Skip to main content

Module code_mode

pmcp_server_toolkit

Module code_mode 

Source
Expand description

Code-mode wiring: bridges [code_mode] config blocks into pmcp-code-mode’s validation pipeline + HMAC token machinery, with policy / executor / validation types re-exported verbatim (NO duplicate impl per RESEARCH §“Anti-Patterns” #2).

§R1 split (per CODE_MODE_API_NOTES.md Section 6)

§Security invariants (R6 + R9)

  • R6 — toolkit-owned secret type. token_secret resolution flows through crate::secrets::SecretValue (feature-independent) and converts to TokenSecret via From only at the HMAC boundary. This keeps --no-default-features stable.
  • R9 — inline-secret rejection. A [code_mode] token_secret = "raw" literal is REJECTED at validation/resolve time unless the operator explicitly sets allow_inline_token_secret_for_dev = true. Default-deny; warnings are not protection.

Structs§

ApprovalToken
Approval token that authorizes code execution.
AuthorizationDecision
Authorization decision from policy evaluation.
AvpClient
AVP client for Code Mode policy evaluation.
AvpConfig
Configuration for the AVP client.
AvpPolicyEvaluator
AVP-based policy evaluator implementing the PolicyEvaluator trait.
CodeModeConfig
Configuration for Code Mode.
ExecutionConfig
Configuration for execution.
HmacTokenGenerator
HMAC-based token generator for MVP.
HttpCodeExecutor
Low-level HTTP executor bridging the toolkit’s outbound HttpAuthProvider to pmcp-code-mode’s HttpExecutor trait.
JsCodeExecutor
Adapter bridging [HttpExecutor] to CodeExecutor for JavaScript/OpenAPI servers (Pattern B: JS+HTTP).
NoopPolicyEvaluator
Always-allow policy evaluator for testing and local development ONLY.
SqlCodeExecutor
CodeExecutor adapter bridging the toolkit’s single-method SqlConnector to the code-mode validate_code / execute_code flow.
TokenSecret
Zeroizing wrapper for HMAC token secrets.
ValidationContext
Context for validation (user, session, schema).
ValidationPipeline
The validation pipeline that orchestrates all validation stages.

Enums§

ExecutionError
Errors that can occur during execution.
ValidationFlavor
Which validation surface the generalized code-mode wiring drives (OAPI-10 / D-02 / Gemini review: a compile-time enum, NOT a stringly-typed &str, so a flavor typo is impossible).

Traits§

CodeExecutor
High-level trait for executing validated code.
HttpExecutor
Trait for making HTTP requests during execution.
PolicyEvaluator
Trait for policy evaluation backends.
TokenGenerator
Trait for token generators.

Functions§

assemble_code_mode_prompt
TKIT-10: assemble the code-mode bootstrap prompt body from a connector’s SqlConnector::schema_text + curated [[database.tables]] descriptions.
assemble_code_mode_prompt_with_schema
File-based counterpart to assemble_code_mode_prompt — assemble the code-mode prompt body from a --schema file’s text WITHOUT any live connector introspection (Plan 85-02 Task 3 / D-04 / D-05).
build_code_mode_prompt
Alias for assemble_code_mode_prompt satisfying CONN-04’s literal naming.
canonicalize_code
Canonicalize code for consistent hashing.
code_mode_http_tools_from_executor
Register validate_code + execute_code on builder for the OpenAPI per-request Code-Mode path (Plan 90-10 / OAPI-03 / OAPI-05).
code_mode_tools_from_executor
Register validate_code + execute_code on builder, driven by the [code_mode] block, a caller-supplied CodeExecutor, and a ValidationFlavor (OAPI-10 / D-02).
compute_context_hash
Compute a context hash from schema and permissions.
hash_code
Compute the SHA-256 hash of canonicalized code.
register_code_mode_tools
Tolerant builder-extension entry point for [code_mode] config — the CONNECTORLESS, validation-only / no-tool path.
request_executor_from_extra
Derive a per-request HttpCodeExecutor from a pmcp::RequestHandlerExtra by threading the captured inbound MCP client token (Plan 90-10 / OAPI-03 / OAPI-05).
validation_pipeline_from_config
Build a ValidationPipeline from a ServerConfig’s [code_mode] block.