middleware

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 23, 2026 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package middleware provides the middleware chain for tool handlers.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func MCPToolCallMiddleware added in v0.4.0 

func MCPToolCallMiddleware(authenticator Authenticator, authorizer Authorizer) mcp.Middleware

MCPToolCallMiddleware creates MCP protocol-level middleware that intercepts tools/call requests and enforces authentication and authorization.

This middleware runs at the MCP protocol level, intercepting all incoming requests before they reach tool handlers. For tools/call requests, it: 1. Extracts the tool name from the request 2. Creates a PlatformContext with the tool information 3. Runs authentication to identify the user 4. Runs authorization to check if the user can access the tool 5. Either proceeds with the call or returns an access denied error

func NewToolResultError 

func NewToolResultError(errMsg string) *mcp.CallToolResult

NewToolResultError creates an error result.

func NewToolResultText 

func NewToolResultText(text string) *mcp.CallToolResult

NewToolResultText creates a text result.

func WithPlatformContext 

func WithPlatformContext(ctx context.Context, pc *PlatformContext) context.Context

WithPlatformContext adds platform context to the context.

Types

type AuditEvent 

type AuditEvent struct {
	Timestamp    time.Time      `json:"timestamp"`
	RequestID    string         `json:"request_id"`
	UserID       string         `json:"user_id"`
	UserEmail    string         `json:"user_email"`
	Persona      string         `json:"persona"`
	ToolName     string         `json:"tool_name"`
	ToolkitKind  string         `json:"toolkit_kind"`
	ToolkitName  string         `json:"toolkit_name"`
	Connection   string         `json:"connection"`
	Parameters   map[string]any `json:"parameters"`
	Success      bool           `json:"success"`
	ErrorMessage string         `json:"error_message,omitempty"`
	DurationMS   int64          `json:"duration_ms"`
}

AuditEvent represents an auditable event.

type AuditLogger 

type AuditLogger interface {
	// Log records an audit event.
	Log(ctx context.Context, event AuditEvent) error
}

AuditLogger logs tool calls for auditing.

type Authenticator 

type Authenticator interface {
	// Authenticate validates credentials and returns user info.
	Authenticate(ctx context.Context) (*UserInfo, error)
}

Authenticator validates authentication credentials.

type Authorizer 

type Authorizer interface {
	// IsAuthorized checks if the user can use the tool.
	IsAuthorized(ctx context.Context, userID string, roles []string, toolName string) (bool, string)
}

Authorizer checks if a user is authorized for a tool.

func AllowAllAuthorizer 

func AllowAllAuthorizer() Authorizer

AllowAllAuthorizer authorizes all requests.

type Chain 

type Chain struct {
	// contains filtered or unexported fields
}

Chain holds an ordered list of middleware.

func NewChain 

func NewChain() *Chain

NewChain creates a new middleware chain.

func (*Chain) UseAfter 

func (c *Chain) UseAfter(mw Middleware)

UseAfter adds middleware to run after the handler.

func (*Chain) UseBefore 

func (c *Chain) UseBefore(mw Middleware)

UseBefore adds middleware to run before the handler.

func (*Chain) Wrap 

func (c *Chain) Wrap(handler Handler) Handler

Wrap wraps a handler with the middleware chain.

func (*Chain) WrapWithContext 

func (c *Chain) WrapWithContext(handler Handler, toolName, toolkitKind, toolkitName string) Handler

WrapWithContext creates a handler that initializes platform context.

type EnrichmentConfig 

type EnrichmentConfig struct {
	// EnrichTrinoResults adds semantic context to Trino tool results.
	EnrichTrinoResults bool

	// EnrichDataHubResults adds query context to DataHub tool results.
	EnrichDataHubResults bool

	// EnrichS3Results adds semantic context to S3 tool results.
	EnrichS3Results bool

	// EnrichDataHubStorageResults adds storage context to DataHub tool results.
	EnrichDataHubStorageResults bool
}

EnrichmentConfig configures semantic enrichment.

type Handler 

type Handler func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error)

Handler is the type for tool handlers.

type Middleware 

type Middleware func(Handler) Handler

Middleware wraps a handler with additional logic.

func AuditMiddleware 

func AuditMiddleware(logger AuditLogger) Middleware

AuditMiddleware creates middleware that logs tool calls.

func AuthMiddleware 

func AuthMiddleware(authenticator Authenticator) Middleware

AuthMiddleware creates authentication middleware.

func AuthzMiddleware 

func AuthzMiddleware(authorizer Authorizer) Middleware

AuthzMiddleware creates authorization middleware.

func SemanticEnrichmentMiddleware 

func SemanticEnrichmentMiddleware(
	semanticProvider semantic.Provider,
	queryProvider query.Provider,
	storageProvider storage.Provider,
	cfg EnrichmentConfig,
) Middleware

SemanticEnrichmentMiddleware creates middleware that enriches results with semantic context.

type NoopAuditLogger 

type NoopAuditLogger struct{}

NoopAuditLogger discards all audit events.

func (*NoopAuditLogger) Log 

func (n *NoopAuditLogger) Log(_ context.Context, _ AuditEvent) error

Log does nothing.

type NoopAuthenticator 

type NoopAuthenticator struct {
	DefaultUserID string
	DefaultRoles  []string
}

NoopAuthenticator always succeeds authentication.

func (*NoopAuthenticator) Authenticate 

func (n *NoopAuthenticator) Authenticate(_ context.Context) (*UserInfo, error)

Authenticate always returns a default user.

type NoopAuthorizer 

type NoopAuthorizer struct{}

NoopAuthorizer always authorizes.

func (*NoopAuthorizer) IsAuthorized 

func (n *NoopAuthorizer) IsAuthorized(_ context.Context, _ string, _ []string, _ string) (bool, string)

IsAuthorized always returns true.

type PlatformContext 

type PlatformContext struct {
	// Request identification
	RequestID string
	StartTime time.Time

	// User information
	UserID      string
	UserEmail   string
	UserClaims  map[string]any
	Roles       []string
	PersonaName string

	// Tool information
	ToolName    string
	ToolkitKind string
	ToolkitName string
	Connection  string

	// Authorization
	Authorized bool
	AuthzError string

	// Results (populated after handler)
	Success      bool
	ErrorMessage string
	Duration     time.Duration
}

PlatformContext holds platform-specific context for a request.

func GetPlatformContext 

func GetPlatformContext(ctx context.Context) *PlatformContext

GetPlatformContext retrieves platform context from the context.

func MustGetPlatformContext 

func MustGetPlatformContext(ctx context.Context) *PlatformContext

MustGetPlatformContext retrieves platform context or panics.

func NewPlatformContext 

func NewPlatformContext(requestID string) *PlatformContext

NewPlatformContext creates a new platform context.

type UserInfo 

type UserInfo struct {
	UserID   string
	Email    string
	Claims   map[string]any
	Roles    []string
	AuthType string // "oidc", "apikey", etc.
}

UserInfo holds authenticated user information.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.