Crate pulseengine_mcp_security_middleware

Crate pulseengine_mcp_security_middleware 

Source
Expand description

§PulseEngine MCP Security Middleware

Zero-configuration security middleware for MCP servers with Axum integration.

This crate provides a simple, secure-by-default authentication and authorization middleware system that can be integrated into MCP servers with minimal configuration.

§Features

  • Zero Configuration: Works out of the box with sensible secure defaults
  • Security Profiles: Dev, staging, and production profiles with appropriate security levels
  • Environment-Based Config: Configure via environment variables without CLI tools
  • Auto-Generation: Automatically generates API keys and JWT secrets securely
  • Axum Integration: Built on middleware::from_fn for seamless integration
  • MCP Compliance: Follows 2025 MCP security best practices

§Quick Start

use pulseengine_mcp_security_middleware::*;
use axum::{Router, routing::get};
use axum::middleware::from_fn;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Zero-config development setup
    let security = SecurityConfig::development();
    let middleware = security.create_middleware().await?;

    let app: Router = Router::new()
        .route("/", get(|| async { "Hello, secure world!" }))
        .layer(from_fn(move |req, next| {
            let middleware = middleware.clone();
            async move { middleware.process(req, next).await }
        }));

    // Server setup...
    Ok(())
}

§Security Profiles

§Development Profile

use pulseengine_mcp_security_middleware::SecurityConfig;

let config = SecurityConfig::development();
// - Permissive settings for local development
// - Simple API key authentication
// - Detailed logging for debugging
// - CORS enabled for localhost

§Production Profile

use pulseengine_mcp_security_middleware::SecurityConfig;
let config = SecurityConfig::production();
// - Strict security settings
// - JWT authentication with secure secrets
// - Rate limiting enabled
// - Audit logging
// - HTTPS enforcement

§Environment Configuration

# Security profile
MCP_SECURITY_PROFILE=production

# Auto-generated if not provided
MCP_API_KEY=auto-generate
MCP_JWT_SECRET=auto-generate

# CORS and networking
MCP_CORS_ORIGIN=localhost
MCP_RATE_LIMIT=100/min

# Security features
MCP_ENABLE_AUDIT_LOG=true
MCP_REQUIRE_HTTPS=true

Re-exports§

pub use auth::ApiKeyValidator;
pub use auth::AuthContext;
pub use auth::TokenValidator;
pub use config::SecurityConfig;
pub use error::SecurityError;
pub use error::SecurityResult;
pub use middleware::SecurityMiddleware;
pub use middleware::mcp_auth_middleware;
pub use middleware::mcp_rate_limit_middleware;
pub use profiles::SecurityProfile;
pub use profiles::DevelopmentProfile;
pub use profiles::ProductionProfile;
pub use profiles::StagingProfile;
pub use utils::SecureRandom;
pub use utils::generate_api_key;
pub use utils::generate_jwt_secret;

Modules§

auth
Authentication and token validation logic
config
Configuration management for security middleware
error
Error types for the security middleware
middleware
Axum middleware implementation for MCP security
profiles
Security profiles for different deployment environments
utils
Utility functions for security operations

Constants§

VERSION
Version information for the security middleware

Functions§

dev_security
Creates a development security configuration with sensible defaults
env_security
Creates a security configuration from environment variables
prod_security
Creates a production security configuration with strict defaults