Module server

Structs§

BearerToken: Per-request extension carrying the raw inbound bearer (the <token> from Authorization: Bearer <token>). Inserted by auth_middleware only after jwt::validate succeeds, so an expired/forged token never leaks into this extension. Consumed by handlers building a GenContext so an auth_generator can forward the calling sandbox’s identity to an upstream MCP via ${JWT_TOKEN} (issue #115).
CallRequest
CallResponse
HealthResponse
HelpRequest
HelpResponse
ProxyState: Shared state for the proxy server.
SkillAtiCatalogQuery
SkillAtiFileQuery
SkillAtiResourcesQuery
SkillBundleBatchRequest
SkillDetailQuery
SkillResolveRequest
SkillsQuery
ToolsQuery
UpstreamAllowEntry: One parsed allowlist entry. Allowlist CSV entries are operator-authored URL templates like https://parcha-tools-*.grep.ai/mcp. We parse them into (scheme, host_label_patterns, path) at load time so per-request validation can match each component separately: