Expand description
Axum-based HTTP gateway with proper HTTP/1.1 compliance, body limits, and timeouts.
This module replaces the raw TCP implementation with axum for:
- Proper HTTP/1.1 parsing and compliance
- Content-Length validation (handled by hyper)
- Request body size limits (64KB max)
- Request timeouts (30s) to prevent slow-loris attacks
- Header sanitization (handled by axum/hyper)
Modules§
- api
- REST API handlers for the web dashboard.
- api_
agents - REST API handlers for agent management (
/api/agents). - api_
artifact_ body - Serves the raw bytes of a Kumiho artifact’s underlying local file.
- api_
clawhub - ClawHub marketplace integration — proxy endpoints for the Construct gateway.
- api_
kumiho_ proxy - Generic Kumiho API proxy — forwards
/api/kumiho/*requests to the upstream Kumiho FastAPI server, injecting the service token and remapping auth errors so they don’t trigger browser re-pairing. - api_mcp
/api/mcp/*— discovery + health proxy for the in-process MCP server.- api_
memory_ graph - Aggregated memory graph endpoint for the Memory Auditor.
- api_
pairing - Device management and pairing API handlers.
- api_
skills - REST API handlers for skill management (
/api/skills). - api_
teams - REST API handlers for team management (
/api/teams). - api_
workflows - REST API handlers for workflow management (
/api/workflows). - approval_
registry - auth_
rate_ limit - Sliding-window rate limiter for authentication attempts.
- canvas
- Live Canvas gateway routes — REST + WebSocket for real-time canvas updates.
- kumiho_
client - HTTP client for the Kumiho FastAPI REST API.
- mcp_
discovery - Discovery of the local in-process MCP server.
- nodes
- WebSocket endpoint for dynamic node discovery and capability advertisement.
- session_
queue - Per-session actor queue for serializing concurrent access.
- sse
- Server-Sent Events (SSE) stream for real-time event delivery.
- static_
files - Static file serving for the embedded web dashboard.
- terminal
- WebSocket PTY terminal handler.
- tls
- TLS and mutual TLS (mTLS) support for the gateway server.
- ws
- WebSocket agent chat handler.
- ws_
mcp_ events GET /ws/mcp/events— WebSocket proxy onto the in-process MCP server’s session-wide progress SSE stream (GET /session/<id>/events).
Structs§
- AppState
- Shared state for all axum handlers
- Gateway
Rate Limiter - Idempotency
Store - Wati
Verify Query - Webhook
Body - Webhook request body
- Whats
AppVerify Query WhatsAppverification query params
Constants§
- IDEMPOTENCY_
MAX_ KEYS_ DEFAULT - Fallback max distinct idempotency keys retained in gateway memory.
- MAX_
BODY_ SIZE - Maximum request body size (64KB) — prevents memory exhaustion
- RATE_
LIMIT_ MAX_ KEYS_ DEFAULT - Fallback max distinct client keys tracked in gateway rate limiter.
- RATE_
LIMIT_ WINDOW_ SECS - Sliding window used by gateway rate limiting.
- REQUEST_
TIMEOUT_ SECS - Default request timeout (30s) — prevents slow-loris attacks.
Functions§
- gateway_
request_ timeout_ secs - Read gateway request timeout from
CONSTRUCT_GATEWAY_TIMEOUT_SECSenv var at runtime, falling back toREQUEST_TIMEOUT_SECS. - run_
gateway - Run the HTTP gateway using axum with proper HTTP/1.1 compliance.
- verify_
whatsapp_ signature - Verify
WhatsAppwebhook signature (X-Hub-Signature-256). Returns true if the signature is valid, false otherwise. See: https://developers.facebook.com/docs/graph-api/webhooks/getting-started#verification-requests