Skip to main content

Module config

pmcp_server_toolkit

Module config 

Source
Expand description

ServerConfig + sub-sections. Strict #[serde(deny_unknown_fields)] per D-13.

§Strict-parse discipline (D-13)

Every struct in this module carries #[serde(deny_unknown_fields)]. A typo in any key (e.g. auto_aprove_levels for auto_approve_levels) is a parse error, not a silent default. This is the defence-in-depth path against the Tampering threat documented in 83-04-PLAN.md T-83-04-02 — mis-spelled keys MUST NOT degrade security policy.

§REF-01 superset invariant

ServerConfig is a strict superset of every key emitted by the three reference config.tomls (tests/fixtures/{open-images,imdb,msr-vtt}-config.toml, lifted in Plan 01 Task 4). When a fixture grows a new key, the toolkit grows a new field — typed if known, toml::Value if heterogeneous. The invariant is enforced empirically by the [tests/reference_configs.rs] integration test (REF-01 superset, D-13, ROADMAP SC-2).

Anti-pattern (RESEARCH §Pitfall 1, PATTERNS §8): Do NOT loosen deny_unknown_fields to make a fixture parse. Always ADD the missing field.

§Three entry points

MethodReturnsUse case
ServerConfig::from_tomlResult<Self, ToolkitError::Parse>Programmatic partial-config merge; no semantic checks
ServerConfig::validateResult<(), ConfigValidationError>Post-parse semantic check (run after a merge)
ServerConfig::from_toml_strict_validatedResult<Self, ToolkitError>Production entry: parse + validate in one call

Per Phase 83 review R8, validate() exists because the Default impls on ServerSection etc. would otherwise let [server] typos land empty name/version strings without an error. The strict-validated convenience is what production callers should reach for.

REF-01 superset enumeration (from tests/fixtures/{open-images,imdb,msr-vtt,reference}-config.toml; the SQLite Chinook reference-config.toml was lifted in Plan 85-01):

[server]            : id, name, description, type, version, is_reference
[metadata]          : display_name, short_description, description, tags, author, visibility
[database]          : type, database, output_location, workgroup, query_timeout_ms,
                      url, file_path, [[database.tables]], [database.pool]
[[database.tables]] : name, description
[database.pool]     : max_connections, connection_timeout_seconds
[code_mode]         : enabled, server_id, allow_writes, allow_deletes, allow_ddl,
                      require_limit, max_limit, blocked_tables, sensitive_columns,
                      auto_approve_levels, token_ttl_seconds, token_secret,
                      [code_mode.limits]
[code_mode.limits]  : max_tables_per_query, max_join_depth, max_subquery_depth
[shared_policy_store] : creates_shared_store, export_to_ssm, ssm_path, templates
[[tools]]           : name, description, sql, ui_resource_uri,
                      [[tools.parameters]], [tools.annotations]
[[tools.parameters]] : name, type, description, required, default, max_length,
                      minimum, maximum, enum
[tools.annotations] : read_only_hint, destructive_hint, idempotent_hint,
                      open_world_hint, cost_hint
[[prompts]]         : name, description, include_resources, arguments
[[resources]]       : uri, name, description, mime_type, content

Re-exports§

pub use crate::http::auth::AuthConfig;
pub use crate::http::client::HttpConfig;

Structs§

AnnotationsDecl
[tools.annotations] — MCP toolAnnotations hints.
BackendSection
[backend] section — the OpenAPI/REST HTTP backend declaration (D-06).
CodeModeLimits
[code_mode.limits] — query-complexity caps.
CodeModeSection
[code_mode] section — code-mode policy + complexity limits.
DatabasePoolSection
[database.pool] connection-pool tuning.
DatabaseSection
[database] section — backend identification and table catalogue.
DatabaseTableDecl
Single [[database.tables]] entry.
MetadataSection
[metadata] section — admin-facing display defaults (visible in the pmcp.run UI before an operator customises them).
ParamDecl
Single [[tools.parameters]] entry.
PromptArgumentDecl
Single argument under [[prompts.arguments]].
PromptDecl
Single [[prompts]] entry.
ResourceDecl
Single [[resources]] entry — a statically-shipped resource.
ServerConfig
Top-level pmcp-server-toolkit configuration parsed from a config.toml.
ServerSection
[server] section — identity and version metadata.
SharedPolicyStoreSection
[shared_policy_store] section — AVP/Cedar shared-policy-store declaration.
ToolDecl
Single [[tools]] entry — a declaratively-defined tool surface.