Expand description
Embedded HTTP server.
environmentd embeds an HTTP server for introspection into the running process. At the moment, its primary exports are Prometheus metrics, heap profiles, and catalog dumps.
§Authentication flow
The server supports several authentication modes, controlled by the
configured listeners::AuthenticatorKind. The general flow is:
-
Identity resolution. An authentication middleware runs on every protected request and resolves the caller’s identity via one of:
- Credentials in headers. The caller supplies a username/password or
token in the request headers. Supported by all
listeners::AuthenticatorKinds. - Session reuse. If the caller has an active authenticated session
(established via
POST /api/login) and has not supplied credentials in the request headers, the session is reused. Only available forlisteners::AuthenticatorKind::Passwordandlisteners::AuthenticatorKind::Oidc. - Trusted header injection. A trusted upstream proxy (e.g. Teleport)
may inject the caller’s identity into the request headers. Only available
for
listeners::AuthenticatorKind::None.
- Credentials in headers. The caller supplies a username/password or
token in the request headers. Supported by all
-
Session initialization. Once the caller’s identity is known, an adapter session is opened on their behalf. This happens as part of request processing, after all middleware has run.
-
Request handling. The handler executes the request (e.g. runs SQL) using the initialized adapter session.
§WebSocket
The WebSocket flow is identical to the HTTP flow with two differences:
- Credentials are not read from request headers. Instead, the first message sent by the client is treated as the authentication message.
- Session initialization (step 2) happens inside the WebSocket handler itself, rather than as a separate middleware step.
Modules§
- mcp_
metrics - Prometheus metrics for the MCP HTTP endpoints.
Structs§
- Authed
Client - Authed
User - Http
Config - Http
Server - Internal
Route Config - Login
Credentials - Metrics
- SqlResponse
- The response to a
SqlRequest. - Tower
Session Data - Webhook
State - WsState
Enums§
Constants§
- MAX_
REQUEST_ SIZE - Maximum allowed size for a request.