rmi-backend/app/domains/databus/access_control.py

812 lines
29 KiB
Python

"""
DataBus Access Control - Who Sees What, Based On Who They Are
================================================================
Controls data access at a granular level. No consumer can pull raw individual
data points. Every response is packaged and scoped to the consumer's identity:
CONSUMER TYPES:
- public_web → RugCharts, RugMaps, market overview pages (free tier)
- authenticated → Logged-in users with wallet (basic tier)
- premium → Paid subscribers (premium tier)
- admin → Internal admin / darkroom (full access)
- mcp_tool → MCP server tools (scoped per tool, never raw)
- x402_paid → x402 paid API calls (scoped per tool price tier)
ACCESS MATRIX (what each consumer can see):
- public_web: prices, basic market data, alerts summary, trending tokens
- authenticated: + wallet labels, risk scans, basic profiles
- premium: + smart money, funding traces, deep risk, whale tracking
- admin: everything including Arkham, raw data, credit reports
- mcp_tool: only the specific data the tool is authorized for
- x402_paid: only what they paid for, packaged, never raw
RESPONSE PACKAGING:
Every DataBus response is transformed based on consumer type.
- public_web gets redacted summaries (no wallet addresses, no internal sources)
- mcp_tool gets tool-scoped results (only the fields the tool needs)
- x402_paid gets paid-scope results (exactly what they bought, nothing more)
- admin gets full data including source metadata
This ensures no consumer can enumerate our data sources or pull more than
they're authorized for. The DataBus is the ONLY way to access external data.
"""
import logging
import os
from enum import Enum
logger = logging.getLogger("databus.access_control")
class ConsumerType(Enum):
PUBLIC_WEB = "public_web" # RugCharts, RugMaps, market pages (no auth)
AUTHENTICATED = "authenticated" # Logged-in user (basic tier)
PREMIUM = "premium" # Paid subscriber
ADMIN = "admin" # Internal admin / darkroom
MCP_TOOL = "mcp_tool" # MCP server tools (scoped per tool)
X402_PAID = "x402_paid" # x402 paid API calls (scoped per tier)
# ── DATA TYPE → RESPONSE PACKAGING PER CONSUMER ──────────────────────────────
# Each data type defines what fields each consumer type can see.
# "full" = everything, "summary" = redacted summary, "denied" = 403, "scoped" = field-level
DATA_ACCESS_MATRIX = {
# ── PUBLIC (anyone on web) ──
"token_price": {
ConsumerType.PUBLIC_WEB: "summary", # price + 24h change only
ConsumerType.AUTHENTICATED: "full",
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "full",
ConsumerType.X402_PAID: "full",
},
"tvl": {
ConsumerType.PUBLIC_WEB: "summary", # total TVL per chain
ConsumerType.AUTHENTICATED: "full",
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "full",
ConsumerType.X402_PAID: "full",
},
"news": {
ConsumerType.PUBLIC_WEB: "summary", # title + source only
ConsumerType.AUTHENTICATED: "full",
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "full",
ConsumerType.X402_PAID: "full",
},
"market_overview": {
ConsumerType.PUBLIC_WEB: "summary", # basic stats
ConsumerType.AUTHENTICATED: "full",
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "full",
ConsumerType.X402_PAID: "full",
},
"trending": {
ConsumerType.PUBLIC_WEB: "summary", # top 10 only
ConsumerType.AUTHENTICATED: "full",
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "full",
ConsumerType.X402_PAID: "full",
},
"market_movers": {
ConsumerType.PUBLIC_WEB: "summary", # top 5 only
ConsumerType.AUTHENTICATED: "full",
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "full",
ConsumerType.X402_PAID: "full",
},
"spl_token_metadata": {
ConsumerType.PUBLIC_WEB: "full", # Raw SPL token decoder is safe for public
ConsumerType.AUTHENTICATED: "full",
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "full",
ConsumerType.X402_PAID: "full",
},
# ── AUTHENTICATED (logged in) ──
"wallet_labels": {
ConsumerType.PUBLIC_WEB: "denied", # must be logged in
ConsumerType.AUTHENTICATED: "summary", # label text only, no source
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
"wallet_balance": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "summary", # balance only
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
"wallet_profile": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "summary", # basic profile only
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
"risk_scan": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "summary", # risk score only, no details
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
"funding_source": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "denied", # premium only
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
"smart_money": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "denied", # premium only
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
"rag_search": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "summary",
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
# ── ADMIN ONLY ──
"entity_intel": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "denied",
ConsumerType.PREMIUM: "summary", # label only, not raw entity data
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "summary",
},
"arkham_portfolio": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "denied",
ConsumerType.PREMIUM: "denied",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "denied", # MCP tools cannot access raw portfolio
ConsumerType.X402_PAID: "summary", # paid x402 gets packaged summary
},
"arkham_entity": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "denied",
ConsumerType.PREMIUM: "summary",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "summary",
},
"arkham_labels": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "denied",
ConsumerType.PREMIUM: "summary",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "summary",
},
# ── PREMIUM ──
"sentinel_deep": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "denied",
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
"arkham_transfers": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "denied",
ConsumerType.PREMIUM: "summary",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "summary",
},
"arkham_counterparties": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "denied",
ConsumerType.PREMIUM: "summary",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "summary",
},
"nansen_labels": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "denied",
ConsumerType.PREMIUM: "summary",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "summary",
},
"nansen_smart_money": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "denied",
ConsumerType.PREMIUM: "summary",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "summary",
},
"portfolio": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "denied",
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
# ── NEW AUTHENTICATED DATA TYPES ──
"bubble_map": {
ConsumerType.PUBLIC_WEB: "summary", # basic map only
ConsumerType.AUTHENTICATED: "full",
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
"rugmaps_analysis": {
ConsumerType.PUBLIC_WEB: "summary", # risk score only
ConsumerType.AUTHENTICATED: "full",
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
"socialfi_resolve": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "summary", # ENS name only
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
"cross_chain": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "summary", # linked chains only
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
"wallet_cluster": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "summary", # cluster count only
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
"bundle_detect": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "summary", # bundle detected y/n
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
"wallet_tokens": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "summary", # token count + top 5
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
"token_detail": {
ConsumerType.PUBLIC_WEB: "summary", # name + price + change
ConsumerType.AUTHENTICATED: "full",
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "full",
ConsumerType.X402_PAID: "full",
},
"wallet_pnl": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "summary", # total PnL only
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
"gmgn_smart_money": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "summary", # narrative summary only
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
"threat_check": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "summary", # threat detected y/n
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
"contract_scan": {
ConsumerType.PUBLIC_WEB: "denied",
ConsumerType.AUTHENTICATED: "summary", # scan score only
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "scoped",
ConsumerType.X402_PAID: "full",
},
"dex_data": {
ConsumerType.PUBLIC_WEB: "summary",
ConsumerType.AUTHENTICATED: "full",
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "full",
ConsumerType.X402_PAID: "full",
},
# ── NEW PUBLIC DATA TYPES ──
"social_feed": {
ConsumerType.PUBLIC_WEB: "summary", # titles + sources only
ConsumerType.AUTHENTICATED: "full",
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "full",
ConsumerType.X402_PAID: "full",
},
"defi_protocols": {
ConsumerType.PUBLIC_WEB: "summary", # top protocols only
ConsumerType.AUTHENTICATED: "full",
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "full",
ConsumerType.X402_PAID: "full",
},
"prediction_markets": {
ConsumerType.PUBLIC_WEB: "summary", # top 10 markets
ConsumerType.AUTHENTICATED: "full",
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "full",
ConsumerType.X402_PAID: "full",
},
"prediction_signals": {
ConsumerType.PUBLIC_WEB: "summary", # signal direction only
ConsumerType.AUTHENTICATED: "full",
ConsumerType.PREMIUM: "full",
ConsumerType.ADMIN: "full",
ConsumerType.MCP_TOOL: "full",
ConsumerType.X402_PAID: "full",
},
}
# ── FIELDS TO STRIP PER PACKAGING LEVEL ─────────────────────────────────────
# These fields are NEVER exposed outside admin scope.
NEVER_EXPOSE_FIELDS = {
"api_key",
"apikey",
"token",
"secret",
"password",
"authorization",
"x-api-key",
"key",
"api-key",
"internal_url",
"server_path",
"source_address",
"funding_tx",
"raw_data",
"internal_id",
}
SUMMARY_ONLY_FIELDS = {
# For summary packaging, only allow these fields per data type
"token_price": {"price_usd", "price", "change_24h", "source", "cached"},
"wallet_labels": {"label", "source", "cached"},
"risk_scan": {"is_honeypot", "risk_score", "source", "cached"},
"entity_intel": {"entity_name", "category", "source", "cached"},
"arkham_entity": {"entity_name", "category", "source", "cached"},
"arkham_portfolio": {"total_value_usd", "token_count", "source", "cached"},
"arkham_labels": {"label", "confidence", "source", "cached"},
"arkham_transfers": {"from_address", "to_address", "amount_usd", "source", "cached"},
"arkham_counterparties": {"counterparty_count", "top_counterparties", "source", "cached"},
"nansen_labels": {"label", "category", "source", "cached"},
"nansen_smart_money": {"wallet_count", "top_wallets", "source", "cached"},
"news": {"title", "source_name", "published_at", "source", "cached"},
"trending": {"name", "symbol", "price_usd", "change_24h", "source", "cached"},
"market_movers": {"name", "symbol", "price_usd", "change_24h", "source", "cached"},
"tvl": {"chain", "tvl_usd", "change_24h", "source", "cached"},
"market_overview": {"total_mcap", "btc_dom", "eth_dom", "fgi", "source", "cached"},
"bubble_map": {"cluster_count", "top_holders", "risk_score", "source", "cached"},
"rugmaps_analysis": {"risk_score", "verdict", "similar_scams_count", "source", "cached"},
"socialfi_resolve": {"ens", "farcaster", "source", "cached"},
"cross_chain": {"linked_chains", "linked_count", "source", "cached"},
"wallet_cluster": {"cluster_count", "related_wallets_count", "source", "cached"},
"bundle_detect": {"bundle_detected", "bundle_count", "source", "cached"},
"wallet_tokens": {"token_count", "top_5_tokens", "source", "cached"},
"dex_data": {"pair_count", "top_pairs", "liquidity", "source", "cached"},
"token_detail": {"name", "symbol", "price_usd", "change_24h", "source", "cached"},
"wallet_pnl": {"total_pnl_usd", "pnl_pct", "source", "cached"},
"gmgn_smart_money": {"narrative_summary", "source", "cached"},
"threat_check": {"threat_detected", "threat_score", "source", "cached"},
"contract_scan": {"scan_score", "vulnerabilities_count", "source", "cached"},
"social_feed": {"title", "source_name", "published_at", "source", "cached"},
"defi_protocols": {"protocol_count", "top_protocols", "source", "cached"},
"prediction_markets": {"market_count", "top_markets", "source", "cached"},
"prediction_signals": {"signal_direction", "confidence", "source", "cached"},
"portfolio": {"total_value_usd", "token_count", "source", "cached"},
}
# ── MCP TOOL SCOPING ─────────────────────────────────────────────────────────
# Each MCP tool can only access the specific data type and fields it's authorized for.
MCP_TOOL_SCOPES = {
# Tool ID → {data_types: [allowed types], fields: [allowed fields] or "all"}
"wallet_risk_scan": {
"data_types": ["risk_scan", "wallet_labels", "threat_check", "bundle_detect"],
"fields": "all",
},
"token_security_check": {
"data_types": ["risk_scan", "contract_scan", "threat_check"],
"fields": [
"is_honeypot",
"risk_score",
"risks",
"scan_score",
"vulnerabilities_count",
"source",
],
},
"address_entity_lookup": {
"data_types": ["wallet_labels", "entity_intel", "socialfi_resolve", "cross_chain"],
"fields": "all",
},
"portfolio_tracker": {
"data_types": ["wallet_balance", "wallet_profile", "wallet_tokens", "portfolio"],
"fields": "all",
},
"smart_money_tracker": {
"data_types": ["smart_money", "gmgn_smart_money", "nansen_smart_money"],
"fields": "all",
},
"arkham_intel": {
"data_types": [
"arkham_entity",
"arkham_labels",
"arkham_transfers",
"arkham_counterparties",
],
"fields": [
"entity_name",
"category",
"label",
"confidence",
"from_address",
"to_address",
"source",
],
},
"funding_trace": {
"data_types": ["funding_source", "cross_chain", "wallet_cluster"],
"fields": "all",
},
"market_data": {
"data_types": [
"token_price",
"token_detail",
"tvl",
"trending",
"market_movers",
"market_overview",
"news",
"dex_data",
"defi_protocols",
"social_feed",
"prediction_markets",
"prediction_signals",
],
"fields": "all",
},
"deep_scan": {
"data_types": [
"risk_scan",
"sentinel_deep",
"funding_source",
"wallet_labels",
"entity_intel",
"threat_check",
"contract_scan",
"bundle_detect",
],
"fields": "all",
},
"rugmaps_scan": {
"data_types": ["bubble_map", "rugmaps_analysis", "risk_scan", "wallet_labels"],
"fields": "all",
},
}
# ── X402 PRICING → ACCESS MAPPING ────────────────────────────────────────────
# What x402 paid tools can access based on their price tier.
X402_ACCESS_TIERS = {
"free": [
"token_price",
"tvl",
"news",
"market_overview",
"trending",
"dex_data",
"social_feed",
"defi_protocols",
"prediction_markets",
"prediction_signals",
],
"basic": [
"token_price",
"tvl",
"news",
"market_overview",
"trending",
"market_movers",
"wallet_labels",
"wallet_balance",
"risk_scan",
"token_detail",
"bubble_map",
"rugmaps_analysis",
"dex_data",
"social_feed",
"defi_protocols",
"prediction_markets",
"prediction_signals",
],
"premium": [
"token_price",
"tvl",
"news",
"market_overview",
"trending",
"market_movers",
"wallet_labels",
"wallet_balance",
"risk_scan",
"wallet_profile",
"smart_money",
"funding_source",
"entity_intel",
"arkham_entity",
"arkham_labels",
"bubble_map",
"rugmaps_analysis",
"token_detail",
"wallet_tokens",
"wallet_pnl",
"cross_chain",
"wallet_cluster",
"bundle_detect",
"socialfi_resolve",
"threat_check",
"contract_scan",
"sentinel_deep",
"gmgn_smart_money",
"dex_data",
"social_feed",
"defi_protocols",
"prediction_markets",
"prediction_signals",
"portfolio",
],
"enterprise": "all", # Gets everything including admin
}
class AccessController:
"""
Controls what data each consumer can see and in what format.
No consumer ever gets raw data - everything is packaged and scoped.
"""
@staticmethod
def identify_consumer(
request=None,
admin_key: str = "",
consumer_type: str = "",
tool_id: str = "",
x402_tier: str = "",
) -> ConsumerType:
"""Identify who's making the request."""
# Explicit type override
if consumer_type:
try:
return ConsumerType(consumer_type)
except ValueError:
pass
# MCP tool
if tool_id and tool_id in MCP_TOOL_SCOPES:
return ConsumerType.MCP_TOOL
# x402 paid call
if x402_tier:
return ConsumerType.X402_PAID
# Admin key
if admin_key == os.getenv("ADMIN_API_KEY", ""):
return ConsumerType.ADMIN
# Auth header check
if request:
auth = request.headers.get("Authorization", "")
if auth.startswith("Bearer "):
# Could verify JWT here for tier info
# For now, authenticated
return ConsumerType.AUTHENTICATED
# No auth = public web
return ConsumerType.PUBLIC_WEB
@staticmethod
def check_access(data_type: str, consumer: ConsumerType) -> str:
"""
Check what packaging level the consumer gets for this data type.
Returns: "full", "summary", "scoped", or "denied"
"""
if data_type not in DATA_ACCESS_MATRIX:
# Unknown data type - authenticated minimum
if consumer in (ConsumerType.ADMIN, ConsumerType.MCP_TOOL):
return "full"
if consumer == ConsumerType.PREMIUM:
return "full"
if consumer == ConsumerType.AUTHENTICATED:
return "summary"
return "denied"
type_matrix = DATA_ACCESS_MATRIX[data_type]
packaging = type_matrix.get(consumer, "denied")
# MCP tool scoping - further restrict to tool's allowed data types
if consumer == ConsumerType.MCP_TOOL:
# MCP tools get "full" for their scoped data types,
# but only if the data type is in their scope
# (Tool scope is checked separately in package_for_mcp)
pass
return packaging
@staticmethod
def package_response(
data: dict, data_type: str, consumer: ConsumerType, tool_id: str = "", x402_tier: str = ""
) -> dict:
"""
Package a response based on consumer type.
Strips fields, redacts sensitive data, scopes to authorization level.
NEVER exposes raw internal data to non-admin consumers.
"""
packaging = AccessController.check_access(data_type, consumer)
if packaging == "denied":
return {
"error": "access_denied",
"message": f"Access to {data_type} requires higher tier",
"required_tier": "authenticated" if consumer == ConsumerType.PUBLIC_WEB else "premium",
}
if packaging == "full":
# Admin and premium get everything (minus dangerous fields)
return AccessController._strip_dangerous(data)
if packaging == "summary":
# Summary = only whitelisted fields for this data type
return AccessController._package_summary(data, data_type)
if packaging == "scoped":
# MCP tool = only fields the tool is authorized for
if tool_id and tool_id in MCP_TOOL_SCOPES:
return AccessController._package_for_mcp(data, data_type, tool_id)
return AccessController._package_summary(data, data_type)
# Fallback: strip dangerous, return basic
return AccessController._strip_dangerous(data)
@staticmethod
def _strip_dangerous(data: dict) -> dict:
"""Always strip dangerous fields regardless of access level."""
if not isinstance(data, dict):
return data
result = {}
for k, v in data.items():
if k.lower() in NEVER_EXPOSE_FIELDS:
continue
if isinstance(v, dict):
result[k] = AccessController._strip_dangerous(v)
elif isinstance(v, list):
result[k] = [AccessController._strip_dangerous(i) if isinstance(i, dict) else i for i in v]
else:
result[k] = v
return result
@staticmethod
def _package_summary(data: dict, data_type: str) -> dict:
"""Package as summary - only whitelisted fields."""
if not isinstance(data, dict):
return data
# Get allowed fields for this data type
allowed = SUMMARY_ONLY_FIELDS.get(data_type)
inner = data.get("data", data)
if allowed and isinstance(inner, dict):
result = {k: v for k, v in inner.items() if k in allowed}
# Always include metadata
result["source"] = data.get("source", "rmi")
result["cached"] = data.get("cached", False)
result["tier"] = data.get("tier", "unknown")
return result
# No specific field list - strip dangerous and return
return AccessController._strip_dangerous(data)
@staticmethod
def _package_for_mcp(data: dict, data_type: str, tool_id: str) -> dict:
"""Package for MCP tool - only data types and fields the tool is authorized for."""
scope = MCP_TOOL_SCOPES.get(tool_id, {})
allowed_types = scope.get("data_types", [])
if data_type not in allowed_types:
return {
"error": "tool_not_authorized",
"message": f"Tool {tool_id} not authorized for {data_type}",
}
allowed_fields = scope.get("fields", "all")
inner = data.get("data", data)
if allowed_fields == "all":
return AccessController._strip_dangerous(data)
# Strip to only allowed fields
if isinstance(inner, dict):
result = {k: v for k, v in inner.items() if k in allowed_fields}
result["source"] = "rmi_dataservice"
result["tool_id"] = tool_id
return result
return AccessController._strip_dangerous(data)
@staticmethod
def get_mcp_allowed_types(tool_id: str) -> list:
"""Return data types an MCP tool is allowed to access."""
scope = MCP_TOOL_SCOPES.get(tool_id, {})
return scope.get("data_types", [])
@staticmethod
def get_x402_allowed_types(tier: str) -> list:
"""Return data types an x402 tier can access."""
types = X402_ACCESS_TIERS.get(tier, X402_ACCESS_TIERS["free"])
if types == "all":
return list(DATA_ACCESS_MATRIX.keys())
return types
@staticmethod
def list_access_matrix() -> dict:
"""Return the full access matrix for admin UI."""
result = {}
for dtype, consumers in DATA_ACCESS_MATRIX.items():
result[dtype] = {c.value: p for c, p in consumers.items()}
return result
# ── Singleton ─────────────────────────────────────────────────────────────────
access_controller = AccessController()