IBM · lucarlig · Apr 3, 2026 · Apr 3, 2026 · Apr 3, 2026 · Apr 3, 2026
@@ -198,6 +198,8 @@ SECURE_COOKIES=false
 
 # Enable validation middleware and experimental IO validation for visibility
 EXPERIMENTAL_VALIDATE_IO=true
+# Optional: enable the Rust validation middleware accelerator after `make rust-validation-install`
+# EXPERIMENTAL_RUST_VALIDATION_MIDDLEWARE_ENABLED=false
 VALIDATION_MIDDLEWARE_ENABLED=true
 
 # Permission audit logging (RBAC checks) - disabled by default for performance
@@ -830,10 +832,16 @@ OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4317
 # Phase 0: EXPERIMENTAL_VALIDATE_IO=false (disabled, default)
 # Phase 1: EXPERIMENTAL_VALIDATE_IO=true, VALIDATION_STRICT=false (log-only)
 # Phase 2: EXPERIMENTAL_VALIDATE_IO=true, VALIDATION_STRICT=true (enforce in staging)
+# Optional accelerator: EXPERIMENTAL_RUST_VALIDATION_MIDDLEWARE_ENABLED=true after `make rust-validation-install`
 # Phase 3: Production deployment with all features enabled
 # Project defaults block enables EXPERIMENTAL_VALIDATE_IO for local dev
 # EXPERIMENTAL_VALIDATE_IO=false
 
+# Enable the experimental in-process Rust accelerator for validation middleware parameter checks,
+# JSON validation, resource-path validation, and response sanitization
+# Requires `make rust-validation-install` before enabling.
+# EXPERIMENTAL_RUST_VALIDATION_MIDDLEWARE_ENABLED=false
+
 # Enable validation middleware for all requests
 # When enabled, validates all incoming request parameters and paths
 # Options: true, false (default)
@@ -2723,6 +2731,7 @@ PLUGINS_CLI_MARKUP_MODE=rich
 # VALIDATION_MAX_TEMPLATE_LENGTH=65536
 # VALIDATION_MAX_CONTENT_LENGTH=1048576
 # VALIDATION_MAX_JSON_DEPTH=10
+# VALIDATION_MIDDLEWARE_MAX_JSON_DEPTH=1024
 # VALIDATION_MAX_URL_LENGTH=2048
 # VALIDATION_MAX_RPC_PARAM_SIZE=262144
 # VALIDATION_MAX_METHOD_LENGTH=128

@@ -20,7 +20,12 @@ on:
       - "Cargo.lock"
       - "rust-toolchain.toml"
       - "deny.toml"
+      - "mcpgateway/config.py"
+      - "mcpgateway/middleware/validation_middleware.py"
       - "tests/e2e_rust/**"
+      - "tests/unit/mcpgateway/test_config.py"
+      - "tests/unit/mcpgateway/middleware/test_validation_middleware.py"
+      - "tests/unit/test_validation_middleware_rust_stubs.py"
       - ".github/workflows/pytest-rust.yml"
 
 concurrency:
@@ -93,6 +98,9 @@ jobs:
       - name: 🔨  Build Rust extensions
         run: make rust-install
 
+      - name: 🧪  Run Rust validation middleware tests
+        run: cargo test --manifest-path crates/validation_middleware_rust/Cargo.toml
+
       - name: 🧪  Run pytest
         run: |
           uv run --extra plugins pytest -n 0 \

@@ -3,7 +3,7 @@
     "files": "(?x)( package-lock\\.json$ |Cargo\\.lock$ |uv\\.lock$ |go\\.sum$ |mcpgateway/sri_hashes\\.json$ )|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2026-04-24T06:32:02Z",
+  "generated_at": "2026-04-24T12:58:40Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -92,95 +92,95 @@
         "hashed_secret": "08cd923367890009657eab812753379bdb321eeb",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 547,
+        "line_number": 549,
         "type": "Basic Auth Credentials",
         "verified_result": null
       },
       {
         "hashed_secret": "14f8aa3e560a47851908ab0f04ec856dbc512d93",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 742,
+        "line_number": 744,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "fa9beb99e4029ad5a6615399e7bbae21356086b3",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1011,
+        "line_number": 1019,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "7b4455a56fbf1d198e45e04c437488514645a82c",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1037,
+        "line_number": 1045,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "d08f88df745fa7950b104e4a707a31cfce7b5841",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1045,
+        "line_number": 1053,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "ac371b6dcce28a86c90d12bc57d946a800eebf17",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1125,
+        "line_number": 1133,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "0b6ec68df700dec4dcd64babd0eda1edccddace1",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1130,
+        "line_number": 1138,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "4ad6f0082ee224001beb3ca5c3e81c8ceea5ed86",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1135,
+        "line_number": 1143,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "cb32747fcfb55eaa194c8cd8e4ba7d49ada08a94",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1141,
+        "line_number": 1149,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "6c178d51b13520496dbc767ed3d9d7aa5803ac72",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1153,
+        "line_number": 1161,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "ca45060a53fd8a255d1a83ee8d2f025283ccc66e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1171,
+        "line_number": 1179,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "910fbf00f58e9bcb095ea26a75cc1d9a3355e671",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1232,
+        "line_number": 1240,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -546,15 +546,15 @@
         "hashed_secret": "bc1a7c4dc707a3b61e2e9a345eec9e23674efa11",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 994,
+        "line_number": 996,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "2df14e4719f299249cd9a97cf68cc87232a27cbb",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1301,
+        "line_number": 1303,
         "type": "Hex High Entropy String",
         "verified_result": null
       }
@@ -610,71 +610,71 @@
         "hashed_secret": "7b4455a56fbf1d198e45e04c437488514645a82c",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 813,
+        "line_number": 815,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "25ab86bed149ca6ca9c1c0d5db7c9a91388ddeab",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 969,
+        "line_number": 971,
         "type": "Basic Auth Credentials",
         "verified_result": null
       },
       {
         "hashed_secret": "d08f88df745fa7950b104e4a707a31cfce7b5841",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1072,
+        "line_number": 1074,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "7288edd0fc3ffcbe93a0cf06e3568e28521687bc",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1075,
+        "line_number": 1077,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "8674c9b302d20800e4ab3808f139704d8641a6e3",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1241,
+        "line_number": 1243,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "cff0d14e4337fa8bdb68dfa906f04b0df6fad72f",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1280,
+        "line_number": 1282,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "f865b53623b121fd34ee5426c792e5c33af8c227",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1329,
+        "line_number": 1331,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "acde39840735314af1300688b6c2324ea89770a3",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1424,
+        "line_number": 1426,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "fa9beb99e4029ad5a6615399e7bbae21356086b3",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1795,
+        "line_number": 1797,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -4870,7 +4870,7 @@
         "hashed_secret": "ff37a98a9963d347e9749a5c1b3936a4a245a6ff",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 2327,
+        "line_number": 2331,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -9102,55 +9102,55 @@
         "hashed_secret": "78466ed9a08daa9faf88434c1dd6bb8761e98a61",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 499,
+        "line_number": 501,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "51beb0ccb2d6f1365ed1278c636dabcd8797db95",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 512,
+        "line_number": 514,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "95bb8a28fc0d18320a4d8deae3bd9c043709a22f",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 518,
+        "line_number": 520,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "cbfdac6008f9cab4083784cbd1874f76618d2a97",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 587,
+        "line_number": 589,
         "type": "Basic Auth Credentials",
         "verified_result": null
       },
       {
         "hashed_secret": "0f0ab1d14970dea160a53133a1b2487ba464fda3",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 647,
+        "line_number": 649,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "516b9783fca517eecbd1d064da2d165310b19759",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1016,
+        "line_number": 1018,
         "type": "Basic Auth Credentials",
         "verified_result": null
       },
       {
         "hashed_secret": "ef4eb24299c517306652ffee61e05934f2224914",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1268,
+        "line_number": 1270,
         "type": "Secret Keyword",
         "verified_result": null
       }