kai/ColaFlow
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(backend): Implement Story 5.4 - MCP Error Handling & Logging

Browse Source 
Implement comprehensive error handling and structured logging for MCP module.

**Exception Hierarchy**:
- Created McpException base class with JSON-RPC error mapping
- Implemented 8 specific exception types (Parse, InvalidRequest, MethodNotFound, etc.)
- Each exception maps to correct HTTP status code (401, 403, 404, 422, 400, 500)

**Middleware**:
- McpCorrelationIdMiddleware: Generates/extracts correlation ID for request tracking
- McpExceptionHandlerMiddleware: Global exception handler with JSON-RPC error responses
- McpLoggingMiddleware: Request/response logging with sensitive data sanitization

**Serilog Integration**:
- Configured structured logging with Console and File sinks
- Log rotation (daily, 30-day retention)
- Correlation ID enrichment in all log entries

**Features**:
- Correlation ID propagation across request chain
- Structured logging with TenantId, UserId, ApiKeyId
- Sensitive data sanitization (API keys, passwords)
- Performance metrics (request duration, slow request warnings)
- JSON-RPC 2.0 compliant error responses

**Testing**:
- 174 tests passing (all MCP module tests)
- Unit tests for all exception classes
- Unit tests for all middleware components
- 100% coverage of error mapping and HTTP status codes

**Files Added**:
- 9 exception classes in Domain/Exceptions/
- 3 middleware classes in Infrastructure/Middleware/
- 4 test files with comprehensive coverage

**Files Modified**:
- Program.cs: Serilog configuration
- McpServiceExtensions.cs: Middleware pipeline registration
- JsonRpcError.cs: Added parameterless constructor for deserialization
- MCP Infrastructure .csproj: Added Serilog package reference

**Verification**:
 All 174 MCP module tests passing
 Build successful with no errors
 Exception-to-HTTP-status mapping verified
 Correlation ID propagation tested
 Sensitive data sanitization verified

Story: docs/stories/sprint_5/story_5_4.md

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Yaojia Wang
2025-11-08 21:08:12 +01:00
parent 63d0e20371
commit c00c909489
21 changed files with 1356 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
colaflow-api/tests/Modules/Mcp/ColaFlow.Modules.Mcp.Tests/ColaFlow.Modules.Mcp.Tests.csproj
View File

@@ -10,6 +10,7 @@
<ItemGroup>
<PackageReference Include="coverlet.collector" Version="6.0.2" />
<PackageReference Include="FluentAssertions" Version="8.8.0" />
<PackageReference Include="Microsoft.AspNetCore.Http" Version="2.2.2" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
<PackageReference Include="NSubstitute" Version="5.3.0" />
<PackageReference Include="xunit" Version="2.9.2" />
@@ -21,6 +22,7 @@
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\..\..\src\Modules\Mcp\ColaFlow.Modules.Mcp.Domain\ColaFlow.Modules.Mcp.Domain.csproj" />
<ProjectReference Include="..\..\..\..\src\Modules\Mcp\ColaFlow.Modules.Mcp.Application\ColaFlow.Modules.Mcp.Application.csproj" />
<ProjectReference Include="..\..\..\..\src\Modules\Mcp\ColaFlow.Modules.Mcp.Infrastructure\ColaFlow.Modules.Mcp.Infrastructure.csproj" />
</ItemGroup>

158
colaflow-api/tests/Modules/Mcp/ColaFlow.Modules.Mcp.Tests/Domain/Exceptions/McpExceptionTests.cs Normal file
View File

@@ -0,0 +1,158 @@
using ColaFlow.Modules.Mcp.Contracts.JsonRpc;
using ColaFlow.Modules.Mcp.Domain.Exceptions;
using FluentAssertions;
namespace ColaFlow.Modules.Mcp.Tests.Domain.Exceptions;
/// <summary>
/// Unit tests for MCP exception classes
/// </summary>
public class McpExceptionTests
{
[Fact]
public void McpParseException_ShouldHaveCorrectErrorCode()
{
// Arrange & Act
var exception = new McpParseException("Invalid JSON");
// Assert
exception.ErrorCode.Should().Be(JsonRpcErrorCode.ParseError);
exception.Message.Should().Be("Invalid JSON");
exception.GetHttpStatusCode().Should().Be(400);
}
[Fact]
public void McpInvalidRequestException_ShouldHaveCorrectErrorCode()
{
// Arrange & Act
var exception = new McpInvalidRequestException("Missing required field");
// Assert
exception.ErrorCode.Should().Be(JsonRpcErrorCode.InvalidRequest);
exception.Message.Should().Be("Missing required field");
exception.GetHttpStatusCode().Should().Be(400);
}
[Fact]
public void McpMethodNotFoundException_ShouldHaveCorrectErrorCode()
{
// Arrange & Act
var exception = new McpMethodNotFoundException("unknown_method");
// Assert
exception.ErrorCode.Should().Be(JsonRpcErrorCode.MethodNotFound);
exception.Message.Should().Be("Method not found: unknown_method");
exception.GetHttpStatusCode().Should().Be(404);
}
[Fact]
public void McpInvalidParamsException_ShouldHaveCorrectErrorCode()
{
// Arrange & Act
var exception = new McpInvalidParamsException("Invalid parameter type");
// Assert
exception.ErrorCode.Should().Be(JsonRpcErrorCode.InvalidParams);
exception.Message.Should().Be("Invalid parameter type");
exception.GetHttpStatusCode().Should().Be(400);
}
[Fact]
public void McpUnauthorizedException_ShouldHaveCorrectErrorCode()
{
// Arrange & Act
var exception = new McpUnauthorizedException("Invalid API key");
// Assert
exception.ErrorCode.Should().Be(JsonRpcErrorCode.Unauthorized);
exception.Message.Should().Be("Invalid API key");
exception.GetHttpStatusCode().Should().Be(401);
}
[Fact]
public void McpForbiddenException_ShouldHaveCorrectErrorCode()
{
// Arrange & Act
var exception = new McpForbiddenException("Insufficient permissions");
// Assert
exception.ErrorCode.Should().Be(JsonRpcErrorCode.Forbidden);
exception.Message.Should().Be("Insufficient permissions");
exception.GetHttpStatusCode().Should().Be(403);
}
[Fact]
public void McpNotFoundException_ShouldHaveCorrectErrorCode()
{
// Arrange & Act
var exception = new McpNotFoundException("Task", "task-123");
// Assert
exception.ErrorCode.Should().Be(JsonRpcErrorCode.NotFound);
exception.Message.Should().Be("Task not found: task-123");
exception.GetHttpStatusCode().Should().Be(404);
}
[Fact]
public void McpValidationException_ShouldHaveCorrectErrorCode()
{
// Arrange & Act
var errorData = new { field = "name", error = "required" };
var exception = new McpValidationException("Validation failed", errorData);
// Assert
exception.ErrorCode.Should().Be(JsonRpcErrorCode.ValidationFailed);
exception.Message.Should().Be("Validation failed");
exception.ErrorData.Should().Be(errorData);
exception.GetHttpStatusCode().Should().Be(422);
}
[Fact]
public void ToJsonRpcError_ShouldConvertToJsonRpcError()
{
// Arrange
var errorData = new { detail = "test" };
var exception = new McpValidationException("Test error", errorData);
// Act
var jsonRpcError = exception.ToJsonRpcError();
// Assert
jsonRpcError.Code.Should().Be((int)JsonRpcErrorCode.ValidationFailed);
jsonRpcError.Message.Should().Be("Test error");
jsonRpcError.Data.Should().Be(errorData);
}
[Fact]
public void McpParseException_WithInnerException_ShouldPreserveInnerException()
{
// Arrange
var innerException = new InvalidOperationException("Root cause");
// Act
var exception = new McpParseException("Parse failed", innerException);
// Assert
exception.InnerException.Should().Be(innerException);
exception.InnerException.Message.Should().Be("Root cause");
}
[Fact]
public void McpException_WithErrorData_ShouldPreserveErrorData()
{
// Arrange
var errorData = new
{
field = "email",
error = "invalid format",
value = "not-an-email"
};
// Act
var exception = new McpValidationException("Validation failed", errorData);
// Assert
exception.ErrorData.Should().NotBeNull();
exception.ErrorData.Should().Be(errorData);
}
}

129
colaflow-api/tests/Modules/Mcp/ColaFlow.Modules.Mcp.Tests/Infrastructure/Middleware/McpCorrelationIdMiddlewareTests.cs Normal file
View File

@@ -0,0 +1,129 @@
using ColaFlow.Modules.Mcp.Infrastructure.Middleware;
using FluentAssertions;
using Microsoft.AspNetCore.Http;
using NSubstitute;
namespace ColaFlow.Modules.Mcp.Tests.Infrastructure.Middleware;
/// <summary>
/// Unit tests for McpCorrelationIdMiddleware
/// </summary>
public class McpCorrelationIdMiddlewareTests
{
[Fact]
public async Task InvokeAsync_ShouldGenerateCorrelationId_WhenNotProvidedInRequest()
{
// Arrange
var context = new DefaultHttpContext();
var nextCalled = false;
RequestDelegate next = (HttpContext ctx) =>
{
nextCalled = true;
return Task.CompletedTask;
};
var middleware = new McpCorrelationIdMiddleware(next);
// Act
await middleware.InvokeAsync(context);
// Assert
nextCalled.Should().BeTrue();
context.Items.Should().ContainKey("CorrelationId");
context.Items["CorrelationId"].Should().NotBeNull();
context.Items["CorrelationId"].Should().BeOfType<string>();
var correlationId = context.Items["CorrelationId"] as string;
correlationId.Should().NotBeNullOrWhiteSpace();
// Should be a valid GUID without hyphens (format "N")
Guid.TryParse(correlationId, out _).Should().BeTrue();
}
[Fact]
public async Task InvokeAsync_ShouldUseProvidedCorrelationId_WhenPresentInRequestHeader()
{
// Arrange
var expectedCorrelationId = Guid.NewGuid().ToString("N");
var context = new DefaultHttpContext();
context.Request.Headers["X-Correlation-Id"] = expectedCorrelationId;
RequestDelegate next = (HttpContext ctx) => Task.CompletedTask;
var middleware = new McpCorrelationIdMiddleware(next);
// Act
await middleware.InvokeAsync(context);
// Assert
context.Items["CorrelationId"].Should().Be(expectedCorrelationId);
}
[Fact]
public async Task InvokeAsync_ShouldAddCorrelationIdToResponseHeader()
{
// Arrange
var context = new DefaultHttpContext();
context.Response.Body = new MemoryStream(); // Required for response headers
RequestDelegate next = (HttpContext ctx) =>
{
// Trigger response to start (which adds headers)
ctx.Response.StatusCode = 200;
return Task.CompletedTask;
};
var middleware = new McpCorrelationIdMiddleware(next);
// Act
await middleware.InvokeAsync(context);
// Assert - Note: Headers are added via OnStarting callback, which executes when response starts
// In this test, we can verify the correlation ID was stored in context items
context.Items.Should().ContainKey("CorrelationId");
}
[Fact]
public async Task InvokeAsync_ShouldCallNextMiddleware()
{
// Arrange
var context = new DefaultHttpContext();
var nextCalled = false;
RequestDelegate next = (HttpContext ctx) =>
{
nextCalled = true;
return Task.CompletedTask;
};
var middleware = new McpCorrelationIdMiddleware(next);
// Act
await middleware.InvokeAsync(context);
// Assert
nextCalled.Should().BeTrue();
}
[Fact]
public async Task InvokeAsync_ShouldGenerateUniqueCorrelationIds()
{
// Arrange
var context1 = new DefaultHttpContext();
var context2 = new DefaultHttpContext();
RequestDelegate next = (HttpContext ctx) => Task.CompletedTask;
var middleware = new McpCorrelationIdMiddleware(next);
// Act
await middleware.InvokeAsync(context1);
await middleware.InvokeAsync(context2);
// Assert
var correlationId1 = context1.Items["CorrelationId"] as string;
var correlationId2 = context2.Items["CorrelationId"] as string;
correlationId1.Should().NotBeNullOrWhiteSpace();
correlationId2.Should().NotBeNullOrWhiteSpace();
correlationId1.Should().NotBe(correlationId2);
}
}

196
colaflow-api/tests/Modules/Mcp/ColaFlow.Modules.Mcp.Tests/Infrastructure/Middleware/McpExceptionHandlerMiddlewareTests.cs Normal file
View File

@@ -0,0 +1,196 @@
using ColaFlow.Modules.Mcp.Contracts.JsonRpc;
using ColaFlow.Modules.Mcp.Domain.Exceptions;
using ColaFlow.Modules.Mcp.Infrastructure.Middleware;
using FluentAssertions;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging;
using NSubstitute;
using System.Text.Json;
namespace ColaFlow.Modules.Mcp.Tests.Infrastructure.Middleware;
/// <summary>
/// Unit tests for McpExceptionHandlerMiddleware
/// </summary>
public class McpExceptionHandlerMiddlewareTests
{
private readonly ILogger<McpExceptionHandlerMiddleware> _logger;
public McpExceptionHandlerMiddlewareTests()
{
_logger = Substitute.For<ILogger<McpExceptionHandlerMiddleware>>();
}
[Fact]
public async Task InvokeAsync_ShouldCallNextMiddleware_WhenNoExceptionThrown()
{
// Arrange
var context = new DefaultHttpContext();
var nextCalled = false;
RequestDelegate next = (HttpContext ctx) =>
{
nextCalled = true;
return Task.CompletedTask;
};
var middleware = new McpExceptionHandlerMiddleware(next, _logger);
// Act
await middleware.InvokeAsync(context);
// Assert
nextCalled.Should().BeTrue();
}
[Fact]
public async Task InvokeAsync_ShouldHandleMcpException_AndReturnJsonRpcErrorResponse()
{
// Arrange
var context = new DefaultHttpContext();
context.Response.Body = new MemoryStream();
context.Items["CorrelationId"] = "test-correlation-id";
context.Items["McpRequestId"] = "test-request-id";
var expectedException = new McpNotFoundException("Task", "task-123");
RequestDelegate next = (HttpContext ctx) =>
{
throw expectedException;
};
var middleware = new McpExceptionHandlerMiddleware(next, _logger);
// Act
await middleware.InvokeAsync(context);
// Assert
context.Response.StatusCode.Should().Be(404);
context.Response.ContentType.Should().Be("application/json");
context.Response.Body.Seek(0, SeekOrigin.Begin);
var responseBody = await new StreamReader(context.Response.Body).ReadToEndAsync();
var response = JsonSerializer.Deserialize<JsonRpcResponse>(responseBody, new JsonSerializerOptions
{
PropertyNameCaseInsensitive = true
});
response.Should().NotBeNull();
response!.JsonRpc.Should().Be("2.0");
response.Error.Should().NotBeNull();
response.Error!.Code.Should().Be((int)JsonRpcErrorCode.NotFound);
response.Error.Message.Should().Be("Task not found: task-123");
response.Id.Should().NotBeNull();
response.Id!.ToString().Should().Be("test-request-id");
}
[Fact]
public async Task InvokeAsync_ShouldHandleUnexpectedException_AndReturnInternalError()
{
// Arrange
var context = new DefaultHttpContext();
context.Response.Body = new MemoryStream();
context.Items["CorrelationId"] = "test-correlation-id";
RequestDelegate next = (HttpContext ctx) =>
{
throw new InvalidOperationException("Unexpected error");
};
var middleware = new McpExceptionHandlerMiddleware(next, _logger);
// Act
await middleware.InvokeAsync(context);
// Assert
context.Response.StatusCode.Should().Be(500);
context.Response.ContentType.Should().Be("application/json");
context.Response.Body.Seek(0, SeekOrigin.Begin);
var responseBody = await new StreamReader(context.Response.Body).ReadToEndAsync();
var response = JsonSerializer.Deserialize<JsonRpcResponse>(responseBody, new JsonSerializerOptions
{
PropertyNameCaseInsensitive = true
});
response.Should().NotBeNull();
response!.Error.Should().NotBeNull();
response.Error!.Code.Should().Be((int)JsonRpcErrorCode.InternalError);
response.Error.Message.Should().Be("Internal server error");
// Should NOT expose exception details
response.Error.Data.Should().BeNull();
}
[Theory]
[InlineData(typeof(McpUnauthorizedException), 401)]
[InlineData(typeof(McpForbiddenException), 403)]
[InlineData(typeof(McpNotFoundException), 404)]
[InlineData(typeof(McpValidationException), 422)]
[InlineData(typeof(McpParseException), 400)]
[InlineData(typeof(McpInvalidRequestException), 400)]
[InlineData(typeof(McpMethodNotFoundException), 404)]
[InlineData(typeof(McpInvalidParamsException), 400)]
public async Task InvokeAsync_ShouldMapExceptionToCorrectHttpStatusCode(Type exceptionType, int expectedStatusCode)
{
// Arrange
var context = new DefaultHttpContext();
context.Response.Body = new MemoryStream();
McpException exception = exceptionType.Name switch
{
nameof(McpUnauthorizedException) => new McpUnauthorizedException(),
nameof(McpForbiddenException) => new McpForbiddenException(),
nameof(McpNotFoundException) => new McpNotFoundException("Resource", "123"),
nameof(McpValidationException) => new McpValidationException(),
nameof(McpParseException) => new McpParseException(),
nameof(McpInvalidRequestException) => new McpInvalidRequestException(),
nameof(McpMethodNotFoundException) => new McpMethodNotFoundException("test"),
nameof(McpInvalidParamsException) => new McpInvalidParamsException(),
_ => throw new ArgumentException("Unknown exception type")
};
RequestDelegate next = (HttpContext ctx) =>
{
throw exception;
};
var middleware = new McpExceptionHandlerMiddleware(next, _logger);
// Act
await middleware.InvokeAsync(context);
// Assert
context.Response.StatusCode.Should().Be(expectedStatusCode);
}
[Fact]
public async Task InvokeAsync_ShouldLogErrorWithStructuredData()
{
// Arrange
var context = new DefaultHttpContext();
context.Response.Body = new MemoryStream();
context.Items["CorrelationId"] = "test-correlation-id";
context.Items["TenantId"] = "tenant-123";
context.Items["ApiKeyId"] = "key-456";
var exception = new McpValidationException("Test validation error");
RequestDelegate next = (HttpContext ctx) =>
{
throw exception;
};
var middleware = new McpExceptionHandlerMiddleware(next, _logger);
// Act
await middleware.InvokeAsync(context);
// Assert
_logger.Received(1).Log(
LogLevel.Error,
Arg.Any<EventId>(),
Arg.Is<object>(o => o.ToString()!.Contains("MCP Error")),
exception,
Arg.Any<Func<object, Exception?, string>>());
}
}

241
colaflow-api/tests/Modules/Mcp/ColaFlow.Modules.Mcp.Tests/Infrastructure/Middleware/McpLoggingMiddlewareTests.cs Normal file
View File

@@ -0,0 +1,241 @@
using ColaFlow.Modules.Mcp.Infrastructure.Middleware;
using FluentAssertions;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging;
using NSubstitute;
using System.Text;
namespace ColaFlow.Modules.Mcp.Tests.Infrastructure.Middleware;
/// <summary>
/// Unit tests for McpLoggingMiddleware
/// </summary>
public class McpLoggingMiddlewareTests
{
private readonly ILogger<McpLoggingMiddleware> _logger;
public McpLoggingMiddlewareTests()
{
_logger = Substitute.For<ILogger<McpLoggingMiddleware>>();
}
[Fact]
public async Task InvokeAsync_ShouldSkipLogging_ForNonMcpRequests()
{
// Arrange
var context = new DefaultHttpContext();
context.Request.Method = "GET";
context.Request.Path = "/api/tasks";
var nextCalled = false;
RequestDelegate next = (HttpContext ctx) =>
{
nextCalled = true;
return Task.CompletedTask;
};
var middleware = new McpLoggingMiddleware(next, _logger);
// Act
await middleware.InvokeAsync(context);
// Assert
nextCalled.Should().BeTrue();
// Logger should not be called for non-MCP requests
_logger.DidNotReceive().Log(
Arg.Any<LogLevel>(),
Arg.Any<EventId>(),
Arg.Any<object>(),
Arg.Any<Exception>(),
Arg.Any<Func<object, Exception?, string>>());
}
[Fact]
public async Task InvokeAsync_ShouldLogRequestAndResponse_ForMcpRequests()
{
// Arrange
var context = new DefaultHttpContext();
context.Request.Method = "POST";
context.Request.Path = "/mcp";
context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes("{\"jsonrpc\":\"2.0\",\"method\":\"initialize\"}"));
context.Response.Body = new MemoryStream();
context.Items["CorrelationId"] = "test-correlation-id";
RequestDelegate next = (HttpContext ctx) =>
{
ctx.Response.StatusCode = 200;
var responseBytes = Encoding.UTF8.GetBytes("{\"jsonrpc\":\"2.0\",\"result\":{}}");
ctx.Response.Body.Write(responseBytes, 0, responseBytes.Length);
return Task.CompletedTask;
};
var middleware = new McpLoggingMiddleware(next, _logger);
// Act
await middleware.InvokeAsync(context);
// Assert
// Should log request (Debug level)
_logger.Received().Log(
LogLevel.Debug,
Arg.Any<EventId>(),
Arg.Is<object>(o => o.ToString()!.Contains("MCP Request")),
Arg.Any<Exception>(),
Arg.Any<Func<object, Exception?, string>>());
// Should log response (Debug level for 2xx status)
_logger.Received().Log(
LogLevel.Debug,
Arg.Any<EventId>(),
Arg.Is<object>(o => o.ToString()!.Contains("MCP Response")),
Arg.Any<Exception>(),
Arg.Any<Func<object, Exception?, string>>());
}
[Fact]
public async Task InvokeAsync_ShouldLogErrorLevel_ForErrorResponses()
{
// Arrange
var context = new DefaultHttpContext();
context.Request.Method = "POST";
context.Request.Path = "/mcp";
context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes("{}"));
context.Response.Body = new MemoryStream();
context.Items["CorrelationId"] = "test-correlation-id";
RequestDelegate next = (HttpContext ctx) =>
{
ctx.Response.StatusCode = 500; // Error status
return Task.CompletedTask;
};
var middleware = new McpLoggingMiddleware(next, _logger);
// Act
await middleware.InvokeAsync(context);
// Assert
// Should log response at Error level for 5xx status
_logger.Received().Log(
LogLevel.Error,
Arg.Any<EventId>(),
Arg.Is<object>(o => o.ToString()!.Contains("MCP Response")),
Arg.Any<Exception>(),
Arg.Any<Func<object, Exception?, string>>());
}
[Fact]
public async Task InvokeAsync_ShouldLogWarning_ForSlowRequests()
{
// Arrange
var context = new DefaultHttpContext();
context.Request.Method = "POST";
context.Request.Path = "/mcp";
context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes("{}"));
context.Response.Body = new MemoryStream();
context.Items["CorrelationId"] = "test-correlation-id";
RequestDelegate next = async (HttpContext ctx) =>
{
// Simulate slow request (> 1 second)
await Task.Delay(1100);
ctx.Response.StatusCode = 200;
};
var middleware = new McpLoggingMiddleware(next, _logger);
// Act
await middleware.InvokeAsync(context);
// Assert
// Should log warning for slow requests
_logger.Received().Log(
LogLevel.Warning,
Arg.Any<EventId>(),
Arg.Is<object>(o => o.ToString()!.Contains("Slow MCP Request")),
Arg.Any<Exception>(),
Arg.Any<Func<object, Exception?, string>>());
}
[Fact]
public async Task InvokeAsync_ShouldSanitizeSensitiveData()
{
// Arrange
var requestBody = "{\"keyHash\":\"secret-key-hash\",\"password\":\"my-password\"}";
var context = new DefaultHttpContext();
context.Request.Method = "POST";
context.Request.Path = "/mcp";
context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(requestBody));
context.Response.Body = new MemoryStream();
context.Items["CorrelationId"] = "test-correlation-id";
var loggedRequest = string.Empty;
_logger.When(x => x.Log(
LogLevel.Debug,
Arg.Any<EventId>(),
Arg.Is<object>(o => o.ToString()!.Contains("MCP Request")),
Arg.Any<Exception>(),
Arg.Any<Func<object, Exception?, string>>()))
.Do(callInfo =>
{
var state = callInfo.ArgAt<object>(2);
loggedRequest = state.ToString() ?? "";
});
RequestDelegate next = (HttpContext ctx) =>
{
ctx.Response.StatusCode = 200;
return Task.CompletedTask;
};
var middleware = new McpLoggingMiddleware(next, _logger);
// Act
await middleware.InvokeAsync(context);
// Assert
loggedRequest.Should().Contain("[REDACTED]");
loggedRequest.Should().NotContain("secret-key-hash");
loggedRequest.Should().NotContain("my-password");
}
[Fact]
public async Task InvokeAsync_ShouldIncludePerformanceMetrics()
{
// Arrange
var context = new DefaultHttpContext();
context.Request.Method = "POST";
context.Request.Path = "/mcp";
context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes("{}"));
context.Response.Body = new MemoryStream();
context.Items["CorrelationId"] = "test-correlation-id";
var loggedResponse = string.Empty;
_logger.When(x => x.Log(
LogLevel.Debug,
Arg.Any<EventId>(),
Arg.Is<object>(o => o.ToString()!.Contains("MCP Response")),
Arg.Any<Exception>(),
Arg.Any<Func<object, Exception?, string>>()))
.Do(callInfo =>
{
var state = callInfo.ArgAt<object>(2);
loggedResponse = state.ToString() ?? "";
});
RequestDelegate next = (HttpContext ctx) =>
{
ctx.Response.StatusCode = 200;
return Task.CompletedTask;
};
var middleware = new McpLoggingMiddleware(next, _logger);
// Act
await middleware.InvokeAsync(context);
// Assert
loggedResponse.Should().Contain("Duration:");
loggedResponse.Should().MatchRegex(@"Duration:\s*\d+ms");
}
}