mcpCheckInput("postgres", null))
+ .isInstanceOf(NullPointerException.class);
+ }
+
+ @Test
+ @DisplayName("mcpCheckInputAsync should return future")
+ void mcpCheckInputAsyncShouldReturnFuture() throws Exception {
+ stubFor(post(urlEqualTo("/api/v1/mcp/check-input"))
+ .willReturn(aResponse()
+ .withStatus(200)
+ .withHeader("Content-Type", "application/json")
+ .withBody("{\"allowed\": true, \"policies_evaluated\": 2, " +
+ "\"policy_info\": {\"policies_evaluated\": 2, \"blocked\": false, " +
+ "\"redactions_applied\": 0, \"processing_time_ms\": 1}}")));
+
+ CompletableFuture future = axonflow.mcpCheckInputAsync("postgres", "SELECT 1");
+ MCPCheckInputResponse response = future.get();
+
+ assertThat(response.isAllowed()).isTrue();
+ assertThat(response.getPoliciesEvaluated()).isEqualTo(2);
+ }
+
+ @Test
+ @DisplayName("mcpCheckOutput should return allowed response")
+ void mcpCheckOutputShouldReturnAllowedResponse() {
+ stubFor(post(urlEqualTo("/api/v1/mcp/check-output"))
+ .willReturn(aResponse()
+ .withStatus(200)
+ .withHeader("Content-Type", "application/json")
+ .withBody("{\"allowed\": true, \"policies_evaluated\": 4, " +
+ "\"policy_info\": {\"policies_evaluated\": 4, \"blocked\": false, " +
+ "\"redactions_applied\": 0, \"processing_time_ms\": 3}}")));
+
+ List> responseData = List.of(
+ Map.of("id", 1, "name", "Alice"),
+ Map.of("id", 2, "name", "Bob")
+ );
+ MCPCheckOutputResponse response = axonflow.mcpCheckOutput("postgres", responseData);
+
+ assertThat(response.isAllowed()).isTrue();
+ assertThat(response.getPoliciesEvaluated()).isEqualTo(4);
+ assertThat(response.getBlockReason()).isNull();
+ assertThat(response.getPolicyInfo()).isNotNull();
+ }
+
+ @Test
+ @DisplayName("mcpCheckOutput with options should send message, metadata, and row_count")
+ void mcpCheckOutputWithOptionsShouldSendOptions() {
+ stubFor(post(urlEqualTo("/api/v1/mcp/check-output"))
+ .willReturn(aResponse()
+ .withStatus(200)
+ .withHeader("Content-Type", "application/json")
+ .withBody("{\"allowed\": true, \"policies_evaluated\": 6, " +
+ "\"policy_info\": {\"policies_evaluated\": 6, \"blocked\": false, " +
+ "\"redactions_applied\": 0, \"processing_time_ms\": 2}}")));
+
+ List> responseData = List.of(
+ Map.of("id", 1, "name", "Alice")
+ );
+ Map options = Map.of(
+ "message", "Query completed",
+ "metadata", Map.of("source", "analytics"),
+ "row_count", 1
+ );
+ MCPCheckOutputResponse response = axonflow.mcpCheckOutput("postgres", responseData, options);
+
+ assertThat(response.isAllowed()).isTrue();
+ assertThat(response.getPoliciesEvaluated()).isEqualTo(6);
+
+ verify(postRequestedFor(urlEqualTo("/api/v1/mcp/check-output"))
+ .withRequestBody(containing("\"connector_type\":\"postgres\""))
+ .withRequestBody(containing("\"message\":\"Query completed\""))
+ .withRequestBody(containing("\"row_count\":1")));
+ }
+
+ @Test
+ @DisplayName("mcpCheckOutput should handle 403 as blocked result")
+ void mcpCheckOutputShouldHandle403AsBlockedResult() {
+ stubFor(post(urlEqualTo("/api/v1/mcp/check-output"))
+ .willReturn(aResponse()
+ .withStatus(403)
+ .withHeader("Content-Type", "application/json")
+ .withBody("{\"allowed\": false, \"block_reason\": \"PII detected in output\", " +
+ "\"policies_evaluated\": 4, " +
+ "\"redacted_data\": [{\"id\": 1, \"ssn\": \"***REDACTED***\"}], " +
+ "\"policy_info\": {\"policies_evaluated\": 4, \"blocked\": true, " +
+ "\"block_reason\": \"PII detected in output\", " +
+ "\"redactions_applied\": 1, \"processing_time_ms\": 5}}")));
+
+ List> responseData = List.of(
+ Map.of("id", 1, "ssn", "123-45-6789")
+ );
+ MCPCheckOutputResponse response = axonflow.mcpCheckOutput("postgres", responseData);
+
+ assertThat(response.isAllowed()).isFalse();
+ assertThat(response.getBlockReason()).isEqualTo("PII detected in output");
+ assertThat(response.getRedactedData()).isNotNull();
+ assertThat(response.getPolicyInfo()).isNotNull();
+ assertThat(response.getPolicyInfo().isBlocked()).isTrue();
+ }
+
+ @Test
+ @DisplayName("mcpCheckOutput should handle response with exfiltration info")
+ void mcpCheckOutputShouldHandleExfiltrationInfo() {
+ stubFor(post(urlEqualTo("/api/v1/mcp/check-output"))
+ .willReturn(aResponse()
+ .withStatus(200)
+ .withHeader("Content-Type", "application/json")
+ .withBody("{\"allowed\": true, \"policies_evaluated\": 3, " +
+ "\"exfiltration_info\": {\"rows_returned\": 10, \"row_limit\": 1000, " +
+ "\"bytes_returned\": 2048, \"byte_limit\": 1048576, \"within_limits\": true}, " +
+ "\"policy_info\": {\"policies_evaluated\": 3, \"blocked\": false, " +
+ "\"redactions_applied\": 0, \"processing_time_ms\": 2}}")));
+
+ List> responseData = List.of(Map.of("id", 1));
+ MCPCheckOutputResponse response = axonflow.mcpCheckOutput("postgres", responseData);
+
+ assertThat(response.isAllowed()).isTrue();
+ assertThat(response.getExfiltrationInfo()).isNotNull();
+ assertThat(response.getExfiltrationInfo().getRowsReturned()).isEqualTo(10);
+ assertThat(response.getExfiltrationInfo().isWithinLimits()).isTrue();
+ }
+
+ @Test
+ @DisplayName("mcpCheckOutput should throw on 500 error")
+ void mcpCheckOutputShouldThrowOn500Error() {
+ stubFor(post(urlEqualTo("/api/v1/mcp/check-output"))
+ .willReturn(aResponse()
+ .withStatus(500)
+ .withHeader("Content-Type", "application/json")
+ .withBody("{\"error\": \"Internal server error\"}")));
+
+ assertThatThrownBy(() -> axonflow.mcpCheckOutput("postgres", List.of(Map.of("id", 1))))
+ .isInstanceOf(ConnectorException.class)
+ .hasMessageContaining("Internal server error");
+ }
+
+ @Test
+ @DisplayName("mcpCheckOutput should require non-null connectorType")
+ void mcpCheckOutputShouldRequireConnectorType() {
+ assertThatThrownBy(() -> axonflow.mcpCheckOutput(null, List.of()))
+ .isInstanceOf(NullPointerException.class);
+ }
+
+ @Test
+ @DisplayName("mcpCheckOutput should allow null responseData for execute-style requests")
+ void mcpCheckOutputShouldAllowNullResponseData() {
+ stubFor(post(urlEqualTo("/api/v1/mcp/check-output"))
+ .willReturn(aResponse()
+ .withStatus(200)
+ .withHeader("Content-Type", "application/json")
+ .withBody("{\"allowed\": true, \"policies_evaluated\": 1, " +
+ "\"policy_info\": {\"policies_evaluated\": 1, \"blocked\": false, " +
+ "\"redactions_applied\": 0, \"processing_time_ms\": 1}}")));
+
+ Map options = new HashMap<>();
+ options.put("message", "3 rows updated");
+
+ MCPCheckOutputResponse resp = axonflow.mcpCheckOutput("postgres", null, options);
+ assertThat(resp.isAllowed()).isTrue();
+ }
+
+ @Test
+ @DisplayName("mcpCheckOutputAsync should return future")
+ void mcpCheckOutputAsyncShouldReturnFuture() throws Exception {
+ stubFor(post(urlEqualTo("/api/v1/mcp/check-output"))
+ .willReturn(aResponse()
+ .withStatus(200)
+ .withHeader("Content-Type", "application/json")
+ .withBody("{\"allowed\": true, \"policies_evaluated\": 2, " +
+ "\"policy_info\": {\"policies_evaluated\": 2, \"blocked\": false, " +
+ "\"redactions_applied\": 0, \"processing_time_ms\": 1}}")));
+
+ CompletableFuture future = axonflow.mcpCheckOutputAsync(
+ "postgres", List.of(Map.of("id", 1)));
+ MCPCheckOutputResponse response = future.get();
+
+ assertThat(response.isAllowed()).isTrue();
+ assertThat(response.getPoliciesEvaluated()).isEqualTo(2);
+ }
+
// ========================================================================
// Rollback Plan
// ========================================================================
diff --git a/src/test/java/com/getaxonflow/sdk/types/MoreTypesTest.java b/src/test/java/com/getaxonflow/sdk/types/MoreTypesTest.java
index e00f360..97d7537 100644
--- a/src/test/java/com/getaxonflow/sdk/types/MoreTypesTest.java
+++ b/src/test/java/com/getaxonflow/sdk/types/MoreTypesTest.java
@@ -1515,4 +1515,371 @@ void shouldHaveToString() {
assertThat(response.toString()).contains("ClientResponse");
}
}
+
+ @Nested
+ @DisplayName("MCPCheckInputRequest")
+ class MCPCheckInputRequestTests {
+
+ @Test
+ @DisplayName("should create instance with connector type and statement only")
+ void shouldCreateWithBasicFields() {
+ MCPCheckInputRequest request = new MCPCheckInputRequest("postgres", "SELECT * FROM users");
+
+ assertThat(request.getConnectorType()).isEqualTo("postgres");
+ assertThat(request.getStatement()).isEqualTo("SELECT * FROM users");
+ assertThat(request.getOperation()).isEqualTo("query");
+ assertThat(request.getParameters()).isNull();
+ }
+
+ @Test
+ @DisplayName("should create instance with all fields")
+ void shouldCreateWithAllFields() {
+ Map params = Map.of("limit", 100);
+ MCPCheckInputRequest request = new MCPCheckInputRequest(
+ "postgres", "UPDATE users SET name = $1", params, "execute"
+ );
+
+ assertThat(request.getConnectorType()).isEqualTo("postgres");
+ assertThat(request.getStatement()).isEqualTo("UPDATE users SET name = $1");
+ assertThat(request.getOperation()).isEqualTo("execute");
+ assertThat(request.getParameters()).containsEntry("limit", 100);
+ }
+
+ @Test
+ @DisplayName("should serialize to JSON")
+ void shouldSerializeToJson() throws Exception {
+ MCPCheckInputRequest request = new MCPCheckInputRequest(
+ "postgres", "SELECT 1", Map.of("timeout", 30), "query"
+ );
+
+ String json = objectMapper.writeValueAsString(request);
+
+ assertThat(json).contains("\"connector_type\":\"postgres\"");
+ assertThat(json).contains("\"statement\":\"SELECT 1\"");
+ assertThat(json).contains("\"operation\":\"query\"");
+ assertThat(json).contains("\"parameters\"");
+ }
+
+ @Test
+ @DisplayName("should omit null parameters in JSON")
+ void shouldOmitNullParametersInJson() throws Exception {
+ MCPCheckInputRequest request = new MCPCheckInputRequest("postgres", "SELECT 1");
+
+ String json = objectMapper.writeValueAsString(request);
+
+ assertThat(json).doesNotContain("\"parameters\"");
+ }
+
+ @Test
+ @DisplayName("should implement equals and hashCode")
+ void shouldImplementEqualsAndHashCode() {
+ MCPCheckInputRequest r1 = new MCPCheckInputRequest("postgres", "SELECT 1");
+ MCPCheckInputRequest r2 = new MCPCheckInputRequest("postgres", "SELECT 1");
+ MCPCheckInputRequest r3 = new MCPCheckInputRequest("mysql", "SELECT 1");
+
+ assertThat(r1).isEqualTo(r2);
+ assertThat(r1.hashCode()).isEqualTo(r2.hashCode());
+ assertThat(r1).isNotEqualTo(r3);
+ }
+
+ @Test
+ @DisplayName("should have toString")
+ void shouldHaveToString() {
+ MCPCheckInputRequest request = new MCPCheckInputRequest("postgres", "SELECT 1");
+ assertThat(request.toString()).contains("MCPCheckInputRequest");
+ assertThat(request.toString()).contains("postgres");
+ }
+ }
+
+ @Nested
+ @DisplayName("MCPCheckInputResponse")
+ class MCPCheckInputResponseTests {
+
+ @Test
+ @DisplayName("should create allowed response")
+ void shouldCreateAllowedResponse() {
+ MCPCheckInputResponse response = new MCPCheckInputResponse(true, null, 3, null);
+
+ assertThat(response.isAllowed()).isTrue();
+ assertThat(response.getBlockReason()).isNull();
+ assertThat(response.getPoliciesEvaluated()).isEqualTo(3);
+ assertThat(response.getPolicyInfo()).isNull();
+ }
+
+ @Test
+ @DisplayName("should create blocked response")
+ void shouldCreateBlockedResponse() {
+ ConnectorPolicyInfo policyInfo = new ConnectorPolicyInfo(
+ 3, true, "SQL injection detected", 0, 1, null
+ );
+ MCPCheckInputResponse response = new MCPCheckInputResponse(
+ false, "SQL injection detected", 3, policyInfo
+ );
+
+ assertThat(response.isAllowed()).isFalse();
+ assertThat(response.getBlockReason()).isEqualTo("SQL injection detected");
+ assertThat(response.getPolicyInfo()).isNotNull();
+ assertThat(response.getPolicyInfo().isBlocked()).isTrue();
+ }
+
+ @Test
+ @DisplayName("should deserialize from JSON")
+ void shouldDeserializeFromJson() throws Exception {
+ String json = "{" +
+ "\"allowed\":true," +
+ "\"policies_evaluated\":5," +
+ "\"policy_info\":{\"policies_evaluated\":5,\"blocked\":false," +
+ "\"redactions_applied\":0,\"processing_time_ms\":2}" +
+ "}";
+
+ MCPCheckInputResponse response = objectMapper.readValue(json, MCPCheckInputResponse.class);
+
+ assertThat(response.isAllowed()).isTrue();
+ assertThat(response.getPoliciesEvaluated()).isEqualTo(5);
+ assertThat(response.getPolicyInfo()).isNotNull();
+ assertThat(response.getPolicyInfo().getPoliciesEvaluated()).isEqualTo(5);
+ }
+
+ @Test
+ @DisplayName("should deserialize blocked response from JSON")
+ void shouldDeserializeBlockedResponseFromJson() throws Exception {
+ String json = "{" +
+ "\"allowed\":false," +
+ "\"block_reason\":\"DROP TABLE not allowed\"," +
+ "\"policies_evaluated\":3," +
+ "\"policy_info\":{\"policies_evaluated\":3,\"blocked\":true," +
+ "\"block_reason\":\"DROP TABLE not allowed\"," +
+ "\"redactions_applied\":0,\"processing_time_ms\":1}" +
+ "}";
+
+ MCPCheckInputResponse response = objectMapper.readValue(json, MCPCheckInputResponse.class);
+
+ assertThat(response.isAllowed()).isFalse();
+ assertThat(response.getBlockReason()).isEqualTo("DROP TABLE not allowed");
+ }
+
+ @Test
+ @DisplayName("should implement equals and hashCode")
+ void shouldImplementEqualsAndHashCode() {
+ MCPCheckInputResponse r1 = new MCPCheckInputResponse(true, null, 3, null);
+ MCPCheckInputResponse r2 = new MCPCheckInputResponse(true, null, 3, null);
+ MCPCheckInputResponse r3 = new MCPCheckInputResponse(false, "blocked", 3, null);
+
+ assertThat(r1).isEqualTo(r2);
+ assertThat(r1.hashCode()).isEqualTo(r2.hashCode());
+ assertThat(r1).isNotEqualTo(r3);
+ }
+
+ @Test
+ @DisplayName("should have toString")
+ void shouldHaveToString() {
+ MCPCheckInputResponse response = new MCPCheckInputResponse(true, null, 3, null);
+ assertThat(response.toString()).contains("MCPCheckInputResponse");
+ }
+ }
+
+ @Nested
+ @DisplayName("MCPCheckOutputRequest")
+ class MCPCheckOutputRequestTests {
+
+ @Test
+ @DisplayName("should create instance with connector type and response data only")
+ void shouldCreateWithBasicFields() {
+ List> data = List.of(Map.of("id", 1, "name", "Alice"));
+ MCPCheckOutputRequest request = new MCPCheckOutputRequest("postgres", data);
+
+ assertThat(request.getConnectorType()).isEqualTo("postgres");
+ assertThat(request.getResponseData()).hasSize(1);
+ assertThat(request.getMessage()).isNull();
+ assertThat(request.getMetadata()).isNull();
+ assertThat(request.getRowCount()).isEqualTo(0);
+ }
+
+ @Test
+ @DisplayName("should create instance with all fields")
+ void shouldCreateWithAllFields() {
+ List> data = List.of(
+ Map.of("id", 1, "name", "Alice"),
+ Map.of("id", 2, "name", "Bob")
+ );
+ Map metadata = Map.of("source", "analytics");
+ MCPCheckOutputRequest request = new MCPCheckOutputRequest(
+ "postgres", data, "Query completed", metadata, 2
+ );
+
+ assertThat(request.getConnectorType()).isEqualTo("postgres");
+ assertThat(request.getResponseData()).hasSize(2);
+ assertThat(request.getMessage()).isEqualTo("Query completed");
+ assertThat(request.getMetadata()).containsEntry("source", "analytics");
+ assertThat(request.getRowCount()).isEqualTo(2);
+ }
+
+ @Test
+ @DisplayName("should serialize to JSON")
+ void shouldSerializeToJson() throws Exception {
+ List> data = List.of(Map.of("id", 1));
+ MCPCheckOutputRequest request = new MCPCheckOutputRequest(
+ "postgres", data, "done", Map.of("key", "val"), 1
+ );
+
+ String json = objectMapper.writeValueAsString(request);
+
+ assertThat(json).contains("\"connector_type\":\"postgres\"");
+ assertThat(json).contains("\"response_data\"");
+ assertThat(json).contains("\"message\":\"done\"");
+ assertThat(json).contains("\"row_count\":1");
+ }
+
+ @Test
+ @DisplayName("should omit null fields in JSON")
+ void shouldOmitNullFieldsInJson() throws Exception {
+ List> data = List.of(Map.of("id", 1));
+ MCPCheckOutputRequest request = new MCPCheckOutputRequest("postgres", data);
+
+ String json = objectMapper.writeValueAsString(request);
+
+ assertThat(json).doesNotContain("\"message\"");
+ assertThat(json).doesNotContain("\"metadata\"");
+ }
+
+ @Test
+ @DisplayName("should implement equals and hashCode")
+ void shouldImplementEqualsAndHashCode() {
+ List> data = List.of(Map.of("id", 1));
+ MCPCheckOutputRequest r1 = new MCPCheckOutputRequest("postgres", data);
+ MCPCheckOutputRequest r2 = new MCPCheckOutputRequest("postgres", data);
+ MCPCheckOutputRequest r3 = new MCPCheckOutputRequest("mysql", data);
+
+ assertThat(r1).isEqualTo(r2);
+ assertThat(r1.hashCode()).isEqualTo(r2.hashCode());
+ assertThat(r1).isNotEqualTo(r3);
+ }
+
+ @Test
+ @DisplayName("should have toString")
+ void shouldHaveToString() {
+ List> data = List.of(Map.of("id", 1));
+ MCPCheckOutputRequest request = new MCPCheckOutputRequest("postgres", data);
+ assertThat(request.toString()).contains("MCPCheckOutputRequest");
+ assertThat(request.toString()).contains("postgres");
+ }
+ }
+
+ @Nested
+ @DisplayName("MCPCheckOutputResponse")
+ class MCPCheckOutputResponseTests {
+
+ @Test
+ @DisplayName("should create allowed response")
+ void shouldCreateAllowedResponse() {
+ MCPCheckOutputResponse response = new MCPCheckOutputResponse(
+ true, null, null, 4, null, null
+ );
+
+ assertThat(response.isAllowed()).isTrue();
+ assertThat(response.getBlockReason()).isNull();
+ assertThat(response.getRedactedData()).isNull();
+ assertThat(response.getPoliciesEvaluated()).isEqualTo(4);
+ assertThat(response.getExfiltrationInfo()).isNull();
+ assertThat(response.getPolicyInfo()).isNull();
+ }
+
+ @Test
+ @DisplayName("should create blocked response with redacted data")
+ void shouldCreateBlockedResponseWithRedactedData() {
+ ConnectorPolicyInfo policyInfo = new ConnectorPolicyInfo(
+ 4, true, "PII detected", 1, 5, null
+ );
+ List> redacted = List.of(
+ Map.of("id", 1, "ssn", "***REDACTED***")
+ );
+ MCPCheckOutputResponse response = new MCPCheckOutputResponse(
+ false, "PII detected", redacted, 4, null, policyInfo
+ );
+
+ assertThat(response.isAllowed()).isFalse();
+ assertThat(response.getBlockReason()).isEqualTo("PII detected");
+ assertThat(response.getRedactedData()).isNotNull();
+ assertThat(response.getPolicyInfo().getRedactionsApplied()).isEqualTo(1);
+ }
+
+ @Test
+ @DisplayName("should create response with exfiltration info")
+ void shouldCreateResponseWithExfiltrationInfo() {
+ ExfiltrationCheckInfo exfilInfo = new ExfiltrationCheckInfo(
+ 10, 1000, 2048, 1048576, true
+ );
+ MCPCheckOutputResponse response = new MCPCheckOutputResponse(
+ true, null, null, 3, exfilInfo, null
+ );
+
+ assertThat(response.isAllowed()).isTrue();
+ assertThat(response.getExfiltrationInfo()).isNotNull();
+ assertThat(response.getExfiltrationInfo().getRowsReturned()).isEqualTo(10);
+ assertThat(response.getExfiltrationInfo().getRowLimit()).isEqualTo(1000);
+ assertThat(response.getExfiltrationInfo().isWithinLimits()).isTrue();
+ }
+
+ @Test
+ @DisplayName("should deserialize from JSON")
+ void shouldDeserializeFromJson() throws Exception {
+ String json = "{" +
+ "\"allowed\":true," +
+ "\"policies_evaluated\":3," +
+ "\"exfiltration_info\":{\"rows_returned\":5,\"row_limit\":500," +
+ "\"bytes_returned\":1024,\"byte_limit\":524288,\"within_limits\":true}," +
+ "\"policy_info\":{\"policies_evaluated\":3,\"blocked\":false," +
+ "\"redactions_applied\":0,\"processing_time_ms\":2}" +
+ "}";
+
+ MCPCheckOutputResponse response = objectMapper.readValue(json, MCPCheckOutputResponse.class);
+
+ assertThat(response.isAllowed()).isTrue();
+ assertThat(response.getPoliciesEvaluated()).isEqualTo(3);
+ assertThat(response.getExfiltrationInfo()).isNotNull();
+ assertThat(response.getExfiltrationInfo().getRowsReturned()).isEqualTo(5);
+ assertThat(response.getPolicyInfo()).isNotNull();
+ }
+
+ @Test
+ @DisplayName("should deserialize blocked response with redacted data from JSON")
+ void shouldDeserializeBlockedResponseFromJson() throws Exception {
+ String json = "{" +
+ "\"allowed\":false," +
+ "\"block_reason\":\"PII content detected\"," +
+ "\"redacted_data\":[{\"id\":1,\"ssn\":\"***REDACTED***\"}]," +
+ "\"policies_evaluated\":4," +
+ "\"policy_info\":{\"policies_evaluated\":4,\"blocked\":true," +
+ "\"block_reason\":\"PII content detected\"," +
+ "\"redactions_applied\":1,\"processing_time_ms\":3}" +
+ "}";
+
+ MCPCheckOutputResponse response = objectMapper.readValue(json, MCPCheckOutputResponse.class);
+
+ assertThat(response.isAllowed()).isFalse();
+ assertThat(response.getBlockReason()).isEqualTo("PII content detected");
+ assertThat(response.getRedactedData()).isNotNull();
+ }
+
+ @Test
+ @DisplayName("should implement equals and hashCode")
+ void shouldImplementEqualsAndHashCode() {
+ MCPCheckOutputResponse r1 = new MCPCheckOutputResponse(true, null, null, 3, null, null);
+ MCPCheckOutputResponse r2 = new MCPCheckOutputResponse(true, null, null, 3, null, null);
+ MCPCheckOutputResponse r3 = new MCPCheckOutputResponse(false, "blocked", null, 3, null, null);
+
+ assertThat(r1).isEqualTo(r2);
+ assertThat(r1.hashCode()).isEqualTo(r2.hashCode());
+ assertThat(r1).isNotEqualTo(r3);
+ }
+
+ @Test
+ @DisplayName("should have toString")
+ void shouldHaveToString() {
+ MCPCheckOutputResponse response = new MCPCheckOutputResponse(
+ true, null, null, 3, null, null
+ );
+ assertThat(response.toString()).contains("MCPCheckOutputResponse");
+ }
+ }
}