Skip to main content

McpServerConfig

rmcp_server_kit::transport

Struct McpServerConfig 

Source 
#[non_exhaustive]
pub struct McpServerConfig {
Show 26 fields
    pub bind_addr: String,
    pub name: String,
    pub version: String,
    pub tls_cert_path: Option<PathBuf>,
    pub tls_key_path: Option<PathBuf>,
    pub auth: Option<AuthConfig>,
    pub rbac: Option<Arc<RbacPolicy>>,
    pub allowed_origins: Vec<String>,
    pub tool_rate_limit: Option<u32>,
    pub readiness_check: Option<ReadinessCheck>,
    pub max_request_body: usize,
    pub request_timeout: Duration,
    pub shutdown_timeout: Duration,
    pub session_idle_timeout: Duration,
    pub sse_keep_alive: Duration,
    pub on_reload_ready: Option<Box<dyn FnOnce(ReloadHandle) + Send>>,
    pub extra_router: Option<Router>,
    pub public_url: Option<String>,
    pub log_request_headers: bool,
    pub compression_enabled: bool,
    pub compression_min_size: u16,
    pub max_concurrent_requests: Option<usize>,
    pub admin_enabled: bool,
    pub admin_role: String,
    pub metrics_enabled: bool,
    pub metrics_bind: String,

}
Expand description

Configuration for the MCP server.

Fields (Non-exhaustive)§

This struct is marked as non-exhaustive
Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.
§bind_addr: String
👎Deprecated since 0.13.0:

use McpServerConfig::new() / with_bind_addr(); direct field access will become pub(crate) in 1.0

Socket address the MCP HTTP server binds to.

§name: String
👎Deprecated since 0.13.0:

set via McpServerConfig::new(); direct field access will become pub(crate) in 1.0

Server name advertised via MCP initialize.

§version: String
👎Deprecated since 0.13.0:

set via McpServerConfig::new(); direct field access will become pub(crate) in 1.0

Server version advertised via MCP initialize.

§tls_cert_path: Option<PathBuf>
👎Deprecated since 0.13.0:

use McpServerConfig::with_tls(); direct field access will become pub(crate) in 1.0

Path to the TLS certificate (PEM). Required for TLS/mTLS.

§tls_key_path: Option<PathBuf>
👎Deprecated since 0.13.0:

use McpServerConfig::with_tls(); direct field access will become pub(crate) in 1.0

Path to the TLS private key (PEM). Required for TLS/mTLS.

§auth: Option<AuthConfig>
👎Deprecated since 0.13.0:

use McpServerConfig::with_auth(); direct field access will become pub(crate) in 1.0

Optional authentication config. When Some and enabled, auth is enforced on /mcp. /healthz is always open.

§rbac: Option<Arc<RbacPolicy>>
👎Deprecated since 0.13.0:

use McpServerConfig::with_rbac(); direct field access will become pub(crate) in 1.0

Optional RBAC policy. When present and enabled, tool calls are checked against the policy after authentication.

§allowed_origins: Vec<String>
👎Deprecated since 0.13.0:

use McpServerConfig::with_allowed_origins(); direct field access will become pub(crate) in 1.0

Allowed Origin values for DNS rebinding protection (MCP spec MUST). When empty and public_url is set, the origin is auto-derived from the public URL. When both are empty, only requests with no Origin header are accepted. Example entries: "http://localhost:3000", "https://myapp.example.com".

§tool_rate_limit: Option<u32>
👎Deprecated since 0.13.0:

use McpServerConfig::with_tool_rate_limit(); direct field access will become pub(crate) in 1.0

Maximum tool invocations per source IP per minute. When set, enforced on every tools/call request.

§readiness_check: Option<ReadinessCheck>
👎Deprecated since 0.13.0:

use McpServerConfig::with_readiness_check(); direct field access will become pub(crate) in 1.0

Optional readiness probe for /readyz. When None, /readyz mirrors /healthz (always OK).

§max_request_body: usize
👎Deprecated since 0.13.0:

use McpServerConfig::with_max_request_body(); direct field access will become pub(crate) in 1.0

Maximum request body size in bytes. Default: 1 MiB. Protects against oversized payloads causing OOM.

§request_timeout: Duration
👎Deprecated since 0.13.0:

use McpServerConfig::with_request_timeout(); direct field access will become pub(crate) in 1.0

Request processing timeout. Default: 120s. Requests exceeding this duration receive 408 Request Timeout.

§shutdown_timeout: Duration
👎Deprecated since 0.13.0:

use McpServerConfig::with_shutdown_timeout(); direct field access will become pub(crate) in 1.0

Graceful shutdown timeout. Default: 30s. After the shutdown signal, in-flight requests have this long to finish.

§session_idle_timeout: Duration
👎Deprecated since 0.13.0:

use McpServerConfig::with_session_idle_timeout(); direct field access will become pub(crate) in 1.0

Idle timeout for MCP sessions. Sessions with no activity for this duration are closed automatically. Default: 20 minutes.

§sse_keep_alive: Duration
👎Deprecated since 0.13.0:

use McpServerConfig::with_sse_keep_alive(); direct field access will become pub(crate) in 1.0

Interval for SSE keep-alive pings. Prevents proxies and load balancers from killing idle connections. Default: 15 seconds.

§on_reload_ready: Option<Box<dyn FnOnce(ReloadHandle) + Send>>
👎Deprecated since 0.13.0:

use McpServerConfig::with_reload_callback(); direct field access will become pub(crate) in 1.0

Callback invoked once the server is built, delivering a ReloadHandle for hot-reloading auth keys and RBAC policy at runtime (e.g. on SIGHUP). Only useful when auth/RBAC is enabled.

§extra_router: Option<Router>
👎Deprecated since 0.13.0:

use McpServerConfig::with_extra_router(); direct field access will become pub(crate) in 1.0

Additional application-specific routes merged into the top-level router. These routes bypass the MCP auth and RBAC middleware, so the application is responsible for its own auth on them.

§public_url: Option<String>
👎Deprecated since 0.13.0:

use McpServerConfig::with_public_url(); direct field access will become pub(crate) in 1.0

Externally reachable base URL (e.g. https://mcp.example.com). When set, OAuth metadata endpoints advertise this URL instead of the listen address. Required when binding 0.0.0.0 behind a reverse proxy or inside a container.

§log_request_headers: bool
👎Deprecated since 0.13.0:

use McpServerConfig::enable_request_header_logging(); direct field access will become pub(crate) in 1.0

Log inbound HTTP request headers at DEBUG level. Sensitive values remain redacted.

§compression_enabled: bool
👎Deprecated since 0.13.0:

use McpServerConfig::enable_compression(); direct field access will become pub(crate) in 1.0

Enable gzip/br response compression on MCP responses. Defaults to false to preserve existing behaviour.

§compression_min_size: u16
👎Deprecated since 0.13.0:

use McpServerConfig::enable_compression(); direct field access will become pub(crate) in 1.0

Minimum response body size (in bytes) before compression kicks in. Only used when compression_enabled is true. Default: 1024.

§max_concurrent_requests: Option<usize>
👎Deprecated since 0.13.0:

use McpServerConfig::with_max_concurrent_requests(); direct field access will become pub(crate) in 1.0

Global cap on in-flight HTTP requests across the whole server. When Some, requests over the cap receive 503 Service Unavailable via tower::load_shed. Default: None (unlimited).

§admin_enabled: bool
👎Deprecated since 0.13.0:

use McpServerConfig::enable_admin(); direct field access will become pub(crate) in 1.0

Enable /admin/* diagnostic endpoints. Requires auth to be configured and enabled. Default: false.

§admin_role: String
👎Deprecated since 0.13.0:

use McpServerConfig::enable_admin(); direct field access will become pub(crate) in 1.0

RBAC role required to access admin endpoints. Default: "admin".

§metrics_enabled: bool
👎Deprecated since 0.13.0:

use McpServerConfig::with_metrics(); direct field access will become pub(crate) in 1.0

Enable Prometheus metrics endpoint on a separate listener. Requires the metrics crate feature.

§metrics_bind: String
👎Deprecated since 0.13.0:

use McpServerConfig::with_metrics(); direct field access will become pub(crate) in 1.0

Bind address for the Prometheus metrics listener. Default: 127.0.0.1:9090.

Implementations§

Source§

impl McpServerConfig

Source

pub fn new( bind_addr: impl Into<String>, name: impl Into<String>, version: impl Into<String>, ) -> Self

Create a new server configuration with the given bind address, server name, and version. All other fields use safe defaults.

Use the chainable with_* / enable_* builder methods to customize. Call McpServerConfig::validate to obtain a Validated<McpServerConfig> proof token, which is required by serve and serve_with_listener.

Source

pub fn with_auth(self, auth: AuthConfig) -> Self

Attach an authentication configuration. Required for enable_admin and any non-public deployment.

Source

pub fn with_bind_addr(self, addr: impl Into<String>) -> Self

Override the bind address (e.g. 127.0.0.1:8080). Useful when the final port is only known after pre-binding an ephemeral listener (tests, dynamic-port deployments).

Source

pub fn with_rbac(self, rbac: Arc<RbacPolicy>) -> Self

Attach an RBAC policy. Tool calls are checked against the policy after authentication.

Source

pub fn with_tls( self, cert_path: impl Into<PathBuf>, key_path: impl Into<PathBuf>, ) -> Self

Configure TLS by providing the certificate and private key paths (PEM). Both must be readable at startup. Without this call, the server runs plain HTTP.

Source

pub fn with_public_url(self, url: impl Into<String>) -> Self

Set the externally reachable base URL (e.g. https://mcp.example.com). Required when binding 0.0.0.0 behind a reverse proxy or inside a container so OAuth metadata and auto-derived origins resolve correctly.

Source

pub fn with_allowed_origins<I, S>(self, origins: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Replace the allowed Origin allow-list (DNS-rebinding protection). When empty and with_public_url is set, the origin is auto-derived.

Source

pub fn with_extra_router(self, router: Router) -> Self

Merge an additional axum router at the top level. Routes added here bypass rmcp-server-kit auth and RBAC; the application is responsible for its own protection.

Source

pub fn with_readiness_check(self, check: ReadinessCheck) -> Self

Install an async readiness probe for /readyz. Without this call, /readyz mirrors /healthz (always 200 OK).

Source

pub fn with_max_request_body(self, bytes: usize) -> Self

Override the maximum request body (bytes). Must be > 0. Default: 1 MiB.

Source

pub fn with_request_timeout(self, timeout: Duration) -> Self

Override the per-request processing timeout. Default: 2 minutes.

Source

pub fn with_shutdown_timeout(self, timeout: Duration) -> Self

Override the graceful shutdown grace period. Default: 30 seconds.

Source

pub fn with_session_idle_timeout(self, timeout: Duration) -> Self

Override the MCP session idle timeout. Default: 20 minutes.

Source

pub fn with_sse_keep_alive(self, interval: Duration) -> Self

Override the SSE keep-alive interval. Default: 15 seconds.

Source

pub fn with_max_concurrent_requests(self, limit: usize) -> Self

Cap the global number of in-flight HTTP requests via tower::load_shed. Excess requests receive 503 Service Unavailable. Default: unlimited.

Source

pub fn with_tool_rate_limit(self, per_minute: u32) -> Self

Cap tool invocations per source IP per minute. Enforced on every tools/call request.

Source

pub fn with_reload_callback<F>(self, callback: F) -> Self
where F: FnOnce(ReloadHandle) + Send + 'static,

Register a callback that receives the ReloadHandle after the server is built. Use it to wire SIGHUP-style hot reloads of API keys and RBAC policy.

Source

pub fn enable_compression(self, min_size: u16) -> Self

Enable gzip/brotli response compression on MCP responses. min_size is the smallest body size (bytes) eligible for compression. Default min size: 1024.

Source

pub fn enable_admin(self, role: impl Into<String>) -> Self

Enable /admin/* diagnostic endpoints. Requires with_auth to be set and enabled; otherwise validate returns an error. role is the RBAC role gate (default: "admin").

Source

pub fn enable_request_header_logging(self) -> Self

Log inbound HTTP request headers at DEBUG level. Sensitive values remain redacted by the logging layer.

Source

pub fn with_metrics(self, bind: impl Into<String>) -> Self

Enable the Prometheus metrics listener on bind (e.g. 127.0.0.1:9090). Requires the metrics crate feature.

Source

pub fn validate(self) -> Result<Validated<Self>, McpxError>

Validate the configuration and consume self, returning a Validated<McpServerConfig> proof token required by serve and serve_with_listener. This is the only way to construct Validated<McpServerConfig>, so the type system guarantees validation has run before the server starts.

Checks:

  1. admin_enabled requires auth to be configured and enabled.
  2. tls_cert_path and tls_key_path must both be set or both be unset.
  3. bind_addr must parse as a SocketAddr.
  4. public_url, when set, must start with http:// or https://.
  5. Each entry in allowed_origins must start with http:// or https://.
  6. max_request_body must be greater than zero.
  7. When the oauth feature is enabled and an OAuthConfig is present, all OAuth URL fields (jwks_uri, proxy.authorize_url, proxy.token_url, proxy.introspection_url, proxy.revocation_url, token_exchange.token_url) must parse and use the https scheme. Set OAuthConfig::allow_http_oauth_urls to permit http:// targets (strongly discouraged in production - see the field-level docs for the threat model).
§Errors

Returns McpxError::Config with a human-readable message on the first validation failure.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<A, B, T> HttpServerConnExec<A, B> for T
where B: Body,