Implement full MCP Client API with meta support#5
Merged
Conversation
Add complete Client API matching Python fastmcp, including: Client Methods: - list_tools() / list_tools_mcp() - enumerate available tools - call_tool() / call_tool_mcp() - invoke tools with meta support - list_resources() / list_resources_mcp() - enumerate resources - list_resource_templates() - get resource templates - read_resource() / read_resource_mcp() - read resource contents - list_prompts() / list_prompts_mcp() - enumerate prompts - get_prompt() / get_prompt_mcp() - get prompt by name - complete() / complete_mcp() - completion support Features: - Full meta parameter support for contextual data (user IDs, trace IDs) - Structured output validation and coercion - Progress handler callbacks - Timeout support - Roots notification handling - Sampling/elicitation callback stubs New Files: - include/fastmcpp/client/types.hpp - Client result types - tests/client_api.cpp - Comprehensive test coverage (11 test cases) - examples/client_api.cpp - Usage demonstration Resolves: #2
The mock servers return different counts than the tests expected: - tools: 4 (was 3) - resources: 3 (was 2) These assertions only fail in Debug builds since Release builds define NDEBUG which disables assert().
0xeb
force-pushed
the
feature/client-api
branch
from
719e15f to
44c6499
Compare
Closed
0xeb
added a commit
that referenced
this pull request
Nov 30, 2025
…ontrol (issue #5) Implements optional request logging, rate limiting, and concurrency limiting middleware to prevent abuse and DoS attacks on server routes. Features: - LoggingMiddleware: Optional audit trail for all route invocations - RateLimitMiddleware: Sliding window rate limiting per route - ConcurrencyLimitMiddleware: Limits parallel handler execution All middleware are optional and can be combined. Includes comprehensive tests covering logging, rate enforcement, window expiration, concurrency limiting, and middleware composition. Security audit issue: fastmcpp #5 (minimal logging/limits on server hooks)
0xeb
added a commit
that referenced
this pull request
Nov 30, 2025
This commit addresses multiple security vulnerabilities and adds comprehensive test coverage for HTTP client API integration. Security Fixes: - Add payload and timeout limits to HTTP/SSE servers (issue #3) - Fix SSE session security with crypto-random IDs and session binding (issue #2) - Add optional authentication and restrict CORS (issue #1) - Fix HTTP client scheme handling and disable redirects (issue #4) - Add security middleware for logging, rate limiting, and concurrency control (issue #5) Test Coverage: - Add HTTP client API integration tests (not LoopbackTransport) - Add SSE HTTP integration tests with real network stack - Fix SSE server test to extract and use session_id All 45 tests passing (100% pass rate)
2 tasks
0xeb
added a commit
that referenced
this pull request
Nov 30, 2025
This commit addresses multiple security vulnerabilities and adds comprehensive test coverage for HTTP client API integration. Security Fixes: - Add payload and timeout limits to HTTP/SSE servers (issue #3) - Fix SSE session security with crypto-random IDs and session binding (issue #2) - Add optional authentication and restrict CORS (issue #1) - Fix HTTP client scheme handling and disable redirects (issue #4) - Add security middleware for logging, rate limiting, and concurrency control (issue #5) Test Coverage: - Add HTTP client API integration tests (not LoopbackTransport) - Add SSE HTTP integration tests with real network stack - Fix SSE server test to extract and use session_id All 45 tests passing (100% pass rate)
0xeb
added a commit
that referenced
this pull request
Nov 30, 2025
This commit addresses multiple security vulnerabilities and adds comprehensive test coverage for HTTP client API integration. Security Fixes: - Add payload and timeout limits to HTTP/SSE servers (issue #3) - Fix SSE session security with crypto-random IDs and session binding (issue #2) - Add optional authentication and restrict CORS (issue #1) - Fix HTTP client scheme handling and disable redirects (issue #4) - Add security middleware for logging, rate limiting, and concurrency control (issue #5) Test Coverage: - Add HTTP client API integration tests (not LoopbackTransport) - Add SSE HTTP integration tests with real network stack - Fix SSE server test to extract and use session_id All 45 tests passing (100% pass rate)
0xeb
added a commit
that referenced
this pull request
Nov 30, 2025
This commit addresses multiple security vulnerabilities and adds comprehensive test coverage for HTTP client API integration. Security Fixes: - Add payload and timeout limits to HTTP/SSE servers (issue #3) - Fix SSE session security with crypto-random IDs and session binding (issue #2) - Add optional authentication and restrict CORS (issue #1) - Fix HTTP client scheme handling and disable redirects (issue #4) - Add security middleware for logging, rate limiting, and concurrency control (issue #5) Test Coverage: - Add HTTP client API integration tests (not LoopbackTransport) - Add SSE HTTP integration tests with real network stack - Fix SSE server test to extract and use session_id All 45 tests passing (100% pass rate)
0xeb
added a commit
that referenced
this pull request
Nov 30, 2025
This commit addresses multiple security vulnerabilities and adds comprehensive test coverage for HTTP client API integration. Security Fixes: - Add payload and timeout limits to HTTP/SSE servers (issue #3) - Fix SSE session security with crypto-random IDs and session binding (issue #2) - Add optional authentication and restrict CORS (issue #1) - Fix HTTP client scheme handling and disable redirects (issue #4) - Add security middleware for logging, rate limiting, and concurrency control (issue #5) Test Coverage: - Add HTTP client API integration tests (not LoopbackTransport) - Add SSE HTTP integration tests with real network stack - Fix SSE server test to extract and use session_id All 45 tests passing (100% pass rate)
0xeb
added a commit
that referenced
this pull request
Nov 30, 2025
This commit addresses multiple security vulnerabilities and adds comprehensive test coverage for HTTP client API integration. Security Fixes: - Add payload and timeout limits to HTTP/SSE servers (issue #3) - Fix SSE session security with crypto-random IDs and session binding (issue #2) - Add optional authentication and restrict CORS (issue #1) - Fix HTTP client scheme handling and disable redirects (issue #4) - Add security middleware for logging, rate limiting, and concurrency control (issue #5) Test Coverage: - Add HTTP client API integration tests (not LoopbackTransport) - Add SSE HTTP integration tests with real network stack - Fix SSE server test to extract and use session_id All 45 tests passing (100% pass rate)
0xeb
added a commit
that referenced
this pull request
Nov 30, 2025
This commit addresses multiple security vulnerabilities and adds comprehensive test coverage for HTTP client API integration. Security Fixes: - Add payload and timeout limits to HTTP/SSE servers (issue #3) - Fix SSE session security with crypto-random IDs and session binding (issue #2) - Add optional authentication and restrict CORS (issue #1) - Fix HTTP client scheme handling and disable redirects (issue #4) - Add security middleware for logging, rate limiting, and concurrency control (issue #5) Test Coverage: - Add HTTP client API integration tests (not LoopbackTransport) - Add SSE HTTP integration tests with real network stack - Fix SSE server test to extract and use session_id All 45 tests passing (100% pass rate)
0xeb
added a commit
that referenced
this pull request
Nov 30, 2025
This commit addresses multiple security vulnerabilities and adds comprehensive test coverage for HTTP client API integration. Security Fixes: - Add payload and timeout limits to HTTP/SSE servers (issue #3) - Fix SSE session security with crypto-random IDs and session binding (issue #2) - Add optional authentication and restrict CORS (issue #1) - Fix HTTP client scheme handling and disable redirects (issue #4) - Add security middleware for logging, rate limiting, and concurrency control (issue #5) Test Coverage: - Add HTTP client API integration tests (not LoopbackTransport) - Add SSE HTTP integration tests with real network stack - Fix SSE server test to extract and use session_id All 45 tests passing (100% pass rate)
0xeb
added a commit
that referenced
this pull request
Dec 1, 2025
This commit addresses multiple security vulnerabilities and adds comprehensive test coverage for HTTP client API integration. Security Fixes: - Add payload and timeout limits to HTTP/SSE servers (issue #3) - Fix SSE session security with crypto-random IDs and session binding (issue #2) - Add optional authentication and restrict CORS (issue #1) - Fix HTTP client scheme handling and disable redirects (issue #4) - Add security middleware for logging, rate limiting, and concurrency control (issue #5) Test Coverage: - Add HTTP client API integration tests (not LoopbackTransport) - Add SSE HTTP integration tests with real network stack - Fix SSE server test to extract and use session_id All 45 tests passing (100% pass rate)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add complete Client API matching Python fastmcp, resolving Issue #2 (meta parameter support).
Client Methods Added
list_tools()/list_tools_mcp()- enumerate available toolscall_tool()/call_tool_mcp()- invoke tools with meta supportlist_resources()/list_resources_mcp()- enumerate resourceslist_resource_templates()- get resource templatesread_resource()/read_resource_mcp()- read resource contentslist_prompts()/list_prompts_mcp()- enumerate promptsget_prompt()/get_prompt_mcp()- get prompt by namecomplete()/complete_mcp()- completion supportFeatures
metaparameter support for contextual data (user IDs, trace IDs)New Files
include/fastmcpp/client/types.hpp- Client result typestests/client_api.cpp- Comprehensive test coverageexamples/client_api.cpp- Usage demonstrationTest Plan
Resolves #2