Tool use and MCP fixes

Cargo.toml

@@ -384,7 +384,7 @@ rstest = "0.24"
 serial_test = "3.2"
 temp-env = "0.3"
 tempfile = "3.23.0"
-testcontainers-modules = { version = "0.14", features = ["postgres", "redis"] }
+testcontainers-modules = { version = "0.15", features = ["postgres", "redis"] }
 tokio-stream = "0.1.17"
 wiremock = "0.6"
 

docs/content/docs/configuration/providers.mdx

@@ -48,10 +48,12 @@ base_url = "https://openrouter.ai/api/v1"
 # App attribution headers are sent automatically:
 #   HTTP-Referer: https://hadriangateway.com
 #   X-OpenRouter-Title: Hadrian Gateway
+#   X-OpenRouter-Categories: general-chat
 # Override to customize, or set to "" to opt out:
 # [providers.openrouter.headers]
 # HTTP-Referer = "https://myapp.example.com"
 # X-OpenRouter-Title = "My Application"
+# X-OpenRouter-Categories = "coding-app"
 ```
 
 **Ollama** (local, no API key needed):

docs/content/docs/configuration/server.mdx

@@ -140,25 +140,25 @@ permissions_policy = "geolocation=(), microphone=()"
 
 ### Default Content Security Policy
 
-Hadrian ships a default CSP tailored for the web UI's frontend tools (Python, JavaScript, SQL, charts, Wikipedia, and Wikidata via WASM and external APIs):
+Hadrian ships a default CSP tailored for the web UI's frontend tools and MCP server connections:
 
 ```
 default-src 'self'; script-src 'self' blob: 'unsafe-eval' https://cdn.jsdelivr.net;
 style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:;
-connect-src 'self' https://cdn.jsdelivr.net https://*.wikipedia.org https://www.wikidata.org;
+connect-src 'self' https: http: wss: ws:;
 worker-src 'self' blob:; frame-src 'self' blob:; object-src 'none'; base-uri 'self'
 ```
 
-| Directive     | Value                                                                              | Reason                                                                                                                                    |
-| ------------- | ---------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
-| `script-src`  | `'self' blob: 'unsafe-eval' https://cdn.jsdelivr.net`                              | WASM workers as blob URLs; `unsafe-eval` for Pyodide bytecode execution and Vega `Function()` evaluation; CDN for Pyodide/DuckDB modules. |
-| `style-src`   | `'self' 'unsafe-inline'`                                                           | Tailwind CSS injects styles dynamically.                                                                                                  |
-| `worker-src`  | `'self' blob:`                                                                     | Web Workers run sandboxed code execution.                                                                                                 |
-| `frame-src`   | `'self' blob:`                                                                     | HTML artifact previews render in sandboxed iframes.                                                                                       |
-| `img-src`     | `'self' data: blob:`                                                               | Generated charts and inline images use data/blob URIs.                                                                                    |
-| `connect-src` | `'self' https://cdn.jsdelivr.net https://*.wikipedia.org https://www.wikidata.org` | Pyodide/DuckDB fetch WASM and packages from CDN; Wikipedia and Wikidata tools query REST APIs.                                            |
-| `object-src`  | `'none'`                                                                           | Blocks plugin-based content (Flash, Java applets).                                                                                        |
-| `base-uri`    | `'self'`                                                                           | Prevents `<base>` tag injection attacks.                                                                                                  |
+| Directive     | Value                                                 | Reason                                                                                                                                    |
+| ------------- | ----------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
+| `script-src`  | `'self' blob: 'unsafe-eval' https://cdn.jsdelivr.net` | WASM workers as blob URLs; `unsafe-eval` for Pyodide bytecode execution and Vega `Function()` evaluation; CDN for Pyodide/DuckDB modules. |
+| `style-src`   | `'self' 'unsafe-inline'`                              | Tailwind CSS injects styles dynamically.                                                                                                  |
+| `worker-src`  | `'self' blob:`                                        | Web Workers run sandboxed code execution.                                                                                                 |
+| `frame-src`   | `'self' blob:`                                        | HTML artifact previews render in sandboxed iframes.                                                                                       |
+| `img-src`     | `'self' data: blob:`                                  | Generated charts and inline images use data/blob URIs.                                                                                    |
+| `connect-src` | `'self' https: http: wss: ws:`                        | MCP servers are user-configured at arbitrary URLs; also covers CDN fetches for Pyodide/DuckDB and REST API queries for frontend tools.    |
+| `object-src`  | `'none'`                                              | Blocks plugin-based content (Flash, Java applets).                                                                                        |
+| `base-uri`    | `'self'`                                              | Prevents `<base>` tag injection attacks.                                                                                                  |
 
 Override this by setting `content_security_policy` explicitly. Set to an empty string to disable the CSP header entirely.
 

docs/public/config-schema.json

@@ -396,7 +396,7 @@
         "max_response_body_bytes": 104857600,
         "port": 8080,
         "security_headers": {
-          "content_security_policy": "default-src 'self'; script-src 'self' blob: 'unsafe-eval' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; media-src 'self' blob:; connect-src 'self' https://cdn.jsdelivr.net https://*.wikipedia.org https://www.wikidata.org; worker-src 'self' blob:; frame-src 'self' blob:; object-src 'none'; base-uri 'self'",
+          "content_security_policy": "default-src 'self'; script-src 'self' blob: 'unsafe-eval' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; media-src 'self' blob:; connect-src 'self' https: http: wss: ws:; worker-src 'self' blob:; frame-src 'self' blob:; object-src 'none'; base-uri 'self'",
           "content_type_options": "nosniff",
           "enabled": true,
           "frame_options": "DENY",
@@ -8011,7 +8011,7 @@
       "properties": {
         "content_security_policy": {
           "description": "Content-Security-Policy header value. Controls resource loading to prevent XSS attacks.",
-          "default": "default-src 'self'; script-src 'self' blob: 'unsafe-eval' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; media-src 'self' blob:; connect-src 'self' https://cdn.jsdelivr.net https://*.wikipedia.org https://www.wikidata.org; worker-src 'self' blob:; frame-src 'self' blob:; object-src 'none'; base-uri 'self'",
+          "default": "default-src 'self'; script-src 'self' blob: 'unsafe-eval' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; media-src 'self' blob:; connect-src 'self' https: http: wss: ws:; worker-src 'self' blob:; frame-src 'self' blob:; object-src 'none'; base-uri 'self'",
           "type": [
             "string",
             "null"
@@ -8302,7 +8302,7 @@
         "security_headers": {
           "description": "Security headers configuration.",
           "default": {
-            "content_security_policy": "default-src 'self'; script-src 'self' blob: 'unsafe-eval' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; media-src 'self' blob:; connect-src 'self' https://cdn.jsdelivr.net https://*.wikipedia.org https://www.wikidata.org; worker-src 'self' blob:; frame-src 'self' blob:; object-src 'none'; base-uri 'self'",
+            "content_security_policy": "default-src 'self'; script-src 'self' blob: 'unsafe-eval' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; media-src 'self' blob:; connect-src 'self' https: http: wss: ws:; worker-src 'self' blob:; frame-src 'self' blob:; object-src 'none'; base-uri 'self'",
             "content_type_options": "nosniff",
             "enabled": true,
             "frame_options": "DENY",

src/app.rs

@@ -2087,7 +2087,8 @@ pub fn build_app(config: &config::GatewayConfig, state: AppState) -> Router {
         app = app.layer(cors_layer);
     }
 
-    app.layer(TraceLayer::new_for_http())
+    app.layer(axum::extract::DefaultBodyLimit::disable())
+        .layer(TraceLayer::new_for_http())
         .layer(RequestBodyLimitLayer::new(config.server.body_limit_bytes))
         .with_state(state)
 }

src/bin/record_fixtures.rs

@@ -1920,7 +1920,8 @@ async fn record_fixture(
             if def.provider == "openrouter" {
                 request = request
                     .header("HTTP-Referer", "https://hadriangateway.com")
-                    .header("X-OpenRouter-Title", "Hadrian Gateway");
+                    .header("X-OpenRouter-Title", "Hadrian Gateway")
+                    .header("X-OpenRouter-Categories", "general-chat");
             }
         }
 

src/cli/mod.rs

@@ -176,6 +176,8 @@ pub(crate) fn default_config_toml() -> &'static str {
 [server]
 host = "127.0.0.1"
 port = 8080
+# Allow providers on localhost (e.g. Ollama)
+allow_loopback_urls = true
 
 # CORS: Allow local development origins
 [server.cors]

src/config/features.rs

@@ -2194,6 +2194,13 @@ pub struct WebSearchConfig {
     /// Lower than file_search since web search rarely needs multiple rounds.
     #[serde(default = "default_web_search_max_iterations")]
     pub max_iterations: usize,
+
+    /// Maximum characters of content text per search result.
+    /// Applies to Exa's `text.maxCharacters` parameter. Tavily returns concise
+    /// summaries by default so this is not needed there.
+    /// Set to 0 to disable (return full text). Default: 2000.
+    #[serde(default = "default_web_search_max_content_chars")]
+    pub max_content_chars: usize,
 }
 
 impl std::fmt::Debug for WebSearchConfig {
@@ -2208,6 +2215,7 @@ impl std::fmt::Debug for WebSearchConfig {
                 &self.cost_microcents_per_request,
             )
             .field("max_iterations", &self.max_iterations)
+            .field("max_content_chars", &self.max_content_chars)
             .finish()
     }
 }
@@ -2237,6 +2245,10 @@ fn default_web_search_max_iterations() -> usize {
     3
 }
 
+fn default_web_search_max_content_chars() -> usize {
+    2000
+}
+
 // ─────────────────────────────────────────────────────────────────────────────
 // Web Fetch
 // ─────────────────────────────────────────────────────────────────────────────

src/config/providers.rs

@@ -606,8 +606,9 @@ pub struct OpenAiProviderConfig {
     pub model_aliases: HashMap<String, String>,
 
     /// Custom headers to include in requests.
-    /// For OpenRouter providers, `HTTP-Referer` and `X-OpenRouter-Title` are set
-    /// automatically for app attribution. Override here to customize or opt out.
+    /// For OpenRouter providers, `HTTP-Referer`, `X-OpenRouter-Title`, and
+    /// `X-OpenRouter-Categories` are set automatically for app attribution.
+    /// Override here to customize or opt out.
     #[serde(default)]
     pub headers: HashMap<String, String>,
 

src/config/server.rs

@@ -469,12 +469,13 @@ fn default_frame_options() -> Option<String> {
 /// - `frame-src blob:` — HTML artifact preview iframes
 /// - `img-src data: blob:` — Generated charts/images and inline assets
 /// - `media-src blob:` — Audio playback from generated TTS blob URLs
-/// - `connect-src https://cdn.jsdelivr.net https://*.wikipedia.org https://www.wikidata.org` —
-///   Pyodide/DuckDB fetch WASM/packages from CDN; Wikipedia and Wikidata tools query REST APIs
+/// - `connect-src https: http: wss: ws:` — MCP servers are user-configured at arbitrary URLs
+///   and discovered at runtime (stored in localStorage), so connect-src must allow all schemes.
+///   Also covers Pyodide/DuckDB CDN fetches and Wikipedia/Wikidata tool queries.
 /// - `object-src 'none'` — Blocks plugins (Flash, Java applets)
 /// - `base-uri 'self'` — Prevents `<base>` tag injection
 fn default_csp() -> Option<String> {
-    Some("default-src 'self'; script-src 'self' blob: 'unsafe-eval' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; media-src 'self' blob:; connect-src 'self' https://cdn.jsdelivr.net https://*.wikipedia.org https://www.wikidata.org; worker-src 'self' blob:; frame-src 'self' blob:; object-src 'none'; base-uri 'self'".to_string())
+    Some("default-src 'self'; script-src 'self' blob: 'unsafe-eval' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; media-src 'self' blob:; connect-src 'self' https: http: wss: ws:; worker-src 'self' blob:; frame-src 'self' blob:; object-src 'none'; base-uri 'self'".to_string())
 }
 
 fn default_xss_protection() -> Option<String> {

src/providers/open_ai/mod.rs

@@ -79,6 +79,9 @@ impl OpenAICompatibleProvider {
             headers
                 .entry("X-OpenRouter-Title".to_string())
                 .or_insert_with(|| "Hadrian Gateway".to_string());
+            headers
+                .entry("X-OpenRouter-Categories".to_string())
+                .or_insert_with(|| "general-chat".to_string());
         }
 
         Self {

src/routes/api/tools.rs

@@ -76,7 +76,16 @@ struct ExaSearchRequest {
 
 #[derive(Debug, Serialize)]
 struct ExaContents {
-    text: bool,
+    text: ExaTextOptions,
+}
+
+#[derive(Debug, Serialize)]
+#[serde(rename_all = "camelCase")]
+struct ExaTextOptions {
+    /// Maximum characters of text to return per result.
+    /// Omit to return full text (Exa default).
+    #[serde(skip_serializing_if = "Option::is_none")]
+    max_characters: Option<usize>,
 }
 
 #[derive(Debug, Deserialize)]
@@ -103,6 +112,15 @@ pub async fn execute_web_search(
     max_results: usize,
 ) -> Result<Vec<WebSearchResult>, WebSearchError> {
     let timeout = std::time::Duration::from_secs(config.timeout_secs);
+    let max_chars = config.max_content_chars;
+
+    let truncate = |s: String| -> String {
+        if max_chars == 0 || s.len() <= max_chars {
+            return s;
+        }
+        let end = s.floor_char_boundary(max_chars);
+        format!("{}…[truncated]", &s[..end])
+    };
 
     match config.provider {
         WebSearchProvider::Tavily => {
@@ -140,7 +158,7 @@ pub async fn execute_web_search(
                 .map(|r| WebSearchResult {
                     title: r.title,
                     url: r.url,
-                    content: r.content,
+                    content: truncate(r.content),
                     score: r.score,
                 })
                 .collect())
@@ -149,7 +167,11 @@ pub async fn execute_web_search(
             let req = ExaSearchRequest {
                 query: query.to_string(),
                 num_results: max_results,
-                contents: ExaContents { text: true },
+                contents: ExaContents {
+                    text: ExaTextOptions {
+                        max_characters: if max_chars > 0 { Some(max_chars) } else { None },
+                    },
+                },
             };
             let resp = client
                 .post("https://api.exa.ai/search")