Class: RailsAiBridge::Config::Mcp

Inherits:

Object

• Object
• RailsAiBridge::Config::Mcp

Defined in:

lib/rails_ai_bridge/config/mcp.rb

Overview

Holds MCP HTTP operational settings: rate limiting, structured logging, post-auth authorization, and production boot guards.

Access via +RailsAiBridge.configuration.mcp+.

Instance Attribute Summary

• #authorize ⇒ Proc^?

  Optional lambda called after successful auth: +->(context, request) { truthy }+.

• #http_log_json ⇒ Boolean

  When +true+, MCP HTTP decisions emit one JSON line per response.

• #mode ⇒ Symbol

  Controls when implicit HTTP rate limits apply.

• #rate_limit_max_requests ⇒ Integer, ...

  Explicit requests allowed per #rate_limit_window_seconds per client IP.

• #rate_limit_window_seconds ⇒ Integer

  Sliding window length for the rate limiter (seconds).

• #require_auth_in_production ⇒ Boolean

  When +true+ in production, boot fails unless an MCP auth mechanism is configured.

• #require_http_auth ⇒ Boolean

  When +true+, HTTP MCP requests receive +401+ unless a Bearer/JWT/static auth strategy is configured.

• #security_profile ⇒ Symbol

  Default MCP HTTP rate ceiling per IP when #rate_limit_max_requests is +nil+.

Instance Method Summary

• #effective_http_rate_limit_max_requests ⇒ Integer

  Effective rate-limit ceiling for HttpTransportApp (+0+ means disabled).

• #effective_http_rate_limit_window_seconds ⇒ Integer

  Window length passed to Mcp::HttpRateLimiter (normalizes non-positive to 60).

• #http_rate_limit_implicitly_suppressed? ⇒ Boolean

  +true+ when a +nil+ max should not inherit #security_profile defaults.

• #initialize ⇒ Mcp constructor

  A new instance of Mcp.

Constructor Details

#initialize ⇒ Mcp

Returns a new instance of Mcp.

# File 'lib/rails_ai_bridge/config/mcp.rb', line 71

def initialize
  @mode                     = :hybrid
  @security_profile         = :balanced
  @rate_limit_max_requests  = nil
  @rate_limit_window_seconds = 60
  @http_log_json            = false
  @authorize                = nil
  @require_auth_in_production = false
  @require_http_auth          = false
end

Instance Attribute Details

#authorize ⇒ Proc^?

Optional lambda called after successful auth: +->(context, request) { truthy }+. Returning falsey yields HTTP 403.

Returns:

• (Proc, nil)

# File 'lib/rails_ai_bridge/config/mcp.rb', line 60

def authorize
  @authorize
end

#http_log_json ⇒ Boolean

When +true+, MCP HTTP decisions emit one JSON line per response.

Returns:

• (Boolean)

# File 'lib/rails_ai_bridge/config/mcp.rb', line 55

def http_log_json
  @http_log_json
end

#mode ⇒ Symbol

Controls when implicit HTTP rate limits apply. +:dev+ — no implicit limit. +:production+ — implicit limit from #security_profile in every environment. +:hybrid+ — implicit limit only when +Rails.env.production?+.

Returns:

• (Symbol)

# File 'lib/rails_ai_bridge/config/mcp.rb', line 14

def mode
  @mode
end

#rate_limit_max_requests ⇒ Integer, ...

Explicit requests allowed per #rate_limit_window_seconds per client IP. +nil+ uses #security_profile defaults unless #http_rate_limit_implicitly_suppressed?. +0+ or negative disables rate limiting entirely.

Returns:

• (Integer, String, nil)

# File 'lib/rails_ai_bridge/config/mcp.rb', line 25

def rate_limit_max_requests
  @rate_limit_max_requests
end

#rate_limit_window_seconds ⇒ Integer

Sliding window length for the rate limiter (seconds).

Returns:

• (Integer)

# File 'lib/rails_ai_bridge/config/mcp.rb', line 51

def rate_limit_window_seconds
  @rate_limit_window_seconds
end

#require_auth_in_production ⇒ Boolean

When +true+ in production, boot fails unless an MCP auth mechanism is configured.

Returns:

• (Boolean)

# File 'lib/rails_ai_bridge/config/mcp.rb', line 64

def require_auth_in_production
  @require_auth_in_production
end

#require_http_auth ⇒ Boolean

When +true+, HTTP MCP requests receive +401+ unless a Bearer/JWT/static auth strategy is configured. Off by default for backward compatibility (stdio and local dev HTTP).

Returns:

• (Boolean)

# File 'lib/rails_ai_bridge/config/mcp.rb', line 69

def require_http_auth
  @require_http_auth
end

#security_profile ⇒ Symbol

Default MCP HTTP rate ceiling per IP when #rate_limit_max_requests is +nil+. +:strict+ 60, +:balanced+ 300, +:relaxed+ 1200 requests per #rate_limit_window_seconds.

Returns:

• (Symbol)

# File 'lib/rails_ai_bridge/config/mcp.rb', line 19

def security_profile
  @security_profile
end

Instance Method Details

#effective_http_rate_limit_max_requests ⇒ Integer

Effective rate-limit ceiling for HttpTransportApp (+0+ means disabled).

• Positive +rate_limit_max_requests+ — use that value.
• +0+ or negative — disable.
• +nil+ — use #security_profile unless #http_rate_limit_implicitly_suppressed?.

Returns:

• (Integer)

# File 'lib/rails_ai_bridge/config/mcp.rb', line 89

def effective_http_rate_limit_max_requests
  raw = @rate_limit_max_requests

  case raw
  when Integer
    return 0 if raw <= 0

    raw
  when nil
    return 0 if http_rate_limit_implicitly_suppressed?

    security_profile_rate_limit_max
  else
    n = raw.to_i
    return 0 if n <= 0

    n
  end
end

#effective_http_rate_limit_window_seconds ⇒ Integer

Window length passed to Mcp::HttpRateLimiter (normalizes non-positive to 60).

Returns:

• (Integer)

# File 'lib/rails_ai_bridge/config/mcp.rb', line 112

def effective_http_rate_limit_window_seconds
  w = @rate_limit_window_seconds.to_i
  w <= 0 ? 60 : w
end

#http_rate_limit_implicitly_suppressed? ⇒ Boolean

Returns +true+ when a +nil+ max should not inherit #security_profile defaults.

Returns:

• (Boolean) —

  +true+ when a +nil+ max should not inherit #security_profile defaults

# File 'lib/rails_ai_bridge/config/mcp.rb', line 118

def http_rate_limit_implicitly_suppressed?
  case (@mode || :hybrid).to_sym
  when :dev        then true
  when :hybrid     then !Rails.env.production?
  else false
  end
end