feat: harden gateway with policy engine, secure tools, and governance docs

src/aegis_gitea_mcp/response_limits.py

@@ -0,0 +1,56 @@
+"""Helpers for bounded tool responses."""
+
+from __future__ import annotations
+
+from typing import Any
+
+from aegis_gitea_mcp.config import get_settings
+
+
+class ResponseLimitError(RuntimeError):
+    """Raised when response processing exceeds configured safety limits."""
+
+
+def limit_items(
+    items: list[dict[str, Any]], configured_limit: int | None = None
+) -> tuple[list[dict[str, Any]], int]:
+    """Trim a list of result items to configured maximum length.
+
+    Args:
+        items: List of result dictionaries.
+        configured_limit: Optional explicit item limit.
+
+    Returns:
+        Tuple of trimmed list and omitted count.
+    """
+    settings = get_settings()
+    max_items = configured_limit or settings.max_tool_response_items
+    if max_items <= 0:
+        raise ResponseLimitError("max_tool_response_items must be greater than zero")
+
+    if len(items) <= max_items:
+        return items, 0
+
+    trimmed = items[:max_items]
+    omitted = len(items) - max_items
+    return trimmed, omitted
+
+
+def limit_text(text: str, configured_limit: int | None = None) -> str:
+    """Trim text output to configured maximum characters.
+
+    Args:
+        text: Untrusted text output.
+        configured_limit: Optional explicit character limit.
+
+    Returns:
+        Trimmed text.
+    """
+    settings = get_settings()
+    max_chars = configured_limit or settings.max_tool_response_chars
+    if max_chars <= 0:
+        raise ResponseLimitError("max_tool_response_chars must be greater than zero")
+
+    if len(text) <= max_chars:
+        return text
+    return text[:max_chars]