MCP mode, URL rate limits, proxy error codes, dashboard updates#1
Merged
Conversation
sergeyfast
changed the title
sergeyfast
force-pushed
the
sync/2026-05-01
branch
from
67a6b53 to
4b4e60e
Compare
- Add MCP mode to internal/waf/rpc: extract params.name from tools/call into composite method names like "tools/call:search_issues" for per-tool rate limits, whitelist and metrics; discover tools via POST tools/list - Add URLRule limiter in internal/waf/limit for HTTP path/method/ host matching alongside per-method JSON-RPC rules, AND-semantics across non-empty fields - Refactor internal/waf/alerting payload to a single " · "-joined line; add table-driven tests - Fix nil interface panic when alerter is unconfigured - Add rule validation tests in internal/app/config_test.go: Name required, unique across Rules and URLRules, at least one match field
- Add custom ReverseProxy ErrorHandler in internal/waf/proxy:
503 + Retry-After for circuit-breaker open / half-open-exceeded,
502 for real upstream errors (TCP refused, DNS, timeout)
- Return 503 + Retry-After when backend pool is empty
- Add ErrorRecorder hook with reasons cb_open / upstream_error /
no_backends; expose wafsrv_proxy_errors_total{target, reason}
- Fix panic recovery in accessLog middleware: return 500 (internal
failure) instead of 502 (upstream error)
- Add Proxy.NoBackendRetryAfter config (default "5s") and document
it in cfg/local.toml.dist
- Wire MCPMode into rpc.Discovery / rpc.Parse and LimiterConfig
builds URLRules; build metrics before proxy so ErrorRecorder is
ready at startup
- Document MCPMode and RateLimit.URLRules examples in
cfg/local.toml.dist
- Include URLRules and Proxy.NoBackendRetryAfter in the config view exposed via /rpc/ (internal/app/config_view.go, internal/dashboard/config.go) - Regenerate ProxySection / RateLimitSection wiring in internal/dashboard/dashboard_zenrpc.go for the new fields - Render NoBackendRetryAfter under Proxy in the dashboard config tab and add a static line describing proxy error codes (cb_open=503+RA, upstream_error=502, no_backends=503+RA, panic=500) - Add URLRules block (Path/Method/Host inputs, AND-semantics) and NoBackendRetryAfter input under Circuit Breaker in the config builder, with TOML round-tripping (default config, importer, emitter)
sergeyfast
force-pushed
the
sync/2026-05-01
branch
from
4b4e60e to
bf45998
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
tools/call(composite method names enable per-tool rate limits, whitelist and metrics) and per-URL rate limit rules (HTTP path/method/host matching)wafsrv_proxy_errors_total{target, reason}metricURLRulesandProxy.NoBackendRetryAfterin the dashboard config view and config builder UI; minor alerter cleanup and nil-interface fixTest plan
make fmt lintcleango test ./...green/rpc/config view shows new fields