Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 23 additions & 16 deletions internal/mcp/http_transport_client.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,22 @@ func (rt *headerInjectingRoundTripper) RoundTrip(req *http.Request) (*http.Respo
return rt.base.RoundTrip(reqCopy)
}

// cloneHTTPClientWithTransport returns a shallow copy of baseClient with the given transport.
// Callers constructing a wrapper transport should use resolveBaseTransport to obtain its base.
func cloneHTTPClientWithTransport(baseClient *http.Client, newTransport http.RoundTripper) *http.Client {
clone := *baseClient
clone.Transport = newTransport
return &clone
}

// resolveBaseTransport returns the client's transport, falling back to http.DefaultTransport.
func resolveBaseTransport(c *http.Client) http.RoundTripper {
if c.Transport != nil {
return c.Transport
}
return http.DefaultTransport
}

// buildHTTPClientWithHeaders returns a copy of baseClient whose transport injects
// the provided headers into every outgoing request. When headers is empty the
// original baseClient is returned unchanged.
Expand All @@ -54,13 +70,10 @@ func buildHTTPClientWithHeaders(baseClient *http.Client, headers map[string]stri
return baseClient
}
logHTTP.Printf("Wrapping HTTP client with %d custom header(s)", len(headers))
base := baseClient.Transport
if base == nil {
base = http.DefaultTransport
}
clone := *baseClient
clone.Transport = &headerInjectingRoundTripper{base: base, headers: headers}
return &clone
return cloneHTTPClientWithTransport(baseClient, &headerInjectingRoundTripper{
base: resolveBaseTransport(baseClient),
headers: headers,
})
}

// oidcRoundTripper is an http.RoundTripper that dynamically acquires a GitHub Actions
Expand Down Expand Up @@ -90,15 +103,9 @@ func (rt *oidcRoundTripper) RoundTrip(req *http.Request) (*http.Response, error)
// token overwrites the Authorization header.
func buildHTTPClientWithOIDC(baseClient *http.Client, provider *oidc.Provider, audience string) *http.Client {
logHTTP.Printf("Wrapping HTTP client with OIDC provider: audience=%s", audience)
base := baseClient.Transport
if base == nil {
base = http.DefaultTransport
}
clone := *baseClient
clone.Transport = &oidcRoundTripper{
base: base,
return cloneHTTPClientWithTransport(baseClient, &oidcRoundTripper{
base: resolveBaseTransport(baseClient),
provider: provider,
audience: audience,
}
return &clone
})
}
7 changes: 3 additions & 4 deletions internal/sanitize/sanitize.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,6 @@ import (
"net/url"
"regexp"
"strings"

"github.com/github/gh-aw-mcpg/internal/util"
)

// SecretPatterns contains regex patterns for detecting potential secrets
Expand Down Expand Up @@ -92,10 +90,11 @@ func TruncateSecret(input string) string {
if len(input) == 0 {
return ""
}
if len(input) <= 4 {
const prefixLen = 4
if len(input) <= prefixLen {
return "..."
}
return util.TruncateWithSuffix(input, 4, "...")
return input[:prefixLen] + "..."
}

// TruncateSecretMap returns a sanitized version of environment variables
Expand Down
Loading