ironcontext-core 0.1.0

Security & optimization engine for the Model Context Protocol (MCP).
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

//! Strict deserializer for MCP manifests.
//!
//! MCP servers expose tools through either the `initialize` handshake or the
//! `tools/list` JSON-RPC response.  Both shapes contain the same `Tool` records,
//! so the parser accepts either.  Unknown top-level fields are *preserved* but
//! flagged for downstream auditing.

use serde::{Deserialize, Serialize};

use crate::SentinelError;

/// A parsed MCP manifest: just the parts Sentinel needs to reason about.
#[derive(Debug, Clone, Serialize, Deserialize, Default)]
pub struct Manifest {
    /// Server identity (best-effort; many real servers omit this).
    #[serde(default)]
    pub server: ServerInfo,
    /// Declared tools.
    #[serde(default)]
    pub tools: Vec<Tool>,
}

#[derive(Debug, Clone, Serialize, Deserialize, Default)]
pub struct ServerInfo {
    #[serde(default)]
    pub name: String,
    #[serde(default)]
    pub version: String,
}

/// A single MCP tool record.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Tool {
    pub name: String,
    #[serde(default)]
    pub description: String,
    /// MCP keeps tool parameters under `inputSchema` (JSON Schema draft 2020-12).
    #[serde(rename = "inputSchema", default)]
    pub input_schema: serde_json::Value,
}

impl Manifest {
    /// Parse from raw bytes. Accepts any of:
    /// * `{"tools": [...]}` — a `tools/list` response
    /// * `{"result": {"tools": [...]}}` — JSON-RPC envelope
    /// * `{"serverInfo": {...}, "capabilities": {...}, "tools": [...]}` — `initialize`
    pub fn from_slice(bytes: &[u8]) -> Result<Self, SentinelError> {
        let v: serde_json::Value = serde_json::from_slice(bytes)?;
        let root = match v.get("result") {
            Some(r) => r.clone(),
            None => v,
        };

        let server = root
            .get("serverInfo")
            .cloned()
            .map(|s| serde_json::from_value::<ServerInfo>(s).unwrap_or_default())
            .unwrap_or_default();

        let tools_val = root
            .get("tools")
            .cloned()
            .ok_or_else(|| SentinelError::InvalidManifest("missing `tools` array".into()))?;

        let tools: Vec<Tool> = serde_json::from_value(tools_val)
            .map_err(|e| SentinelError::InvalidManifest(format!("tools[] malformed: {e}")))?;

        for t in &tools {
            if t.name.trim().is_empty() {
                return Err(SentinelError::InvalidManifest(
                    "tool has empty name".into(),
                ));
            }
        }

        Ok(Self { server, tools })
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn parses_tools_list_envelope() {
        let raw = br#"{
            "tools": [
                {"name": "echo", "description": "Echoes input", "inputSchema": {"type":"object"}}
            ]
        }"#;
        let m = Manifest::from_slice(raw).unwrap();
        assert_eq!(m.tools.len(), 1);
        assert_eq!(m.tools[0].name, "echo");
    }

    #[test]
    fn parses_jsonrpc_envelope() {
        let raw = br#"{"jsonrpc":"2.0","id":1,"result":{"tools":[{"name":"t","description":"d"}]}}"#;
        let m = Manifest::from_slice(raw).unwrap();
        assert_eq!(m.tools[0].name, "t");
    }

    #[test]
    fn parses_initialize_response() {
        let raw = br#"{
            "serverInfo": {"name":"acme","version":"1.0"},
            "capabilities": {},
            "tools": [{"name":"a","description":"","inputSchema":{}}]
        }"#;
        let m = Manifest::from_slice(raw).unwrap();
        assert_eq!(m.server.name, "acme");
        assert_eq!(m.tools.len(), 1);
    }

    #[test]
    fn rejects_missing_tools() {
        let raw = b"{}";
        assert!(Manifest::from_slice(raw).is_err());
    }

    #[test]
    fn rejects_empty_tool_name() {
        let raw = br#"{"tools":[{"name":"","description":""}]}"#;
        assert!(Manifest::from_slice(raw).is_err());
    }
}