Expand description
MCP Streamable HTTP reverse proxy.
Implements the Streamable HTTP transport (MCP spec 2025-11-25) as a reverse proxy that intercepts tool calls, evaluates policies, and forwards allowed requests to an upstream MCP server.
Re-exports§
pub use call_chain::PrivilegeEscalationCheck;pub use discovery::handle_transport_discovery;pub use websocket::handle_ws_upgrade;pub use websocket::WebSocketConfig;
Modules§
- call_
chain - Session tracking, call chain management, and privilege escalation detection.
- discovery
- Transport discovery and negotiation endpoint.
- gateway
- MCP Gateway Router — multi-backend tool routing with health tracking (Phase 20).
- origin
- CSRF and DNS rebinding origin validation.
- smart_
fallback - Smart cross-transport fallback chain orchestrator (Phase 29).
- trace_
propagation - Trace context propagation for distributed tracing (Phase 28).
- transport_
health - Per-transport circuit breaker for cross-transport fallback (Phase 29).
- websocket
- WebSocket transport for MCP JSON-RPC messages (SEP-1288).
Structs§
- McpQuery
Params - Query parameters for POST /mcp.
- Proxy
State - Shared state for the HTTP proxy handlers.
- Trusted
Proxy Context - Per-request trust signal for forwarded-header handling.
Constants§
- X_
UPSTREAM_ AGENTS - OWASP ASI08: Header for tracking upstream agents in multi-hop MCP scenarios. Contains a JSON-encoded array of CallChainEntry objects from previous hops. This header is added by Vellaveto when forwarding requests downstream and read when receiving requests from upstream.
Functions§
- handle_
mcp_ delete - DELETE /mcp handler — session termination (MCP spec).
- handle_
mcp_ get - GET /mcp handler for SSE stream initiation/resumption.
- handle_
mcp_ post - Main POST /mcp handler.
- handle_
protected_ resource_ metadata - GET /.well-known/oauth-protected-resource handler (RFC 9728).
Type Aliases§
- Hmac
Sha256 - HMAC-SHA256 type alias for call chain signing (FIND-015).