Expand description
WebSocket transport for MCP JSON-RPC messages (SEP-1288).
Implements a WebSocket reverse proxy that sits between MCP clients and
an upstream MCP server. WebSocket messages (text frames) are parsed as
JSON-RPC, classified via vellaveto_mcp::extractor, evaluated against
loaded policies, and forwarded to the upstream server.
Security invariants:
- Fail-closed: Unparseable messages close the connection (code 1008).
- No binary frames: Only text frames are accepted (code 1003 for binary).
- Session binding: Each WS connection is bound to exactly one session.
- Canonicalization: Re-serialized JSON forwarded (TOCTOU defense).
Structs§
- WebSocket
Config - Configuration for WebSocket transport.
- WsQuery
Params - Query parameters for the WebSocket upgrade endpoint.
Functions§
- convert_
to_ ws_ url - Convert an HTTP URL to a WebSocket URL.
- handle_
ws_ upgrade - Handle WebSocket upgrade request at
/mcp/ws.