nab 0.7.1

Token-optimized HTTP client for LLMs — fetches any URL as clean markdown
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172

//! `submit` tool — HTML form extraction and submission with CSRF handling.

use std::fmt::Write as FmtWrite;

use rust_mcp_sdk::macros::{JsonSchema, mcp_tool};
use rust_mcp_sdk::schema::{CallToolResult, TextContent, schema_utils::CallToolError};
use serde::{Deserialize, Serialize};

use nab::content::ContentRouter;

use crate::helpers::resolve_cookie_header;
use crate::structured::{TOOL_TRUNCATION_LIMIT, truncate_markdown};
use crate::tools::client::{build_transient_client, resolve_session_client};

// ─── Tool definition ─────────────────────────────────────────────────────────

#[mcp_tool(
    name = "submit",
    description = "Submit a web form with smart field extraction.

Fetches a page, parses all forms, extracts hidden fields and CSRF tokens,
merges user-provided fields, and submits via POST.

Use for: login forms, search forms, API interactions behind HTML pages.

Returns: Response body (markdown-converted) after form submission.",
    read_only_hint = false,
    open_world_hint = true
)]
#[derive(Debug, Deserialize, Serialize, JsonSchema)]
pub struct SubmitTool {
    url: String,
    fields: Vec<String>,
    #[serde(default)]
    csrf_selector: Option<String>,
    /// Browser cookie source.
    ///
    /// Omit or use `"auto"` to seed from the default browser for this domain.
    /// Use `"none"` to disable cookie seeding, or pass an explicit browser name
    /// such as `"brave"`, `"chrome"`, `"firefox"`, `"safari"`, or `"edge"`.
    #[serde(default)]
    cookies: Option<String>,
    /// Named session for cookie persistence.  When set, the form page fetch
    /// and the POST submission both use the session's cookie jar, preserving
    /// authentication state.  See `fetch` `session` for full documentation.
    #[serde(default)]
    session: Option<String>,
}

impl SubmitTool {
    pub async fn run(&self) -> Result<CallToolResult, CallToolError> {
        let mut output = format!("📝 Submitting form on: {}\n", self.url);

        // Resolve inner reqwest::Client: session-owned or global.
        let (page_html, inner_client) = self.fetch_page(&mut output).await?;

        let mut forms = nab::Form::parse_all(&page_html)
            .map_err(|e| CallToolError::from_message(e.to_string()))?;

        if forms.is_empty() {
            return Err(CallToolError::from_message("No forms found on page"));
        }

        let mut form = forms.remove(0);
        let _ = writeln!(output, "   Form: {} {}", form.method, form.action);

        if let Some(ref selector) = self.csrf_selector
            && let Ok(Some(token)) = nab::Form::extract_csrf_token(&page_html, selector)
        {
            let field_name = if selector.contains("name=") {
                selector
                    .split("name=")
                    .nth(1)
                    .and_then(|s| s.split(']').next())
                    .unwrap_or("csrf_token")
            } else {
                "csrf_token"
            };
            form.fields.insert(field_name.to_string(), token);
            output.push_str("   CSRF: extracted\n");
        }

        let user_fields = nab::parse_field_args(&self.fields)
            .map_err(|e| CallToolError::from_message(e.to_string()))?;
        form.merge_fields(&user_fields);

        let action_url = form
            .resolve_action(&self.url)
            .map_err(|e| CallToolError::from_message(e.to_string()))?;
        let form_data = form.encode_urlencoded();

        let response = inner_client
            .post(&action_url)
            .header("Content-Type", form.content_type())
            .body(form_data)
            .send()
            .await
            .map_err(|e| CallToolError::from_message(e.to_string()))?;

        let status = response.status();
        let body = response
            .text()
            .await
            .map_err(|e| CallToolError::from_message(e.to_string()))?;

        let _ = writeln!(output, "   Status: {status}\n");

        let router = ContentRouter::new();
        let conversion = router
            .convert(body.as_bytes(), "text/html")
            .map_err(|e| CallToolError::from_message(e.to_string()))?;

        output.push_str(&truncate_markdown(
            &conversion.markdown,
            TOOL_TRUNCATION_LIMIT,
        ));

        let structured = crate::structured::build_structured([
            ("url", serde_json::Value::String(self.url.clone())),
            ("status", serde_json::json!(status.as_u16())),
            (
                "content",
                serde_json::Value::String(truncate_markdown(
                    &conversion.markdown,
                    TOOL_TRUNCATION_LIMIT,
                )),
            ),
        ]);
        let mut result = CallToolResult::text_content(vec![TextContent::from(output)]);
        result.structured_content = Some(structured);
        Ok(result)
    }

    /// Fetch the form page and return `(html, reqwest::Client)`.
    ///
    /// Uses the session's cookie-jar client when a session name is set,
    /// otherwise builds a transient per-call client so cookies and `Set-Cookie`
    /// state persist across the initial page fetch and the eventual form submit.
    async fn fetch_page(
        &self,
        output: &mut String,
    ) -> Result<(String, reqwest::Client), CallToolError> {
        let cookie_header = resolve_cookie_header(&self.url, self.cookies.as_deref());
        if let Some(ref session_name) = self.session {
            let session_client =
                resolve_session_client(session_name, Some(&cookie_header), &self.url).await?;
            let _ = writeln!(output, "   Session: {session_name}");
            let resp = session_client
                .get(&self.url)
                .send()
                .await
                .map_err(|e| CallToolError::from_message(e.to_string()))?;
            let html = resp
                .text()
                .await
                .map_err(|e| CallToolError::from_message(e.to_string()))?;
            Ok((html, session_client))
        } else {
            let client = build_transient_client(Some(&cookie_header), &self.url).await?;
            let resp = client
                .get(&self.url)
                .send()
                .await
                .map_err(|e| CallToolError::from_message(e.to_string()))?;
            let html = resp
                .text()
                .await
                .map_err(|e| CallToolError::from_message(e.to_string()))?;
            Ok((html, client))
        }
    }
}