pmcp 2.4.0

High-quality Rust SDK for Model Context Protocol (MCP) with full TypeScript SDK compatibility
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307

//! Shared HTTP utilities for client and server middleware.
//!
//! This module provides common functionality used by both client-side and
//! server-side HTTP middleware, ensuring consistent behavior and avoiding
//! code duplication.

use http::{HeaderMap, HeaderName, HeaderValue};
use std::collections::HashSet;

/// Redact sensitive header values.
///
/// Returns either the redacted value or the original value if the header
/// is not in the redaction list.
///
/// # Arguments
///
/// * `name` - Header name to check
/// * `value` - Original header value
/// * `redact_headers` - Set of headers to redact
/// * `show_auth_scheme` - Whether to keep auth scheme (e.g., "Bearer")
/// * `max_len` - Optional maximum length for non-redacted values
pub fn redact_header_value(
    name: &HeaderName,
    value: &str,
    redact_headers: &HashSet<HeaderName>,
    show_auth_scheme: bool,
    max_len: Option<usize>,
) -> String {
    // Check if this header should be redacted
    if !redact_headers.contains(name) {
        // Not in redaction list - return with optional truncation
        return truncate_value(value, max_len);
    }

    // Redact based on header type
    if name == "authorization" && show_auth_scheme {
        // Keep auth scheme, redact token
        if let Some(space_idx) = value.find(' ') {
            let scheme = &value[..space_idx];
            format!("{} [REDACTED]", scheme)
        } else {
            "[REDACTED]".to_string()
        }
    } else {
        "[REDACTED]".to_string()
    }
}

/// Truncate a value to a maximum length.
fn truncate_value(value: &str, max_len: Option<usize>) -> String {
    match max_len {
        Some(max) if value.len() > max => {
            format!("{}...", &value[..max.min(value.len())])
        },
        _ => value.to_string(),
    }
}

/// Check if a content-type should allow body logging.
///
/// Returns true if the content type is text-based and suitable for logging.
///
/// # Arguments
///
/// * `content_type` - Content-Type header value (may include charset)
/// * `allowed_types` - Set of allowed base content types
pub fn should_log_body_for_content_type(
    content_type: Option<&str>,
    allowed_types: &HashSet<String>,
) -> bool {
    let Some(ct) = content_type else {
        return false;
    };

    // Extract base content type (ignore charset, etc.)
    let base_ct = ct.split(';').next().unwrap_or(ct).trim();

    // Check exact match or text/* wildcard
    allowed_types.contains(base_ct)
        || (base_ct.starts_with("text/") && allowed_types.iter().any(|t| t == "text/plain"))
}

/// Redact query parameters from a URL.
///
/// Returns the URL with query parameters replaced by `"[REDACTED]"`.
///
/// # Arguments
///
/// * `url` - Original URL
/// * `redact_query` - Whether to redact query parameters
pub fn redact_url_query(url: &str, redact_query: bool) -> String {
    if !redact_query {
        return url.to_string();
    }

    if let Some(query_start) = url.find('?') {
        format!("{}?[REDACTED]", &url[..query_start])
    } else {
        url.to_string()
    }
}

/// Format headers for logging with redaction.
///
/// Returns a formatted string with headers redacted as appropriate.
pub fn format_headers_for_logging(
    headers: &HeaderMap<HeaderValue>,
    redact_headers: &HashSet<HeaderName>,
    show_auth_scheme: bool,
    max_value_len: Option<usize>,
) -> String {
    let mut header_strs = Vec::new();

    for (name, _value) in headers {
        // Get all values for this header (handles multi-value headers)
        let values: Vec<&HeaderValue> = headers.get_all(name).iter().collect();

        for value in values {
            if let Ok(value_str) = value.to_str() {
                let redacted = redact_header_value(
                    name,
                    value_str,
                    redact_headers,
                    show_auth_scheme,
                    max_value_len,
                );
                header_strs.push(format!("{}={}", name.as_str(), redacted));
            }
        }
    }

    header_strs.join(", ")
}

/// Get default sensitive headers to redact.
///
/// Returns a set of commonly sensitive header names that should be
/// redacted by default in logging middleware.
pub fn default_sensitive_headers() -> HashSet<HeaderName> {
    let mut headers = HashSet::new();

    // Standard auth headers
    headers.insert(HeaderName::from_static("authorization"));
    headers.insert(HeaderName::from_static("proxy-authorization"));

    // Cookie headers
    headers.insert(HeaderName::from_static("cookie"));
    headers.insert(HeaderName::from_static("set-cookie"));

    // API key headers
    headers.insert(HeaderName::from_static("x-api-key"));
    headers.insert(HeaderName::from_static("x-auth-token"));

    // Cloud provider security tokens
    headers.insert(HeaderName::from_static("x-amz-security-token"));
    headers.insert(HeaderName::from_static("x-goog-api-key"));

    headers
}

/// Get default content types that are safe to log.
///
/// Returns a set of content types that contain text-based data
/// suitable for logging (not binary).
pub fn default_loggable_content_types() -> HashSet<String> {
    let mut types = HashSet::new();

    types.insert("application/json".to_string());
    types.insert("text/plain".to_string());
    types.insert("text/html".to_string());
    types.insert("text/xml".to_string());

    types
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_redact_header_value_authorization_with_scheme() {
        let mut redact_headers = HashSet::new();
        redact_headers.insert(HeaderName::from_static("authorization"));

        let name = HeaderName::from_static("authorization");
        let value = "Bearer secret-token-12345";

        let redacted = redact_header_value(&name, value, &redact_headers, true, None);
        assert_eq!(redacted, "Bearer [REDACTED]");
    }

    #[test]
    fn test_redact_header_value_authorization_no_scheme() {
        let mut redact_headers = HashSet::new();
        redact_headers.insert(HeaderName::from_static("authorization"));

        let name = HeaderName::from_static("authorization");
        let value = "Bearer secret-token-12345";

        let redacted = redact_header_value(&name, value, &redact_headers, false, None);
        assert_eq!(redacted, "[REDACTED]");
    }

    #[test]
    fn test_redact_header_value_cookie() {
        let mut redact_headers = HashSet::new();
        redact_headers.insert(HeaderName::from_static("cookie"));

        let name = HeaderName::from_static("cookie");
        let value = "session=abc123; user=john";

        let redacted = redact_header_value(&name, value, &redact_headers, true, None);
        assert_eq!(redacted, "[REDACTED]");
    }

    #[test]
    fn test_redact_header_value_not_sensitive() {
        let redact_headers = HashSet::new();

        let name = HeaderName::from_static("content-type");
        let value = "application/json";

        let redacted = redact_header_value(&name, value, &redact_headers, true, None);
        assert_eq!(redacted, "application/json");
    }

    #[test]
    fn test_redact_header_value_truncation() {
        let redact_headers = HashSet::new();

        let name = HeaderName::from_static("x-custom-header");
        let value = "very-long-value-that-should-be-truncated";

        let redacted = redact_header_value(&name, value, &redact_headers, true, Some(10));
        assert_eq!(redacted, "very-long-...");
    }

    #[test]
    fn test_should_log_body_for_content_type() {
        let allowed = default_loggable_content_types();

        // JSON should be allowed
        assert!(should_log_body_for_content_type(
            Some("application/json"),
            &allowed
        ));
        assert!(should_log_body_for_content_type(
            Some("application/json; charset=utf-8"),
            &allowed
        ));

        // Text types should be allowed
        assert!(should_log_body_for_content_type(
            Some("text/plain"),
            &allowed
        ));
        assert!(should_log_body_for_content_type(
            Some("text/html"),
            &allowed
        ));

        // Other text/* should be allowed via wildcard
        assert!(should_log_body_for_content_type(Some("text/csv"), &allowed));

        // Binary types should not be allowed
        assert!(!should_log_body_for_content_type(
            Some("application/octet-stream"),
            &allowed
        ));
        assert!(!should_log_body_for_content_type(
            Some("image/png"),
            &allowed
        ));

        // No content type should not be allowed
        assert!(!should_log_body_for_content_type(None, &allowed));
    }

    #[test]
    fn test_redact_url_query() {
        assert_eq!(
            redact_url_query("http://example.com/api?token=secret", true),
            "http://example.com/api?[REDACTED]"
        );

        assert_eq!(
            redact_url_query("http://example.com/api?token=secret", false),
            "http://example.com/api?token=secret"
        );

        assert_eq!(
            redact_url_query("http://example.com/api", true),
            "http://example.com/api"
        );
    }

    #[test]
    fn test_default_sensitive_headers() {
        let headers = default_sensitive_headers();

        assert!(headers.contains(&HeaderName::from_static("authorization")));
        assert!(headers.contains(&HeaderName::from_static("cookie")));
        assert!(headers.contains(&HeaderName::from_static("x-api-key")));
        assert!(headers.contains(&HeaderName::from_static("x-amz-security-token")));
        assert!(headers.contains(&HeaderName::from_static("x-goog-api-key")));
    }
}