Class: RailsAiBridge::Config::Mcp

Inherits:
Object
  • Object
show all
Defined in:
lib/rails_ai_bridge/config/mcp.rb

Overview

Holds MCP HTTP operational settings: rate limiting, structured logging, post-auth authorization, and production boot guards.

Access via RailsAiBridge.configuration.mcp.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeMcp

Returns a new instance of Mcp.



95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
# File 'lib/rails_ai_bridge/config/mcp.rb', line 95

def initialize
  @mode                     = :hybrid
  @security_profile         = :balanced
  @rate_limit_max_requests  = nil
  @rate_limit_window_seconds = 60
  @http_log_json            = false
  @authorize                = nil
  @require_auth_in_production = false
  @require_http_auth          = false
  @cors_origins             = nil
  @tool_result_cache_ttl    = 0
  @rate_limiter             = nil
  @rate_limiter_key_prefix  = 'rab:rl'
end

Instance Attribute Details

#authorizeProc?

Optional lambda called after successful auth: ->(context, request) { truthy }. Returning falsey yields HTTP 403.

Returns:

  • (Proc, nil) 


60
61
62
 
# File 'lib/rails_ai_bridge/config/mcp.rb', line 60

def authorize
  @authorize
end

#cors_originsArray<String>?

Allowed origins for CORS on the HTTP MCP endpoint. nil or empty array disables CORS headers (default). Pass ['*'] to allow any origin, or a list of exact origins such as ['https://app.example.com'].

Returns:

  • (Array<String>, nil) 


75
76
77
 
# File 'lib/rails_ai_bridge/config/mcp.rb', line 75

def cors_origins
  @cors_origins
end

#http_log_jsonBoolean

When true, MCP HTTP decisions emit one JSON line per response.

Returns:

  • (Boolean) 


55
56
57
 
# File 'lib/rails_ai_bridge/config/mcp.rb', line 55

def http_log_json
  @http_log_json
end

#modeSymbol

Controls when implicit HTTP rate limits apply. :dev — no implicit limit. :production — implicit limit from #security_profile in every environment. :hybrid — implicit limit only when Rails.env.production?.

Returns:

  • (Symbol) 


14
15
16
 
# File 'lib/rails_ai_bridge/config/mcp.rb', line 14

def mode
  @mode
end

#rate_limit_max_requestsInteger, ...

Explicit requests allowed per #rate_limit_window_seconds per client IP. nil uses #security_profile defaults unless #http_rate_limit_implicitly_suppressed?. 0 or negative disables rate limiting entirely.

Returns:

  • (Integer, String, nil) 


25
26
27
 
# File 'lib/rails_ai_bridge/config/mcp.rb', line 25

def rate_limit_max_requests
  @rate_limit_max_requests
end

#rate_limit_window_secondsInteger

Sliding window length for the rate limiter (seconds).

Returns:

  • (Integer) 


51
52
53
 
# File 'lib/rails_ai_bridge/config/mcp.rb', line 51

def rate_limit_window_seconds
  @rate_limit_window_seconds
end

#rate_limiter#allow?, ...

Optional custom rate limiter for MCP HTTP requests.

When set, it takes precedence over the in-memory Mcp::HttpRateLimiter. The object must respond to allow?(ip) (preferred) or call(ip) and return a truthy/falsey value. This enables distributed backends such as Redis, Rails.cache, or an external service.

Returns:

  • (#allow?, #call, nil) 


89
90
91
 
# File 'lib/rails_ai_bridge/config/mcp.rb', line 89

def rate_limiter
  @rate_limiter
end

#rate_limiter_key_prefixString

Key prefix used by the optional Mcp::CacheRateLimiter distributed rate limiter.

Returns:

  • (String) 


93
94
95
 
# File 'lib/rails_ai_bridge/config/mcp.rb', line 93

def rate_limiter_key_prefix
  @rate_limiter_key_prefix
end

#require_auth_in_productionBoolean

When true in production, boot fails unless an MCP auth mechanism is configured.

Returns:

  • (Boolean) 


64
65
66
 
# File 'lib/rails_ai_bridge/config/mcp.rb', line 64

def require_auth_in_production
  @require_auth_in_production
end

#require_http_authBoolean

When true, HTTP MCP requests receive 401 unless a Bearer/JWT/static auth strategy is configured. Off by default for backward compatibility (stdio and local dev HTTP).

Returns:

  • (Boolean) 


69
70
71
 
# File 'lib/rails_ai_bridge/config/mcp.rb', line 69

def require_http_auth
  @require_http_auth
end

#security_profileSymbol

Default MCP HTTP rate ceiling per IP when #rate_limit_max_requests is nil. :strict 60, :balanced 300, :relaxed 1200 requests per #rate_limit_window_seconds.

Returns:

  • (Symbol) 


19
20
21
 
# File 'lib/rails_ai_bridge/config/mcp.rb', line 19

def security_profile
  @security_profile
end

#tool_result_cache_ttlInteger

TTL in seconds for MCP tool result caching by argument fingerprint. 0 or negative disables caching. Default 0 to keep existing behavior.

Returns:

  • (Integer) 


80
81
82
 
# File 'lib/rails_ai_bridge/config/mcp.rb', line 80

def tool_result_cache_ttl
  @tool_result_cache_ttl
end

Instance Method Details

#effective_http_rate_limit_max_requestsInteger

Effective rate-limit ceiling for HttpTransportApp (+0+ means disabled).

Returns:

  • (Integer) 


122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
 
# File 'lib/rails_ai_bridge/config/mcp.rb', line 122

def effective_http_rate_limit_max_requests
  configured_value = @rate_limit_max_requests

  case configured_value
  when Integer
    return 0 if configured_value <= 0

    configured_value
  when nil
    return 0 if http_rate_limit_implicitly_suppressed?

    security_profile_rate_limit_max
  else
    n = configured_value.to_i
    return 0 if n <= 0

    n
  end
end

#effective_http_rate_limit_window_secondsInteger

Window length passed to Mcp::HttpRateLimiter (normalizes non-positive to 60).

Returns:

  • (Integer) 


145
146
147
148
 
# File 'lib/rails_ai_bridge/config/mcp.rb', line 145

def effective_http_rate_limit_window_seconds
  w = @rate_limit_window_seconds.to_i
  w <= 0 ? 60 : w
end

#http_rate_limit_implicitly_suppressed?Boolean

Returns true when a nil max should not inherit #security_profile defaults.

Returns:



151
152
153
154
155
156
157
 
# File 'lib/rails_ai_bridge/config/mcp.rb', line 151

def http_rate_limit_implicitly_suppressed?
  case (@mode || :hybrid).to_sym
  when :dev        then true
  when :hybrid     then !Rails.env.production?
  else false
  end
end

#tool_result_cache_enabled?Boolean

Returns whether tool call results should be cached.

Returns:

  • (Boolean)

    whether tool call results should be cached



111
112
113
 
# File 'lib/rails_ai_bridge/config/mcp.rb', line 111

def tool_result_cache_enabled?
  tool_result_cache_ttl.to_i.positive?
end