Struct SessionState 

pub struct SessionState {

    pub session_id: String,
    pub created_at: Instant,
    pub last_activity: Instant,
    pub protocol_version: Option<String>,
    pub request_count: u64,
    pub tools_list_seen: bool,
    pub oauth_subject: Option<String>,
    pub pinned_manifest: Option<ToolManifest>,
    pub memory_tracker: MemoryTracker,
    pub elicitation_count: u32,
    pub sampling_count: u32,
    pub token_expires_at: Option<u64>,
    pub current_call_chain: Vec<CallChainEntry>,
    pub agent_identity: Option<AgentIdentity>,
    pub risk_score: Option<RiskScore>,
    pub discovered_tools: HashMap<String, DiscoveredToolSession>,
    /* private fields */
}

Per-session state tracked by the HTTP proxy.

Fields

session_id: String

created_at: Instant

last_activity: Instant

protocol_version: Option<String>

request_count: u64

tools_list_seen: bool

Whether the initial tools/list response has been seen for this session. Used for rug-pull detection: tool additions after the first list are suspicious.

oauth_subject: Option<String>

OAuth subject identifier from the authenticated token (if OAuth is enabled). Stored for inclusion in audit trail entries.

pinned_manifest: Option<ToolManifest>

Pinned tool manifest for this session. Built from the first tools/list response, used to verify subsequent tools/list responses.

memory_tracker: MemoryTracker

OWASP ASI06: Per-session memory poisoning tracker. Records fingerprints of notable strings from tool responses and flags when those strings appear verbatim in subsequent tool call parameters.

elicitation_count: u32

Number of elicitation requests processed in this session. Used for per-session rate limiting of elicitation/create requests.

sampling_count: u32

Number of sampling requests processed in this session. Used for per-session rate limiting of sampling/createMessage requests. SECURITY (FIND-R125-001): Parity with elicitation rate limiting.

token_expires_at: Option<u64>

SECURITY (R15-OAUTH-4): Token expiry timestamp (Unix seconds).

current_call_chain: Vec<CallChainEntry>

OWASP ASI08: Call chain for multi-agent communication monitoring. Tracks upstream agent hops for the latest policy-evaluated request. Updated from X-Upstream-Agents headers on tool calls, resource reads, and task requests.

agent_identity: Option<AgentIdentity>

OWASP ASI07: Cryptographically attested agent identity from X-Agent-Identity JWT. Populated when the header is present and valid, provides stronger identity guarantees than the legacy oauth_subject field.

risk_score: Option<RiskScore>

Phase 21: Per-session risk score for continuous authorization.

discovered_tools: HashMap<String, DiscoveredToolSession>

Phase 34: Tools discovered via vv_discover with TTL tracking. Maps tool_id → session entry with discovery timestamp and TTL.

Implementations

impl SessionState

pub fn new(session_id: String) -> Self

pub fn known_tools(&self) -> &HashMap<String, ToolAnnotations>

Read-only access to known tools.

pub fn flagged_tools(&self) -> &HashSet<String>

Read-only access to flagged tools.

pub fn backend_sessions(&self) -> &HashMap<String, String>

Read-only access to backend sessions.

pub fn gateway_tools(&self) -> &HashMap<String, Vec<String>>

Read-only access to gateway tools.

pub fn abac_granted_policies(&self) -> &[String]

Read-only access to ABAC granted policies.

pub fn insert_backend_session( &mut self, backend_id: String, upstream_session_id: String, ) -> bool

SECURITY (FIND-R51-001): Insert a backend session with capacity bound. Returns true if the entry was inserted or already existed, false if at capacity.

pub fn insert_gateway_tools( &mut self, backend_id: String, tools: Vec<String>, ) -> bool

SECURITY (FIND-R51-001): Insert gateway tools for a backend with capacity bounds. Returns true if inserted, false if at capacity.

pub fn insert_granted_policy(&mut self, policy_id: String)

SECURITY (FIND-R51-002): Insert an ABAC granted policy with capacity bound and dedup.

pub fn insert_known_tool( &mut self, name: String, annotations: ToolAnnotationsCompact, ) -> bool

SECURITY (FIND-R51-012): Insert a known tool with capacity bound. Returns true if inserted or updated, false if at capacity.

pub fn insert_flagged_tool(&mut self, name: String)

SECURITY (FIND-R51-014): Insert a flagged tool with capacity bound.

pub fn record_discovered_tools(&mut self, tool_ids: &[String], ttl: Duration)

Record a set of discovered tools with the given TTL.

Overwrites any existing entry for the same tool_id (re-discovery resets the TTL). If the session is at capacity (MAX_DISCOVERED_TOOLS_PER_SESSION), expired entries are evicted first. If still at capacity, new tools are silently dropped.

pub fn is_tool_discovery_expired(&self, tool_id: &str) -> Option<bool>

Check whether a discovered tool has expired.

Returns None if the tool was never discovered (not an error — the tool may be a statically-known tool that doesn’t require discovery). Returns Some(true) if discovered but expired, Some(false) if still valid.

pub fn mark_tool_used(&mut self, tool_id: &str) -> bool

Mark a discovered tool as “used” (the agent actually called it).

Returns true if the tool was found and marked, false if not found.

pub fn evict_expired_discoveries(&mut self) -> usize

Remove expired discovered tools from the session.

Returns the number of entries evicted.

pub fn touch(&mut self)

Touch the session to update last activity time.

pub fn is_expired( &self, timeout: Duration, max_lifetime: Option<Duration>, ) -> bool

Check if this session has expired.

A session is expired if either:

• Inactivity timeout: no activity for longer than timeout
• Absolute lifetime: the session has existed longer than max_lifetime (if set)

Trait Implementations

impl Debug for SessionState

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.