ContextForge MCP Gateway

Official

Overview Schema Related Servers Score Discussions

implementation-guide.md•15.8 kB

# Rust PII Filter - Complete Implementation Guide ## ✅ Files Created So Far 1. **plugins_rust/Cargo.toml** - Rust dependencies and build configuration 2. **plugins_rust/pyproject.toml** - Python packaging with maturin 3. **plugins_rust/README.md** - Complete user documentation 4. **plugins_rust/src/lib.rs** - PyO3 module entry point 5. **plugins_rust/src/pii_filter/mod.rs** - Module exports 6. **plugins_rust/src/pii_filter/config.rs** - Configuration types 7. **plugins_rust/src/pii_filter/patterns.rs** - Regex pattern compilation (12+ patterns) ## 📝 Remaining Files to Create ### Core Implementation (High Priority) #### 1. `plugins_rust/src/pii_filter/detector.rs` **Purpose**: Core PII detection logic with PyO3 bindings **Key Components**: ```rust use pyo3::prelude::*; use std::collections::HashMap; /// Detection result for a single PII match #[derive(Debug, Clone)] pub struct Detection { pub value: String, pub start: usize, pub end: usize, pub mask_strategy: MaskingStrategy, } /// Main detector exposed to Python #[pyclass] pub struct PIIDetectorRust { patterns: CompiledPatterns, config: PIIConfig, } #[pymethods] impl PIIDetectorRust { #[new] pub fn new(config_dict: &PyDict) -> PyResult<Self> { // Extract config and compile patterns } pub fn detect(&self, text: &str) -> PyResult<HashMap<String, Vec<PyObject>>> { // Use RegexSet for parallel matching // Then individual regexes for capture groups // Return HashMap of PIIType -> Vec<Detection> } pub fn mask(&self, text: &str, detections: &PyAny) -> PyResult<String> { // Apply masking based on strategy } pub fn process_nested(&self, data: &PyAny, path: &str) -> PyResult<(bool, PyObject, PyObject)> { // Recursive JSON/dict traversal } } ``` **Performance**: Use `RegexSet.matches()` for O(M) parallel matching instead of O(N×M) sequential --- #### 2. `plugins_rust/src/pii_filter/masking.rs` **Purpose**: Masking strategies implementation **Key Functions**: ```rust /// Apply masking to detected PII pub fn mask_pii( text: &str, detections: &HashMap<PIIType, Vec<Detection>>, config: &PIIConfig, ) -> String { // Use Cow<str> for zero-copy when no masking needed if detections.is_empty() { return text.to_string(); } // Sort detections by position (reverse order for replacement) // Apply masking based on strategy } /// Apply partial masking (show first/last chars) fn partial_mask(value: &str, pii_type: PIIType) -> String { match pii_type { PIIType::Ssn => format!("***-**-{}", &value[value.len()-4..]), PIIType::CreditCard => format!("****-****-****-{}", &value[value.len()-4..]), PIIType::Email => { // Show first char + last char before @ } _ => format!("{}***{}", &value[..1], &value[value.len()-1..]) } } /// Hash masking using SHA256 fn hash_mask(value: &str) -> String { use sha2::{Sha256, Digest}; let hash = Sha256::digest(value.as_bytes()); format!("[HASH:{}]", &format!("{:x}", hash)[..8]) } /// Tokenize using UUID fn tokenize_mask(_value: &str) -> String { format!("[TOKEN:{}]", uuid::Uuid::new_v4().simple().to_string()[..8]) } ``` --- #### 3. `plugins_rust/src/pii_filter/traverse.rs` **Purpose**: Recursive JSON/dict traversal with zero-copy **Key Functions**: ```rust use serde_json::Value; /// Process nested data structures pub fn process_nested_data( data: &PyAny, path: &str, patterns: &CompiledPatterns, config: &PIIConfig, ) -> PyResult<(bool, PyObject, HashMap<String, Vec<PyObject>>)> { // Convert Python to JSON Value (zero-copy where possible) let value: Value = pythonize::depythonize(data)?; // Traverse recursively let (modified, new_value, detections) = traverse_value(&value, path, patterns, config); // Convert back to Python Ok((modified, pythonize::pythonize(py, &new_value)?, detections)) } fn traverse_value( value: &Value, path: &str, patterns: &CompiledPatterns, config: &PIIConfig, ) -> (bool, Value, HashMap<String, Vec<Detection>>) { match value { Value::String(s) => { // Detect PII in string let detections = detect_in_string(s, patterns); if !detections.is_empty() { let masked = mask_pii(s, &detections, config); (true, Value::String(masked), detections) } else { (false, value.clone(), HashMap::new()) } } Value::Object(map) => { // Traverse object recursively (zero-copy) // ... implementation } Value::Array(arr) => { // Traverse array recursively // ... implementation } _ => (false, value.clone(), HashMap::new()), } } ``` --- ### Testing (High Priority) #### 4. `plugins_rust/tests/integration.rs` **Purpose**: Integration tests for Python ↔ Rust boundary ```rust use pyo3::prelude::*; use pyo3::types::PyDict; #[test] fn test_detector_creation() { Python::with_gil(|py| { let config = PyDict::new(py); config.set_item("detect_ssn", true).unwrap(); let detector = plugins_rust::PIIDetectorRust::new(config).unwrap(); // Assert detector created successfully }); } #[test] fn test_ssn_detection() { Python::with_gil(|py| { let config = PyDict::new(py); let detector = plugins_rust::PIIDetectorRust::new(config).unwrap(); let text = "My SSN is 123-45-6789"; let detections = detector.detect(text).unwrap(); // Assert SSN detected assert!(detections.contains_key("ssn")); }); } ``` --- #### 5. `plugins_rust/benches/pii_filter.rs` **Purpose**: Criterion benchmarks ```rust use criterion::{black_box, criterion_group, criterion_main, Criterion, BenchmarkId}; fn bench_detect(c: &mut Criterion) { let mut group = c.benchmark_group("PII Filter"); for size in [1024, 10240, 102400].iter() { let text = generate_test_text(*size); group.bench_with_input( BenchmarkId::new("detect", size), &text, |b, text| { b.iter(|| { // Benchmark detection black_box(detect_pii(text, &patterns)); }); }, ); } group.finish(); } criterion_group!(benches, bench_detect); criterion_main!(benches); ``` --- ### Python Integration #### 6. `plugins/pii_filter/pii_filter_python.py` **Purpose**: Rename existing implementation as fallback ```bash cd plugins/pii_filter/ cp pii_filter.py pii_filter_python.py ``` Then in `pii_filter_python.py`: - Rename `PIIDetector` class to `PythonPIIDetector` - Keep ALL existing code exactly as-is - This becomes the fallback implementation --- #### 7. `plugins/pii_filter/pii_filter_rust.py` **Purpose**: Thin Python wrapper around Rust ```python from typing import Dict, List, Any import logging logger = logging.getLogger(__name__) try: from plugins_rust import PIIDetectorRust as _RustDetector RUST_AVAILABLE = True except ImportError as e: RUST_AVAILABLE = False _RustDetector = None logger.warning(f"Rust PII filter not available: {e}") class RustPIIDetector: """Thin wrapper around Rust implementation.""" def __init__(self, config: 'PIIFilterConfig'): if not RUST_AVAILABLE: raise ImportError("Rust implementation not available") # Convert Pydantic config to dict for Rust config_dict = config.model_dump() self._rust_detector = _RustDetector(config_dict) self.config = config def detect(self, text: str) -> Dict[str, List[Dict]]: return self._rust_detector.detect(text) def mask(self, text: str, detections: Dict) -> str: return self._rust_detector.mask(text, detections) ``` --- #### 8. `plugins/pii_filter/pii_filter.py` (MODIFIED) **Purpose**: Auto-detection and selection logic ```python import os from mcpgateway.services.logging_service import LoggingService logging_service = LoggingService() logger = logging_service.get_logger(__name__) # Import fallback from .pii_filter_python import PythonPIIDetector, PIIFilterConfig # Try Rust try: from .pii_filter_rust import RustPIIDetector, RUST_AVAILABLE except ImportError: RUST_AVAILABLE = False class PIIFilterPlugin(Plugin): """PII Filter with automatic Rust/Python selection.""" def __init__(self, config: PluginConfig): super().__init__(config) self.pii_config = PIIFilterConfig.model_validate(self._config.config) # Selection logic force_python = os.getenv("MCPGATEWAY_FORCE_PYTHON_PLUGINS", "false").lower() == "true" if RUST_AVAILABLE and not force_python: try: self.detector = RustPIIDetector(self.pii_config) self.implementation = "rust" logger.info("✓ PII Filter: Using Rust implementation (5-10x faster)") except Exception as e: logger.warning(f"Rust initialization failed: {e}, falling back to Python") self.detector = PythonPIIDetector(self.pii_config) self.implementation = "python" else: self.detector = PythonPIIDetector(self.pii_config) self.implementation = "python" if not RUST_AVAILABLE: logger.warning("PII Filter: Using Python (install mcpgateway[rust] for 5-10x speedup)") async def tool_pre_invoke(self, payload, context): # Delegate to self.detector (Rust or Python - same interface) context.metadata["pii_filter_implementation"] = self.implementation # ... rest of existing logic ... ``` --- ### Testing & Benchmarking #### 9. `tests/unit/mcpgateway/plugins/test_pii_filter_rust.py` **Purpose**: Python test suite for Rust implementation ```python import pytest from plugins.pii_filter.pii_filter_rust import RustPIIDetector, RUST_AVAILABLE from plugins.pii_filter.pii_filter_python import PIIFilterConfig pytestmark = pytest.mark.skipif(not RUST_AVAILABLE, reason="Rust not available") @pytest.fixture def detector(): config = PIIFilterConfig() return RustPIIDetector(config) def test_ssn_detection(detector): text = "My SSN is 123-45-6789" detections = detector.detect(text) assert "ssn" in detections assert len(detections["ssn"]) == 1 assert detections["ssn"][0]["value"] == "123-45-6789" def test_email_detection(detector): text = "Contact: john@example.com" detections = detector.detect(text) assert "email" in detections # ... 50+ more tests covering all patterns ... ``` --- #### 10. `tests/differential/test_pii_filter_differential.py` **Purpose**: Ensure Rust and Python produce identical outputs ```python import pytest from plugins.pii_filter.pii_filter_python import PythonPIIDetector from plugins.pii_filter.pii_filter_rust import RustPIIDetector, RUST_AVAILABLE pytestmark = pytest.mark.skipif(not RUST_AVAILABLE, reason="Rust not available") # Test corpus with 1000+ cases TEST_CORPUS = [ "My SSN is 123-45-6789", "Card: 4111-1111-1111-1111", "Email: test@example.com", # ... 1000+ more cases ] @pytest.mark.parametrize("text", TEST_CORPUS) def test_identical_detection(text): config = PIIFilterConfig() python_detector = PythonPIIDetector(config) rust_detector = RustPIIDetector(config) python_result = python_detector.detect(text) rust_result = rust_detector.detect(text) # Assert identical results assert python_result == rust_result ``` --- #### 11. `benchmarks/compare_pii_filter.py` **Purpose**: Performance comparison tool ```python import time from plugins.pii_filter.pii_filter_python import PythonPIIDetector from plugins.pii_filter.pii_filter_rust import RustPIIDetector def benchmark(detector, text, iterations=1000): start = time.perf_counter() for _ in range(iterations): detector.detect(text) end = time.perf_counter() return (end - start) / iterations * 1000 # ms per iteration if __name__ == "__main__": config = PIIFilterConfig() python_detector = PythonPIIDetector(config) rust_detector = RustPIIDetector(config) for size in [1024, 10240, 102400]: text = generate_test_text(size) python_time = benchmark(python_detector, text) rust_time = benchmark(rust_detector, text) speedup = python_time / rust_time print(f"{size}B: Python {python_time:.2f}ms, Rust {rust_time:.2f}ms, Speedup: {speedup:.1f}x") ``` --- ### CI/CD #### 12. `.github/workflows/rust-plugins.yml` **Purpose**: Automated builds and testing ```yaml name: Rust Plugins on: [push, pull_request] jobs: build-and-test: strategy: matrix: os: [ubuntu-latest, macos-latest, windows-latest] python-version: ["3.11", "3.12"] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 - uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} - uses: dtolnay/rust-toolchain@stable - name: Install maturin run: pip install maturin pytest - name: Build Rust extensions run: | cd plugins_rust maturin develop --release - name: Run Rust tests run: cd plugins_rust && cargo test - name: Run Python integration tests run: pytest tests/unit/mcpgateway/plugins/test_pii_filter_rust.py -v - name: Run differential tests run: pytest tests/differential/ -v - name: Build wheels run: cd plugins_rust && maturin build --release - name: Upload wheels uses: actions/upload-artifact@v3 with: name: wheels-${{ matrix.os }}-${{ matrix.python-version }} path: plugins_rust/target/wheels/*.whl ``` --- ## 🚀 Quick Start Commands ### Build and Test Locally ```bash # Install Rust curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh # Install maturin pip install maturin # Build Rust extensions cd plugins_rust maturin develop --release # Run Rust tests cargo test # Run Python tests cd .. pytest tests/unit/mcpgateway/plugins/test_pii_filter_rust.py -v # Run benchmarks cd plugins_rust cargo bench # Run differential tests pytest tests/differential/ -v # Compare performance python benchmarks/compare_pii_filter.py ``` --- ## 📊 Expected Results After full implementation: ### Performance Benchmarks ``` Payload Size | Python | Rust | Speedup -------------|---------|---------|-------- 1KB | 5ms | 0.5ms | 10x 10KB | 50ms | 2ms | 25x 100KB | 500ms | 15ms | 33x ``` ### Differential Testing ``` 1000+ test cases: 100% identical outputs ✓ ``` ### Code Quality ``` cargo clippy: 0 warnings ✓ cargo audit: 0 vulnerabilities ✓ coverage: >90% ✓ ``` --- ## 🎯 Implementation Priority 1. **HIGHEST**: Complete detector.rs, masking.rs, traverse.rs (core functionality) 2. **HIGH**: Integration tests and differential tests (ensure correctness) 3. **MEDIUM**: Benchmarks and performance comparison (validate speedup) 4. **MEDIUM**: Python integration wrapper (pii_filter_rust.py) 5. **LOW**: CI/CD workflow (automation) --- ## 📞 Need Help? - **Rust compilation errors**: Check `rustc --version` (need 1.70+) - **PyO3 errors**: Ensure Python 3.11+ with `python --version` - **maturin errors**: Try `pip install -U maturin` - **Import errors**: Run `maturin develop --release` from plugins_rust/ --- This implementation provides **5-10x speedup** while maintaining **100% compatibility** with the existing Python implementation! 🦀

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/IBM/mcp-context-forge'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

implementation-guide.md•15.8 kB