Documentation
¶
Overview ¶
Package extensions provides built-in middleware, interceptors, and transformers for mcp-s3.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuditEntry ¶
type AuditEntry struct {
Timestamp time.Time `json:"timestamp"`
Tool string `json:"tool"`
Connection string `json:"connection,omitempty"`
RequestID string `json:"request_id,omitempty"`
Arguments map[string]any `json:"arguments,omitempty"`
Success bool `json:"success"`
Error string `json:"error,omitempty"`
Duration time.Duration `json:"duration_ns"`
DurationMs float64 `json:"duration_ms"`
}
AuditEntry represents a single audit log entry.
type AuditLogger ¶
type AuditLogger struct {
// contains filtered or unexported fields
}
AuditLogger logs audit entries.
func NewAuditLogger ¶
func NewAuditLogger(writer io.Writer) *AuditLogger
NewAuditLogger creates a new audit logger that writes to the given writer.
func NewBufferedAuditLogger ¶
func NewBufferedAuditLogger() *AuditLogger
NewBufferedAuditLogger creates an audit logger that buffers entries in memory. Useful for testing.
func (*AuditLogger) Entries ¶
func (l *AuditLogger) Entries() []AuditEntry
Entries returns all buffered entries (only for buffered loggers).
func (*AuditLogger) Log ¶
func (l *AuditLogger) Log(entry AuditEntry) error
Log records an audit entry.
type AuditMiddleware ¶
type AuditMiddleware struct {
// contains filtered or unexported fields
}
AuditMiddleware logs audit entries for tool operations.
func NewAuditMiddleware ¶
func NewAuditMiddleware(logger *AuditLogger) *AuditMiddleware
NewAuditMiddleware creates a new audit middleware.
func (*AuditMiddleware) After ¶ added in v0.1.4
func (m *AuditMiddleware) After( _ context.Context, tc *tools.ToolContext, result *mcp.CallToolResult, handlerErr error, ) (*mcp.CallToolResult, error)
After logs the audit entry after handler execution.
func (*AuditMiddleware) Before ¶ added in v0.1.4
func (m *AuditMiddleware) Before(ctx context.Context, _ *tools.ToolContext) (context.Context, error)
Before stores the start time in context for duration calculation.
func (*AuditMiddleware) Name ¶
func (m *AuditMiddleware) Name() string
Name returns the middleware name.
type Config ¶
type Config struct {
// ReadOnly enables read-only mode, blocking all write operations.
ReadOnly bool
// SizeLimit enables size limit enforcement.
SizeLimit bool
// MaxGetSize is the maximum size in bytes for object retrieval (0 = unlimited).
MaxGetSize int64
// MaxPutSize is the maximum size in bytes for object uploads (0 = unlimited).
MaxPutSize int64
// Logging enables structured logging of operations.
Logging bool
// Audit enables audit logging.
Audit bool
// PrefixACL enables prefix-based access control.
PrefixACL bool
// AllowedPrefixes is a list of prefixes that are allowed when PrefixACL is enabled.
AllowedPrefixes []string
// DeniedPrefixes is a list of prefixes that are denied when PrefixACL is enabled.
DeniedPrefixes []string
}
Config holds configuration for all built-in extensions.
func DefaultConfig ¶
func DefaultConfig() Config
DefaultConfig returns a Config with sensible defaults.
func FromEnv ¶
func FromEnv() Config
FromEnv creates a Config populated from environment variables.
Environment variables:
- MCP_S3_EXT_READONLY: Enable read-only mode (default: true)
- MCP_S3_EXT_SIZELIMIT: Enable size limits (default: true)
- MCP_S3_MAX_GET_SIZE: Max bytes for GET (default: 10MB)
- MCP_S3_MAX_PUT_SIZE: Max bytes for PUT (default: 100MB)
- MCP_S3_EXT_LOGGING: Enable logging (default: false)
- MCP_S3_EXT_AUDIT: Enable audit logging (default: false)
- MCP_S3_EXT_PREFIX_ACL: Enable prefix-based ACL (default: false)
type LoggingMiddleware ¶
type LoggingMiddleware struct {
// contains filtered or unexported fields
}
LoggingMiddleware provides structured logging for tool operations.
func NewLoggingMiddleware ¶
func NewLoggingMiddleware(logger *slog.Logger) *LoggingMiddleware
NewLoggingMiddleware creates a new logging middleware.
func (*LoggingMiddleware) After ¶ added in v0.1.4
func (m *LoggingMiddleware) After( _ context.Context, tc *tools.ToolContext, result *mcp.CallToolResult, handlerErr error, ) (*mcp.CallToolResult, error)
After logs the completion of a tool request.
func (*LoggingMiddleware) Before ¶ added in v0.1.4
func (m *LoggingMiddleware) Before(ctx context.Context, tc *tools.ToolContext) (context.Context, error)
Before logs the start of a tool request.
func (*LoggingMiddleware) Name ¶
func (m *LoggingMiddleware) Name() string
Name returns the middleware name.
type Metrics ¶
type Metrics struct {
// contains filtered or unexported fields
}
Metrics tracks tool usage statistics.
func (*Metrics) GetAllStats ¶
GetAllStats returns statistics for all tools.
func (*Metrics) GetToolStats ¶
GetToolStats returns statistics for a specific tool.
type MetricsMiddleware ¶
type MetricsMiddleware struct {
// contains filtered or unexported fields
}
MetricsMiddleware tracks metrics for tool operations.
func NewMetricsMiddleware ¶
func NewMetricsMiddleware(metrics *Metrics) *MetricsMiddleware
NewMetricsMiddleware creates a new metrics middleware.
func (*MetricsMiddleware) After ¶ added in v0.1.4
func (m *MetricsMiddleware) After( _ context.Context, tc *tools.ToolContext, result *mcp.CallToolResult, handlerErr error, ) (*mcp.CallToolResult, error)
After records metrics for the tool call.
func (*MetricsMiddleware) Before ¶ added in v0.1.4
func (m *MetricsMiddleware) Before(ctx context.Context, _ *tools.ToolContext) (context.Context, error)
Before is a no-op for metrics; start time is tracked in ToolContext.
func (*MetricsMiddleware) Name ¶
func (m *MetricsMiddleware) Name() string
Name returns the middleware name.
type PrefixACLInterceptor ¶
type PrefixACLInterceptor struct {
// contains filtered or unexported fields
}
PrefixACLInterceptor enforces prefix-based access control.
func NewPrefixACLInterceptor ¶
func NewPrefixACLInterceptor(allowedPrefixes, deniedPrefixes []string) *PrefixACLInterceptor
NewPrefixACLInterceptor creates a new prefix ACL interceptor.
func (*PrefixACLInterceptor) Intercept ¶
func (i *PrefixACLInterceptor) Intercept(_ context.Context, tc *tools.ToolContext, request *mcp.CallToolRequest) tools.InterceptResult
Intercept checks if the requested key prefix is allowed.
func (*PrefixACLInterceptor) Name ¶
func (i *PrefixACLInterceptor) Name() string
Name returns the interceptor name.
type ReadOnlyInterceptor ¶
type ReadOnlyInterceptor struct {
// contains filtered or unexported fields
}
ReadOnlyInterceptor blocks write operations when enabled.
func NewReadOnlyInterceptor ¶
func NewReadOnlyInterceptor(enabled bool) *ReadOnlyInterceptor
NewReadOnlyInterceptor creates a new read-only interceptor.
func (*ReadOnlyInterceptor) Intercept ¶
func (i *ReadOnlyInterceptor) Intercept(_ context.Context, tc *tools.ToolContext, _ *mcp.CallToolRequest) tools.InterceptResult
Intercept checks if the operation is a write and blocks it if read-only mode is enabled.
func (*ReadOnlyInterceptor) Name ¶
func (i *ReadOnlyInterceptor) Name() string
Name returns the interceptor name.
type SizeLimitInterceptor ¶
type SizeLimitInterceptor struct {
// contains filtered or unexported fields
}
SizeLimitInterceptor enforces size limits on object operations.
func NewSizeLimitInterceptor ¶
func NewSizeLimitInterceptor(maxGetSize, maxPutSize int64) *SizeLimitInterceptor
NewSizeLimitInterceptor creates a new size limit interceptor.
func (*SizeLimitInterceptor) Intercept ¶
func (i *SizeLimitInterceptor) Intercept(_ context.Context, tc *tools.ToolContext, request *mcp.CallToolRequest) tools.InterceptResult
Intercept checks size limits for PUT operations. GET size limits are handled in the tool itself since we need to check the object size.
func (*SizeLimitInterceptor) Name ¶
func (i *SizeLimitInterceptor) Name() string
Name returns the interceptor name.
type ToolStats ¶
type ToolStats struct {
Calls int64 `json:"calls"`
Errors int64 `json:"errors"`
ErrorRate float64 `json:"error_rate"`
AvgLatency float64 `json:"avg_latency_ms"`
MinLatency float64 `json:"min_latency_ms"`
MaxLatency float64 `json:"max_latency_ms"`
}
ToolStats returns statistics for a specific tool.