headerforward

func BuildHeaderForwardTripper ¶

func BuildHeaderForwardTripper(
	ctx context.Context,
	base http.RoundTripper,
	cfg *vmcp.HeaderForwardConfig,
	provider secrets.Provider,
	backendName string,
) (http.RoundTripper, error)

BuildHeaderForwardTripper constructs a headerForwardRoundTripper for the backend's pre-resolved HeaderForwardConfig. Returns base unchanged when no header injection is configured or the effective header set is empty.

Used by both the vMCP backend client (startup capability discovery) and the per-session backend connector (long-lived MCP traffic). Exported so the session backend in pkg/vmcp/session/internal/backend can share the same transport-chain wiring.

Fails loudly (constructor validation, per go-style.md) when a secret identifier cannot be resolved through the provider, so a misconfigured backend surfaces at pod startup — not as a silent missing-header on every request.

Restricted header names (matching pkg/transport/middleware.RestrictedHeaders) are rejected to prevent Host, Content-Length, Authorization, hop-by-hop, and X-Forwarded-* spoofing via user-supplied config.

func CaptureMiddleware ¶ added in v0.30.0

func CaptureMiddleware(allow []string) func(http.Handler) http.Handler

CaptureMiddleware returns HTTP middleware that copies the allowlisted incoming request headers into the request context (via WithForwardedHeaders) so the per-session backend client can forward them to backends. Header names are matched case-insensitively and stored in canonical form.

The capture is pure plumbing: it does not depend on the request identity and carries the values as an explicit, request-scoped context value rather than on any business-logic type. If allow is empty the function returns a no-op wrapper to avoid allocations on the hot path.

func ForwardedHeadersFromContext ¶ added in v0.30.0

func ForwardedHeadersFromContext(ctx context.Context) map[string]string

ForwardedHeadersFromContext returns the forwarded headers captured for the current request, or nil if none were captured.

func MergeForwardedHeaders ¶ added in v0.30.1

func MergeForwardedHeaders(base *vmcp.HeaderForwardConfig, forwarded map[string]string) (*vmcp.HeaderForwardConfig, error)

MergeForwardedHeaders returns a HeaderForwardConfig that combines the static backend configuration (base) with any per-request forwarded headers captured from the caller's request (see CaptureMiddleware / ForwardedHeadersFromContext).

Rules (applied in order):

1. If forwarded is empty, base is returned unchanged (no allocation, same pointer).
2. A new HeaderForwardConfig is built from a shallow copy of base so the shared target.HeaderForward is never mutated.
3. All output AddPlaintextHeaders keys (both static and forwarded) are canonicalized via http.CanonicalHeaderKey. Static keys from base.AddPlaintextHeaders are therefore also re-canonicalized in the output, which changes the intermediate map representation (though wire behavior is identical since resolveHeaderForward / BuildHeaderForwardTripper canonicalize again before writing to http.Header).
4. Forwarded header names are additionally checked against middleware.RestrictedHeaders; restricted names are silently dropped (defense-in-depth — they were already filtered upstream by CaptureMiddleware, but we guard here too).
5. A forwarded header name that also appears in base (AddPlaintextHeaders or AddHeadersFromSecret) is a misconfiguration: the function returns an error rather than silently picking a winner.

func WithForwardedHeaders ¶ added in v0.30.0

func WithForwardedHeaders(ctx context.Context, headers map[string]string) context.Context

WithForwardedHeaders returns a child context carrying the allowlisted forwarded headers (canonical header name → value) for the current request. This is request-scoped plumbing — the headers are read back by the per-session backend client when it builds the outbound transport.