Get agent policies tool

Signed-off-by: Marek Safarik <[email protected]>

Author: Marek Safarik

backend/helpers.go

@@ -64,3 +64,32 @@ func mapAgentToOutput(agentUUID string, agentStatus keylimeAgentStatusResponse)
 		HasRuntimePolicy:            agentStatus.Results.HasRuntimePolicy != 0,
 	}
 }
+
+func mapAgentToPolicies(agentUUID string, agentStatus keylimeAgentStatusResponse) getAgentPoliciesOutput {
+	return getAgentPoliciesOutput{
+		AgentUUID:                 agentUUID,
+		TPMPolicy:                 parseJSONString(agentStatus.Results.TPMPolicy),
+		VTPMPolicy:                parseJSONString(agentStatus.Results.VTPMPolicy),
+		MetaData:                  parseJSONString(agentStatus.Results.MetaData),
+		HasMeasuredBootPolicy:     agentStatus.Results.HasMbRefstate != 0,
+		HasRuntimePolicy:          agentStatus.Results.HasRuntimePolicy != 0,
+		AcceptedTPMHashAlgs:       agentStatus.Results.AcceptTPMHashAlgs,
+		AcceptedTPMEncryptionAlgs: agentStatus.Results.AcceptTPMEncryptionAlgs,
+		AcceptedTPMSigningAlgs:    agentStatus.Results.AcceptTPMSigningAlgs,
+	}
+}
+
+// parseJSONString converts a JSON string into a proper Go interface
+func parseJSONString(jsonStr string) interface{} {
+	if jsonStr == "" {
+		return map[string]interface{}{}
+	}
+
+	var result interface{}
+	if err := json.Unmarshal([]byte(jsonStr), &result); err != nil {
+		log.Printf("Warning: Invalid JSON string: %v", err)
+		return map[string]interface{}{}
+	}
+
+	return result
+}

backend/main.go

@@ -50,6 +50,7 @@ func main() {
 		mcp.AddTool(server, &mcp.Tool{Name: "Get_agent_status", Description: "Retrieves the current status information for a specific agent identified by its UUID"}, getAgentStatus)
 		mcp.AddTool(server, &mcp.Tool{Name: "Get_failed_agents", Description: "Retrieves all agents currently in a failed operational state with their detailed status information including attestation history and failure reasons"}, getFailedAgents)
 		mcp.AddTool(server, &mcp.Tool{Name: "Reactivate_agent", Description: "Reactivates a failed agent identified by its UUID"}, reactivate_agent)
+		mcp.AddTool(server, &mcp.Tool{Name: "Get_agent_policies", Description: "Retrieves policy configuration (TPM, vTPM, runtime policies) for a specific agent"}, agent_policies)
 		if err := server.Run(context.Background(), &mcp.StdioTransport{}); err != nil {
 			log.Fatal(err)
 		}

backend/tools.go

@@ -82,3 +82,15 @@ func reactivate_agent(ctx context.Context, req *mcp.CallToolRequest, input react
 
 	return nil, response, nil
 }
+
+func agent_policies(ctx context.Context, req *mcp.CallToolRequest, input getAgentPoliciesInput) (
+	*mcp.CallToolResult,
+	getAgentPoliciesOutput,
+	error,
+) {
+	agentDetails, err := fetchAgentDetails(input.AgentUUID)
+	if err != nil {
+		return nil, getAgentPoliciesOutput{}, err
+	}
+	return nil, mapAgentToPolicies(input.AgentUUID, agentDetails), nil
+}

backend/types.go

@@ -144,3 +144,19 @@ type reactivateAgentOutput struct {
 	Status  string   `json:"status"`
 	Results struct{} `json:"results"`
 }
+
+type getAgentPoliciesInput struct {
+	AgentUUID string `json:"agent_uuid"`
+}
+
+type getAgentPoliciesOutput struct {
+	AgentUUID                 string      `json:"agent_uuid"`
+	TPMPolicy                 interface{} `json:"tpm_policy"`
+	VTPMPolicy                interface{} `json:"vtpm_policy"`
+	MetaData                  interface{} `json:"meta_data"`
+	HasMeasuredBootPolicy     bool        `json:"has_measured_boot_policy"`
+	HasRuntimePolicy          bool        `json:"has_runtime_policy"`
+	AcceptedTPMHashAlgs       []string    `json:"accepted_tpm_hash_algs"`
+	AcceptedTPMEncryptionAlgs []string    `json:"accepted_tpm_encryption_algs"`
+	AcceptedTPMSigningAlgs    []string    `json:"accepted_tpm_signing_algs"`
+}