middleware

package
v0.0.0-...-be7b520 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 16, 2026 License: Apache-2.0 Imports: 60 Imported by: 0

Documentation

Overview

Package middleware provides HTTP middleware for the application.

Index

Constants

View Source 
const HTTPRequestContextKey contextKey = "http.request"

HTTPRequestContextKey is the context key for the HTTP request.

Summary: Context key used to store the original HTTP request.

View Source 
const RedisRateLimitScript = `` /* 1550-byte string literal not displayed */

RedisRateLimitScript is the Lua script executed atomically in Redis to perform token bucket updates. It handles token refill based on time elapsed, checks against burst capacity, and manages the expiration of unused keys to prevent memory leaks in Redis.

Variables

This section is empty.

Functions

func AuthMiddleware 

func AuthMiddleware(authManager *auth.Manager) mcp.Middleware

AuthMiddleware creates an MCP middleware for handling authentication. It is intended to inspect incoming requests and use the provided `AuthManager` to verify credentials before passing the request to the next handler.

Summary: MCP Middleware for request authentication.

Parameters:

  • authManager: *auth.Manager. The authentication manager.

Returns:

  • mcp.Middleware: The authentication middleware function.

func CORSMiddleware 

func CORSMiddleware() mcp.Middleware

CORSMiddleware creates an MCP middleware for handling Cross-Origin Resource Sharing (CORS). It is intended to add the necessary CORS headers to outgoing responses, allowing web browsers to securely make cross-origin requests to the MCP server.

NOTE: This middleware is currently a placeholder for MCP-level (JSON-RPC) interception and does not handle HTTP CORS headers. HTTP CORS is handled by the dedicated HTTP middleware in cors_http.go.

Returns an `mcp.Middleware` function.

func CalculateToolResultTokens 

func CalculateToolResultTokens(t tokenizer.Tokenizer, result any) int

CalculateToolResultTokens calculates the number of tokens in a tool result.

Parameters:

  • t: tokenizer.Tokenizer. The tokenizer to use for counting.
  • result: any. The result object to analyze (can be *mcp.CallToolResult, string, []byte, or others).

Returns:

  • int: The estimated token count.

func DLPMiddleware 

func DLPMiddleware(config *configv1.DLPConfig, log *slog.Logger) mcp.Middleware

DLPMiddleware creates a middleware that redacts PII from request arguments and result content.

config holds the configuration settings. log is the log.

Returns the result.

func DebugMiddleware 

func DebugMiddleware() mcp.Middleware

DebugMiddleware returns a middleware function that logs the full request and response of each MCP method call. This is useful for debugging and understanding the flow of data through the server.

func GetHTTPMiddlewares 

func GetHTTPMiddlewares(configs []*configv1.Middleware) []func(http.Handler) http.Handler

GetHTTPMiddlewares returns a sorted list of HTTP middlewares based on configuration.

configs is the configs.

Returns the result.

func GetMCPMiddlewares 

func GetMCPMiddlewares(configs []*configv1.Middleware) []func(mcp.MethodHandler) mcp.MethodHandler

GetMCPMiddlewares returns a sorted list of MCP middlewares based on configuration.

configs is the configs.

Returns the result.

func GzipCompressionMiddleware 

func GzipCompressionMiddleware(next http.Handler) http.Handler

GzipCompressionMiddleware returns a middleware that compresses HTTP responses using Gzip.

Summary: Middleware that compresses HTTP responses using Gzip if supported by the client.

Parameters:

  • next: http.Handler. The next handler in the chain.

Returns:

  • http.Handler: The wrapped handler that performs compression.

func HTTPSecurityHeadersMiddleware 

func HTTPSecurityHeadersMiddleware(next http.Handler) http.Handler

HTTPSecurityHeadersMiddleware adds security headers to HTTP responses.

Summary: Middleware that adds standard security headers to all HTTP responses.

Parameters:

  • next: http.Handler. The next handler in the chain.

Returns:

  • http.Handler: The wrapped handler that sets security headers.

func JSONRPCComplianceMiddleware 

func JSONRPCComplianceMiddleware(next http.Handler) http.Handler

JSONRPCComplianceMiddleware ensures that errors are returned as valid JSON-RPC responses.

Summary: Wraps non-JSON error responses in a JSON-RPC error format.

Parameters:

  • next: http.Handler. The next handler in the chain.

Returns:

  • http.Handler: The wrapped handler that enforces JSON-RPC compliance for errors.

Side Effects:

  • Intercepts and rewrites HTTP response bodies for error status codes.

func LoggingMiddleware 

func LoggingMiddleware(log *slog.Logger) mcp.Middleware

LoggingMiddleware creates an MCP middleware that logs information about each incoming request. It records the start and completion of each request, including the duration of the handling.

This is useful for debugging and monitoring the flow of requests through the server.

Summary: MCP Middleware for request logging.

Parameters:

  • log: *slog.Logger. The logger to be used. If `nil`, the default global logger will be used.

Returns:

  • mcp.Middleware: The logging middleware function.

func NewGuardrailsMiddleware 

func NewGuardrailsMiddleware(config GuardrailsConfig) gin.HandlerFunc

NewGuardrailsMiddleware creates a new Guardrails middleware.

Summary: Initializes the guardrails middleware for blocking malicious prompts.

Parameters:

  • config: GuardrailsConfig. The configuration for blocking patterns.

Returns:

  • gin.HandlerFunc: The Gin middleware handler.

func PrometheusMetricsMiddleware 

func PrometheusMetricsMiddleware(t tokenizer.Tokenizer) mcp.Middleware

PrometheusMetricsMiddleware provides protocol-level metrics for all MCP requests. It intercepts requests to track duration, success/failure counts, payload sizes, and token counts.

func RecoveryMiddleware 

func RecoveryMiddleware(next http.Handler) http.Handler

RecoveryMiddleware recovers from panics in the handler chain, logs the panic, and returns a generic 500 Internal Server Error response.

func Register 

func Register(name string, factory Factory)

Register registers a HTTP middleware factory.

name is the name of the resource. factory is the factory.

func RegisterMCP 

func RegisterMCP(name string, factory MCPFactory)

RegisterMCP registers an MCP middleware factory.

name is the name of the resource. factory is the factory.

func SSOMiddleware 

func SSOMiddleware(config SSOConfig) gin.HandlerFunc

SSOMiddleware creates a new SSO middleware.

config holds the configuration settings.

Returns the result.

func SetRedisClientCreatorForTests 

func SetRedisClientCreatorForTests(creator func(opts *redis.Options) *redis.Client)

SetRedisClientCreatorForTests allows injecting a mock Redis client creator for testing purposes.

creator: A function that takes Redis options and returns a client instance.

Types

type AuditMiddleware 

type AuditMiddleware struct {
	// contains filtered or unexported fields
}

AuditMiddleware provides audit logging for tool executions.

func NewAuditMiddleware 

func NewAuditMiddleware(auditConfig *configv1.AuditConfig) (*AuditMiddleware, error)

NewAuditMiddleware creates a new AuditMiddleware.

Summary: Initializes the audit middleware with the provided configuration.

Parameters:

  • auditConfig: *configv1.AuditConfig. The configuration for audit logging.

Returns:

  • *AuditMiddleware: The initialized middleware instance.
  • error: An error if the middleware cannot be initialized.

func (*AuditMiddleware) Close 

func (m *AuditMiddleware) Close() error

Close closes the underlying store.

Returns an error if the operation fails.

func (*AuditMiddleware) Execute 

func (m *AuditMiddleware) Execute(ctx context.Context, req *tool.ExecutionRequest, next tool.ExecutionFunc) (any, error)

Execute intercepts tool execution to log audit events.

Summary: Intercepts and logs tool execution requests and results.

Parameters:

  • ctx: context.Context. The context for the request.
  • req: *tool.ExecutionRequest. The tool execution request.
  • next: tool.ExecutionFunc. The next handler in the chain.

Returns:

  • any: The result of the tool execution.
  • error: An error if the tool execution fails.

Side Effects:

  • Writes an audit log entry to the configured store.

func (*AuditMiddleware) GetHistory 

func (m *AuditMiddleware) GetHistory() [][]byte

GetHistory returns the current broadcast history.

func (*AuditMiddleware) Read 

func (m *AuditMiddleware) Read(ctx context.Context, filter audit.Filter) ([]audit.Entry, error)

Read reads audit entries from the underlying store.

func (*AuditMiddleware) SetStore 

func (m *AuditMiddleware) SetStore(store audit.Store)

SetStore sets the audit store. This is primarily used for testing.

func (*AuditMiddleware) SubscribeWithHistory 

func (m *AuditMiddleware) SubscribeWithHistory() (chan []byte, [][]byte)

SubscribeWithHistory returns a channel that will receive broadcast messages, and the current history of messages.

func (*AuditMiddleware) Unsubscribe 

func (m *AuditMiddleware) Unsubscribe(ch chan []byte)

Unsubscribe removes a subscriber channel.

func (*AuditMiddleware) UpdateConfig 

func (m *AuditMiddleware) UpdateConfig(auditConfig *configv1.AuditConfig) error

UpdateConfig updates the audit configuration safely.

Summary: Updates the middleware configuration and re-initializes the store if needed.

Parameters:

  • auditConfig: *configv1.AuditConfig. The new configuration.

Returns:

  • error: An error if the store re-initialization fails.

type CSRFMiddleware 

type CSRFMiddleware struct {
	// contains filtered or unexported fields
}

CSRFMiddleware protects against Cross-Site Request Forgery attacks.

func NewCSRFMiddleware 

func NewCSRFMiddleware(allowedOrigins []string) *CSRFMiddleware

NewCSRFMiddleware creates a new CSRFMiddleware.

func (*CSRFMiddleware) Handler 

func (m *CSRFMiddleware) Handler(next http.Handler) http.Handler

Handler returns the HTTP handler.

func (*CSRFMiddleware) Update 

func (m *CSRFMiddleware) Update(origins []string)

Update updates the allowed origins.

type CachingMiddleware 

type CachingMiddleware struct {
	// contains filtered or unexported fields
}

CachingMiddleware handles caching of tool execution results.

func NewCachingMiddleware 

func NewCachingMiddleware(toolManager tool.ManagerInterface) *CachingMiddleware

NewCachingMiddleware creates a new CachingMiddleware.

toolManager is the toolManager.

Returns the result.

func (*CachingMiddleware) Clear 

func (m *CachingMiddleware) Clear(ctx context.Context) error

Clear clears the cache.

ctx is the context for the request.

Returns an error if the operation fails.

func (*CachingMiddleware) Execute 

func (m *CachingMiddleware) Execute(ctx context.Context, req *tool.ExecutionRequest, next tool.ExecutionFunc) (any, error)

Execute executes the caching middleware.

ctx is the context for the request. req is the request object. next is the next.

Returns the result. Returns an error if the operation fails.

func (*CachingMiddleware) SetProviderFactory 

func (m *CachingMiddleware) SetProviderFactory(factory ProviderFactory)

SetProviderFactory allows overriding the default provider factory for testing.

factory is the factory.

type CallPolicyMiddleware 

type CallPolicyMiddleware struct {
	// contains filtered or unexported fields
}

CallPolicyMiddleware is a middleware that enforces call policies (allow/deny) based on tool name and arguments.

func NewCallPolicyMiddleware 

func NewCallPolicyMiddleware(toolManager tool.ManagerInterface) *CallPolicyMiddleware

NewCallPolicyMiddleware creates a new CallPolicyMiddleware.

toolManager is the toolManager.

Returns the result.

func (*CallPolicyMiddleware) Execute 

func (m *CallPolicyMiddleware) Execute(ctx context.Context, req *tool.ExecutionRequest, next tool.ExecutionFunc) (any, error)

Execute enforces call policies before proceeding to the next handler.

ctx is the context for the request. req is the request object. next is the next.

Returns the result. Returns an error if the operation fails.

type ContextOptimizer 

type ContextOptimizer struct {
	MaxChars int
}

ContextOptimizer optimises the context size of responses.

func NewContextOptimizer 

func NewContextOptimizer(maxChars int) *ContextOptimizer

NewContextOptimizer creates a new ContextOptimizer.

maxChars is the maxChars.

Returns the result.

func (*ContextOptimizer) Handler 

func (co *ContextOptimizer) Handler(next http.Handler) http.Handler

Handler returns the middleware handler.

next is the next.

Returns the result.

type DebugEntry 

type DebugEntry struct {
	ID              string        `json:"id"`
	TraceID         string        `json:"trace_id"`
	SpanID          string        `json:"span_id"`
	ParentID        string        `json:"parent_id,omitempty"`
	Timestamp       time.Time     `json:"timestamp"`
	Method          string        `json:"method"`
	Path            string        `json:"path"`
	Status          int           `json:"status"`
	Duration        time.Duration `json:"duration"`
	RequestHeaders  http.Header   `json:"request_headers"`
	ResponseHeaders http.Header   `json:"response_headers"`
	RequestBody     string        `json:"request_body,omitempty"`
	ResponseBody    string        `json:"response_body,omitempty"`
}

DebugEntry represents a captured HTTP request/response.

Summary: Data structure holding details of a captured HTTP transaction.

type Debugger 

type Debugger struct {
	// contains filtered or unexported fields
}

Debugger monitors and records traffic for inspection.

Summary: Middleware that captures recent HTTP traffic for debugging purposes.

func NewDebugger 

func NewDebugger(size int) *Debugger

NewDebugger creates a new Debugger middleware.

Summary: Initializes the debugger with a fixed-size ring buffer.

Parameters:

  • size: int. The number of recent requests to keep in memory.

Returns:

  • *Debugger: The initialized debugger.

func (*Debugger) APIHandler 

func (d *Debugger) APIHandler() http.HandlerFunc

APIHandler returns a http.HandlerFunc to view entries.

Summary: Returns an HTTP handler that exposes the debug entries as JSON.

Returns:

  • http.HandlerFunc: The API handler function.

func (*Debugger) Close 

func (d *Debugger) Close()

Close stops the background processor.

Summary: Shuts down the debugger and releases resources.

func (*Debugger) Entries 

func (d *Debugger) Entries() []DebugEntry

Entries returns the last captured entries.

Summary: Retrieves the list of captured debug entries.

Returns:

  • []DebugEntry: A list of captured requests and responses.

func (*Debugger) Handler 

func (d *Debugger) Handler(next http.Handler) http.Handler

Handler returns the http handler.

Summary: Returns an HTTP handler that captures traffic.

Parameters:

  • next: http.Handler. The next handler in the chain.

Returns:

  • http.Handler: The wrapped handler.

type EmbeddingProvider 

type EmbeddingProvider interface {
	// Embed generates an embedding vector for the given text.
	// It returns the embedding as a slice of float32 and any error encountered.
	Embed(ctx context.Context, text string) ([]float32, error)
}

EmbeddingProvider defines the interface for fetching text embeddings.

type Factory 

type Factory func(config *configv1.Middleware) func(http.Handler) http.Handler

Factory is a function that creates a HTTP middleware from configuration.

type GlobalRateLimitMiddleware 

type GlobalRateLimitMiddleware struct {
	// contains filtered or unexported fields
}

GlobalRateLimitMiddleware provides rate limiting functionality for all MCP requests.

Summary: Middleware that enforces global rate limits on MCP requests.

func NewGlobalRateLimitMiddleware 

func NewGlobalRateLimitMiddleware(config *configv1.RateLimitConfig) *GlobalRateLimitMiddleware

NewGlobalRateLimitMiddleware creates a new GlobalRateLimitMiddleware.

Summary: Initializes the global rate limit middleware.

Parameters:

  • config: *configv1.RateLimitConfig. The rate limit configuration.

Returns:

  • *GlobalRateLimitMiddleware: The initialized middleware.

func (*GlobalRateLimitMiddleware) Execute 

func (m *GlobalRateLimitMiddleware) Execute(ctx context.Context, method string, req mcp.Request, next mcp.MethodHandler) (mcp.Result, error)

Execute executes the rate limiting middleware.

ctx is the context for the request. method is the method. req is the request object. next is the next.

Returns the result. Returns an error if the operation fails.

func (*GlobalRateLimitMiddleware) UpdateConfig 

func (m *GlobalRateLimitMiddleware) UpdateConfig(config *configv1.RateLimitConfig)

UpdateConfig updates the rate limit configuration safely.

Summary: Updates the rate limit configuration.

Parameters:

  • config: *configv1.RateLimitConfig. The new configuration.

type GuardrailsConfig 

type GuardrailsConfig struct {
	BlockedPhrases []string
}

GuardrailsConfig defines patterns to block.

Summary: Configuration for the guardrails middleware.

type HTTPCORSMiddleware 

type HTTPCORSMiddleware struct {
	// contains filtered or unexported fields
}

HTTPCORSMiddleware handles CORS for HTTP endpoints. It is thread-safe and supports dynamic updates.

func NewHTTPCORSMiddleware 

func NewHTTPCORSMiddleware(allowedOrigins []string) *HTTPCORSMiddleware

NewHTTPCORSMiddleware creates a new HTTPCORSMiddleware. If allowedOrigins is empty, it defaults to allowing nothing (or behaving like standard Same-Origin). To allow all, pass []string{"*"}.

func (*HTTPCORSMiddleware) Handler 

func (m *HTTPCORSMiddleware) Handler(next http.Handler) http.Handler

Handler wraps an http.Handler with CORS logic.

next is the next.

Returns the result.

func (*HTTPCORSMiddleware) Update 

func (m *HTTPCORSMiddleware) Update(allowedOrigins []string)

Update updates the allowed origins.

allowedOrigins is the allowedOrigins.

type HTTPEmbeddingProvider 

type HTTPEmbeddingProvider struct {
	// contains filtered or unexported fields
}

HTTPEmbeddingProvider implements a generic HTTP EmbeddingProvider.

func NewHTTPEmbeddingProvider 

func NewHTTPEmbeddingProvider(url string, headers map[string]string, bodyTemplateStr, responseJSONPath string) (*HTTPEmbeddingProvider, error)

NewHTTPEmbeddingProvider creates a new HTTPEmbeddingProvider.

url is the url. headers is the headers. bodyTemplateStr is the bodyTemplateStr. responseJSONPath is the responseJSONPath.

Returns the result. Returns an error if the operation fails.

func (*HTTPEmbeddingProvider) Embed 

func (p *HTTPEmbeddingProvider) Embed(ctx context.Context, text string) ([]float32, error)

Embed generates an embedding for the given text.

ctx is the context for the request. text is the text.

Returns the result. Returns an error if the operation fails.

type HTTPRateLimitMiddleware 

type HTTPRateLimitMiddleware struct {
	// contains filtered or unexported fields
}

HTTPRateLimitMiddleware provides global rate limiting for HTTP endpoints.

Summary: Middleware for rate limiting HTTP requests based on IP address.

func NewHTTPRateLimitMiddleware 

func NewHTTPRateLimitMiddleware(rps float64, burst int, opts ...HTTPRateLimitOption) *HTTPRateLimitMiddleware

NewHTTPRateLimitMiddleware creates a new HTTPRateLimitMiddleware.

Summary: Initializes a new HTTP rate limit middleware.

Parameters:

  • rps: float64. Requests per second allowed per IP.
  • burst: int. Maximum burst size allowed per IP.
  • opts: ...HTTPRateLimitOption. Optional configuration options.

Returns:

  • *HTTPRateLimitMiddleware: The initialized middleware instance.

func (*HTTPRateLimitMiddleware) Handler 

func (m *HTTPRateLimitMiddleware) Handler(next http.Handler) http.Handler

Handler wraps an http.Handler with rate limiting.

Summary: Returns a handler that enforces rate limiting.

Parameters:

  • next: http.Handler. The next handler in the chain.

Returns:

  • http.Handler: The wrapped handler.

type HTTPRateLimitOption 

type HTTPRateLimitOption func(*HTTPRateLimitMiddleware)

HTTPRateLimitOption defines a functional option for HTTPRateLimitMiddleware.

Summary: Functional option type for configuring the middleware.

func WithTrustProxy 

func WithTrustProxy(trust bool) HTTPRateLimitOption

WithTrustProxy enables trusting the X-Forwarded-For header.

Summary: Configures the middleware to trust the X-Forwarded-For header.

Parameters:

  • trust: bool. Whether to trust the proxy headers.

Returns:

  • HTTPRateLimitOption: The configuration option.

type IPAllowlistMiddleware 

type IPAllowlistMiddleware struct {
	// contains filtered or unexported fields
}

IPAllowlistMiddleware restricts access to allowed IP addresses.

Summary: Middleware that filters requests based on a list of allowed IP addresses or CIDRs.

func NewIPAllowlistMiddleware 

func NewIPAllowlistMiddleware(allowedCIDRs []string) (*IPAllowlistMiddleware, error)

NewIPAllowlistMiddleware creates a new IPAllowlistMiddleware.

Summary: Initializes the middleware with the initial list of allowed CIDRs.

Parameters:

  • allowedCIDRs: []string. A list of IP addresses or CIDR blocks to allow.

Returns:

  • *IPAllowlistMiddleware: The initialized middleware instance.
  • error: An error if any of the provided CIDRs are invalid.

func (*IPAllowlistMiddleware) Allow 

func (m *IPAllowlistMiddleware) Allow(remoteAddr string) bool

Allow checks if the given remote address is allowed.

Summary: Checks if a remote address is in the allowed list.

Parameters:

  • remoteAddr: string. The remote address (IP or IP:Port).

Returns:

  • bool: True if allowed, false otherwise.

func (*IPAllowlistMiddleware) Handler 

func (m *IPAllowlistMiddleware) Handler(next http.Handler) http.Handler

Handler returns an HTTP handler that enforces the allowlist.

Summary: Returns an HTTP handler that blocks unauthorized IPs.

Parameters:

  • next: http.Handler. The next handler in the chain.

Returns:

  • http.Handler: The wrapped handler.

func (*IPAllowlistMiddleware) Update 

func (m *IPAllowlistMiddleware) Update(allowedCIDRs []string) error

Update updates the allowlist with new CIDRs/IPs.

Summary: Dynamically updates the list of allowed IPs.

Parameters:

  • allowedCIDRs: []string. The new list of allowed IP addresses or CIDR blocks.

Returns:

  • error: An error if any of the provided CIDRs are invalid.

type JSONRPCError 

type JSONRPCError struct {
	Code    int    `json:"code"`
	Message string `json:"message"`
	Data    any    `json:"data,omitempty"`
}

JSONRPCError represents a JSON-RPC 2.0 error object.

type JSONRPCResponse 

type JSONRPCResponse struct {
	JSONRPC string        `json:"jsonrpc"`
	ID      any           `json:"id"`
	Error   *JSONRPCError `json:"error,omitempty"`
}

JSONRPCResponse represents a JSON-RPC 2.0 response object.

type Limiter 

type Limiter interface {
	// Allow checks if the request is allowed.
	//
	// ctx is the context for the request.
	//
	// Returns true if successful.
	// Returns an error if the operation fails.
	Allow(ctx context.Context) (bool, error)
	// AllowN checks if the request is allowed with a specific cost.
	//
	// ctx is the context for the request.
	// n is the n.
	//
	// Returns true if successful.
	// Returns an error if the operation fails.
	AllowN(ctx context.Context, n int) (bool, error)
	// Update updates the limiter configuration.
	//
	// rps is the rps.
	// burst is the burst.
	Update(rps float64, burst int)
}

Limiter interface defines the methods required for a rate limiter.

type LocalLimiter 

type LocalLimiter struct {
	*rate.Limiter
}

LocalLimiter is an in-memory implementation of Limiter.

func (*LocalLimiter) Allow 

func (l *LocalLimiter) Allow(_ context.Context) (bool, error)

Allow checks if the request is allowed (cost 1).

_ is an unused parameter.

Returns true if successful. Returns an error if the operation fails.

func (*LocalLimiter) AllowN 

func (l *LocalLimiter) AllowN(_ context.Context, n int) (bool, error)

AllowN checks if the request is allowed with a specific cost.

_ is an unused parameter. n is the n.

Returns true if successful. Returns an error if the operation fails.

func (*LocalLimiter) Update 

func (l *LocalLimiter) Update(rps float64, burst int)

Update updates the limiter configuration.

rps is the rps. burst is the burst.

type LocalStrategy 

type LocalStrategy struct{}

LocalStrategy implements RateLimitStrategy for local in-memory rate limiting.

func NewLocalStrategy 

func NewLocalStrategy() *LocalStrategy

NewLocalStrategy creates a new LocalStrategy.

Returns the result.

func (*LocalStrategy) Create 

func (s *LocalStrategy) Create(_ context.Context, _, _, _ string, config *configv1.RateLimitConfig) (Limiter, error)

Create creates a new LocalLimiter.

_ is an unused parameter. _ is an unused parameter. _ is an unused parameter. _ is an unused parameter. config holds the configuration settings.

Returns the result. Returns an error if the operation fails.

type MCPFactory 

type MCPFactory func(config *configv1.Middleware) func(mcp.MethodHandler) mcp.MethodHandler

MCPFactory is a function that creates an MCP middleware from configuration.

type OllamaEmbeddingProvider 

type OllamaEmbeddingProvider struct {
	// contains filtered or unexported fields
}

OllamaEmbeddingProvider implements EmbeddingProvider for Ollama.

func NewOllamaEmbeddingProvider 

func NewOllamaEmbeddingProvider(baseURL, model string) *OllamaEmbeddingProvider

NewOllamaEmbeddingProvider creates a new OllamaEmbeddingProvider.

baseURL is the baseURL. model is the model.

Returns the result.

func (*OllamaEmbeddingProvider) Embed 

func (p *OllamaEmbeddingProvider) Embed(ctx context.Context, text string) ([]float32, error)

Embed generates an embedding for the given text using Ollama.

ctx is the context for the request. text is the text.

Returns the result. Returns an error if the operation fails.

type OpenAIEmbeddingProvider 

type OpenAIEmbeddingProvider struct {
	// contains filtered or unexported fields
}

OpenAIEmbeddingProvider implements EmbeddingProvider for OpenAI.

func NewOpenAIEmbeddingProvider 

func NewOpenAIEmbeddingProvider(apiKey, model string) *OpenAIEmbeddingProvider

NewOpenAIEmbeddingProvider creates a new OpenAIEmbeddingProvider. It accepts an API key and a model name (defaults to "text-embedding-3-small" if empty).

func (*OpenAIEmbeddingProvider) Embed 

func (p *OpenAIEmbeddingProvider) Embed(ctx context.Context, text string) ([]float32, error)

Embed generates an embedding vector for the given text using the OpenAI API. It returns the embedding as a slice of float32 and any error encountered.

type Option 

type Option func(*RateLimitMiddleware)

Option defines a functional option for RateLimitMiddleware.

func WithTokenizer 

func WithTokenizer(t tokenizer.Tokenizer) Option

WithTokenizer sets a custom tokenizer for the middleware.

t is the t.

Returns the result.

type PostgresVectorStore 

type PostgresVectorStore struct {
	// contains filtered or unexported fields
}

PostgresVectorStore implements VectorStore using PostgreSQL and pgvector.

func NewPostgresVectorStore 

func NewPostgresVectorStore(dsn string) (*PostgresVectorStore, error)

NewPostgresVectorStore creates a new PostgresVectorStore. It connects to the database and ensures the schema exists.

func NewPostgresVectorStoreWithDB 

func NewPostgresVectorStoreWithDB(db *sql.DB) (*PostgresVectorStore, error)

NewPostgresVectorStoreWithDB creates a new PostgresVectorStore using an existing database connection. It ensures the schema exists.

func (*PostgresVectorStore) Add 

func (s *PostgresVectorStore) Add(ctx context.Context, key string, vector []float32, result any, ttl time.Duration) error

Add adds a new entry to the vector store.

ctx is the context for the request. key is the key. vector is the vector. result is the result. ttl is the ttl.

Returns an error if the operation fails.

func (*PostgresVectorStore) Close 

func (s *PostgresVectorStore) Close() error

Close closes the database connection.

Returns an error if the operation fails.

func (*PostgresVectorStore) Prune 

func (s *PostgresVectorStore) Prune(ctx context.Context, key string)

Prune removes expired entries.

ctx is the context for the request. key is the key.

func (*PostgresVectorStore) Search 

func (s *PostgresVectorStore) Search(ctx context.Context, key string, query []float32) (any, float32, bool)

Search searches for the most similar entry in the vector store.

ctx is the context for the request. key is the key. query is the query.

Returns the result. Returns the result. Returns true if successful.

type ProviderFactory 

type ProviderFactory func(config *configv1.SemanticCacheConfig, apiKey string) (EmbeddingProvider, error)

ProviderFactory is a function that creates an EmbeddingProvider.

type RBACMiddleware 

type RBACMiddleware struct {
	// contains filtered or unexported fields
}

RBACMiddleware provides middleware for Role-Based Access Control.

Summary: Middleware for enforcing role-based access control policies.

func NewRBACMiddleware 

func NewRBACMiddleware() *RBACMiddleware

NewRBACMiddleware creates a new RBACMiddleware.

Summary: Initializes the RBAC middleware.

Returns:

  • *RBACMiddleware: The initialized middleware.

func (*RBACMiddleware) EnforcePolicy 

func (m *RBACMiddleware) EnforcePolicy(_ func(user *configv1.User) bool) func(http.Handler) http.Handler

EnforcePolicy allows passing a custom policy function.

Summary: Enforces a custom policy based on the user object.

Parameters:

  • policy: func(user *configv1.User) bool. The policy function to evaluate.

Returns:

  • func(http.Handler) http.Handler: The middleware function.

func (*RBACMiddleware) RequireAnyRole 

func (m *RBACMiddleware) RequireAnyRole(roles ...string) func(http.Handler) http.Handler

RequireAnyRole returns an HTTP middleware that requires the user to have at least one of the specified roles.

Summary: Enforces that the authenticated user possesses at least one of the specified roles.

Parameters:

  • roles: ...string. The list of allowed roles.

Returns:

  • func(http.Handler) http.Handler: The middleware function.

func (*RBACMiddleware) RequireRole 

func (m *RBACMiddleware) RequireRole(role string) func(http.Handler) http.Handler

RequireRole returns an HTTP middleware that requires the user to have the specified role.

Summary: Enforces that the authenticated user possesses a specific role.

Parameters:

  • role: string. The required role.

Returns:

  • func(http.Handler) http.Handler: The middleware function.

type RateLimitMiddleware 

type RateLimitMiddleware struct {
	// contains filtered or unexported fields
}

RateLimitMiddleware is a tool execution middleware that provides rate limiting functionality for upstream services.

func NewRateLimitMiddleware 

func NewRateLimitMiddleware(toolManager tool.ManagerInterface, opts ...Option) *RateLimitMiddleware

NewRateLimitMiddleware creates a new RateLimitMiddleware.

toolManager is the toolManager. opts contains the options.

Returns the result.

func (*RateLimitMiddleware) Execute 

func (m *RateLimitMiddleware) Execute(ctx context.Context, req *tool.ExecutionRequest, next tool.ExecutionFunc) (any, error)

Execute executes the rate limiting middleware.

ctx is the context for the request. req is the request object. next is the next.

Returns the result. Returns an error if the operation fails.

type RateLimitStrategy 

type RateLimitStrategy interface {
	// Create creates a new Limiter instance.
	//
	// ctx is the context for the request.
	// serviceID is the serviceID.
	// limitScopeKey is the limitScopeKey.
	// partitionKey is the partitionKey.
	// config holds the configuration settings.
	//
	// Returns the result.
	// Returns an error if the operation fails.
	Create(ctx context.Context, serviceID, limitScopeKey, partitionKey string, config *configv1.RateLimitConfig) (Limiter, error)
}

RateLimitStrategy defines the interface for creating rate limiters.

type Redactor 

type Redactor struct {
	// contains filtered or unexported fields
}

Redactor handles redaction of sensitive data based on configuration.

func NewRedactor 

func NewRedactor(config *configv1.DLPConfig, log *slog.Logger) *Redactor

NewRedactor creates a new Redactor from the given DLP config.

config holds the configuration settings. log is the log.

Returns the result.

func (*Redactor) RedactJSON 

func (r *Redactor) RedactJSON(data []byte) ([]byte, error)

RedactJSON redacts sensitive information from a JSON byte slice.

data is the data.

Returns the result. Returns an error if the operation fails.

func (*Redactor) RedactString 

func (r *Redactor) RedactString(s string) string

RedactString redacts sensitive information from a string.

s is the s.

Returns the result.

func (*Redactor) RedactStruct 

func (r *Redactor) RedactStruct(v map[string]interface{})

RedactStruct redacts sensitive information from a map.

v is the v.

func (*Redactor) RedactValue 

func (r *Redactor) RedactValue(val interface{}) interface{}

RedactValue redacts sensitive information from a value.

val is the val.

Returns the result.

type RedisLimiter 

type RedisLimiter struct {
	// contains filtered or unexported fields
}

RedisLimiter implements a distributed rate limiter backed by Redis. It uses a token bucket algorithm to enforce rate limits across multiple service instances, ensuring that the configured Requests Per Second (RPS) and burst limits are respected regardless of how many server replicas are running.

func NewRedisLimiter 

func NewRedisLimiter(serviceID string, config *configv1.RateLimitConfig) (*RedisLimiter, error)

NewRedisLimiter creates a new RedisLimiter for the specified service using the provided configuration. It initializes a connection to Redis and sets up the rate limiting parameters.

Parameters:

  • serviceID: The unique identifier of the service to be rate-limited.
  • config: The rate limit configuration containing Redis connection details, RPS, and burst settings.

Returns:

  • A pointer to the initialized RedisLimiter, or nil if an error occurs.
  • An error if the configuration is invalid or the Redis connection fails.

func NewRedisLimiterWithClient 

func NewRedisLimiterWithClient(client *redis.Client, serviceID, limitScopeKey, partitionKey string, config *configv1.RateLimitConfig) *RedisLimiter

NewRedisLimiterWithClient creates a new RedisLimiter using an existing Redis client. This avoids creating a new connection pool if one is already available.

Parameters:

  • client: The existing Redis client instance.
  • serviceID: The unique identifier of the service.
  • limitScopeKey: An optional key to scope the limit.
  • partitionKey: An optional key to further partition the limit.
  • config: The rate limit configuration.

Returns:

  • A pointer to the initialized RedisLimiter.

func NewRedisLimiterWithPartition 

func NewRedisLimiterWithPartition(serviceID, limitScopeKey, partitionKey string, config *configv1.RateLimitConfig) (*RedisLimiter, error)

NewRedisLimiterWithPartition creates a new RedisLimiter with support for partitioned rate limiting. This is useful for more granular control, such as per-user or per-IP limits within a service.

Parameters:

  • serviceID: The unique identifier of the service.
  • limitScopeKey: An optional key to scope the limit (e.g., "user_id").
  • partitionKey: An optional key to further partition the limit (e.g., "12345").
  • config: The rate limit configuration.

Returns:

  • A pointer to the initialized RedisLimiter, or nil if initialization fails.
  • An error if the Redis configuration is missing.

func (*RedisLimiter) Allow 

func (l *RedisLimiter) Allow(ctx context.Context) (bool, error)

Allow checks if a single request is allowed under the current rate limit policy. It decrements the token bucket by 1.

Parameters:

  • ctx: The context for the request, used for timeouts and cancellation.

Returns:

  • true if the request is allowed (tokens were available).
  • false if the request is denied (rate limit exceeded).
  • An error if the Redis operation fails.

func (*RedisLimiter) AllowN 

func (l *RedisLimiter) AllowN(ctx context.Context, n int) (bool, error)

AllowN checks if a request with a specific cost is allowed. It attempts to consume 'n' tokens from the bucket.

Parameters:

  • ctx: The context for the request.
  • n: The cost of the request (number of tokens to consume).

Returns:

  • true if the request is allowed.
  • false if the request is denied.
  • An error if the Redis operation fails.

func (*RedisLimiter) Close 

func (l *RedisLimiter) Close() error

Close terminates the Redis client connection and releases resources.

Returns:

  • An error if closing the client fails.

func (*RedisLimiter) GetConfigHash 

func (l *RedisLimiter) GetConfigHash() string

GetConfigHash returns a hash string representing the underlying Redis configuration. This is used to detect configuration changes that might require a client reconnection.

Returns:

  • The configuration hash string.

func (*RedisLimiter) Update 

func (l *RedisLimiter) Update(rps float64, burst int)

Update dynamically updates the rate limit configuration for the running limiter.

Parameters:

  • rps: The new requests per second limit.
  • burst: The new burst capacity.

type RedisStrategy 

type RedisStrategy struct {
	// contains filtered or unexported fields
}

RedisStrategy implements RateLimitStrategy for Redis-based rate limiting.

func NewRedisStrategy 

func NewRedisStrategy() *RedisStrategy

NewRedisStrategy creates a new RedisStrategy.

Returns the result.

func (*RedisStrategy) Create 

func (s *RedisStrategy) Create(_ context.Context, serviceID, limitScopeKey, partitionKey string, config *configv1.RateLimitConfig) (Limiter, error)

Create creates a new RedisLimiter.

_ is an unused parameter. serviceID is the serviceID. limitScopeKey is the limitScopeKey. partitionKey is the partitionKey. config holds the configuration settings.

Returns the result. Returns an error if the operation fails.

type Registry 

type Registry struct {
	// contains filtered or unexported fields
}

Registry manages available middlewares.

type ResilienceMiddleware 

type ResilienceMiddleware struct {
	// contains filtered or unexported fields
}

ResilienceMiddleware provides circuit breaker and retry functionality for tool executions.

func NewResilienceMiddleware 

func NewResilienceMiddleware(toolManager tool.ManagerInterface) *ResilienceMiddleware

NewResilienceMiddleware creates a new ResilienceMiddleware.

toolManager is the toolManager.

Returns the result.

func (*ResilienceMiddleware) Execute 

func (m *ResilienceMiddleware) Execute(ctx context.Context, req *tool.ExecutionRequest, next tool.ExecutionFunc) (any, error)

Execute executes the resilience middleware.

ctx is the context for the request. req is the request object. next is the next.

Returns the result. Returns an error if the operation fails.

type SQLiteVectorStore 

type SQLiteVectorStore struct {
	// contains filtered or unexported fields
}

SQLiteVectorStore implements VectorStore using SQLite for persistence and an in-memory cache for fast search.

func NewSQLiteVectorStore 

func NewSQLiteVectorStore(path string) (*SQLiteVectorStore, error)

NewSQLiteVectorStore creates a new SQLiteVectorStore. It loads existing entries from the database into memory.

func (*SQLiteVectorStore) Add 

func (s *SQLiteVectorStore) Add(ctx context.Context, key string, vector []float32, result any, ttl time.Duration) error

Add adds a new entry to both memory and DB.

ctx is the context for the request. key is the key. vector is the vector. result is the result. ttl is the ttl.

Returns an error if the operation fails.

func (*SQLiteVectorStore) Close 

func (s *SQLiteVectorStore) Close() error

Close closes the database connection.

Returns an error if the operation fails.

func (*SQLiteVectorStore) Prune 

func (s *SQLiteVectorStore) Prune(ctx context.Context, key string)

Prune removes expired entries from both memory and DB.

ctx is the context for the request. key is the key.

func (*SQLiteVectorStore) Search 

func (s *SQLiteVectorStore) Search(ctx context.Context, key string, query []float32) (any, float32, bool)

Search searches in memory.

ctx is the context for the request. key is the key. query is the query.

Returns the result. Returns the result. Returns true if successful.

type SSOConfig 

type SSOConfig struct {
	Enabled bool
	IDPURL  string
}

SSOConfig defines the SSO configuration.

type SemanticCache 

type SemanticCache struct {
	// contains filtered or unexported fields
}

SemanticCache implements a semantic cache using embeddings and cosine similarity.

func NewSemanticCache 

func NewSemanticCache(provider EmbeddingProvider, store VectorStore, threshold float32) *SemanticCache

NewSemanticCache creates a new SemanticCache.

provider is the provider. store is the store. threshold is the threshold.

Returns the result.

func (*SemanticCache) Get 

func (c *SemanticCache) Get(ctx context.Context, key string, input string) (any, []float32, bool, error)

Get attempts to find a semantically similar cached result. It returns the result, the computed embedding, a boolean indicating a hit, and an error.

func (*SemanticCache) Set 

func (c *SemanticCache) Set(ctx context.Context, key string, embedding []float32, result any, ttl time.Duration) error

Set adds a result to the cache using the provided embedding.

ctx is the context for the request. key is the key. embedding is the embedding. result is the result. ttl is the ttl.

Returns an error if the operation fails.

type SimpleVectorStore 

type SimpleVectorStore struct {
	// contains filtered or unexported fields
}

SimpleVectorStore is a naive in-memory vector store.

func NewSimpleVectorStore 

func NewSimpleVectorStore() *SimpleVectorStore

NewSimpleVectorStore creates a new SimpleVectorStore. It initializes the store with a default configuration.

Returns:

  • *SimpleVectorStore: A pointer to the newly created SimpleVectorStore.

func (*SimpleVectorStore) Add 

func (s *SimpleVectorStore) Add(_ context.Context, key string, vector []float32, result any, ttl time.Duration) error

Add adds a new entry to the vector store. It evicts the oldest entry if the store exceeds the maximum number of entries for the key.

Parameters:

  • key: The key associated with the entry.
  • vector: The embedding vector.
  • result: The result to cache.
  • ttl: The time-to-live for the entry.

Returns:

  • error: An error if the operation fails (currently always nil).

func (*SimpleVectorStore) Prune 

func (s *SimpleVectorStore) Prune(_ context.Context, key string)

Prune removes expired entries from the vector store for the given key.

Parameters:

  • key: The key to prune entries for.

func (*SimpleVectorStore) Search 

func (s *SimpleVectorStore) Search(_ context.Context, key string, query []float32) (any, float32, bool)

Search searches for the most similar entry in the vector store for the given key and query vector. It returns the result, the similarity score, and a boolean indicating if a match was found.

Parameters:

  • key: The key to search for.
  • query: The query vector.

Returns:

  • any: The cached result if found.
  • float32: The similarity score (cosine similarity).
  • bool: True if a match was found, false otherwise.

type SmartRecoveryMiddleware 

type SmartRecoveryMiddleware struct {
	// contains filtered or unexported fields
}

SmartRecoveryMiddleware handles automatic error recovery using LLM.

func NewSmartRecoveryMiddleware 

func NewSmartRecoveryMiddleware(config *configv1.SmartRecoveryConfig, toolManager tool.ManagerInterface) *SmartRecoveryMiddleware

NewSmartRecoveryMiddleware creates a new SmartRecoveryMiddleware.

func (*SmartRecoveryMiddleware) Execute 

func (m *SmartRecoveryMiddleware) Execute(ctx context.Context, req *tool.ExecutionRequest, next tool.ExecutionFunc) (any, error)

Execute executes the middleware logic.

type StandardMiddlewares 

type StandardMiddlewares struct {
	Audit            *AuditMiddleware
	GlobalRateLimit  *GlobalRateLimitMiddleware
	ContextOptimizer *ContextOptimizer
	Debugger         *Debugger
	SmartRecovery    *SmartRecoveryMiddleware
	Cleanup          func() error
}

StandardMiddlewares holds the standard middlewares that might need to be updated.

func InitStandardMiddlewares 

func InitStandardMiddlewares(
	authManager *auth.Manager,
	toolManager tool.ManagerInterface,
	auditConfig *configv1.AuditConfig,
	cachingMiddleware *CachingMiddleware,
	globalRateLimitConfig *configv1.RateLimitConfig,
	dlpConfig *configv1.DLPConfig,
	contextOptimizerConfig *configv1.ContextOptimizerConfig,
	debuggerConfig *configv1.DebuggerConfig,
	smartRecoveryConfig *configv1.SmartRecoveryConfig,
) (*StandardMiddlewares, error)

InitStandardMiddlewares registers standard middlewares.

authManager is the authManager. toolManager is the toolManager. auditConfig is the auditConfig. cachingMiddleware is the cachingMiddleware. globalRateLimitConfig is the globalRateLimitConfig. dlpConfig is the dlpConfig. contextOptimizerConfig is the contextOptimizerConfig. debuggerConfig is the debuggerConfig. smartRecoveryConfig is the smartRecoveryConfig.

Returns the result. Returns an error if the operation fails.

type ToolMetricsMiddleware 

type ToolMetricsMiddleware struct {
	// contains filtered or unexported fields
}

ToolMetricsMiddleware provides detailed metrics for tool executions.

func NewToolMetricsMiddleware 

func NewToolMetricsMiddleware(t tokenizer.Tokenizer) *ToolMetricsMiddleware

NewToolMetricsMiddleware creates a new ToolMetricsMiddleware.

Parameters:

  • t: tokenizer.Tokenizer. The tokenizer used to count tokens in tool inputs and outputs. If nil, a simple default tokenizer is used.

Returns:

  • *ToolMetricsMiddleware: A new instance of ToolMetricsMiddleware with metrics registered.

func (*ToolMetricsMiddleware) Execute 

func (m *ToolMetricsMiddleware) Execute(ctx context.Context, req *tool.ExecutionRequest, next tool.ExecutionFunc) (any, error)

Execute executes the tool metrics middleware.

ctx is the context for the request. req is the request object. next is the next.

Returns the result. Returns an error if the operation fails.

type VectorEntry 

type VectorEntry struct {
	// Vector is the embedding vector.
	Vector []float32
	// Result is the cached result associated with the vector.
	Result any
	// ExpiresAt is the timestamp when this entry expires.
	ExpiresAt time.Time
	// Norm is the precomputed Euclidean norm of the vector.
	Norm float32
}

VectorEntry represents a single entry in the vector store.

type VectorStore 

type VectorStore interface {
	// Add adds a new entry to the vector store.
	//
	// ctx is the context for the request.
	// key is the key.
	// vector is the vector.
	// result is the result.
	// ttl is the ttl.
	//
	// Returns an error if the operation fails.
	Add(ctx context.Context, key string, vector []float32, result any, ttl time.Duration) error
	// Search searches for the most similar entry in the vector store.
	//
	// ctx is the context for the request.
	// key is the key.
	// query is the query.
	//
	// Returns the result.
	// Returns the result.
	// Returns true if successful.
	Search(ctx context.Context, key string, query []float32) (any, float32, bool)
	// Prune removes expired entries.
	//
	// ctx is the context for the request.
	// key is the key.
	Prune(ctx context.Context, key string)
}

VectorStore defines the interface for storing and searching vectors.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.