1use std::collections::HashMap;
5
6use serde::{Deserialize, Serialize};
7
8use crate::defaults::default_true;
9use crate::providers::ProviderName;
10
11pub use crate::mcp_security::ToolSecurityMeta;
12
13#[derive(Debug, Clone, Copy, Default, PartialEq, Eq, Serialize, Deserialize)]
19#[serde(rename_all = "lowercase")]
20#[non_exhaustive]
21pub enum McpTrustLevel {
22 Trusted,
24 #[default]
26 Untrusted,
27 Sandboxed,
29}
30
31impl McpTrustLevel {
32 #[must_use]
36 pub fn restriction_level(self) -> u8 {
37 match self {
38 Self::Trusted => 0,
39 Self::Untrusted => 1,
40 Self::Sandboxed => 2,
41 }
42 }
43}
44
45#[derive(Debug, Clone, Deserialize, Serialize)]
47pub struct RateLimit {
48 pub max_calls_per_minute: u32,
50}
51
52#[derive(Debug, Clone, Default, Deserialize, Serialize)]
56#[serde(default)]
57pub struct McpPolicy {
58 pub allowed_tools: Option<Vec<String>>,
60 pub denied_tools: Vec<String>,
62 pub rate_limit: Option<RateLimit>,
64}
65
66fn default_skill_allowlist() -> Vec<String> {
67 vec!["*".into()]
68}
69
70#[derive(Debug, Clone, Deserialize, Serialize)]
76pub struct ChannelSkillsConfig {
77 #[serde(default = "default_skill_allowlist")]
80 pub allowed: Vec<String>,
81}
82
83impl Default for ChannelSkillsConfig {
84 fn default() -> Self {
85 Self {
86 allowed: default_skill_allowlist(),
87 }
88 }
89}
90
91#[must_use]
96pub fn is_skill_allowed(name: &str, config: &ChannelSkillsConfig) -> bool {
97 config.allowed.iter().any(|p| glob_match(p, name))
98}
99
100fn glob_match(pattern: &str, name: &str) -> bool {
101 if let Some(prefix) = pattern.strip_suffix('*') {
102 if prefix.is_empty() {
103 return true;
104 }
105 name.starts_with(prefix)
106 } else {
107 pattern == name
108 }
109}
110
111#[cfg(test)]
112mod tests {
113 use super::*;
114
115 fn allow(patterns: &[&str]) -> ChannelSkillsConfig {
116 ChannelSkillsConfig {
117 allowed: patterns.iter().map(ToString::to_string).collect(),
118 }
119 }
120
121 #[test]
122 fn telegram_config_defaults() {
123 let src = r#"token = "test_token""#;
125 let cfg: TelegramConfig = toml::from_str(src).unwrap();
126 assert!(!cfg.guest_mode);
127 assert!(!cfg.bot_to_bot);
128 assert!(cfg.allowed_bots.is_empty());
129 assert_eq!(cfg.max_bot_chain_depth, 1);
130 }
131
132 #[test]
133 fn telegram_config_explicit_values() {
134 let src = r#"
135token = "test_token"
136guest_mode = true
137bot_to_bot = true
138allowed_bots = ["@bot_a", "@bot_b"]
139max_bot_chain_depth = 5
140"#;
141 let cfg: TelegramConfig = toml::from_str(src).unwrap();
142 assert!(cfg.guest_mode);
143 assert!(cfg.bot_to_bot);
144 assert_eq!(cfg.allowed_bots, vec!["@bot_a", "@bot_b"]);
145 assert_eq!(cfg.max_bot_chain_depth, 5);
146 }
147
148 #[test]
149 fn test_default_output_schema_hint_bytes_is_1024() {
150 assert_eq!(default_output_schema_hint_bytes(), 1024);
151 }
152
153 #[test]
154 fn test_mcp_config_default_output_schema_hint_bytes_is_1024() {
155 let cfg = McpConfig::default();
156 assert_eq!(cfg.output_schema_hint_bytes, 1024);
157 }
158
159 #[test]
160 fn max_connect_attempts_default_is_3() {
161 let cfg = McpConfig::default();
162 assert_eq!(cfg.max_connect_attempts, 3);
163 }
164
165 #[test]
166 fn max_connect_attempts_accepts_valid_range() {
167 for v in [1u8, 3, 10] {
168 let src = format!("max_connect_attempts = {v}\n");
169 let cfg: McpConfig = toml::from_str(&src)
170 .unwrap_or_else(|e| panic!("max_connect_attempts = {v} should be valid, got: {e}"));
171 assert_eq!(cfg.max_connect_attempts, v);
172 }
173 }
174
175 #[test]
176 fn max_connect_attempts_rejects_zero() {
177 let src = "max_connect_attempts = 0\n";
178 let result = toml::from_str::<McpConfig>(src);
179 assert!(
180 result.is_err(),
181 "max_connect_attempts = 0 should be rejected"
182 );
183 let msg = result.unwrap_err().to_string();
184 assert!(
185 msg.contains("max_connect_attempts"),
186 "error message should mention the field name, got: {msg}"
187 );
188 }
189
190 #[test]
191 fn max_connect_attempts_rejects_eleven() {
192 let src = "max_connect_attempts = 11\n";
193 let result = toml::from_str::<McpConfig>(src);
194 assert!(
195 result.is_err(),
196 "max_connect_attempts = 11 should be rejected"
197 );
198 }
199
200 #[test]
201 fn startup_retry_backoff_ms_default_is_1000() {
202 let cfg = McpConfig::default();
203 assert_eq!(cfg.startup_retry_backoff_ms, 1000);
204 }
205
206 #[test]
207 fn startup_retry_backoff_ms_deserializes_from_toml() {
208 let src = "startup_retry_backoff_ms = 500\n";
209 let cfg: McpConfig = toml::from_str(src).expect("valid toml");
210 assert_eq!(cfg.startup_retry_backoff_ms, 500);
211 }
212
213 #[test]
214 fn tool_timeout_secs_default_is_none() {
215 let cfg = McpConfig::default();
216 assert!(cfg.tool_timeout_secs.is_none());
217 }
218
219 #[test]
220 fn tool_timeout_secs_deserializes_from_toml() {
221 let src = "tool_timeout_secs = 120\n";
222 let cfg: McpConfig = toml::from_str(src).expect("valid toml");
223 assert_eq!(cfg.tool_timeout_secs, Some(120));
224 }
225
226 #[test]
227 fn tool_timeout_secs_rejects_above_3600() {
228 let src = "tool_timeout_secs = 3601\n";
229 assert!(toml::from_str::<McpConfig>(src).is_err());
230 }
231
232 #[test]
233 fn tool_timeout_secs_accepts_3600() {
234 let src = "tool_timeout_secs = 3600\n";
235 let cfg: McpConfig = toml::from_str(src).expect("valid toml");
236 assert_eq!(cfg.tool_timeout_secs, Some(3600));
237 }
238
239 #[test]
240 fn wildcard_star_allows_any_skill() {
241 let cfg = allow(&["*"]);
242 assert!(is_skill_allowed("anything", &cfg));
243 assert!(is_skill_allowed("web-search", &cfg));
244 }
245
246 #[test]
247 fn empty_allowlist_denies_all() {
248 let cfg = allow(&[]);
249 assert!(!is_skill_allowed("web-search", &cfg));
250 assert!(!is_skill_allowed("shell", &cfg));
251 }
252
253 #[test]
254 fn exact_match_allows_only_that_skill() {
255 let cfg = allow(&["web-search"]);
256 assert!(is_skill_allowed("web-search", &cfg));
257 assert!(!is_skill_allowed("shell", &cfg));
258 assert!(!is_skill_allowed("web-search-extra", &cfg));
259 }
260
261 #[test]
262 fn prefix_wildcard_allows_matching_skills() {
263 let cfg = allow(&["web-*"]);
264 assert!(is_skill_allowed("web-search", &cfg));
265 assert!(is_skill_allowed("web-fetch", &cfg));
266 assert!(!is_skill_allowed("shell", &cfg));
267 assert!(!is_skill_allowed("awesome-web-thing", &cfg));
268 }
269
270 #[test]
271 fn multiple_patterns_or_logic() {
272 let cfg = allow(&["shell", "web-*"]);
273 assert!(is_skill_allowed("shell", &cfg));
274 assert!(is_skill_allowed("web-search", &cfg));
275 assert!(!is_skill_allowed("memory", &cfg));
276 }
277
278 #[test]
279 fn default_config_allows_all() {
280 let cfg = ChannelSkillsConfig::default();
281 assert!(is_skill_allowed("any-skill", &cfg));
282 }
283
284 #[test]
285 fn prefix_wildcard_does_not_match_empty_suffix() {
286 let cfg = allow(&["web-*"]);
287 assert!(is_skill_allowed("web-", &cfg));
291 }
292
293 #[test]
294 fn matching_is_case_sensitive() {
295 let cfg = allow(&["Web-Search"]);
296 assert!(!is_skill_allowed("web-search", &cfg));
297 assert!(is_skill_allowed("Web-Search", &cfg));
298 }
299}
300
301fn default_slack_port() -> u16 {
302 3000
303}
304
305fn default_slack_webhook_host() -> String {
306 "127.0.0.1".into()
307}
308
309fn default_a2a_host() -> String {
310 "0.0.0.0".into()
311}
312
313fn default_a2a_port() -> u16 {
314 8080
315}
316
317fn default_a2a_rate_limit() -> u32 {
318 60
319}
320
321fn default_a2a_max_body() -> usize {
322 1_048_576
323}
324
325fn default_drain_timeout_ms() -> u64 {
326 30_000
327}
328
329fn default_max_dynamic_servers() -> usize {
330 10
331}
332
333fn default_mcp_timeout() -> u64 {
334 30
335}
336
337fn default_startup_retry_backoff_ms() -> u64 {
338 1000
339}
340
341fn default_tool_timeout_secs() -> Option<u64> {
342 None
343}
344
345fn default_oauth_callback_port() -> u16 {
346 18766
347}
348
349fn default_oauth_client_name() -> String {
350 "Zeph".into()
351}
352
353fn default_stream_interval_ms() -> u64 {
354 3000
355}
356
357fn default_max_bot_chain_depth() -> u32 {
358 1
359}
360
361#[derive(Clone, Deserialize, Serialize)]
378pub struct TelegramConfig {
379 pub token: Option<String>,
381 #[serde(default)]
383 pub allowed_users: Vec<String>,
384 #[serde(default)]
386 pub skills: ChannelSkillsConfig,
387 #[serde(default)]
390 pub allowed_tools: Option<Vec<String>>,
391 #[serde(default = "default_stream_interval_ms")]
397 pub stream_interval_ms: u64,
398 #[serde(default)]
402 pub guest_mode: bool,
403 #[serde(default)]
407 pub bot_to_bot: bool,
408 #[serde(default)]
412 pub allowed_bots: Vec<String>,
413 #[serde(default = "default_max_bot_chain_depth")]
424 pub max_bot_chain_depth: u32,
425}
426
427impl std::fmt::Debug for TelegramConfig {
428 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
429 f.debug_struct("TelegramConfig")
430 .field("token", &self.token.as_ref().map(|_| "[REDACTED]"))
431 .field("allowed_users", &self.allowed_users)
432 .field("skills", &self.skills)
433 .field("allowed_tools", &self.allowed_tools)
434 .field("stream_interval_ms", &self.stream_interval_ms)
435 .field("guest_mode", &self.guest_mode)
436 .field("bot_to_bot", &self.bot_to_bot)
437 .field("allowed_bots_count", &self.allowed_bots.len())
438 .field("max_bot_chain_depth", &self.max_bot_chain_depth)
439 .finish()
440 }
441}
442
443#[derive(Clone, Deserialize, Serialize)]
444pub struct DiscordConfig {
445 pub token: Option<String>,
446 pub application_id: Option<String>,
447 #[serde(default)]
448 pub allowed_user_ids: Vec<String>,
449 #[serde(default)]
450 pub allowed_role_ids: Vec<String>,
451 #[serde(default)]
452 pub allowed_channel_ids: Vec<String>,
453 #[serde(default)]
454 pub skills: ChannelSkillsConfig,
455 #[serde(default)]
457 pub allowed_tools: Option<Vec<String>>,
458}
459
460impl std::fmt::Debug for DiscordConfig {
461 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
462 f.debug_struct("DiscordConfig")
463 .field("token", &self.token.as_ref().map(|_| "[REDACTED]"))
464 .field("application_id", &self.application_id)
465 .field("allowed_user_ids", &self.allowed_user_ids)
466 .field("allowed_role_ids", &self.allowed_role_ids)
467 .field("allowed_channel_ids", &self.allowed_channel_ids)
468 .field("skills", &self.skills)
469 .field("allowed_tools", &self.allowed_tools)
470 .finish()
471 }
472}
473
474#[derive(Clone, Deserialize, Serialize)]
475pub struct SlackConfig {
476 pub bot_token: Option<String>,
477 pub signing_secret: Option<String>,
478 #[serde(default = "default_slack_webhook_host")]
479 pub webhook_host: String,
480 #[serde(default = "default_slack_port")]
481 pub port: u16,
482 #[serde(default)]
483 pub allowed_user_ids: Vec<String>,
484 #[serde(default)]
485 pub allowed_channel_ids: Vec<String>,
486 #[serde(default)]
487 pub skills: ChannelSkillsConfig,
488 #[serde(default)]
490 pub allowed_tools: Option<Vec<String>>,
491}
492
493impl std::fmt::Debug for SlackConfig {
494 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
495 f.debug_struct("SlackConfig")
496 .field("bot_token", &self.bot_token.as_ref().map(|_| "[REDACTED]"))
497 .field(
498 "signing_secret",
499 &self.signing_secret.as_ref().map(|_| "[REDACTED]"), )
501 .field("webhook_host", &self.webhook_host)
502 .field("port", &self.port)
503 .field("allowed_user_ids", &self.allowed_user_ids)
504 .field("allowed_channel_ids", &self.allowed_channel_ids)
505 .field("skills", &self.skills)
506 .field("allowed_tools", &self.allowed_tools)
507 .finish()
508 }
509}
510
511#[derive(Debug, Clone, Deserialize, Serialize)]
515pub struct IbctKeyConfig {
516 pub key_id: String,
518 pub key_hex: String,
520}
521
522fn default_ibct_ttl() -> u64 {
523 300
524}
525
526fn default_a2a_request_timeout_ms() -> u64 {
527 300_000
528}
529
530#[derive(Deserialize, Serialize)]
536#[allow(clippy::struct_excessive_bools)] pub struct A2aServerConfig {
538 #[serde(default)]
539 pub enabled: bool,
540 #[serde(default = "default_a2a_host")]
541 pub host: String,
542 #[serde(default = "default_a2a_port")]
543 pub port: u16,
544 #[serde(default)]
545 pub public_url: String,
546 #[serde(default)]
547 pub auth_token: Option<String>,
548 #[serde(default = "default_a2a_rate_limit")]
549 pub rate_limit: u32,
550 #[serde(default = "default_true")]
551 pub require_tls: bool,
552 #[serde(default = "default_true")]
553 pub ssrf_protection: bool,
554 #[serde(default = "default_a2a_max_body")]
555 pub max_body_size: usize,
556 #[serde(default = "default_drain_timeout_ms")]
557 pub drain_timeout_ms: u64,
558 #[serde(default)]
562 pub require_auth: bool,
563 #[serde(default)]
568 pub ibct_keys: Vec<IbctKeyConfig>,
569 #[serde(default)]
575 pub ibct_signing_key_vault_ref: Option<String>,
576 #[serde(default = "default_ibct_ttl")]
578 pub ibct_ttl_secs: u64,
579 #[serde(default)]
593 pub advertise_files: bool,
594 #[serde(default = "default_a2a_request_timeout_ms")]
600 pub request_timeout_ms: u64,
601}
602
603impl std::fmt::Debug for A2aServerConfig {
604 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
605 f.debug_struct("A2aServerConfig")
606 .field("enabled", &self.enabled)
607 .field("host", &self.host)
608 .field("port", &self.port)
609 .field("public_url", &self.public_url)
610 .field(
611 "auth_token",
612 &self.auth_token.as_ref().map(|_| "[REDACTED]"),
613 )
614 .field("rate_limit", &self.rate_limit)
615 .field("require_tls", &self.require_tls)
616 .field("ssrf_protection", &self.ssrf_protection)
617 .field("max_body_size", &self.max_body_size)
618 .field("drain_timeout_ms", &self.drain_timeout_ms)
619 .field("require_auth", &self.require_auth)
620 .field("ibct_keys_count", &self.ibct_keys.len())
621 .field(
622 "ibct_signing_key_vault_ref",
623 &self.ibct_signing_key_vault_ref,
624 )
625 .field("ibct_ttl_secs", &self.ibct_ttl_secs)
626 .field("advertise_files", &self.advertise_files)
627 .field("request_timeout_ms", &self.request_timeout_ms)
628 .finish()
629 }
630}
631
632impl Default for A2aServerConfig {
633 fn default() -> Self {
634 Self {
635 enabled: false,
636 host: default_a2a_host(),
637 port: default_a2a_port(),
638 public_url: String::new(),
639 auth_token: None,
640 rate_limit: default_a2a_rate_limit(),
641 require_tls: true,
642 ssrf_protection: true,
643 max_body_size: default_a2a_max_body(),
644 drain_timeout_ms: default_drain_timeout_ms(),
645 require_auth: false,
646 ibct_keys: Vec::new(),
647 ibct_signing_key_vault_ref: None,
648 ibct_ttl_secs: default_ibct_ttl(),
649 advertise_files: false,
650 request_timeout_ms: default_a2a_request_timeout_ms(),
651 }
652 }
653}
654
655#[derive(Debug, Clone, Deserialize, Serialize)]
661#[serde(default)]
662pub struct ToolPruningConfig {
663 pub enabled: bool,
665 pub max_tools: usize,
667 pub pruning_provider: ProviderName,
670 pub min_tools_to_prune: usize,
672 pub always_include: Vec<String>,
674}
675
676impl Default for ToolPruningConfig {
677 fn default() -> Self {
678 Self {
679 enabled: false,
680 max_tools: 15,
681 pruning_provider: ProviderName::default(),
682 min_tools_to_prune: 10,
683 always_include: Vec::new(),
684 }
685 }
686}
687
688#[derive(Debug, Clone, Copy, Default, Deserialize, Serialize, PartialEq, Eq)]
693#[serde(rename_all = "lowercase")]
694#[non_exhaustive]
695pub enum ToolDiscoveryStrategyConfig {
696 Embedding,
698 Llm,
700 #[default]
702 None,
703}
704
705#[derive(Debug, Clone, Deserialize, Serialize)]
711#[serde(default)]
712pub struct ToolDiscoveryConfig {
713 pub strategy: ToolDiscoveryStrategyConfig,
715 pub top_k: usize,
717 pub min_similarity: f32,
719 pub embedding_provider: ProviderName,
723 pub always_include: Vec<String>,
725 pub min_tools_to_filter: usize,
727 pub strict: bool,
730}
731
732impl Default for ToolDiscoveryConfig {
733 fn default() -> Self {
734 Self {
735 strategy: ToolDiscoveryStrategyConfig::None,
736 top_k: 10,
737 min_similarity: 0.2,
738 embedding_provider: ProviderName::default(),
739 always_include: Vec::new(),
740 min_tools_to_filter: 10,
741 strict: false,
742 }
743 }
744}
745
746#[derive(Debug, Clone, Deserialize, Serialize)]
748#[allow(clippy::struct_excessive_bools)] pub struct TrustCalibrationConfig {
750 #[serde(default)]
752 pub enabled: bool,
753 #[serde(default = "default_true")]
755 pub probe_on_connect: bool,
756 #[serde(default = "default_true")]
758 pub monitor_invocations: bool,
759 #[serde(default = "default_true")]
761 pub persist_scores: bool,
762 #[serde(default = "default_decay_rate")]
764 pub decay_rate_per_day: f64,
765 #[serde(default = "default_injection_penalty")]
767 pub injection_penalty: f64,
768 #[serde(default)]
770 pub verifier_provider: ProviderName,
771}
772
773fn default_decay_rate() -> f64 {
774 0.01
775}
776
777fn default_injection_penalty() -> f64 {
778 0.25
779}
780
781impl Default for TrustCalibrationConfig {
782 fn default() -> Self {
783 Self {
784 enabled: false,
785 probe_on_connect: true,
786 monitor_invocations: true,
787 persist_scores: true,
788 decay_rate_per_day: default_decay_rate(),
789 injection_penalty: default_injection_penalty(),
790 verifier_provider: ProviderName::default(),
791 }
792 }
793}
794
795fn default_max_description_bytes() -> usize {
796 2048
797}
798
799fn default_max_instructions_bytes() -> usize {
800 2048
801}
802
803fn default_elicitation_timeout() -> u64 {
804 120
805}
806
807fn default_elicitation_queue_capacity() -> usize {
808 16
809}
810
811fn default_output_schema_hint_bytes() -> usize {
812 1024
813}
814
815fn default_max_connect_attempts() -> u8 {
816 3
817}
818
819fn validate_max_connect_attempts<'de, D>(d: D) -> Result<u8, D::Error>
820where
821 D: serde::Deserializer<'de>,
822{
823 let v = u8::deserialize(d)?;
824 if !(1..=10).contains(&v) {
825 return Err(serde::de::Error::custom(format!(
826 "mcp.max_connect_attempts must be in 1..=10 (got {v})"
827 )));
828 }
829 Ok(v)
830}
831
832fn validate_tool_timeout_secs<'de, D>(d: D) -> Result<Option<u64>, D::Error>
833where
834 D: serde::Deserializer<'de>,
835{
836 let v = Option::<u64>::deserialize(d)?;
837 if let Some(n) = v
838 && n > 3600
839 {
840 return Err(serde::de::Error::custom(format!(
841 "mcp.tool_timeout_secs must be \u{2264} 3600 (got {n})"
842 )));
843 }
844 Ok(v)
845}
846
847#[allow(clippy::struct_excessive_bools)] #[derive(Debug, Clone, Deserialize, Serialize)]
849pub struct McpConfig {
850 #[serde(default)]
851 pub servers: Vec<McpServerConfig>,
852 #[serde(default)]
853 pub allowed_commands: Vec<String>,
854 #[serde(default = "default_max_dynamic_servers")]
855 pub max_dynamic_servers: usize,
856 #[serde(default)]
858 pub pruning: ToolPruningConfig,
859 #[serde(default)]
861 pub trust_calibration: TrustCalibrationConfig,
862 #[serde(default)]
864 pub tool_discovery: ToolDiscoveryConfig,
865 #[serde(default = "default_max_description_bytes")]
867 pub max_description_bytes: usize,
868 #[serde(default = "default_max_instructions_bytes")]
870 pub max_instructions_bytes: usize,
871 #[serde(default)]
875 pub elicitation_enabled: bool,
876 #[serde(default = "default_elicitation_timeout")]
878 pub elicitation_timeout: u64,
879 #[serde(default = "default_elicitation_queue_capacity")]
883 pub elicitation_queue_capacity: usize,
884 #[serde(default = "default_true")]
887 pub elicitation_warn_sensitive_fields: bool,
888 #[serde(
900 default = "default_max_connect_attempts",
901 deserialize_with = "validate_max_connect_attempts"
902 )]
903 pub max_connect_attempts: u8,
904 #[serde(default)]
910 pub lock_tool_list: bool,
911 #[serde(default)]
916 pub default_env_isolation: bool,
917 #[serde(default)]
925 pub forward_output_schema: bool,
926 #[serde(default = "default_output_schema_hint_bytes")]
932 pub output_schema_hint_bytes: usize,
933 #[serde(default = "default_startup_retry_backoff_ms")]
940 pub startup_retry_backoff_ms: u64,
941 #[serde(
951 default = "default_tool_timeout_secs",
952 deserialize_with = "validate_tool_timeout_secs"
953 )]
954 pub tool_timeout_secs: Option<u64>,
955}
956
957impl Default for McpConfig {
958 fn default() -> Self {
959 Self {
960 servers: Vec::new(),
961 allowed_commands: Vec::new(),
962 max_dynamic_servers: default_max_dynamic_servers(),
963 pruning: ToolPruningConfig::default(),
964 trust_calibration: TrustCalibrationConfig::default(),
965 tool_discovery: ToolDiscoveryConfig::default(),
966 max_description_bytes: default_max_description_bytes(),
967 max_instructions_bytes: default_max_instructions_bytes(),
968 elicitation_enabled: false,
969 elicitation_timeout: default_elicitation_timeout(),
970 elicitation_queue_capacity: default_elicitation_queue_capacity(),
971 elicitation_warn_sensitive_fields: true,
972 lock_tool_list: false,
973 default_env_isolation: false,
974 forward_output_schema: false,
975 output_schema_hint_bytes: default_output_schema_hint_bytes(),
976 max_connect_attempts: default_max_connect_attempts(),
977 startup_retry_backoff_ms: default_startup_retry_backoff_ms(),
978 tool_timeout_secs: None,
979 }
980 }
981}
982
983#[derive(Clone, Deserialize, Serialize)]
984pub struct McpServerConfig {
985 pub id: String,
986 pub command: Option<String>,
988 #[serde(default)]
989 pub args: Vec<String>,
990 #[serde(default)]
991 pub env: HashMap<String, String>,
992 pub url: Option<String>,
994 #[serde(default = "default_mcp_timeout")]
995 pub timeout: u64,
996 #[serde(default)]
998 pub policy: McpPolicy,
999 #[serde(default)]
1002 pub headers: HashMap<String, String>,
1003 #[serde(default)]
1005 pub oauth: Option<McpOAuthConfig>,
1006 #[serde(default)]
1008 pub trust_level: McpTrustLevel,
1009 #[serde(default)]
1013 pub tool_allowlist: Option<Vec<String>>,
1014 #[serde(default)]
1020 pub expected_tools: Vec<String>,
1021 #[serde(default)]
1025 pub roots: Vec<McpRootEntry>,
1026 #[serde(default)]
1029 pub tool_metadata: HashMap<String, ToolSecurityMeta>,
1030 #[serde(default)]
1034 pub elicitation_enabled: Option<bool>,
1035 #[serde(default)]
1042 pub env_isolation: Option<bool>,
1043}
1044
1045#[derive(Debug, Clone, Deserialize, Serialize)]
1047pub struct McpRootEntry {
1048 pub uri: String,
1050 #[serde(default)]
1052 pub name: Option<String>,
1053}
1054
1055#[derive(Debug, Clone, Deserialize, Serialize)]
1057pub struct McpOAuthConfig {
1058 #[serde(default)]
1060 pub enabled: bool,
1061 #[serde(default)]
1063 pub token_storage: OAuthTokenStorage,
1064 #[serde(default)]
1066 pub scopes: Vec<String>,
1067 #[serde(default = "default_oauth_callback_port")]
1069 pub callback_port: u16,
1070 #[serde(default = "default_oauth_client_name")]
1072 pub client_name: String,
1073}
1074
1075impl Default for McpOAuthConfig {
1076 fn default() -> Self {
1077 Self {
1078 enabled: false,
1079 token_storage: OAuthTokenStorage::default(),
1080 scopes: Vec::new(),
1081 callback_port: default_oauth_callback_port(),
1082 client_name: default_oauth_client_name(),
1083 }
1084 }
1085}
1086
1087#[derive(Debug, Clone, Default, Deserialize, Serialize)]
1089#[serde(rename_all = "lowercase")]
1090#[non_exhaustive]
1091pub enum OAuthTokenStorage {
1092 #[default]
1094 Vault,
1095 Memory,
1097}
1098
1099impl std::fmt::Debug for McpServerConfig {
1100 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
1101 let redacted_env: HashMap<&str, &str> = self
1102 .env
1103 .keys()
1104 .map(|k| (k.as_str(), "[REDACTED]"))
1105 .collect();
1106 let redacted_headers: HashMap<&str, &str> = self
1108 .headers
1109 .keys()
1110 .map(|k| (k.as_str(), "[REDACTED]"))
1111 .collect();
1112 f.debug_struct("McpServerConfig")
1113 .field("id", &self.id)
1114 .field("command", &self.command)
1115 .field("args", &self.args)
1116 .field("env", &redacted_env)
1117 .field("url", &self.url)
1118 .field("timeout", &self.timeout)
1119 .field("policy", &self.policy)
1120 .field("headers", &redacted_headers)
1121 .field("oauth", &self.oauth)
1122 .field("trust_level", &self.trust_level)
1123 .field("tool_allowlist", &self.tool_allowlist)
1124 .field("expected_tools", &self.expected_tools)
1125 .field("roots", &self.roots)
1126 .field(
1127 "tool_metadata_keys",
1128 &self.tool_metadata.keys().collect::<Vec<_>>(),
1129 )
1130 .field("elicitation_enabled", &self.elicitation_enabled)
1131 .field("env_isolation", &self.env_isolation)
1132 .finish()
1133 }
1134}