release v2.1.3

Co-authored-by: Kent Dong <ch3cho@qq.com>

.github/workflows/helm-docs.yaml

@@ -6,7 +6,7 @@ on:
       - "*"
     paths:
       - 'helm/**'
-  workflow_dispatch: ~      
+  workflow_dispatch: ~
   push:
     branches: [ main ]
     paths:
@@ -39,7 +39,6 @@ jobs:
           rm -f ./helm-docs
 
   translate-readme:
-    if: ${{ ! always() }}
     needs: helm
     runs-on: ubuntu-latest
 
@@ -52,7 +51,26 @@ jobs:
           sudo apt-get update
           sudo apt-get install -y jq
 
+      - name: Compare README.md
+        id: compare_readme
+        run: |
+          cd ./helm/higress
+          BASE_BRANCH=main
+          UPSTREAM_REPO=https://github.com/alibaba/higress.git
+
+          TEMP_DIR=$(mktemp -d)
+          git clone --depth 1 --branch $BASE_BRANCH $UPSTREAM_REPO $TEMP_DIR
+
+          if diff -q "$TEMP_DIR/README.md" README.md > /dev/null; then
+            echo "README.md has no changes in comparison to base branch. Skipping translation."
+            echo "skip_translation=true" >> $GITHUB_ENV
+          else
+            echo "README.md has changed in comparison to base branch. Proceeding with translation."
+            echo "skip_translation=false" >> $GITHUB_ENV
+          fi
+
       - name: Translate README.md to Chinese
+        if: env.skip_translation == 'false'
         env:
           API_URL: ${{ secrets.HIGRESS_OPENAI_API_URL }}
           API_KEY: ${{ secrets.HIGRESS_OPENAI_API_KEY }}
@@ -79,37 +97,30 @@ jobs:
             -H "Authorization: Bearer $API_KEY" \
             -d "$PAYLOAD")
 
-          echo "response: $RESPONSE"
+          echo "Response: $RESPONSE"
 
-          TRANSLATED_CONTENT=$(echo "$RESPONSE" | jq -r '.choices[0].message.content')
+          echo "$RESPONSE" | jq -c -r '.choices[] | .message.content' > README.zh.new.md
 
-          if [ -z "$TRANSLATED_CONTENT" ]; then
-            echo "Translation failed! Response: $RESPONSE"
+          if [ -f "README.zh.new.md" ]; then
+            echo "Translation completed and saved to README.zh.new.md."
+          else
+            echo "Translation failed or no content returned!"
             exit 1
           fi
 
-          echo "$TRANSLATED_CONTENT" > README.zh.new.md
-          echo "Translation completed and saved to README.zh.new.md."
+          mv README.zh.new.md README.zh.md
 
-      - name: Compare README.zh.md
-        id: compare
-        run: |
-          cd ./helm/higress
-          NEW_README_ZH="README.zh.new.md"
-          EXISTING_README_ZH="README.zh.md"
+      - name: Create Pull Request
+        if: env.skip_translation == 'false'
+        uses: peter-evans/create-pull-request@v7
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: "Update helm translated README.zh.md"
+          branch: update-helm-readme-zh
+          title: "Update helm translated README.zh.md"
+          body: |
+            This PR updates the translated README.zh.md file.
 
-          if [ ! -f "$EXISTING_README_ZH" ]; then
-            echo "Add README.zh.md."
-            mv "$NEW_README_ZH" "$EXISTING_README_ZH"
-            echo "updated=true" >> $GITHUB_ENV
-            exit 0
-          fi
-
-          if ! diff -q "$NEW_README_ZH" "$EXISTING_README_ZH"; then
-            echo "Files are different. Updating README.zh.md."
-            mv "$NEW_README_ZH" "$EXISTING_README_ZH"
-            echo "updated=true" >> $GITHUB_ENV
-          else
-            echo "Files are identical. No update needed."
-            echo "updated=false" >> $GITHUB_ENV
-          fi
+            - Automatically generated by GitHub Actions
+          labels: translation, automated
+          base: main

Makefile.core.mk

@@ -144,7 +144,7 @@ docker-buildx-push: clean-env docker.higress-buildx
 export PARENT_GIT_TAG:=$(shell cat VERSION)
 export PARENT_GIT_REVISION:=$(TAG)
 
-export ENVOY_PACKAGE_URL_PATTERN?=https://github.com/higress-group/proxy/releases/download/v2.1.2/envoy-symbol-ARCH.tar.gz
+export ENVOY_PACKAGE_URL_PATTERN?=https://github.com/higress-group/proxy/releases/download/v2.1.5/envoy-symbol-ARCH.tar.gz
 
 build-envoy: prebuild
 	./tools/hack/build-envoy.sh
@@ -235,8 +235,7 @@ clean-gateway: clean-istio
 	rm -rf external/proxy
 	rm -rf external/go-control-plane
 	rm -rf external/package/envoy.tar.gz
-	rm -rf external/package/mcp-server_amd64.so
-	rm -rf external/package/mcp-server_arm64.so
+	rm -rf external/package/*.so
 
 clean-env:
 	rm -rf out/

README.md

@@ -11,27 +11,33 @@
 [![Build Status](https://github.com/alibaba/higress/actions/workflows/build-and-test.yaml/badge.svg?branch=main)](https://github.com/alibaba/higress/actions)
 [![license](https://img.shields.io/github/license/alibaba/higress.svg)](https://www.apache.org/licenses/LICENSE-2.0.html)
 
-<a href="https://trendshift.io/repositories/10918" target="_blank"><img src="https://trendshift.io/api/badge/repositories/10918" alt="alibaba%2Fhigress | Trendshift" style="width: 250px; height: 55px;" width="250" height="55"/></a>
+<a href="https://trendshift.io/repositories/10918" target="_blank"><img src="https://trendshift.io/api/badge/repositories/10918" alt="alibaba%2Fhigress | Trendshift" style="width: 250px; height: 55px;" width="250" height="55"/></a> <a href="https://www.producthunt.com/posts/higress?embed=true&utm_source=badge-featured&utm_medium=badge&utm_souce=badge-higress" target="_blank"><img src="https://api.producthunt.com/widgets/embed-image/v1/featured.svg?post_id=951287&theme=light&t=1745492822283" alt="Higress - Global&#0032;APIs&#0032;as&#0032;MCP&#0032;powered&#0032;by&#0032;AI&#0032;Gateway | Product Hunt" style="width: 250px; height: 54px;" width="250" height="54" /></a>
+
 </div>
 
-[**Official Site**](https://higress.io/en-us/) &nbsp; |
-&nbsp; [**Docs**](https://higress.io/en-us/docs/overview/what-is-higress) &nbsp; |
-&nbsp; [**Blog**](https://higress.io/en-us/blog) &nbsp; |
-&nbsp; [**Developer**](https://higress.io/en-us/docs/developers/developers_dev) &nbsp; |
-&nbsp; [**Higress in Cloud**](https://www.alibabacloud.com/product/microservices-engine?spm=higress-website.topbar.0.0.0) &nbsp;
-
+[**Official Site**](https://higress.ai/en/) &nbsp; |
+&nbsp; [**MCP Server QuickStart**](https://higress.cn/en/ai/mcp-quick-start/) &nbsp; |
+&nbsp; [**Wasm Plugin Hub**](https://higress.cn/en/plugin/) &nbsp; |
 
 <p>
    English | <a href="README_ZH.md">中文<a/> | <a href="README_JP.md">日本語<a/>
 </p>
 
+## What is Higress?
+
 Higress is a cloud-native API gateway based on Istio and Envoy, which can be extended with Wasm plugins written in Go/Rust/JS. It provides dozens of ready-to-use general-purpose plugins and an out-of-the-box console (try the [demo here](http://demo.higress.io/)).
 
-Higress was born within Alibaba to solve the issues of Tengine reload affecting long-connection services and insufficient load balancing capabilities for gRPC/Dubbo.
+### Core Use Cases
 
-Alibaba Cloud has built its cloud-native API gateway product based on Higress, providing 99.99% gateway high availability guarantee service capabilities for a large number of enterprise customers.
+Higress's AI gateway capabilities support all [mainstream model providers](https://github.com/alibaba/higress/tree/main/plugins/wasm-go/extensions/ai-proxy/provider) both domestic and international. It also supports hosting MCP (Model Context Protocol) Servers through its plugin mechanism, enabling AI Agents to easily call various tools and services. With the [openapi-to-mcp tool](https://github.com/higress-group/openapi-to-mcpserver), you can quickly convert OpenAPI specifications into remote MCP servers for hosting. Higress provides unified management for both LLM API and MCP API. 
 
-Higress's AI gateway capabilities support all [mainstream model providers](https://github.com/alibaba/higress/tree/main/plugins/wasm-go/extensions/ai-proxy/provider) both domestic and international, as well as self-built DeepSeek models based on vllm/ollama. Within Alibaba Cloud, it supports AI businesses such as Tongyi Qianwen APP, Bailian large model API, and machine learning PAI platform. It also serves leading AIGC enterprises (such as Zero One Infinite) and AI products (such as FastGPT).
+**🌟 Try it now at [https://mcp.higress.ai/](https://mcp.higress.ai/)** to experience Higress-hosted Remote MCP Servers firsthand:
+
+![Higress MCP Server Platform](https://img.alicdn.com/imgextra/i2/O1CN01nmVa0a1aChgpyyWOX_!!6000000003294-0-tps-3430-1742.jpg)
+
+### Enterprise Adoption
+
+Higress was born within Alibaba to solve the issues of Tengine reload affecting long-connection services and insufficient load balancing capabilities for gRPC/Dubbo. Within Alibaba Cloud, Higress's AI gateway capabilities support core AI applications such as Tongyi Bailian model studio, machine learning PAI platform, and other critical AI services. Alibaba Cloud has built its cloud-native API gateway product based on Higress, providing 99.99% gateway high availability guarantee service capabilities for a large number of enterprise customers.
 
 ## Summary
 
@@ -60,31 +66,34 @@ Port descriptions:
 - Port 8080: Gateway HTTP protocol entry
 - Port 8443: Gateway HTTPS protocol entry
 
-**All Higress Docker images use their own dedicated repository, unaffected by Docker Hub access restrictions in certain regions**
+> All Higress Docker images use Higress's own image repository and are not affected by Docker Hub rate limits.
+> In addition, the submission and updates of the images are protected by a security scanning mechanism (powered by Alibaba Cloud ACR), making them very secure for use in production environments.
 
 For other installation methods such as Helm deployment under K8s, please refer to the official [Quick Start documentation](https://higress.io/en-us/docs/user/quickstart).
 
 ## Use Cases
 
-- **AI Gateway**:
-
-  Higress can connect to all LLM model providers both domestic and international using a unified protocol, while also providing rich AI observability, multi-model load balancing/fallback, AI token rate limiting, AI caching, and other capabilities:
-
-  ![](https://img.alicdn.com/imgextra/i2/O1CN01izmBNX1jbHT7lP3Yr_!!6000000004566-0-tps-1920-1080.jpg)
-
 - **MCP Server Hosting**:
 
-  Higress, as an Envoy-based API gateway, supports hosting MCP Servers through its plugin mechanism. MCP (Model Context Protocol) is essentially an AI-friendly API that enables AI Agents to more easily call various tools and services. Higress provides unified capabilities for authentication, authorization, rate limiting, and observability for tool calls, simplifying the development and deployment of AI applications.
+  Higress hosts MCP Servers through its plugin mechanism, enabling AI Agents to easily call various tools and services. With the [openapi-to-mcp tool](https://github.com/higress-group/openapi-to-mcpserver), you can quickly convert OpenAPI specifications into remote MCP servers.
 
   ![](https://img.alicdn.com/imgextra/i1/O1CN01wv8H4g1mS4MUzC1QC_!!6000000004952-2-tps-1764-597.png)
 
-  By hosting MCP Servers with Higress, you can achieve:
-  - Unified authentication and authorization mechanisms, ensuring the security of AI tool calls
-  - Fine-grained rate limiting to prevent abuse and resource exhaustion
-  - Comprehensive audit logs recording all tool call behaviors
-  - Rich observability for monitoring the performance and health of tool calls
-  - Simplified deployment and management through Higress's plugin mechanism for quickly adding new MCP Servers
-  - Dynamic updates without disruption: Thanks to Envoy's friendly handling of long connections and Wasm plugin's dynamic update mechanism, MCP Server logic can be updated on-the-fly without any traffic disruption or connection drops
+  Key benefits of hosting MCP Servers with Higress:
+  - Unified authentication and authorization mechanisms
+  - Fine-grained rate limiting to prevent abuse
+  - Comprehensive audit logs for all tool calls
+  - Rich observability for monitoring performance
+  - Simplified deployment through Higress's plugin mechanism
+  - Dynamic updates without disruption or connection drops
+
+     [Learn more...](https://higress.cn/en/ai/mcp-quick-start/?spm=36971b57.7beea2de.0.0.d85f20a94jsWGm)
+
+- **AI Gateway**:
+
+  Higress connects to all LLM model providers using a unified protocol, with AI observability, multi-model load balancing, token rate limiting, and caching capabilities:
+
+  ![](https://img.alicdn.com/imgextra/i2/O1CN01izmBNX1jbHT7lP3Yr_!!6000000004566-0-tps-1920-1080.jpg)
 
 - **Kubernetes ingress controller**:
 

README_JP.md

@@ -22,15 +22,21 @@
 </p>
 
 
+## Higressとは？
+
 Higressは、IstioとEnvoyをベースにしたクラウドネイティブAPIゲートウェイで、Go/Rust/JSなどを使用してWasmプラグインを作成できます。数十の既製の汎用プラグインと、すぐに使用できるコンソールを提供しています（デモは[こちら](http://demo.higress.io/)）。
 
-Higressは、Tengineのリロードが長時間接続のビジネスに影響を与える問題や、gRPC/Dubboの負荷分散能力の不足を解決するために、Alibaba内部で誕生しました。
+### 主な使用シナリオ
 
-Alibaba Cloudは、Higressを基盤にクラウドネイティブAPIゲートウェイ製品を構築し、多くの企業顧客に99.99％のゲートウェイ高可用性保証サービスを提供しています。
+HigressのAIゲートウェイ機能は、国内外のすべての[主要モデルプロバイダー](https://github.com/alibaba/higress/tree/main/plugins/wasm-go/extensions/ai-proxy/provider)をサポートし、vllm/ollamaなどに基づく自己構築DeepSeekモデルにも対応しています。また、プラグインメカニズムを通じてMCP（Model Context Protocol）サーバーをホストすることもでき、AI Agentが様々なツールやサービスを簡単に呼び出せるようにします。[openapi-to-mcpツール](https://github.com/higress-group/openapi-to-mcpserver)を使用すると、OpenAPI仕様を迅速にリモートMCPサーバーに変換してホスティングできます。HigressはLLM APIとMCP APIの統一管理を提供します。
 
-Higressは、AIゲートウェイ機能を基盤に、Tongyi Qianwen APP、Bailian大規模モデルAPI、機械学習PAIプラットフォームなどのAIビジネスをサポートしています。また、国内の主要なAIGC企業（例：ZeroOne）やAI製品（例：FastGPT）にもサービスを提供しています。
+**🌟 今すぐ[https://mcp.higress.ai/](https://mcp.higress.ai/)で体験**してください。HigressがホストするリモートMCPサーバーを直接体験できます:
 
-![](https://img.alicdn.com/imgextra/i2/O1CN011AbR8023V8R5N0HcA_!!6000000007260-2-tps-1080-606.png)
+![Higress MCP Server Platform](https://img.alicdn.com/imgextra/i2/O1CN01nmVa0a1aChgpyyWOX_!!6000000003294-0-tps-3430-1742.jpg)
+
+### 企業での採用
+
+Higressは、Tengineのリロードが長時間接続のビジネスに影響を与える問題や、gRPC/Dubboの負荷分散能力の不足を解決するために、Alibaba内部で誕生しました。Alibaba Cloud内では、HigressのAIゲートウェイ機能がTongyi Qianwen APP、Tongyi Bailian Model Studio、機械学習PAIプラットフォームなどの中核的なAIアプリケーションをサポートしています。また、国内の主要なAIGC企業（例：ZeroOne）やAI製品（例：FastGPT）にもサービスを提供しています。Alibaba Cloudは、Higressを基盤にクラウドネイティブAPIゲートウェイ製品を構築し、多くの企業顧客に99.99％のゲートウェイ高可用性保証サービスを提供しています。
 
 
 ## 目次
@@ -73,6 +79,20 @@ K8sでのHelmデプロイなどの他のインストール方法については
 
   ![](https://img.alicdn.com/imgextra/i1/O1CN01fNnhCp1cV8mYPRFeS_!!6000000003605-0-tps-1080-608.jpg)
 
+- **MCP Server ホスティング**:
+
+  Higressは、EnvoyベースのAPIゲートウェイとして、プラグインメカニズムを通じてMCP Serverをホストすることができます。MCP（Model Context Protocol）は本質的にAIにより親和性の高いAPIであり、AI Agentが様々なツールやサービスを簡単に呼び出せるようにします。Higressはツール呼び出しの認証、認可、レート制限、可観測性などの統一機能を提供し、AIアプリケーションの開発とデプロイを簡素化します。
+
+  ![](https://img.alicdn.com/imgextra/i3/O1CN01K4qPUX1OliZa8KIPw_!!6000000001746-2-tps-1581-615.png)
+
+  Higressを使用してMCP Serverをホストすることで、以下のことが実現できます：
+  - 統一された認証と認可メカニズム、AIツール呼び出しのセキュリティを確保
+  - きめ細かいレート制限、乱用やリソース枯渇を防止
+  - 包括的な監査ログ、すべてのツール呼び出し行動を記録
+  - 豊富な可観測性、ツール呼び出しのパフォーマンスと健全性を監視
+  - 簡素化されたデプロイと管理、Higressのプラグインメカニズムを通じて新しいMCP Serverを迅速に追加
+  - 動的更新による無停止：Envoyの長時間接続に対する友好的なサポートとWasmプラグインの動的更新メカニズムにより、MCP Serverのロジックをリアルタイムで更新でき、トラフィックに完全に影響を与えず、接続が切断されることはありません
+
 - **Kubernetes Ingressゲートウェイ**:
 
   HigressはK8sクラスターのIngressエントリーポイントゲートウェイとして機能し、多くのK8s Nginx Ingressの注釈に対応しています。K8s Nginx IngressからHigressへのスムーズな移行が可能です。
@@ -203,4 +223,4 @@ WeChat公式アカウント：
     <a href="#readme-top" style="text-decoration: none; color: #007bff; font-weight: bold;">
         ↑ トップに戻る ↑
     </a>
-</p>
+</p>

README_ZH.md

@@ -11,7 +11,7 @@
 [![Build Status](https://github.com/alibaba/higress/actions/workflows/build-and-test.yaml/badge.svg?branch=main)](https://github.com/alibaba/higress/actions)
 [![license](https://img.shields.io/github/license/alibaba/higress.svg)](https://www.apache.org/licenses/LICENSE-2.0.html)
 
-<a href="https://trendshift.io/repositories/10918" target="_blank"><img src="https://trendshift.io/api/badge/repositories/10918" alt="alibaba%2Fhigress | Trendshift" style="width: 250px; height: 55px;" width="250" height="55"/></a>
+<a href="https://trendshift.io/repositories/10918" target="_blank"><img src="https://trendshift.io/api/badge/repositories/10918" alt="alibaba%2Fhigress | Trendshift" style="width: 250px; height: 55px;" width="250" height="55"/></a> <a href="https://www.producthunt.com/posts/higress?embed=true&utm_source=badge-featured&utm_medium=badge&utm_souce=badge-higress" target="_blank"><img src="https://api.producthunt.com/widgets/embed-image/v1/featured.svg?post_id=951287&theme=light&t=1745492822283" alt="Higress - Global&#0032;APIs&#0032;as&#0032;MCP&#0032;powered&#0032;by&#0032;AI&#0032;Gateway | Product Hunt" style="width: 250px; height: 54px;" width="250" height="54" /></a>
 </div>
 
 [**官网**](https://higress.cn/) &nbsp; |
@@ -28,15 +28,21 @@
 </p>
 
 
+## Higress 是什么？
+
 Higress 是一款云原生 API 网关，内核基于 Istio 和 Envoy，可以用 Go/Rust/JS 等编写 Wasm 插件，提供了数十个现成的通用插件，以及开箱即用的控制台（demo 点[这里](http://demo.higress.io/)）
 
-Higress 在阿里内部为解决 Tengine reload 对长连接业务有损，以及 gRPC/Dubbo 负载均衡能力不足而诞生。
+### 核心使用场景
 
-阿里云基于 Higress 构建了云原生 API 网关产品，为大量企业客户提供 99.99% 的网关高可用保障服务能力。
+Higress 的 AI 网关能力支持国内外所有[主流模型供应商](https://github.com/alibaba/higress/tree/main/plugins/wasm-go/extensions/ai-proxy/provider)和基于 vllm/ollama 等自建的 DeepSeek 模型。同时，Higress 支持通过插件方式托管 MCP (Model Context Protocol) 服务器，使 AI Agent 能够更容易地调用各种工具和服务。借助 [openapi-to-mcp 工具](https://github.com/higress-group/openapi-to-mcpserver)，您可以快速将 OpenAPI 规范转换为远程 MCP 服务器进行托管。Higress 提供了对 LLM API 和 MCP API 的统一管理。
 
-Higress 的 AI 网关能力支持国内外所有[主流模型供应商](https://github.com/alibaba/higress/tree/main/plugins/wasm-go/extensions/ai-proxy/provider)和基于 vllm/ollama 等自建的 DeepSeek 模型；在阿里云内部支撑了通义千问 APP、百炼大模型 API、机器学习 PAI 平台等 AI 业务。同时服务国内头部的 AIGC 企业（如零一万物），以及 AI 产品（如 FastGPT）
+**🌟 立即体验 [https://mcp.higress.ai/](https://mcp.higress.ai/)** 基于 Higress 托管的远程 MCP 服务器:
 
-![](https://img.alicdn.com/imgextra/i2/O1CN011AbR8023V8R5N0HcA_!!6000000007260-2-tps-1080-606.png)
+![Higress MCP 服务器平台](https://img.alicdn.com/imgextra/i2/O1CN01nmVa0a1aChgpyyWOX_!!6000000003294-0-tps-3430-1742.jpg)
+
+### 生产环境采用
+
+Higress 在阿里内部为解决 Tengine reload 对长连接业务有损，以及 gRPC/Dubbo 负载均衡能力不足而诞生。在阿里云内部，Higress 的 AI 网关能力支撑了通义千问 APP、通义百炼模型工作室、机器学习 PAI 平台等核心 AI 应用。同时服务国内头部的 AIGC 企业（如零一万物），以及 AI 产品（如 FastGPT）。阿里云基于 Higress 构建了云原生 API 网关产品，为大量企业客户提供 99.99% 的网关高可用保障服务能力。
 
 
 ## Summary

VERSION

@@ -1 +1 @@
-v2.1.0-rc.1
+v2.1.3

api/kubernetes/customresourcedefinitions.gen.yaml

@@ -263,6 +263,14 @@ spec:
                       type: string
                     domain:
                       type: string
+                    enableMCPServer:
+                      type: boolean
+                    mcpServerBaseUrl:
+                      type: string
+                    mcpServerExportDomains:
+                      items:
+                        type: string
+                      type: array
                     nacosAccessKey:
                       type: string
                     nacosAddressServer:

api/networking/v1/mcp_bridge.pb.go

@@ -26,6 +26,8 @@
 package v1
 
 import (
+	_ "github.com/golang/protobuf/ptypes/struct"
+	wrappers "github.com/golang/protobuf/ptypes/wrappers"
 	_ "google.golang.org/genproto/googleapis/api/annotations"
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
@@ -109,25 +111,28 @@ type RegistryConfig struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Type                  string   `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
-	Name                  string   `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
-	Domain                string   `protobuf:"bytes,3,opt,name=domain,proto3" json:"domain,omitempty"`
-	Port                  uint32   `protobuf:"varint,4,opt,name=port,proto3" json:"port,omitempty"`
-	NacosAddressServer    string   `protobuf:"bytes,5,opt,name=nacosAddressServer,proto3" json:"nacosAddressServer,omitempty"`
-	NacosAccessKey        string   `protobuf:"bytes,6,opt,name=nacosAccessKey,proto3" json:"nacosAccessKey,omitempty"`
-	NacosSecretKey        string   `protobuf:"bytes,7,opt,name=nacosSecretKey,proto3" json:"nacosSecretKey,omitempty"`
-	NacosNamespaceId      string   `protobuf:"bytes,8,opt,name=nacosNamespaceId,proto3" json:"nacosNamespaceId,omitempty"`
-	NacosNamespace        string   `protobuf:"bytes,9,opt,name=nacosNamespace,proto3" json:"nacosNamespace,omitempty"`
-	NacosGroups           []string `protobuf:"bytes,10,rep,name=nacosGroups,proto3" json:"nacosGroups,omitempty"`
-	NacosRefreshInterval  int64    `protobuf:"varint,11,opt,name=nacosRefreshInterval,proto3" json:"nacosRefreshInterval,omitempty"`
-	ConsulNamespace       string   `protobuf:"bytes,12,opt,name=consulNamespace,proto3" json:"consulNamespace,omitempty"`
-	ZkServicesPath        []string `protobuf:"bytes,13,rep,name=zkServicesPath,proto3" json:"zkServicesPath,omitempty"`
-	ConsulDatacenter      string   `protobuf:"bytes,14,opt,name=consulDatacenter,proto3" json:"consulDatacenter,omitempty"`
-	ConsulServiceTag      string   `protobuf:"bytes,15,opt,name=consulServiceTag,proto3" json:"consulServiceTag,omitempty"`
-	ConsulRefreshInterval int64    `protobuf:"varint,16,opt,name=consulRefreshInterval,proto3" json:"consulRefreshInterval,omitempty"`
-	AuthSecretName        string   `protobuf:"bytes,17,opt,name=authSecretName,proto3" json:"authSecretName,omitempty"`
-	Protocol              string   `protobuf:"bytes,18,opt,name=protocol,proto3" json:"protocol,omitempty"`
-	Sni                   string   `protobuf:"bytes,19,opt,name=sni,proto3" json:"sni,omitempty"`
+	Type                   string              `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
+	Name                   string              `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	Domain                 string              `protobuf:"bytes,3,opt,name=domain,proto3" json:"domain,omitempty"`
+	Port                   uint32              `protobuf:"varint,4,opt,name=port,proto3" json:"port,omitempty"`
+	NacosAddressServer     string              `protobuf:"bytes,5,opt,name=nacosAddressServer,proto3" json:"nacosAddressServer,omitempty"`
+	NacosAccessKey         string              `protobuf:"bytes,6,opt,name=nacosAccessKey,proto3" json:"nacosAccessKey,omitempty"`
+	NacosSecretKey         string              `protobuf:"bytes,7,opt,name=nacosSecretKey,proto3" json:"nacosSecretKey,omitempty"`
+	NacosNamespaceId       string              `protobuf:"bytes,8,opt,name=nacosNamespaceId,proto3" json:"nacosNamespaceId,omitempty"`
+	NacosNamespace         string              `protobuf:"bytes,9,opt,name=nacosNamespace,proto3" json:"nacosNamespace,omitempty"`
+	NacosGroups            []string            `protobuf:"bytes,10,rep,name=nacosGroups,proto3" json:"nacosGroups,omitempty"`
+	NacosRefreshInterval   int64               `protobuf:"varint,11,opt,name=nacosRefreshInterval,proto3" json:"nacosRefreshInterval,omitempty"`
+	ConsulNamespace        string              `protobuf:"bytes,12,opt,name=consulNamespace,proto3" json:"consulNamespace,omitempty"`
+	ZkServicesPath         []string            `protobuf:"bytes,13,rep,name=zkServicesPath,proto3" json:"zkServicesPath,omitempty"`
+	ConsulDatacenter       string              `protobuf:"bytes,14,opt,name=consulDatacenter,proto3" json:"consulDatacenter,omitempty"`
+	ConsulServiceTag       string              `protobuf:"bytes,15,opt,name=consulServiceTag,proto3" json:"consulServiceTag,omitempty"`
+	ConsulRefreshInterval  int64               `protobuf:"varint,16,opt,name=consulRefreshInterval,proto3" json:"consulRefreshInterval,omitempty"`
+	AuthSecretName         string              `protobuf:"bytes,17,opt,name=authSecretName,proto3" json:"authSecretName,omitempty"`
+	Protocol               string              `protobuf:"bytes,18,opt,name=protocol,proto3" json:"protocol,omitempty"`
+	Sni                    string              `protobuf:"bytes,19,opt,name=sni,proto3" json:"sni,omitempty"`
+	McpServerExportDomains []string            `protobuf:"bytes,20,rep,name=mcpServerExportDomains,proto3" json:"mcpServerExportDomains,omitempty"`
+	McpServerBaseUrl       string              `protobuf:"bytes,21,opt,name=mcpServerBaseUrl,proto3" json:"mcpServerBaseUrl,omitempty"`
+	EnableMCPServer        *wrappers.BoolValue `protobuf:"bytes,22,opt,name=enableMCPServer,proto3" json:"enableMCPServer,omitempty"`
 }
 
 func (x *RegistryConfig) Reset() {
@@ -295,6 +300,27 @@ func (x *RegistryConfig) GetSni() string {
 	return ""
 }
 
+func (x *RegistryConfig) GetMcpServerExportDomains() []string {
+	if x != nil {
+		return x.McpServerExportDomains
+	}
+	return nil
+}
+
+func (x *RegistryConfig) GetMcpServerBaseUrl() string {
+	if x != nil {
+		return x.McpServerBaseUrl
+	}
+	return ""
+}
+
+func (x *RegistryConfig) GetEnableMCPServer() *wrappers.BoolValue {
+	if x != nil {
+		return x.EnableMCPServer
+	}
+	return nil
+}
+
 var File_networking_v1_mcp_bridge_proto protoreflect.FileDescriptor
 
 var file_networking_v1_mcp_bridge_proto_rawDesc = []byte{
@@ -303,61 +329,76 @@ var file_networking_v1_mcp_bridge_proto_rawDesc = []byte{
 	0x12, 0x15, 0x68, 0x69, 0x67, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72,
 	0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f,
 	0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69,
-	0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x52, 0x0a, 0x09, 0x4d, 0x63, 0x70, 0x42,
-	0x72, 0x69, 0x64, 0x67, 0x65, 0x12, 0x45, 0x0a, 0x0a, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72,
-	0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x68, 0x69, 0x67, 0x72,
-	0x65, 0x73, 0x73, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76,
-	0x31, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x52, 0x0a, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x69, 0x65, 0x73, 0x22, 0xd3, 0x05, 0x0a,
-	0x0e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
-	0x17, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0,
-	0x41, 0x02, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1b, 0x0a, 0x06,
-	0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41,
-	0x02, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x17, 0x0a, 0x04, 0x70, 0x6f, 0x72,
-	0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x70, 0x6f,
-	0x72, 0x74, 0x12, 0x2e, 0x0a, 0x12, 0x6e, 0x61, 0x63, 0x6f, 0x73, 0x41, 0x64, 0x64, 0x72, 0x65,
-	0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12,
-	0x6e, 0x61, 0x63, 0x6f, 0x73, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76,
-	0x65, 0x72, 0x12, 0x26, 0x0a, 0x0e, 0x6e, 0x61, 0x63, 0x6f, 0x73, 0x41, 0x63, 0x63, 0x65, 0x73,
-	0x73, 0x4b, 0x65, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6e, 0x61, 0x63, 0x6f,
-	0x73, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x26, 0x0a, 0x0e, 0x6e, 0x61,
-	0x63, 0x6f, 0x73, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x18, 0x07, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x0e, 0x6e, 0x61, 0x63, 0x6f, 0x73, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b,
-	0x65, 0x79, 0x12, 0x2a, 0x0a, 0x10, 0x6e, 0x61, 0x63, 0x6f, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73,
-	0x70, 0x61, 0x63, 0x65, 0x49, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x6e, 0x61,
-	0x63, 0x6f, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x49, 0x64, 0x12, 0x26,
-	0x0a, 0x0e, 0x6e, 0x61, 0x63, 0x6f, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65,
-	0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6e, 0x61, 0x63, 0x6f, 0x73, 0x4e, 0x61, 0x6d,
-	0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x6e, 0x61, 0x63, 0x6f, 0x73, 0x47,
-	0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x6e, 0x61, 0x63,
-	0x6f, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x32, 0x0a, 0x14, 0x6e, 0x61, 0x63, 0x6f,
-	0x73, 0x52, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c,
-	0x18, 0x0b, 0x20, 0x01, 0x28, 0x03, 0x52, 0x14, 0x6e, 0x61, 0x63, 0x6f, 0x73, 0x52, 0x65, 0x66,
-	0x72, 0x65, 0x73, 0x68, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x28, 0x0a, 0x0f,
-	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18,
-	0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x4e, 0x61, 0x6d,
-	0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x26, 0x0a, 0x0e, 0x7a, 0x6b, 0x53, 0x65, 0x72, 0x76,
-	0x69, 0x63, 0x65, 0x73, 0x50, 0x61, 0x74, 0x68, 0x18, 0x0d, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e,
-	0x7a, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x50, 0x61, 0x74, 0x68, 0x12, 0x2a,
-	0x0a, 0x10, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74,
-	0x65, 0x72, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x2a, 0x0a, 0x10, 0x63, 0x6f,
-	0x6e, 0x73, 0x75, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x54, 0x61, 0x67, 0x18, 0x0f,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x53, 0x65, 0x72, 0x76,
-	0x69, 0x63, 0x65, 0x54, 0x61, 0x67, 0x12, 0x34, 0x0a, 0x15, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c,
-	0x52, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18,
-	0x10, 0x20, 0x01, 0x28, 0x03, 0x52, 0x15, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x52, 0x65, 0x66,
-	0x72, 0x65, 0x73, 0x68, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x26, 0x0a, 0x0e,
-	0x61, 0x75, 0x74, 0x68, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x11,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74,
-	0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c,
-	0x18, 0x12, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c,
-	0x12, 0x10, 0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18, 0x13, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x73,
-	0x6e, 0x69, 0x42, 0x2e, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d,
-	0x2f, 0x61, 0x6c, 0x69, 0x62, 0x61, 0x62, 0x61, 0x2f, 0x68, 0x69, 0x67, 0x72, 0x65, 0x73, 0x73,
-	0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f,
-	0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65,
+	0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x52, 0x0a, 0x09, 0x4d, 0x63, 0x70, 0x42, 0x72, 0x69,
+	0x64, 0x67, 0x65, 0x12, 0x45, 0x0a, 0x0a, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x69, 0x65,
+	0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x68, 0x69, 0x67, 0x72, 0x65, 0x73,
+	0x73, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e,
+	0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a,
+	0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x69, 0x65, 0x73, 0x22, 0xfd, 0x06, 0x0a, 0x0e, 0x52,
+	0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x17, 0x0a,
+	0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02,
+	0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1b, 0x0a, 0x06, 0x64, 0x6f,
+	0x6d, 0x61, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52,
+	0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x17, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74,
+	0x12, 0x2e, 0x0a, 0x12, 0x6e, 0x61, 0x63, 0x6f, 0x73, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73,
+	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x6e, 0x61,
+	0x63, 0x6f, 0x73, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
+	0x12, 0x26, 0x0a, 0x0e, 0x6e, 0x61, 0x63, 0x6f, 0x73, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4b,
+	0x65, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6e, 0x61, 0x63, 0x6f, 0x73, 0x41,
+	0x63, 0x63, 0x65, 0x73, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x26, 0x0a, 0x0e, 0x6e, 0x61, 0x63, 0x6f,
+	0x73, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0e, 0x6e, 0x61, 0x63, 0x6f, 0x73, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79,
+	0x12, 0x2a, 0x0a, 0x10, 0x6e, 0x61, 0x63, 0x6f, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61,
+	0x63, 0x65, 0x49, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x6e, 0x61, 0x63, 0x6f,
+	0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x49, 0x64, 0x12, 0x26, 0x0a, 0x0e,
+	0x6e, 0x61, 0x63, 0x6f, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x09,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6e, 0x61, 0x63, 0x6f, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73,
+	0x70, 0x61, 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x6e, 0x61, 0x63, 0x6f, 0x73, 0x47, 0x72, 0x6f,
+	0x75, 0x70, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x6e, 0x61, 0x63, 0x6f, 0x73,
+	0x47, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x32, 0x0a, 0x14, 0x6e, 0x61, 0x63, 0x6f, 0x73, 0x52,
+	0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x0b,
+	0x20, 0x01, 0x28, 0x03, 0x52, 0x14, 0x6e, 0x61, 0x63, 0x6f, 0x73, 0x52, 0x65, 0x66, 0x72, 0x65,
+	0x73, 0x68, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x6f,
+	0x6e, 0x73, 0x75, 0x6c, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x0c, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x4e, 0x61, 0x6d, 0x65, 0x73,
+	0x70, 0x61, 0x63, 0x65, 0x12, 0x26, 0x0a, 0x0e, 0x7a, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x73, 0x50, 0x61, 0x74, 0x68, 0x18, 0x0d, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x7a, 0x6b,
+	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x50, 0x61, 0x74, 0x68, 0x12, 0x2a, 0x0a, 0x10,
+	0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72,
+	0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x44, 0x61,
+	0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x2a, 0x0a, 0x10, 0x63, 0x6f, 0x6e, 0x73,
+	0x75, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x54, 0x61, 0x67, 0x18, 0x0f, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x54, 0x61, 0x67, 0x12, 0x34, 0x0a, 0x15, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x52, 0x65,
+	0x66, 0x72, 0x65, 0x73, 0x68, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x10, 0x20,
+	0x01, 0x28, 0x03, 0x52, 0x15, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x52, 0x65, 0x66, 0x72, 0x65,
+	0x73, 0x68, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x26, 0x0a, 0x0e, 0x61, 0x75,
+	0x74, 0x68, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x11, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4e, 0x61,
+	0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x12,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x10,
+	0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18, 0x13, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x73, 0x6e, 0x69,
+	0x12, 0x36, 0x0a, 0x16, 0x6d, 0x63, 0x70, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x45, 0x78, 0x70,
+	0x6f, 0x72, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x18, 0x14, 0x20, 0x03, 0x28, 0x09,
+	0x52, 0x16, 0x6d, 0x63, 0x70, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x45, 0x78, 0x70, 0x6f, 0x72,
+	0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x12, 0x2a, 0x0a, 0x10, 0x6d, 0x63, 0x70, 0x53,
+	0x65, 0x72, 0x76, 0x65, 0x72, 0x42, 0x61, 0x73, 0x65, 0x55, 0x72, 0x6c, 0x18, 0x15, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x10, 0x6d, 0x63, 0x70, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x42, 0x61, 0x73,
+	0x65, 0x55, 0x72, 0x6c, 0x12, 0x44, 0x0a, 0x0f, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x4d, 0x43,
+	0x50, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x16, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0f, 0x65, 0x6e, 0x61, 0x62, 0x6c,
+	0x65, 0x4d, 0x43, 0x50, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x42, 0x2e, 0x5a, 0x2c, 0x67, 0x69,
+	0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x6c, 0x69, 0x62, 0x61, 0x62, 0x61,
+	0x2f, 0x68, 0x69, 0x67, 0x72, 0x65, 0x73, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74,
+	0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x33,
 }
 
 var (
@@ -374,16 +415,18 @@ func file_networking_v1_mcp_bridge_proto_rawDescGZIP() []byte {
 
 var file_networking_v1_mcp_bridge_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
 var file_networking_v1_mcp_bridge_proto_goTypes = []interface{}{
-	(*McpBridge)(nil),      // 0: higress.networking.v1.McpBridge
-	(*RegistryConfig)(nil), // 1: higress.networking.v1.RegistryConfig
+	(*McpBridge)(nil),          // 0: higress.networking.v1.McpBridge
+	(*RegistryConfig)(nil),     // 1: higress.networking.v1.RegistryConfig
+	(*wrappers.BoolValue)(nil), // 2: google.protobuf.BoolValue
 }
 var file_networking_v1_mcp_bridge_proto_depIdxs = []int32{
 	1, // 0: higress.networking.v1.McpBridge.registries:type_name -> higress.networking.v1.RegistryConfig
-	1, // [1:1] is the sub-list for method output_type
-	1, // [1:1] is the sub-list for method input_type
-	1, // [1:1] is the sub-list for extension type_name
-	1, // [1:1] is the sub-list for extension extendee
-	0, // [0:1] is the sub-list for field type_name
+	2, // 1: higress.networking.v1.RegistryConfig.enableMCPServer:type_name -> google.protobuf.BoolValue
+	2, // [2:2] is the sub-list for method output_type
+	2, // [2:2] is the sub-list for method input_type
+	2, // [2:2] is the sub-list for extension type_name
+	2, // [2:2] is the sub-list for extension extendee
+	0, // [0:2] is the sub-list for field type_name
 }
 
 func init() { file_networking_v1_mcp_bridge_proto_init() }

api/networking/v1/mcp_bridge.proto

@@ -15,6 +15,8 @@
 syntax = "proto3";
 
 import "google/api/field_behavior.proto";
+import "google/protobuf/wrappers.proto";
+import "google/protobuf/struct.proto";
 
 // $schema: higress.networking.v1.McpBridge
 // $title: McpBridge
@@ -66,4 +68,7 @@ message RegistryConfig {
   string authSecretName = 17;
   string protocol = 18;
   string sni = 19;
+  repeated string mcpServerExportDomains = 20;
+  string mcpServerBaseUrl = 21;
+  google.protobuf.BoolValue enableMCPServer = 22;
 }

go.mod

@@ -39,7 +39,7 @@ require (
 	github.com/tidwall/gjson v1.17.0
 	go.uber.org/atomic v1.11.0
 	go.uber.org/zap v1.27.0
-	golang.org/x/net v0.27.0
+	golang.org/x/net v0.33.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13
 	google.golang.org/grpc v1.59.0
 	google.golang.org/protobuf v1.33.0
@@ -71,7 +71,27 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/alecholmes/xfccparser v0.1.0 // indirect
 	github.com/alecthomas/participle v0.4.1 // indirect
-	github.com/aliyun/alibaba-cloud-sdk-go v1.61.1704 // indirect
+	github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6 // indirect
+	github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 // indirect
+	github.com/alibabacloud-go/darabonba-array v0.1.0 // indirect
+	github.com/alibabacloud-go/darabonba-encode-util v0.0.2 // indirect
+	github.com/alibabacloud-go/darabonba-map v0.0.2 // indirect
+	github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10 // indirect
+	github.com/alibabacloud-go/darabonba-signature-util v0.0.7 // indirect
+	github.com/alibabacloud-go/darabonba-string v1.0.2 // indirect
+	github.com/alibabacloud-go/debug v1.0.1 // indirect
+	github.com/alibabacloud-go/endpoint-util v1.1.0 // indirect
+	github.com/alibabacloud-go/kms-20160120/v3 v3.2.3 // indirect
+	github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
+	github.com/alibabacloud-go/tea v1.2.2 // indirect
+	github.com/alibabacloud-go/tea-utils v1.4.4 // indirect
+	github.com/alibabacloud-go/tea-utils/v2 v2.0.7 // indirect
+	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
+	github.com/aliyun/alibaba-cloud-sdk-go v1.61.1800 // indirect
+	github.com/aliyun/alibabacloud-dkms-gcs-go-sdk v0.5.1 // indirect
+	github.com/aliyun/alibabacloud-dkms-transfer-go-sdk v0.1.8 // indirect
+	github.com/aliyun/aliyun-secretsmanager-client-go v1.1.5 // indirect
+	github.com/aliyun/credentials-go v1.4.3 // indirect
 	github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
 	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
@@ -82,10 +102,12 @@ require (
 	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/clbanning/mxj v1.8.4 // indirect
+	github.com/clbanning/mxj/v2 v2.5.5 // indirect
 	github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/coreos/go-oidc/v3 v3.6.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/deckarep/golang-set v1.7.1 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
 	github.com/docker/cli v24.0.7+incompatible // indirect
 	github.com/docker/distribution v2.8.2+incompatible // indirect
@@ -165,6 +187,7 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
 	github.com/openshift/api v0.0.0-20230720094506-afcbe27aec7c // indirect
+	github.com/orcaman/concurrent-map v0.0.0-20210501183033-44dafcb38ecc // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
@@ -182,6 +205,7 @@ require (
 	github.com/tetratelabs/wazero v1.7.3 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
+	github.com/tjfoc/gmsm v1.4.1 // indirect
 	github.com/toolkits/concurrent v0.0.0-20150624120057-a4371d70e3e3 // indirect
 	github.com/vbatts/tar-split v0.11.3 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
@@ -197,14 +221,14 @@ require (
 	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.25.0 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
 	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/oauth2 v0.13.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.22.0 // indirect
-	golang.org/x/term v0.22.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/term v0.27.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
@@ -250,5 +274,6 @@ replace github.com/caddyserver/certmagic => github.com/2456868764/certmagic v1.0
 
 replace (
 	github.com/dubbogo/gost => github.com/johnlanni/gost v1.11.23-0.20220713132522-0967a24036c6
+	github.com/nacos-group/nacos-sdk-go/v2 => github.com/luoxiner/nacos-sdk-go/v2 v2.2.9-60
 	golang.org/x/exp => golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1
 )

go.sum

@@ -683,9 +683,68 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/alessio/shellescape v1.2.2/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30=
+github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6 h1:eIf+iGJxdU4U9ypaUfbtOWCsZSbTb8AUHvyPrxu6mAA=
+github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6/go.mod h1:4EUIoxs/do24zMOGGqYVWgw0s9NtiylnJglOeEB5UJo=
+github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc=
+github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 h1:zE8vH9C7JiZLNJJQ5OwjU9mSi4T9ef9u3BURT6LCLC8=
+github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5/go.mod h1:tWnyE9AjF8J8qqLk645oUmVUnFybApTQWklQmi5tY6g=
+github.com/alibabacloud-go/darabonba-array v0.1.0 h1:vR8s7b1fWAQIjEjWnuF0JiKsCvclSRTfDzZHTYqfufY=
+github.com/alibabacloud-go/darabonba-array v0.1.0/go.mod h1:BLKxr0brnggqOJPqT09DFJ8g3fsDshapUD3C3aOEFaI=
+github.com/alibabacloud-go/darabonba-encode-util v0.0.2 h1:1uJGrbsGEVqWcWxrS9MyC2NG0Ax+GpOM5gtupki31XE=
+github.com/alibabacloud-go/darabonba-encode-util v0.0.2/go.mod h1:JiW9higWHYXm7F4PKuMgEUETNZasrDM6vqVr/Can7H8=
+github.com/alibabacloud-go/darabonba-map v0.0.2 h1:qvPnGB4+dJbJIxOOfawxzF3hzMnIpjmafa0qOTp6udc=
+github.com/alibabacloud-go/darabonba-map v0.0.2/go.mod h1:28AJaX8FOE/ym8OUFWga+MtEzBunJwQGceGQlvaPGPc=
+github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.9/go.mod h1:bb+Io8Sn2RuM3/Rpme6ll86jMyFSrD1bxeV/+v61KeU=
+github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10 h1:GEYkMApgpKEVDn6z12DcH1EGYpDYRB8JxsazM4Rywak=
+github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10/go.mod h1:26a14FGhZVELuz2cc2AolvW4RHmIO3/HRwsdHhaIPDE=
+github.com/alibabacloud-go/darabonba-signature-util v0.0.7 h1:UzCnKvsjPFzApvODDNEYqBHMFt1w98wC7FOo0InLyxg=
+github.com/alibabacloud-go/darabonba-signature-util v0.0.7/go.mod h1:oUzCYV2fcCH797xKdL6BDH8ADIHlzrtKVjeRtunBNTQ=
+github.com/alibabacloud-go/darabonba-string v1.0.2 h1:E714wms5ibdzCqGeYJ9JCFywE5nDyvIXIIQbZVFkkqo=
+github.com/alibabacloud-go/darabonba-string v1.0.2/go.mod h1:93cTfV3vuPhhEwGGpKKqhVW4jLe7tDpo3LUM0i0g6mA=
+github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68/go.mod h1:6pb/Qy8c+lqua8cFpEy7g39NRRqOWc3rOwAy8m5Y2BY=
+github.com/alibabacloud-go/debug v1.0.0/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc=
+github.com/alibabacloud-go/debug v1.0.1 h1:MsW9SmUtbb1Fnt3ieC6NNZi6aEwrXfDksD4QA6GSbPg=
+github.com/alibabacloud-go/debug v1.0.1/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc=
+github.com/alibabacloud-go/endpoint-util v1.1.0 h1:r/4D3VSw888XGaeNpP994zDUaxdgTSHBbVfZlzf6b5Q=
+github.com/alibabacloud-go/endpoint-util v1.1.0/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE=
+github.com/alibabacloud-go/kms-20160120/v3 v3.2.3 h1:vamGcYQFwXVqR6RWcrVTTqlIXZVsYjaA7pZbx+Xw6zw=
+github.com/alibabacloud-go/kms-20160120/v3 v3.2.3/go.mod h1:3rIyughsFDLie1ut9gQJXkWkMg/NfXBCk+OtXnPu3lw=
+github.com/alibabacloud-go/openapi-util v0.1.0 h1:0z75cIULkDrdEhkLWgi9tnLe+KhAFE/r5Pb3312/eAY=
+github.com/alibabacloud-go/openapi-util v0.1.0/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws=
+github.com/alibabacloud-go/tea v1.1.0/go.mod h1:IkGyUSX4Ba1V+k4pCtJUc6jDpZLFph9QMy2VUPTwukg=
+github.com/alibabacloud-go/tea v1.1.7/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4=
+github.com/alibabacloud-go/tea v1.1.8/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4=
+github.com/alibabacloud-go/tea v1.1.11/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4=
+github.com/alibabacloud-go/tea v1.1.17/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A=
+github.com/alibabacloud-go/tea v1.1.20/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A=
+github.com/alibabacloud-go/tea v1.2.1/go.mod h1:qbzof29bM/IFhLMtJPrgTGK3eauV5J2wSyEUo4OEmnA=
+github.com/alibabacloud-go/tea v1.2.2 h1:aTsR6Rl3ANWPfqeQugPglfurloyBJY85eFy7Gc1+8oU=
+github.com/alibabacloud-go/tea v1.2.2/go.mod h1:CF3vOzEMAG+bR4WOql8gc2G9H3EkH3ZLAQdpmpXMgwk=
+github.com/alibabacloud-go/tea-utils v1.3.1/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE=
+github.com/alibabacloud-go/tea-utils v1.4.4 h1:lxCDvNCdTo9FaXKKq45+4vGETQUKNOW/qKTcX9Sk53o=
+github.com/alibabacloud-go/tea-utils v1.4.4/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw=
+github.com/alibabacloud-go/tea-utils/v2 v2.0.3/go.mod h1:sj1PbjPodAVTqGTA3olprfeeqqmwD0A5OQz94o9EuXQ=
+github.com/alibabacloud-go/tea-utils/v2 v2.0.5/go.mod h1:dL6vbUT35E4F4bFTHL845eUloqaerYBYPsdWR2/jhe4=
+github.com/alibabacloud-go/tea-utils/v2 v2.0.6/go.mod h1:qxn986l+q33J5VkialKMqT/TTs3E+U9MJpd001iWQ9I=
+github.com/alibabacloud-go/tea-utils/v2 v2.0.7 h1:WDx5qW3Xa5ZgJ1c8NfqJkF6w+AU5wB8835UdhPr6Ax0=
+github.com/alibabacloud-go/tea-utils/v2 v2.0.7/go.mod h1:qxn986l+q33J5VkialKMqT/TTs3E+U9MJpd001iWQ9I=
+github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0=
+github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
 github.com/aliyun/alibaba-cloud-sdk-go v1.61.18/go.mod h1:v8ESoHo4SyHmuB4b1tJqDHxfTGEciD+yhvOU/5s1Rfk=
-github.com/aliyun/alibaba-cloud-sdk-go v1.61.1704 h1:PpfENOj/vPfhhy9N2OFRjpue0hjM5XqAp2thFmkXXIk=
-github.com/aliyun/alibaba-cloud-sdk-go v1.61.1704/go.mod h1:RcDobYh8k5VP6TNybz9m++gL3ijVI5wueVr0EM10VsU=
+github.com/aliyun/alibaba-cloud-sdk-go v1.61.1800 h1:ie/8RxBOfKZWcrbYSJi2Z8uX8TcOlSMwPlEJh83OeOw=
+github.com/aliyun/alibaba-cloud-sdk-go v1.61.1800/go.mod h1:RcDobYh8k5VP6TNybz9m++gL3ijVI5wueVr0EM10VsU=
+github.com/aliyun/alibabacloud-dkms-gcs-go-sdk v0.5.1 h1:nJYyoFP+aqGKgPs9JeZgS1rWQ4NndNR0Zfhh161ZltU=
+github.com/aliyun/alibabacloud-dkms-gcs-go-sdk v0.5.1/go.mod h1:WzGOmFFTlUzXM03CJnHWMQ85UN6QGpOXZocCjwkiyOg=
+github.com/aliyun/alibabacloud-dkms-transfer-go-sdk v0.1.8 h1:QeUdR7JF7iNCvO/81EhxEr3wDwxk4YBoYZOq6E0AjHI=
+github.com/aliyun/alibabacloud-dkms-transfer-go-sdk v0.1.8/go.mod h1:xP0KIZry6i7oGPF24vhAPr1Q8vLZRcMcxtft5xDKwCU=
+github.com/aliyun/aliyun-secretsmanager-client-go v1.1.5 h1:8S0mtD101RDYa0LXwdoqgN0RxdMmmJYjq8g2mk7/lQ4=
+github.com/aliyun/aliyun-secretsmanager-client-go v1.1.5/go.mod h1:M19fxYz3gpm0ETnoKweYyYtqrtnVtrpKFpwsghbw+cQ=
+github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw=
+github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0=
+github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM=
+github.com/aliyun/credentials-go v1.3.10/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U=
+github.com/aliyun/credentials-go v1.4.3 h1:N3iHyvHRMyOwY1+0qBLSf3hb5JFiOujVSVuEpgeGttY=
+github.com/aliyun/credentials-go v1.4.3/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
@@ -755,7 +814,6 @@ github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6
 github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chzyer/logex v1.1.11-0.20170329064859-445be9e134b2/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
@@ -765,6 +823,8 @@ github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6D
 github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
 github.com/clbanning/mxj v1.8.4 h1:HuhwZtbyvyOw+3Z1AowPkU87JkJUSv751ELWaiTpj8I=
 github.com/clbanning/mxj v1.8.4/go.mod h1:BVjHeAH+rl9rs6f+QIpeRl0tfu10SXn1pUSa5PVGJng=
+github.com/clbanning/mxj/v2 v2.5.5 h1:oT81vUeEiQQ/DcHbzSytRngP6Ky9O+L+0Bw0zSJag9E=
+github.com/clbanning/mxj/v2 v2.5.5/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
 github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
@@ -813,6 +873,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/deckarep/golang-set v1.7.1 h1:SCQV0S6gTtp6itiFrTqI+pfmJ4LN85S1YzhDf9rTHJQ=
+github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ=
 github.com/decred/dcrd/crypto/blake256 v1.0.1/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
@@ -1162,8 +1224,9 @@ github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97Dwqy
 github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00 h1:l5lAOZEym3oK3SQ2HBHWsJUfbNBiTXJDeW2QDxw9AQ0=
+github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
 github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
@@ -1371,6 +1434,8 @@ github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhn
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
 github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
 github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
+github.com/luoxiner/nacos-sdk-go/v2 v2.2.9-60 h1:FA/azfz2nSkMc1XR8LeqhcAiA/2/sOMcyBGYCTUc+Cs=
+github.com/luoxiner/nacos-sdk-go/v2 v2.2.9-60/go.mod h1:9FKXl6FqOiVmm72i8kADtbeK71egyG9y3uRDBg41tpQ=
 github.com/lyft/protoc-gen-star v0.6.1/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA=
 github.com/lyft/protoc-gen-star/v2 v2.0.1/go.mod h1:RcCdONR2ScXaYnQC5tUzxzlpA3WVYF7/opLeUgcQs/o=
 github.com/lyft/protoc-gen-star/v2 v2.0.3/go.mod h1:amey7yeodaJhXSbf/TlLvWiqQfLOSpEk//mLlc+axEk=
@@ -1460,8 +1525,6 @@ github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRW
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/nacos-group/nacos-sdk-go v1.0.8 h1:8pEm05Cdav9sQgJSv5kyvlgfz0SzFUUGI3pWX6SiSnM=
 github.com/nacos-group/nacos-sdk-go v1.0.8/go.mod h1:hlAPn3UdzlxIlSILAyOXKxjFSvDJ9oLzTJ9hLAK1KzA=
-github.com/nacos-group/nacos-sdk-go/v2 v2.1.2 h1:A8GV6j0rw80I6tTKSav/pTpEgNECYXeFvZCsiLBWGnQ=
-github.com/nacos-group/nacos-sdk-go/v2 v2.1.2/go.mod h1:ys/1adWeKXXzbNWfRNbaFlX/t6HVLWdpsNDvmoWTw0g=
 github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg=
 github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU=
 github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k=
@@ -1517,6 +1580,8 @@ github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJ
 github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
 github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
 github.com/openzipkin/zipkin-go v0.3.0/go.mod h1:4c3sLeE8xjNqehmF5RpAFLPLJxXscc0R4l6Zg0P1tTQ=
+github.com/orcaman/concurrent-map v0.0.0-20210501183033-44dafcb38ecc h1:Ak86L+yDSOzKFa7WM5bf5itSOo1e3Xh8bm5YCMUXIjQ=
+github.com/orcaman/concurrent-map v0.0.0-20210501183033-44dafcb38ecc/go.mod h1:Lu3tH6HLW3feq74c2GC+jIMS/K2CFcDWnWD9XkenwhI=
 github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
@@ -1560,7 +1625,6 @@ github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3O
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.9.0/go.mod h1:FqZLKOZnGdFAhOK4nqGHa7D66IdsO+O441Eve7ptJDU=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
 github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q=
 github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY=
 github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
@@ -1593,7 +1657,6 @@ github.com/prometheus/procfs v0.0.11/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
 github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
 github.com/prometheus/prometheus v0.45.0 h1:O/uG+Nw4kNxx/jDPxmjsSDd+9Ohql6E7ZSY1x5x/0KI=
@@ -1643,8 +1706,9 @@ github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+github.com/smartystreets/assertions v1.1.0 h1:MkTeG1DMwsrdH7QtLXy5W+fUxWq+vmb6cLmyJ7aRtF0=
+github.com/smartystreets/assertions v1.1.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
 github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
@@ -1713,6 +1777,9 @@ github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JT
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
 github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
+github.com/tjfoc/gmsm v1.3.2/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
+github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
+github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
@@ -1746,6 +1813,7 @@ github.com/yl2chen/cidranger v1.0.2 h1:lbOWZVCG1tCRX4u24kuM1Tb4nHqWkDxwLdoS+Seva
 github.com/yl2chen/cidranger v1.0.2/go.mod h1:9U1yz7WPYDwf0vpNWFaeRh0bjwz5RVgRy/9UEQfHl0g=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.30/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
@@ -1832,7 +1900,6 @@ go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0
 go.uber.org/automaxprocs v1.4.0/go.mod h1:/mTEdr7LvHhs0v7mjdxDreTz1OG5zdZGqgOnhWiR/+Q=
 go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
 go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
-go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
@@ -1849,7 +1916,6 @@ go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
 go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI=
-go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -1868,9 +1934,12 @@ golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191219195013-becbf705a915/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
@@ -1882,8 +1951,13 @@ golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
-golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
-golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
+golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 h1:MGwJjxBy0HJshjDNfLsYO8xppfqWlA5ZT9OhtUUhTNw=
 golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
 golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
@@ -1970,6 +2044,7 @@ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
@@ -2008,8 +2083,13 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
-golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
+golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -2059,8 +2139,8 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -2107,6 +2187,7 @@ golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200509044756-6aff5f38e54f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -2156,7 +2237,6 @@ golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -2181,8 +2261,13 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
-golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -2195,8 +2280,13 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
-golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk=
-golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
+golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
+golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
 golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -2214,8 +2304,11 @@ golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -2225,7 +2318,6 @@ golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20220922220347-f3bd1da661af/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
@@ -2279,6 +2371,7 @@ golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjs
 golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
 golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
@@ -2646,6 +2739,7 @@ gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.56.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=

helm/core/Chart.yaml

@@ -1,13 +1,18 @@
 apiVersion: v2
-appVersion: 2.1.0-rc.1
+appVersion: 2.1.3
 description: Helm chart for deploying higress gateways
 icon: https://higress.io/img/higress_logo_small.png
 home: http://higress.io/
 keywords:
-- higress
-- gateways
+  - higress
+  - gateways
 name: higress-core
 sources:
-- http://github.com/alibaba/higress
+  - http://github.com/alibaba/higress
+dependencies:
+  - condition: global.enableRedis
+    name: redis
+    repository: "file://../redis"
+    version: 0.0.1
 type: application
-version: 2.1.0-rc.1
+version: 2.1.3

helm/core/charts/redis/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm/core/charts/redis/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: redis
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.0.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "7.4.0-v3"

helm/core/charts/redis/templates/_helpers.tpl

@@ -0,0 +1,34 @@
+{{/*
+Expand the name of the chart.
+*/}}
+
+{{- define "redis.name" -}}
+{{- .Values.redis.name | default "redis-stack-server" -}}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "redis.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "redis.labels" -}}
+helm.sh/chart: {{ include "redis.chart" . }}
+{{ include "redis.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "redis.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "redis.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

helm/core/charts/redis/templates/configmap.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "redis.name" . }}
+  namespace: {{ .Release.Namespace }}
+data:
+  redis-stack.conf: |
+    {{- if .Values.redis.password }}
+    requirepass {{ .Values.redis.password }}
+    {{- end }}

helm/core/charts/redis/templates/pvc.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.redis.persistence.enabled }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "redis.name" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  accessModes:
+  {{- range .Values.redis.persistence.accessModes }}
+    - {{ . | quote }}
+  {{- end }}
+  storageClassName: {{ .Values.redis.persistence.storageClass }}
+  resources:
+    requests:
+      storage: {{ .Values.redis.persistence.size | quote }}
+{{- end }}

helm/core/charts/redis/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "redis.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "redis.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.redis.service.type }}
+  ports:
+    - port: {{ .Values.redis.service.port }}
+      targetPort: 6379
+      protocol: TCP
+  selector:
+    {{- include "redis.selectorLabels" . | nindent 4 }}

helm/core/charts/redis/templates/statefulset.yaml

@@ -0,0 +1,74 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "redis.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "redis.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.redis.replicas }}
+  serviceName: {{ include "redis.name" . }}
+  selector:
+    matchLabels:
+      {{- include "redis.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "redis.selectorLabels" . | nindent 8 }}
+    spec:
+      terminationGracePeriodSeconds: 10
+      {{- with .Values.global.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.global.hub }}/{{ .Values.redis.image | default "redis-stack-server" }}:{{ .Values.redis.tag | default .Chart.AppVersion }}"
+          {{- if .Values.global.imagePullPolicy }}
+          imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+          {{- end }}
+          ports:
+            - name: http
+              containerPort: 6379
+              protocol: TCP
+          livenessProbe:
+            tcpSocket:
+              port: 6379
+            initialDelaySeconds: 15
+            periodSeconds: 10
+          readinessProbe:
+            tcpSocket:
+              port: 6379
+            initialDelaySeconds: 15
+            periodSeconds: 10
+          resources:
+            {{- toYaml .Values.redis.resources | nindent 12 }}
+          volumeMounts:
+            - name: config
+              mountPath: /redis-stack.conf
+              subPath: redis-stack.conf
+            {{- if .Values.redis.persistence.enabled }}
+            - name: db
+              mountPath: /data
+            {{- end }}
+      {{- with .Values.redis.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.redis.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.redis.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: config
+          configMap:
+            name: {{ include "redis.name" . }}
+        {{- if .Values.redis.persistence.enabled }}
+        - name: db
+          persistentVolumeClaim:
+            claimName: {{ include "redis.name" . }}
+        {{- end }}

helm/core/charts/redis/values.yaml

@@ -0,0 +1,48 @@
+# Default values for redis.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global:
+  # -- Specify the image registry and pull policy
+  hub: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress
+  # -- Specify image pull policy if default behavior isn't desired.
+  # Default behavior: latest images will be Always else IfNotPresent.
+  imagePullPolicy: ""
+  # -- Specify the image pull secrets
+  imagePullSecrets: []
+
+redis:
+  # -- Specify the name
+  name: redis-stack-server
+  # -- Specify the image
+  image: "redis-stack-server"
+  # -- Specify the tag
+  tag: "7.4.0-v3"
+  # -- Specify the number of replicas
+  replicas: 1
+  # -- Specify the password, if not set, no password is used
+  password: ""
+  # -- Service parameters
+  service:
+    # -- Exporter service type
+    type: ClusterIP
+    # -- Exporter service port
+    port: 6379
+  # -- Specify the resources
+  resources: {}
+  # -- NodeSelector Node labels for Redis
+  nodeSelector: {}
+  # -- Tolerations for Redis
+  tolerations: []
+  # -- Affinity for Redis
+  affinity: {}
+  persistence:
+    # -- Enable persistence on Redis
+    enabled: false
+    # -- If defined, storageClassName: <storageClass>
+    # -- If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
+    storageClass: ""
+    # -- Persistent Volume access modes
+    accessModes:
+      - ReadWriteOnce
+    # -- Persistent Volume size
+    size: 1Gi

helm/core/templates/configmap.yaml

@@ -85,7 +85,7 @@
       {{- end }}
       proxyStatsMatcher:
         inclusionRegexps:
-        - ".*"
+{{ toYaml .Values.global.proxy.proxyStatsMatcher.inclusionRegexps | indent 8 }}
 {{- end }}
 
 {{/* We take the mesh config above, defined with individual values.yaml, and merge with .Values.meshConfig */}}

helm/core/values.yaml

@@ -9,6 +9,8 @@ global:
   xdsMaxRecvMsgSize: "104857600"
   defaultUpstreamConcurrencyThreshold: 10000
   enableSRDS: true
+  # -- Whether to enable Redis(redis-stack-server) for Higress, default is false.
+  enableRedis: false
   onDemandRDS: false
   hostRDSMergeSubset: false
   onlyPushRouteCluster: true
@@ -199,6 +201,11 @@ global:
     # -- Controls if sidecar is injected at the front of the container list and blocks the start of the other containers until the proxy is ready
     holdApplicationUntilProxyStarts: false
 
+    # -- Proxy stats name regexps matcher for inclusion
+    proxyStatsMatcher:
+      inclusionRegexps:
+        - ".*"
+
   proxy_init:
     # -- Base name for the proxy_init container, used to configure iptables.
     image: proxyv2
@@ -575,7 +582,7 @@ controller:
 
   podSecurityContext:
     {}
-    # fsGroup: 2000
+  # fsGroup: 2000
 
   ports:
     - name: http
@@ -599,9 +606,9 @@ controller:
     # capabilities:
     #   drop:
     #   - ALL
-    # readOnlyRootFilesystem: true
-    # runAsNonRoot: true
-    # runAsUser: 1000
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
 
   resources:
     requests:
@@ -724,3 +731,40 @@ downstream:
 upstream:
   idleTimeout: 10
   connectionBufferLimits: 10485760
+
+redis:
+  redis:
+    name: redis-stack-server
+    # -- Specify the image
+    image: "redis-stack-server"
+    # -- Specify the tag
+    tag: "7.4.0-v3"
+    # -- Specify the number of replicas
+    replicas: 1
+    # -- Specify the password, if not set, no password is used
+    password: ""
+    # -- Service parameters
+    service:
+      # -- Exporter service type
+      type: ClusterIP
+      # -- Exporter service port
+      port: 6379
+    # -- Specify the resources
+    resources: {}
+    # -- NodeSelector Node labels for Redis
+    nodeSelector: {}
+    # -- Tolerations for Redis
+    tolerations: []
+    # -- Affinity for Redis
+    affinity: {}
+    persistence:
+      # -- Enable persistence on Redis, default is false
+      enabled: false
+      # -- If defined, storageClassName: <storageClass>
+      # -- If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
+      storageClass: ""
+      # -- Persistent Volume access modes
+      accessModes:
+        - ReadWriteOnce
+      # -- Persistent Volume size
+      size: 1Gi

helm/higress/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: higress-core
   repository: file://../core
-  version: 2.1.0-rc.1
+  version: 2.1.3
 - name: higress-console
   repository: https://higress.io/helm-charts/
-  version: 2.0.4
-digest: sha256:9341e3c410e41bcb681e63c8ff60361af46a22a34463bfb919d2e062b47ad072
-generated: "2025-03-26T21:02:19.645626545+08:00"
+  version: 2.1.3
+digest: sha256:c7307d5398c3c1178758c5372bd1aa4cb8dee7beeab3832d3e9ce0a04d1adc23
+generated: "2025-05-09T15:29:50.616179+08:00"

helm/higress/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 2.1.0-rc.1
+appVersion: 2.1.3
 description: Helm chart for deploying Higress gateways
 icon: https://higress.io/img/higress_logo_small.png
 home: http://higress.io/
@@ -12,9 +12,9 @@ sources:
 dependencies:
 - name: higress-core
   repository: "file://../core"
-  version: 2.1.0-rc.1
+  version: 2.1.3
 - name: higress-console
   repository: "https://higress.io/helm-charts/"
-  version: 2.0.4
+  version: 2.1.3
 type: application
-version: 2.1.0-rc.1
+version: 2.1.3

helm/higress/README.md

@@ -167,6 +167,7 @@ The command removes all the Kubernetes components associated with the chart and
 | global.enableLDSCache | bool | `false` |  |
 | global.enableProxyProtocol | bool | `false` |  |
 | global.enablePushAllMCPClusters | bool | `true` |  |
+| global.enableRedis | bool | `false` | Whether to enable Redis(redis-stack-server) for Higress, default is false. |
 | global.enableSRDS | bool | `true` |  |
 | global.enableStatus | bool | `true` | If true, Higress Controller will update the status field of Ingress resources. When migrating from Nginx Ingress, in order to avoid status field of Ingress objects being overwritten, this parameter needs to be set to false, so Higress won't write the entry IP to the status field of the corresponding Ingress object. |
 | global.externalIstiod | bool | `false` | Configure a remote cluster data plane controlled by an external istiod. When set to true, istiod is not deployed locally and only a subset of the other discovery charts are enabled. |
@@ -211,6 +212,7 @@ The command removes all the Kubernetes components associated with the chart and
 | global.proxy.includeOutboundPorts | string | `""` |  |
 | global.proxy.logLevel | string | `"warning"` | Log level for proxy, applies to gateways and sidecars. Expected values are: trace|debug|info|warning|error|critical|off |
 | global.proxy.privileged | bool | `false` | If set to true, istio-proxy container will have privileged securityContext |
+| global.proxy.proxyStatsMatcher | object | `{"inclusionRegexps":[".*"]}` | Proxy stats name regexps matcher for inclusion |
 | global.proxy.readinessFailureThreshold | int | `30` | The number of successive failed probes before indicating readiness failure. |
 | global.proxy.readinessInitialDelaySeconds | int | `1` | The initial delay for readiness probes in seconds. |
 | global.proxy.readinessPeriodSeconds | int | `2` | The period between readiness probes. |
@@ -271,6 +273,22 @@ The command removes all the Kubernetes components associated with the chart and
 | pilot.serviceAnnotations | object | `{}` |  |
 | pilot.tag | string | `""` |  |
 | pilot.traceSampling | float | `1` |  |
+| redis.redis.affinity | object | `{}` | Affinity for Redis |
+| redis.redis.image | string | `"redis-stack-server"` | Specify the image |
+| redis.redis.name | string | `"redis-stack-server"` |  |
+| redis.redis.nodeSelector | object | `{}` | NodeSelector Node labels for Redis |
+| redis.redis.password | string | `""` | Specify the password, if not set, no password is used |
+| redis.redis.persistence.accessModes | list | `["ReadWriteOnce"]` | Persistent Volume access modes |
+| redis.redis.persistence.enabled | bool | `false` | Enable persistence on Redis, default is false |
+| redis.redis.persistence.size | string | `"1Gi"` | Persistent Volume size |
+| redis.redis.persistence.storageClass | string | `""` | If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner |
+| redis.redis.replicas | int | `1` | Specify the number of replicas |
+| redis.redis.resources | object | `{}` | Specify the resources |
+| redis.redis.service | object | `{"port":6379,"type":"ClusterIP"}` | Service parameters |
+| redis.redis.service.port | int | `6379` | Exporter service port |
+| redis.redis.service.type | string | `"ClusterIP"` | Exporter service type |
+| redis.redis.tag | string | `"7.4.0-v3"` | Specify the tag |
+| redis.redis.tolerations | list | `[]` | Tolerations for Redis |
 | revision | string | `""` |  |
 | tracing.enable | bool | `false` |  |
 | tracing.sampling | int | `100` |  |

helm/higress/README.zh.md

@@ -1,8 +1,8 @@
-## Higress for Kubernetes
+## Higress 适用于 Kubernetes
 
-Higress 是基于阿里巴巴内部网关实践构建的云原生 API 网关。
+Higress 是基于阿里巴巴内部网关实践的云原生 API 网关。
 
-依托 Istio 和 Envoy，Higress 实现了流量网关、微服务网关和安全网关三重架构的融合，从而大幅降低了部署、运维成本。
+通过 Istio 和 Envoy 的支持，Higress 实现了流量网关、微服务网关和安全网关三种架构的融合，从而极大地减少了部署、运维的成本。
 
 ## 设置仓库信息
 
@@ -13,7 +13,7 @@ helm repo update
 
 ## 安装
 
-以 `higress` 为发布名称安装 chart：
+使用 Helm 安装名为 `higress` 的组件：
 
 ```console
 helm install higress -n higress-system higress.io/higress --create-namespace --render-subchart-notes
@@ -21,168 +21,130 @@ helm install higress -n higress-system higress.io/higress --create-namespace --r
 
 ## 卸载
 
-要卸载/删除 higress 部署：
+删除名称为 higress 的安装：
 
 ```console
 helm delete higress -n higress-system
 ```
 
-该命令会移除与 chart 相关的所有 Kubernetes 组件，并删除发布。
+该命令将删除与组件关联的所有 Kubernetes 组件并卸载该发行版。
 
 ## 参数
 
-## 值
+## Values
 
 | 键 | 类型 | 默认值 | 描述 |
-|-----|------|---------|-------------|
-| clusterName | 字符串 | `""` |  |
-| controller.affinity | 对象 | `{}` |  |
-| controller.automaticHttps.email | 字符串 | `""` |  |
-| controller.automaticHttps.enabled | 布尔值 | `true` |  |
-| controller.autoscaling.enabled | 布尔值 | `false` |  |
-| controller.autoscaling.maxReplicas | 整数 | `5` |  |
-| controller.autoscaling.minReplicas | 整数 | `1` |  |
-| controller.autoscaling.targetCPUUtilizationPercentage | 整数 | `80` |  |
-| controller.env | 对象 | `{}` |  |
-| controller.hub | 字符串 | `"higress-registry.cn-hangzhou.cr.aliyuncs.com/higress"` |  |
-| controller.image | 字符串 | `"higress"` |  |
-| controller.imagePullSecrets | 列表 | `[]` |  |
-| controller.labels | 对象 | `{}` |  |
-| controller.name | 字符串 | `"higress-controller"` |  |
-| controller.nodeSelector | 对象 | `{}` |  |
-| controller.podAnnotations | 对象 | `{}` |  |
-| controller.podSecurityContext | 对象 | `{}` |  |
-| controller.ports[0].name | 字符串 | `"http"` |  |
-| controller.ports[0].port | 整数 | `8888` |  |
-| controller.ports[0].protocol | 字符串 | `"TCP"` |  |
-| controller.ports[0].targetPort | 整数 | `8888` |  |
-| controller.ports[1].name | 字符串 | `"http-solver"` |  |
-| controller.ports[1].port | 整数 | `8889` |  |
-| controller.ports[1].protocol | 字符串 | `"TCP"` |  |
-| controller.ports[1].targetPort | 整数 | `8889` |  |
-| controller.ports[2].name | 字符串 | `"grpc"` |  |
-| controller.ports[2].port | 整数 | `15051` |  |
-| controller.ports[2].protocol | 字符串 | `"TCP"` |  |
-| controller.ports[2].targetPort | 整数 | `15051` |  |
-| controller.probe.httpGet.path | 字符串 | `"/ready"` |  |
-| controller.probe.httpGet.port | 整数 | `8888` |  |
-| controller.probe.initialDelaySeconds | 整数 | `1` |  |
-| controller.probe.periodSeconds | 整数 | `3` |  |
-| controller.probe.timeoutSeconds | 整数 | `5` |  |
-| controller.rbac.create | 布尔值 | `true` |  |
-| controller.replicas | 整数 | `1` | Higress Controller 的 Pod 数量 |
-| controller.resources.limits.cpu | 字符串 | `"1000m"` |  |
-| controller.resources.limits.memory | 字符串 | `"2048Mi"` |  |
-| controller.resources.requests.cpu | 字符串 | `"500m"` |  |
-| controller.resources.requests.memory | 字符串 | `"2048Mi"` |  |
-| controller.securityContext | 对象 | `{}` |  |
-| controller.service.type | 字符串 | `"ClusterIP"` |  |
-| controller.serviceAccount.annotations | 对象 | `{}` | 添加到服务账户的注解 |
-| controller.serviceAccount.create | 布尔值 | `true` | 指定是否创建服务账户 |
-| controller.serviceAccount.name | 字符串 | `""` | 如果未设置且 create 为 true，则使用 fullname 模板生成名称 |
-| controller.tag | 字符串 | `""` |  |
-| controller.tolerations | 列表 | `[]` |  |
-| downstream | 对象 | `{"connectionBufferLimits":32768,"http2":{"initialConnectionWindowSize":1048576,"initialStreamWindowSize":65535,"maxConcurrentStreams":100},"idleTimeout":180,"maxRequestHeadersKb":60,"routeTimeout":0}` | 下游配置设置 |
-| gateway.affinity | 对象 | `{}` |  |
-| gateway.annotations | 对象 | `{}` | 应用到所有资源的注解 |
-| gateway.autoscaling.enabled | 布尔值 | `false` |  |
-| gateway.autoscaling.maxReplicas | 整数 | `5` |  |
-| gateway.autoscaling.minReplicas | 整数 | `1` |  |
-| gateway.autoscaling.targetCPUUtilizationPercentage | 整数 | `80` |  |
-| gateway.containerSecurityContext | 字符串 | `nil` |  |
-| gateway.env | 对象 | `{}` | Pod 环境变量 |
-| gateway.hostNetwork | 布尔值 | `false` |  |
-| gateway.httpPort | 整数 | `80` |  |
-| gateway.httpsPort | 整数 | `443` |  |
-| gateway.hub | 字符串 | `"higress-registry.cn-hangzhou.cr.aliyuncs.com/higress"` |  |
-| gateway.image | 字符串 | `"gateway"` |  |
-| gateway.kind | 字符串 | `"Deployment"` | 使用 `DaemonSet` 或 `Deployment` |
-| gateway.labels | 对象 | `{}` | 应用到所有资源的标签 |
-| gateway.metrics.enabled | 布尔值 | `false` | 如果为 true，则为网关创建 PodMonitor 或 VMPodScrape |
-| gateway.metrics.honorLabels | 布尔值 | `false` |  |
-| gateway.metrics.interval | 字符串 | `""` |  |
-| gateway.metrics.metricRelabelConfigs | 列表 | `[]` | 用于 operator.victoriametrics.com/v1beta1.VMPodScrape |
-| gateway.metrics.metricRelabelings | 列表 | `[]` | 用于 monitoring.coreos.com/v1.PodMonitor |
-| gateway.metrics.provider | 字符串 | `"monitoring.coreos.com"` | CustomResourceDefinition 的提供者组名，可以是 monitoring.coreos.com 或 operator.victoriametrics.com |
-| gateway.metrics.rawSpec | 对象 | `{}` | 更多原始的 podMetricsEndpoints 规范 |
-| gateway.metrics.relabelConfigs | 列表 | `[]` |  |
-| gateway.metrics.relabelings | 列表 | `[]` |  |
-| gateway.metrics.scrapeTimeout | 字符串 | `""` |  |
-| gateway.name | 字符串 | `"higress-gateway"` |  |
-| gateway.networkGateway | 字符串 | `""` | 如果指定，网关将作为给定网络的网络网关。 |
-| gateway.nodeSelector | 对象 | `{}` |  |
-| gateway.podAnnotations."prometheus.io/path" | 字符串 | `"/stats/prometheus"` |  |
-| gateway.podAnnotations."prometheus.io/port" | 字符串 | `"15020"` |  |
-| gateway.podAnnotations."prometheus.io/scrape" | 字符串 | `"true"` |  |
-| gateway.podAnnotations."sidecar.istio.io/inject" | 字符串 | `"false"` |  |
-| gateway.rbac.enabled | 布尔值 | `true` | 如果启用，将创建角色以启用从网关访问证书。当使用 http://gateway-api.org/ 时不需要。 |
-| gateway.readinessFailureThreshold | 整数 | `30` | 指示准备失败前的连续失败探测次数。 |
-| gateway.readinessInitialDelaySeconds | 整数 | `1` | 准备探测的初始延迟秒数。 |
-| gateway.readinessPeriodSeconds | 整数 | `2` | 准备探测之间的间隔。 |
-| gateway.readinessSuccessThreshold | 整数 | `1` | 指示准备成功前的连续成功探测次数。 |
-| gateway.readinessTimeoutSeconds | 整数 | `3` | 准备探测的超时秒数 |
-| gateway.replicas | 整数 | `2` | Higress Gateway 的 Pod 数量 |
-| gateway.resources.limits.cpu | 字符串 | `"2000m"` |  |
-| gateway.resources.limits.memory | 字符串 | `"2048Mi"` |  |
-| gateway.resources.requests.cpu | 字符串 | `"2000m"` |  |
-| gateway.resources.requests.memory | 字符串 | `"2048Mi"` |  |
-| gateway.revision | 字符串 | `""` | 修订声明此网关属于哪个修订 |
-| gateway.rollingMaxSurge | 字符串 | `"100%"` |  |
-| gateway.rollingMaxUnavailable | 字符串 | `"25%"` |  |
-| gateway.securityContext | 字符串 | `nil` | 定义 Pod 的安全上下文。如果未设置，将自动设置为绑定到端口 80 和 443 所需的最小权限。在 Kubernetes 1.22+ 上，这只需要 `net.ipv4.ip_unprivileged_port_start` 系统调用。 |
-| gateway.service.annotations | 对象 | `{}` |  |
-| gateway.service.externalTrafficPolicy | 字符串 | `""` |  |
-| gateway.service.loadBalancerClass | 字符串 | `""` |  |
-| gateway.service.loadBalancerIP | 字符串 | `""` |  |
-| gateway.service.loadBalancerSourceRanges | 列表 | `[]` |  |
-| gateway.service.ports[0].name | 字符串 | `"http2"` |  |
-| gateway.service.ports[0].port | 整数 | `80` |  |
-| gateway.service.ports[0].protocol | 字符串 | `"TCP"` |  |
-| gateway.service.ports[0].targetPort | 整数 | `80` |  |
-| gateway.service.ports[1].name | 字符串 | `"https"` |  |
-| gateway.service.ports[1].port | 整数 | `443` |  |
-| gateway.service.ports[1].protocol | 字符串 | `"TCP"` |  |
-| gateway.service.ports[1].targetPort | 整数 | `443` |  |
-| gateway.service.type | 字符串 | `"LoadBalancer"` | 服务类型。设置为 "None" 以完全禁用服务 |
-| gateway.serviceAccount.annotations | 对象 | `{}` | 添加到服务账户的注解 |
-| gateway.serviceAccount.create | 布尔值 | `true` | 如果设置，将创建服务账户。否则，使用默认值 |
-| gateway.serviceAccount.name | 字符串 | `""` | 要使用的服务账户名称。如果未设置，则使用发布名称 |
-| gateway.tag | 字符串 | `""` |  |
-| gateway.tolerations | 列表 | `[]` |  |
-| gateway.unprivilegedPortSupported | 字符串 | `nil` |  |
-| global.autoscalingv2API | 布尔值 | `true` | 是否使用 autoscaling/v2 模板进行 HPA 设置，仅供内部使用，用户不应配置。 |
-| global.caAddress | 字符串 | `""` | 自定义的 CA 地址，用于为集群中的 Pod 检索证书。CSR 客户端（如 Istio Agent 和 ingress gateways）可以使用此地址指定 CA 端点。如果未明确设置，则默认为 Istio 发现地址。 |
-| global.caName | 字符串 | `""` | 工作负载证书的 CA 名称。例如，当 caName=GkeWorkloadCertificate 时，GKE 工作负载证书将用作工作负载的证书。默认值为 ""，当 caName="" 时，CA 将通过其他机制（如环境变量 CA_PROVIDER）配置。 |
-| global.configCluster | 布尔值 | `false` | 将远程集群配置为外部 istiod 的配置集群。 |
-| global.defaultPodDisruptionBudget | 对象 | `{"enabled":false}` | 为控制平面启用 Pod 中断预算，用于确保 Istio 控制平面组件逐步升级或恢复。 |
-| global.defaultResources | 对象 | `{"requests":{"cpu":"10m"}}` | 应用于所有部署的最小请求资源集，以便 Horizontal Pod Autoscaler 能够正常工作（如果设置）。每个组件可以通过在相关部分添加自己的资源块并设置所需的资源值来覆盖这些默认值。 |
-| global.defaultUpstreamConcurrencyThreshold | 整数 | `10000` |  |
-| global.disableAlpnH2 | 布尔值 | `false` | 是否在 ALPN 中禁用 HTTP/2 |
-| global.enableGatewayAPI | 布尔值 | `false` | 如果为 true，Higress Controller 还将监控 Gateway API 资源 |
-| global.enableH3 | 布尔值 | `false` |  |
-| global.enableIPv6 | 布尔值 | `false` |  |
-| global.enableIstioAPI | 布尔值 | `true` | 如果为 true，Higress Controller 还将监控 istio 资源 |
-| global.enableLDSCache | 布尔值 | `true` |  |
-| global.enableProxyProtocol | 布尔值 | `false` |  |
-| global.enablePushAllMCPClusters | 布尔值 | `true` |  |
-| global.enableSRDS | 布尔值 | `true` |  |
-| global.enableStatus | 布尔值 | `true` | 如果为 true，Higress Controller 将更新 Ingress 资源的状态字段。从 Nginx Ingress 迁移时，为了避免 Ingress 对象的状态字段被覆盖，需要将此参数设置为 false，以便 Higress 不会将入口 IP 写入相应 Ingress 对象的状态字段。 |
-| global.externalIstiod | 布尔值 | `false` | 配置由外部 istiod 控制的远程集群数据平面。当设置为 true 时，本地不部署 istiod，仅启用其他发现 chart 的子集。 |
-| global.hostRDSMergeSubset | 布尔值 | `false` |  |
-| global.hub | 字符串 | `"higress-registry.cn-hangzhou.cr.aliyuncs.com/higress"` | Istio 镜像的默认仓库。发布版本发布到 docker hub 的 'istio' 项目下。来自 prow 的开发构建位于 gcr.io |
-| global.imagePullPolicy | 字符串 | `""` | 如果不需要默认行为，则指定镜像拉取策略。默认行为：最新镜像将始终拉取，否则 IfNotPresent。 |
-| global.imagePullSecrets | 列表 | `[]` | 所有 ServiceAccount 的 ImagePullSecrets，用于引用此 ServiceAccount 的 Pod 拉取任何镜像的同一命名空间中的秘密列表。对于不使用 ServiceAccount 的组件（即 grafana、servicegraph、tracing），ImagePullSecrets 将添加到相应的 Deployment(StatefulSet) 对象中。对于配置了私有 docker 注册表的任何集群，必须设置。 |
-| global.ingressClass | 字符串 | `"higress"` | IngressClass 过滤 higress controller 监听的 ingress 资源。默认的 ingress class 是 higress。有一些特殊情况用于特殊的 ingress class。1. 当 ingress class 设置为 nginx 时，higress controller 将监听带有 nginx ingress class 或没有任何 ingress class 的 ingress 资源。2. 当 ingress class 设置为空时，higress controller 将监听 k8s 集群中的所有 ingress 资源。 |
-| global.istioNamespace | 字符串 | `"istio-system"` | 用于定位 istiod。 |
-| global.istiod | 对象 | `{"enableAnalysis":false}` | 默认在主分支中启用以最大化测试。 |
-| global.jwtPolicy | 字符串 | `"third-party-jwt"` | 配置验证 JWT 的策略。目前支持两个选项："third-party-jwt" 和 "first-party-jwt"。 |
-| global.kind | 布尔值 | `false` |  |
-| global.liteMetrics | 布尔值 | `false` |  |
-| global.local | 布尔值 | `false` | 当部署到本地集群（如：kind 集群）时，将此设置为 true。 |
-| global.logAsJson | 布尔值 | `false` |  |
-| global.logging | 对象 | `{"level":"default:info"}` | 以逗号分隔的每个范围的最小日志级别，格式为 <scope>:<level>,<scope>:<level> 控制平面根据组件不同有不同的范围，但可以配置所有组件的默认日志级别 如果为空，将使用代码中配置的默认范围和级别 |
-| global.meshID | 字符串 | `""` | 如果网格管理员未指定值，Istio 将使用网格的信任域的值。最佳实践是选择一个合适的信任域值。 |
-| global.meshNetworks | 对象 | `{}` |  |
-| global.mountMtlsCerts | 布尔值 | `false` | 使用用户指定的、挂载的密钥和证书用于 Pilot 和工作负载。 |
-| global.multiCluster.clusterName | 字符串 | `""` | 应设置为此安装运行的集群的名称。这是为了正确标记代理的 sidecar 注入所必需的 |
-| global.multiCluster.enabled | 布尔值 | `true` | 设置为 true 以通过各自的 ingressgateway 服务连接两个 kubernetes 集群，当每个集群中的 Pod 无法直接相互通信时。
+|----|------|---------|-------------|
+| clusterName | string | `""` | 集群名 |
+| controller.affinity | object | `{}` | 控制器亲和性设置 |
+| controller.automaticHttps.email | string | `""` | 自动 HTTPS 所需的邮件 |
+| controller.automaticHttps.enabled | bool | `true` | 是否启用自动 HTTPS 功能 |
+| controller.autoscaling.enabled | bool | `false` | 是否启用控制器的自动扩展功能 |
+| controller.autoscaling.maxReplicas | int | `5` | 最大副本数 |
+| controller.autoscaling.minReplicas | int | `1` | 最小副本数 |
+| controller.autoscaling.targetCPUUtilizationPercentage | int | `80` | 目标 CPU 使用率百分比 |
+| controller.env | object | `{}` | 环境变量 |
+| controller.hub | string | `"higress-registry.cn-hangzhou.cr.aliyuncs.com/higress"` | 图像库的基础地址 |
+| controller.image | string | `"higress"` | 镜像名称 |
+| controller.imagePullSecrets | list | `[]` | 拉取秘钥列表 |
+| controller.labels | object | `{}` | 标签 |
+| controller.name | string | `"higress-controller"` | 控制器名称 |
+| controller.nodeSelector | object | `{}` | 节点选择器 |
+| controller.podAnnotations | object | `{}` | Pod 注解 |
+| controller.podLabels | object | `{}` | 应用到 Pod 上的标签 |
+| controller.podSecurityContext | object | `{}` | Pod 安全上下文 |
+| controller.ports[0].name | string | `"http"` | 端口名称 |
+| controller.ports[0].port | int | `8888` | 端口编号 |
+| controller.ports[0].protocol | string | `"TCP"` | 协议类型 |
+| controller.ports[0].targetPort | int | `8888` | 目标端口 |
+| controller.ports[1].name | string | `"http-solver"` | 端口名称 |
+| controller.ports[1].port | int | `8889` | 端口编号 |
+| controller.ports[1].protocol | string | `"TCP"` | 协议类型 |
+| controller.ports[1].targetPort | int | `8889` | 目标端口 |
+| controller.ports[2].name | string | `"grpc"` | 端口名称 |
+| controller.ports[2].port | int | `15051` | 端口编号 |
+| controller.ports[2].protocol | string | `"TCP"` | 协议类型 |
+| controller.ports[2].targetPort | int | `15051` | 目标端口 |
+| controller.probe.httpGet.path | string | `"/ready"` | 运行状况检查路径 |
+| controller.probe.httpGet.port | int | `8888` | 端口运行状态检查 |
+| controller.probe.initialDelaySeconds | int | `1` | 初始延迟秒数 |
+| controller.probe.periodSeconds | int | `3` | 健康检查间隔秒数 |
+| controller.probe.timeoutSeconds | int | `5` | 超时秒数 |
+| controller.rbac.create | bool | `true` | 是否创建 RBAC 相关资源 |
+| controller.replicas | int | `1` | Higress 控制器 Pod 的数量 |
+| controller.resources.limits.cpu | string | `"1000m"` | CPU 上限 |
+| controller.resources.limits.memory | string | `"2048Mi"` | 内存上限 |
+| controller.resources.requests.cpu | string | `"500m"` | CPU 请求量 |
+| controller.resources.requests.memory | string | `"2048Mi"` | 内存请求量 |
+| controller.securityContext | object | `{}` | 安全上下文 |
+| controller.service.type | string | `"ClusterIP"` | 服务类型 |
+| controller.serviceAccount.annotations | object | `{}` | 添加到服务帐户的注解 |
+| controller.serviceAccount.create | bool | `true` | 是否创建服务帐户 |
+| controller.serviceAccount.name | string | `""` | 如果未设置且 create 为 true，则从 fullname 模板生成名称 |
+| controller.tag | string | `""` | 标记 |
+| controller.tolerations | list | `[]` | 受容容忍度列表 |
+| downstream.connectionBufferLimits | int | `32768` | 下游连接缓冲区限制（字节） |
+| downstream.http2.initialConnectionWindowSize | int | `1048576` | HTTP/2 初始连接窗口大小 |
+| downstream.http2.initialStreamWindowSize | int | `65535` | 流初始窗口大小 |
+| downstream.http2.maxConcurrentStreams | int | `100` | 并发流最大数量 |
+| downstream.idleTimeout | int | `180` | 空闲超时时间（秒） |
+| downstream.maxRequestHeadersKb | int | `60` | 最大请求头大小（KB） |
+| downstream.routeTimeout | int | `0` | 路由超时时间 |
+| gateway.affinity | object | `{}` | 网关的节点亲和性 |
+| gateway.annotations | object | `{}` | 应用于所有资源的注解 |
+| gateway.autoscaling.enabled | bool | `false` | 启用网关的自动扩展功能 |
+| gateway.autoscaling.maxReplicas | int | `5` | 最大副本数 |
+| gateway.autoscaling.minReplicas | int | `1` | 最小副本数 |
+| gateway.autoscaling.targetCPUUtilizationPercentage | int | `80` | CPU 使用率的目标百分比 |
+| gateway.containerSecurityContext | string | `nil` | 网关容器的安全配置上下文 |
+| gateway.env | object | `{}` | Pod 环境变量 |
+| gateway.hostNetwork | bool | `false` | 是否使用主机网络 |
+| gateway.httpPort | int | `80` | HTTP 服务端口 |
+| gateway.httpsPort | int | `443` | HTTPS 服务端口 |
+| gateway.hub | string | `"higress-registry.cn-hangzhou.cr.aliyuncs.com/higress"` | 网关镜像的基础域名 |
+| gateway.image | string | `"gateway"` |  |
+| gateway.kind | string | `"Deployment"` | 部署类型 |
+| gateway.labels | object | `{}` | 应用于所有资源的标签 |
+| gateway.metrics.enabled | bool | `false` | 启用网关度量收集 |
+| gateway.metrics.honorLabels | bool | `false` | 是否合并现有标签 |
+| gateway.metrics.interval | string | `""` | 度量间隔时间 |
+| gateway.metrics.provider | string | `"monitoring.coreos.com"` | 定义监控提供者 |
+| gateway.metrics.rawSpec | object | `{}` | 额外的度量规范 |
+| gateway.metrics.relabelConfigs | list | `[]` | 重新标签配置 |
+| gateway.metrics.relabelings | list | `[]` | 重新标签项 |
+| gateway.metrics.scrapeTimeout | string | `""` | 抓取的超时时间 |
+| gateway.name | string | `"higress-gateway"` | 网关名称 |
+| gateway.networkGateway | string | `""` | 网络网关指定 |
+| gateway.nodeSelector | object | `{}` | 节点选择器 |
+| gateway.replicas | int | `2` | Higress Gateway pod 的数量 |
+| gateway.resources.limits.cpu | string | `"2000m"` | 容器资源限制的 CPU |
+| gateway.resources.limits.memory | string | `"2048Mi"` | 容器资源限制的内存 |
+| gateway.resources.requests.cpu | string | `"2000m"` | 容器资源请求的 CPU |
+| gateway.resources.requests.memory | string | `"2048Mi"` | 容器资源请求的内存 |
+| gateway.revision | string | `""` | 网关所属版本声明 |
+| gateway.rollingMaxSurge | string | `"100%"` | 最大激增数目百分比 |
+| gateway.rollingMaxUnavailable | string | `"25%"` | 最大不可用比例 |
+| gateway.readinessFailureThreshold | int | `30` | 成功尝试之前连续失败的最大探测次数 |
+| gateway.readinessInitialDelaySeconds | int | `1` | 初次检测推迟多少秒后开始探测存活状态 |
+| gateway.readinessPeriodSeconds | int | `2` | 存活探测间隔秒数 |
+| gateway.readinessSuccessThreshold | int | `1` | 认为成功之前连续成功最小探测次数 |
+| gateway.readinessTimeoutSeconds | int | `3` | 存活探测超时秒数 |
+| gateway.securityContext | string | `nil` | 客户豆荚的安全上下文 |
+| gateway.service.annotations | object | `{}` | 应用于服务账户的注释 |
+| gateway.service.externalTrafficPolicy | string | `""` | 外部路由策略 |
+| gateway.service.loadBalancerClass | string | `""` | 负载均衡器类别 |
+| gateway.service.loadBalancerIP | string | `""` | 负载均衡器 IP 地址 |
+| gateway.service.loadBalancerSourceRanges | list | `[]` | 允许访问负载均衡器的 CIDR 范围 |
+| gateway.service.ports[0].name | string | `"http2"` | 服务定义的端口名称 |
+| gateway.service.ports[0].port | int | `80` | 服务端口 |
+| gateway.service.ports[0].protocol | string | `"TCP"` | 协议 |
+| gateway.service.ports[0].targetPort | int | `80` | 靶向端口 |
+| gateway.service.ports[1].name | string | `"https"` | 服务定义的端口名称 |
+| gateway.service.ports[1].port | int | `443` | 服务端口 |
+| gateway.service.ports[1].protocol | string | `"TCP"` | 协议 |
+| gateway.service.ports[1].targetPort | int | `443` | 靶向端口 |
+| gateway.service.type | string | `"LoadBalancer"` | 服务类型 |
+| global.disableAlpnH2 | bool | `false` | 设置是否禁用 ALPN 中的 http/2 |
+| ... | ... | ... | ... |
+
+由于内容较多，其他参数可以参考完整表。

hgctl/go.mod

@@ -242,15 +242,15 @@ require (
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	golang.org/x/crypto v0.25.0 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
 	golang.org/x/mod v0.17.0 // indirect
-	golang.org/x/net v0.27.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
 	golang.org/x/oauth2 v0.13.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.22.0 // indirect
-	golang.org/x/term v0.22.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/term v0.27.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	google.golang.org/appengine v1.6.8 // indirect

hgctl/go.sum

@@ -1789,8 +1789,9 @@ golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
-golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
 golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 h1:MGwJjxBy0HJshjDNfLsYO8xppfqWlA5ZT9OhtUUhTNw=
 golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
 golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
@@ -1909,8 +1910,9 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
-golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
 golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1961,8 +1963,9 @@ golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -2069,8 +2072,9 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
 golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -2086,8 +2090,9 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
-golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk=
 golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
+golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
+golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
 golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -2108,8 +2113,9 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
 golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

pkg/config/envs.go

@@ -22,5 +22,6 @@ var (
 	GatewayName  = env.RegisterStringVar("GATEWAY_NAME", "higress-gateway", "").Get()
 	// Revision is the value of the Istio control plane revision, e.g. "canary",
 	// and is the value used by the "istio.io/rev" label.
-	Revision = env.Register("REVISION", "", "").Get()
+	Revision              = env.Register("REVISION", "", "").Get()
+	McpServerWasmImageUrl = env.RegisterStringVar("MCP_SERVER_WASM_IMAGE_URL", "oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/mcp-server/all-in-one:1.0.0", "").Get()
 )

pkg/ingress/config/ingress_config.go

@@ -152,6 +152,7 @@ type IngressConfig struct {
 
 	httpsConfigMgr *cert.ConfigMgr
 
+	commonOptions common.Options
 	// templateProcessor processes template variables in config
 	templateProcessor *TemplateProcessor
 
@@ -197,6 +198,7 @@ func NewIngressConfig(localKubeClient kube.Client, xdsUpdater istiomodel.XDSUpda
 		namespace:                namespace,
 		wasmPlugins:              make(map[string]*extensions.WasmPlugin),
 		http2rpcs:                make(map[string]*higressv1.Http2Rpc),
+		commonOptions:            options,
 	}
 
 	// Initialize secret config manager
@@ -588,6 +590,13 @@ func (m *IngressConfig) convertVirtualService(configs []common.WrapperConfig) []
 			Spec: vs,
 		})
 	}
+	// add vs from naco3 for mcp server
+	if m.RegistryReconciler != nil {
+		allConfigsFromMcp := m.RegistryReconciler.GetAllConfigs(gvk.VirtualService)
+		for _, cfg := range allConfigsFromMcp {
+			out = append(out, *cfg)
+		}
+	}
 
 	// We generate some specific envoy filter here to avoid duplicated computation.
 	m.convertEnvoyFilter(&convertOptions)
@@ -674,6 +683,13 @@ func (m *IngressConfig) convertWasmPlugin([]common.WrapperConfig) []config.Confi
 			Spec: wasmPlugin,
 		})
 	}
+	// add wasm plugin from nacos for mcp server
+	if m.RegistryReconciler != nil {
+		wasmFromMcp := m.RegistryReconciler.GetAllConfigs(gvk.WasmPlugin)
+		for _, cfg := range wasmFromMcp {
+			out = append(out, *cfg)
+		}
+	}
 	return out
 }
 
@@ -684,6 +700,7 @@ func (m *IngressConfig) convertServiceEntry([]common.WrapperConfig) []config.Con
 	serviceEntries := m.RegistryReconciler.GetAllServiceWrapper()
 	IngressLog.Infof("Found mcp serviceEntries %v", serviceEntries)
 	out := make([]config.Config, 0, len(serviceEntries))
+	hostSets := sets.Set[string]{}
 	for _, se := range serviceEntries {
 		out = append(out, config.Config{
 			Meta: config.Meta{
@@ -698,6 +715,15 @@ func (m *IngressConfig) convertServiceEntry([]common.WrapperConfig) []config.Con
 			},
 			Spec: se.ServiceEntry,
 		})
+		hostSets.Insert(se.ServiceEntry.Hosts[0])
+	}
+	// add service entry by host from nacos3 for mcp server
+	seFromMcp := m.RegistryReconciler.GetAllConfigs(gvk.ServiceEntry)
+	for _, cfg := range seFromMcp {
+		se := cfg.Spec.(*networking.ServiceEntry)
+		if !hostSets.Contains(se.Hosts[0]) {
+			out = append(out, *cfg)
+		}
 	}
 	return out
 }
@@ -768,6 +794,10 @@ func (m *IngressConfig) convertDestinationRule(configs []common.WrapperConfig) [
 			if !exist {
 				destinationRules[serviceName] = destinationRuleWrapper
 			} else if dr.DestinationRule.TrafficPolicy != nil {
+				if dr.DestinationRule.TrafficPolicy.LoadBalancer == nil &&
+					destinationRuleWrapper.DestinationRule.TrafficPolicy.LoadBalancer != nil {
+					dr.DestinationRule.TrafficPolicy.LoadBalancer = destinationRuleWrapper.DestinationRule.TrafficPolicy.LoadBalancer
+				}
 				portTrafficPolicy := destinationRuleWrapper.DestinationRule.TrafficPolicy.PortLevelSettings[0]
 				portUpdated := false
 				for _, policy := range dr.DestinationRule.TrafficPolicy.PortLevelSettings {
@@ -904,7 +934,7 @@ func (m *IngressConfig) convertIstioWasmPlugin(obj *higressext.WasmPlugin) (*ext
 	result := &extensions.WasmPlugin{
 		Selector: &istiotype.WorkloadSelector{
 			MatchLabels: map[string]string{
-				"higress": m.namespace + "-higress-gateway",
+				m.commonOptions.GatewaySelectorKey: m.commonOptions.GatewaySelectorValue,
 			},
 		},
 		Url:             obj.Url,
@@ -1135,6 +1165,28 @@ func (m *IngressConfig) AddOrUpdateMcpBridge(clusterNamespacedName util.ClusterN
 				// Set this label so that we do not compare configs and just push.
 				Labels: map[string]string{constants.AlwaysPushLabel: "true"},
 			}
+			vsMetadata := config.Meta{
+				Name:             "mcpbridge-virtualservice",
+				Namespace:        m.namespace,
+				GroupVersionKind: gvk.VirtualService,
+				// Set this label so that we do not compare configs and just push.
+				Labels: map[string]string{constants.AlwaysPushLabel: "true"},
+			}
+			wasmMetadata := config.Meta{
+				Name:             "mcpbridge-wasmplugin",
+				Namespace:        m.namespace,
+				GroupVersionKind: gvk.WasmPlugin,
+				// Set this label so that we do not compare configs and just push.
+				Labels: map[string]string{constants.AlwaysPushLabel: "true"},
+			}
+			efMetadata := config.Meta{
+				Name:             "mcpbridge-envoyfilter",
+				Namespace:        m.namespace,
+				GroupVersionKind: gvk.EnvoyFilter,
+				// Set this label so that we do not compare configs and just push.
+				Labels: map[string]string{constants.AlwaysPushLabel: "true"},
+			}
+
 			for _, f := range m.serviceEntryHandlers {
 				IngressLog.Debug("McpBridge triggerd serviceEntry update")
 				f(config.Config{Meta: seMetadata}, config.Config{Meta: seMetadata}, istiomodel.EventUpdate)
@@ -1143,9 +1195,22 @@ func (m *IngressConfig) AddOrUpdateMcpBridge(clusterNamespacedName util.ClusterN
 				IngressLog.Debug("McpBridge triggerd destinationRule update")
 				f(config.Config{Meta: drMetadata}, config.Config{Meta: drMetadata}, istiomodel.EventUpdate)
 			}
-		}, m.localKubeClient, m.namespace)
+			for _, f := range m.virtualServiceHandlers {
+				IngressLog.Debug("McpBridge triggerd virtualservice update")
+				f(config.Config{Meta: vsMetadata}, config.Config{Meta: vsMetadata}, istiomodel.EventUpdate)
+			}
+			for _, f := range m.wasmPluginHandlers {
+				IngressLog.Debug("McpBridge triggerd wasmplugin update")
+				f(config.Config{Meta: wasmMetadata}, config.Config{Meta: wasmMetadata}, istiomodel.EventUpdate)
+			}
+			for _, f := range m.envoyFilterHandlers {
+				IngressLog.Debug("McpBridge triggerd envoyfilter update")
+				f(config.Config{Meta: efMetadata}, config.Config{Meta: efMetadata}, istiomodel.EventUpdate)
+			}
+		}, m.localKubeClient, m.namespace, m.clusterId.String())
 	}
 	reconciler := m.RegistryReconciler
+	m.configmapMgr.SetMcpReconciler(m.RegistryReconciler)
 	err = reconciler.Reconcile(mcpbridge)
 	if err != nil {
 		IngressLog.Errorf("Mcpbridge reconcile failed, err:%v", err)

pkg/ingress/kube/common/model_test.go

@@ -0,0 +1,97 @@
+// Copyright (c) 2022 Alibaba Group Holding Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package common
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"istio.io/istio/pilot/pkg/model"
+	"istio.io/istio/pkg/config"
+)
+
+func TestIngressDomainCache(t *testing.T) {
+	cache := NewIngressDomainCache()
+	assert.NotNil(t, cache)
+	assert.NotNil(t, cache.Valid)
+	assert.Empty(t, cache.Invalid)
+
+	cache.Valid["example.com"] = &IngressDomainBuilder{
+		Host:      "example.com",
+		Protocol:  HTTP,
+		ClusterId: "cluster-1",
+		Ingress: &config.Config{
+			Meta: config.Meta{
+				Name:      "test-ingress",
+				Namespace: "default",
+			},
+		},
+	}
+
+	cache.Invalid = append(cache.Invalid, model.IngressDomain{
+		Host:  "invalid.com",
+		Error: "invalid domain",
+	})
+
+	result := cache.Extract()
+	assert.Equal(t, 1, len(result.Valid))
+	assert.Equal(t, "example.com", result.Valid[0].Host)
+	assert.Equal(t, string(HTTP), result.Valid[0].Protocol)
+
+	assert.Equal(t, 1, len(result.Invalid))
+	assert.Equal(t, "invalid.com", result.Invalid[0].Host)
+}
+
+func TestIngressDomainBuilder(t *testing.T) {
+	builder := &IngressDomainBuilder{
+		Host:      "example.com",
+		Protocol:  HTTP,
+		ClusterId: "cluster-1",
+		Ingress: &config.Config{
+			Meta: config.Meta{
+				Name:      "test-ingress",
+				Namespace: "default",
+			},
+		},
+	}
+
+	domain := builder.Build()
+	assert.Equal(t, "example.com", domain.Host)
+	assert.Equal(t, string(HTTP), domain.Protocol)
+
+	builder.Event = MissingSecret
+	eventDomain := builder.Build()
+	assert.Contains(t, eventDomain.Error, "misses secret")
+
+	builder.Event = DuplicatedTls
+	builder.PreIngress = &config.Config{
+		Meta: config.Meta{
+			Name:      "pre-ingress",
+			Namespace: "default",
+		},
+	}
+	builder.PreIngress.Meta.Annotations = map[string]string{
+		ClusterIdAnnotation: "pre-cluster",
+	}
+	dupDomain := builder.Build()
+	assert.Contains(t, dupDomain.Error, "conflicted with ingress")
+
+	builder.Protocol = HTTPS
+	builder.SecretName = "test-secret"
+	builder.Event = ""
+	httpsDomain := builder.Build()
+	assert.Equal(t, string(HTTPS), httpsDomain.Protocol)
+	assert.Equal(t, "test-secret", httpsDomain.SecretName)
+}

pkg/ingress/kube/common/tool_test.go

@@ -18,6 +18,7 @@ import (
 	"testing"
 
 	networking "istio.io/api/networking/v1alpha3"
+	"istio.io/istio/pilot/pkg/model"
 	"istio.io/istio/pkg/config"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -556,3 +557,514 @@ func TestSortHTTPRoutesWithMoreRules(t *testing.T) {
 		}
 	}
 }
+
+func TestValidateBackendResource(t *testing.T) {
+	groupStr := "networking.higress.io"
+	testCases := []struct {
+		name     string
+		resource *v1.TypedLocalObjectReference
+		expected bool
+	}{
+		{
+			name:     "nil resource",
+			resource: nil,
+			expected: false,
+		},
+		{
+			name: "nil APIGroup",
+			resource: &v1.TypedLocalObjectReference{
+				APIGroup: nil,
+				Kind:     "McpBridge",
+				Name:     "default",
+			},
+			expected: false,
+		},
+		{
+			name: "wrong APIGroup",
+			resource: &v1.TypedLocalObjectReference{
+				APIGroup: &groupStr,
+				Kind:     "McpBridge",
+				Name:     "wrong-name",
+			},
+			expected: false,
+		},
+		{
+			name: "wrong Kind",
+			resource: &v1.TypedLocalObjectReference{
+				APIGroup: &groupStr,
+				Kind:     "WrongKind",
+				Name:     "default",
+			},
+			expected: false,
+		},
+		{
+			name: "valid resource",
+			resource: &v1.TypedLocalObjectReference{
+				APIGroup: &groupStr,
+				Kind:     "McpBridge",
+				Name:     "default",
+			},
+			expected: true,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			result := ValidateBackendResource(tc.resource)
+			assert.Equal(t, tc.expected, result)
+		})
+	}
+}
+
+func TestCreateOrUpdateAnnotations(t *testing.T) {
+	testCases := []struct {
+		name        string
+		annotations map[string]string
+		options     Options
+		expected    map[string]string
+	}{
+		{
+			name:        "empty annotations",
+			annotations: map[string]string{},
+			options: Options{
+				ClusterId:    "test-cluster",
+				RawClusterId: "raw-test-cluster",
+			},
+			expected: map[string]string{
+				ClusterIdAnnotation:    "test-cluster",
+				RawClusterIdAnnotation: "raw-test-cluster",
+			},
+		},
+		{
+			name: "existing annotations",
+			annotations: map[string]string{
+				"key1": "value1",
+				"key2": "value2",
+			},
+			options: Options{
+				ClusterId:    "test-cluster",
+				RawClusterId: "raw-test-cluster",
+			},
+			expected: map[string]string{
+				"key1":                 "value1",
+				"key2":                 "value2",
+				ClusterIdAnnotation:    "test-cluster",
+				RawClusterIdAnnotation: "raw-test-cluster",
+			},
+		},
+		{
+			name: "overwrite existing cluster annotations",
+			annotations: map[string]string{
+				ClusterIdAnnotation:    "old-cluster",
+				RawClusterIdAnnotation: "old-raw-cluster",
+				"key1":                 "value1",
+			},
+			options: Options{
+				ClusterId:    "new-cluster",
+				RawClusterId: "new-raw-cluster",
+			},
+			expected: map[string]string{
+				ClusterIdAnnotation:    "new-cluster",
+				RawClusterIdAnnotation: "new-raw-cluster",
+				"key1":                 "value1",
+			},
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			result := CreateOrUpdateAnnotations(tc.annotations, tc.options)
+			assert.Equal(t, tc.expected, result)
+		})
+	}
+}
+
+func TestGetClusterId(t *testing.T) {
+	testCases := []struct {
+		name        string
+		annotations map[string]string
+		expected    string
+	}{
+		{
+			name:        "nil annotations",
+			annotations: nil,
+			expected:    "",
+		},
+		{
+			name:        "empty annotations",
+			annotations: map[string]string{},
+			expected:    "",
+		},
+		{
+			name: "with cluster id",
+			annotations: map[string]string{
+				ClusterIdAnnotation: "test-cluster",
+			},
+			expected: "test-cluster",
+		},
+		{
+			name: "with other annotations",
+			annotations: map[string]string{
+				"key1": "value1",
+				"key2": "value2",
+			},
+			expected: "",
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			result := GetClusterId(tc.annotations)
+			assert.Equal(t, tc.expected, string(result))
+		})
+	}
+}
+
+func TestConvertToDNSLabelValidAndCleanHost(t *testing.T) {
+	testCases := []struct {
+		name  string
+		input string
+	}{
+		{
+			name:  "simple host",
+			input: "example.com",
+		},
+		{
+			name:  "wildcard host",
+			input: "*.example.com",
+		},
+		{
+			name:  "long host",
+			input: "very-long-subdomain.example-service.my-namespace.svc.cluster.local",
+		},
+		{
+			name:  "empty host",
+			input: "",
+		},
+		{
+			name:  "ip address",
+			input: "192.168.1.1",
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			// Test internal convertToDNSLabelValid function (through CleanHost)
+			result := CleanHost(tc.input)
+
+			// Validate result
+			assert.NotEmpty(t, result)
+			assert.Equal(t, 16, len(result)) // MD5 hash format is fixed length of 16 bytes
+
+			// Consistency check - same input should produce same output
+			result2 := CleanHost(tc.input)
+			assert.Equal(t, result, result2)
+		})
+	}
+}
+
+func TestSplitServiceFQDN(t *testing.T) {
+	testCases := []struct {
+		name          string
+		fqdn          string
+		expectedSvc   string
+		expectedNs    string
+		expectedValid bool
+	}{
+		{
+			name:          "simple fqdn",
+			fqdn:          "service.namespace",
+			expectedSvc:   "service",
+			expectedNs:    "namespace",
+			expectedValid: true,
+		},
+		{
+			name:          "full k8s fqdn",
+			fqdn:          "service.namespace.svc.cluster.local",
+			expectedSvc:   "service",
+			expectedNs:    "namespace",
+			expectedValid: true,
+		},
+		{
+			name:          "just service name",
+			fqdn:          "service",
+			expectedSvc:   "",
+			expectedNs:    "",
+			expectedValid: false,
+		},
+		{
+			name:          "empty string",
+			fqdn:          "",
+			expectedSvc:   "",
+			expectedNs:    "",
+			expectedValid: false,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			svc, ns, valid := SplitServiceFQDN(tc.fqdn)
+			assert.Equal(t, tc.expectedSvc, svc)
+			assert.Equal(t, tc.expectedNs, ns)
+			assert.Equal(t, tc.expectedValid, valid)
+		})
+	}
+}
+
+func TestConvertBackendService(t *testing.T) {
+	testCases := []struct {
+		name     string
+		dest     *networking.HTTPRouteDestination
+		expected model.BackendService
+	}{
+		{
+			name: "simple service",
+			dest: &networking.HTTPRouteDestination{
+				Destination: &networking.Destination{
+					Host: "service.namespace",
+					Port: &networking.PortSelector{
+						Number: 80,
+					},
+				},
+				Weight: 100,
+			},
+			expected: model.BackendService{
+				Name:      "service",
+				Namespace: "namespace",
+				Port:      80,
+				Weight:    100,
+			},
+		},
+		{
+			name: "full k8s FQDN",
+			dest: &networking.HTTPRouteDestination{
+				Destination: &networking.Destination{
+					Host: "service.namespace.svc.cluster.local",
+					Port: &networking.PortSelector{
+						Number: 8080,
+					},
+				},
+				Weight: 50,
+			},
+			expected: model.BackendService{
+				Name:      "service",
+				Namespace: "namespace",
+				Port:      8080,
+				Weight:    50,
+			},
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			result := ConvertBackendService(tc.dest)
+			assert.Equal(t, tc.expected.Name, result.Name)
+			assert.Equal(t, tc.expected.Namespace, result.Namespace)
+			assert.Equal(t, tc.expected.Port, result.Port)
+			assert.Equal(t, tc.expected.Weight, result.Weight)
+		})
+	}
+}
+
+func TestCreateConvertedName(t *testing.T) {
+	testCases := []struct {
+		name     string
+		items    []string
+		expected string
+	}{
+		{
+			name:     "empty slice",
+			items:    []string{},
+			expected: "",
+		},
+		{
+			name:     "single item",
+			items:    []string{"example"},
+			expected: "example",
+		},
+		{
+			name:     "multiple items",
+			items:    []string{"part1", "part2", "part3"},
+			expected: "part1-part2-part3",
+		},
+		{
+			name:     "with empty strings",
+			items:    []string{"part1", "", "part3"},
+			expected: "part1-part3",
+		},
+		{
+			name:     "all empty strings",
+			items:    []string{"", "", ""},
+			expected: "",
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			result := CreateConvertedName(tc.items...)
+			assert.Equal(t, tc.expected, result)
+		})
+	}
+}
+
+func TestSortIngressByCreationTime(t *testing.T) {
+	configs := []config.Config{
+		{
+			Meta: config.Meta{
+				Name:      "c-ingress",
+				Namespace: "ns1",
+			},
+		},
+		{
+			Meta: config.Meta{
+				Name:      "a-ingress",
+				Namespace: "ns1",
+			},
+		},
+		{
+			Meta: config.Meta{
+				Name:      "b-ingress",
+				Namespace: "ns1",
+			},
+		},
+	}
+
+	expected := []string{"a-ingress", "b-ingress", "c-ingress"}
+
+	SortIngressByCreationTime(configs)
+
+	var actual []string
+	for _, cfg := range configs {
+		actual = append(actual, cfg.Name)
+	}
+
+	assert.Equal(t, expected, actual, "When the timestamps are the same, the configuration should be sorted by name")
+
+	sameNamespaceConfigs := []config.Config{
+		{
+			Meta: config.Meta{
+				Name:      "same-name",
+				Namespace: "c-ns",
+			},
+		},
+		{
+			Meta: config.Meta{
+				Name:      "same-name",
+				Namespace: "a-ns",
+			},
+		},
+		{
+			Meta: config.Meta{
+				Name:      "same-name",
+				Namespace: "b-ns",
+			},
+		},
+	}
+
+	expectedNamespace := []string{"a-ns", "b-ns", "c-ns"}
+
+	SortIngressByCreationTime(sameNamespaceConfigs)
+
+	var actualNamespace []string
+	for _, cfg := range sameNamespaceConfigs {
+		actualNamespace = append(actualNamespace, cfg.Namespace)
+	}
+
+	assert.Equal(t, expectedNamespace, actualNamespace, "When the names are the same, the configuration should be sorted by namespace")
+}
+
+func TestPartMd5(t *testing.T) {
+	testCases := []struct {
+		name   string
+		input  string
+		length int
+	}{
+		{
+			name:   "empty string",
+			input:  "",
+			length: 8,
+		},
+		{
+			name:   "simple string",
+			input:  "test",
+			length: 8,
+		},
+		{
+			name:   "complex string",
+			input:  "this-is-a-long-string-with-special-chars-!@#$%^&*()",
+			length: 8,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			result := partMd5(tc.input)
+
+			// Check result format
+			assert.Equal(t, tc.length, len(result), "MD5 hash excerpt should be 8 characters")
+
+			// Run twice to ensure deterministic output
+			result2 := partMd5(tc.input)
+			assert.Equal(t, result, result2, "partMd5 function should be deterministic")
+		})
+	}
+}
+
+func TestGetLbStatusListV1AndV1Beta1(t *testing.T) {
+	clusterPrefix = "gw-123-"
+	svcName := clusterPrefix
+	svcList := []*v1.Service{
+		{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: svcName,
+			},
+			Spec: v1.ServiceSpec{
+				Type: v1.ServiceTypeLoadBalancer,
+			},
+			Status: v1.ServiceStatus{
+				LoadBalancer: v1.LoadBalancerStatus{
+					Ingress: []v1.LoadBalancerIngress{
+						{
+							IP: "2.2.2.2",
+						},
+					},
+				},
+			},
+		},
+		{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: svcName,
+			},
+			Spec: v1.ServiceSpec{
+				Type: v1.ServiceTypeLoadBalancer,
+			},
+			Status: v1.ServiceStatus{
+				LoadBalancer: v1.LoadBalancerStatus{
+					Ingress: []v1.LoadBalancerIngress{
+						{
+							Hostname: "1.1.1.1" + SvcHostNameSuffix,
+						},
+					},
+				},
+			},
+		},
+	}
+
+	// Test the V1 version
+	t.Run("GetLbStatusListV1", func(t *testing.T) {
+		lbiList := GetLbStatusListV1(svcList)
+
+		assert.Equal(t, 2, len(lbiList), "There should be 2 entry points")
+		assert.Equal(t, "1.1.1.1", lbiList[0].IP, "The first IP should be 1.1.1.1")
+		assert.Equal(t, "2.2.2.2", lbiList[1].IP, "The second IP should be 2.2.2.2")
+	})
+
+	// Test the V1Beta1 version
+	t.Run("GetLbStatusListV1Beta1", func(t *testing.T) {
+		lbiList := GetLbStatusListV1Beta1(svcList)
+
+		assert.Equal(t, 2, len(lbiList), "There should be 2 entry points")
+		assert.Equal(t, "1.1.1.1", lbiList[0].IP, "The first IP should be 1.1.1.1")
+		assert.Equal(t, "2.2.2.2", lbiList[1].IP, "The second IP should be 2.2.2.2")
+	})
+}

pkg/ingress/kube/configmap/controller.go

@@ -18,6 +18,7 @@ import (
 	"reflect"
 	"sync/atomic"
 
+	"github.com/alibaba/higress/registry/reconcile"
 	"istio.io/istio/pilot/pkg/model"
 	"istio.io/istio/pkg/cluster"
 	"istio.io/istio/pkg/config"
@@ -58,6 +59,7 @@ type ItemController interface {
 	ValidHigressConfig(higressConfig *HigressConfig) error
 	ConstructEnvoyFilters() ([]*config.Config, error)
 	RegisterItemEventHandler(eventHandler ItemEventHandler)
+	RegisterMcpReconciler(reconciler *reconcile.Reconciler)
 }
 
 type ConfigmapMgr struct {
@@ -111,6 +113,12 @@ func (c *ConfigmapMgr) GetHigressConfig() *HigressConfig {
 	return nil
 }
 
+func (c *ConfigmapMgr) SetMcpReconciler(reconciler *reconcile.Reconciler) {
+	for _, itemController := range c.ItemControllers {
+		itemController.RegisterMcpReconciler(reconciler)
+	}
+}
+
 func (c *ConfigmapMgr) AddItemControllers(controllers ...ItemController) {
 	c.ItemControllers = append(c.ItemControllers, controllers...)
 }

pkg/ingress/kube/configmap/global.go

@@ -21,6 +21,7 @@ import (
 
 	"github.com/alibaba/higress/pkg/ingress/kube/util"
 	. "github.com/alibaba/higress/pkg/ingress/log"
+	"github.com/alibaba/higress/registry/reconcile"
 	networking "istio.io/api/networking/v1alpha3"
 	"istio.io/istio/pkg/config"
 	"istio.io/istio/pkg/config/schema/gvk"
@@ -376,6 +377,9 @@ func (g *GlobalOptionController) RegisterItemEventHandler(eventHandler ItemEvent
 	g.eventHandler = eventHandler
 }
 
+func (g *GlobalOptionController) RegisterMcpReconciler(reconciler *reconcile.Reconciler) {
+}
+
 // generateDownstreamEnvoyFilter generates the downstream envoy filter.
 func (g *GlobalOptionController) generateDownstreamEnvoyFilter(downstreamValueStruct string, bufferLimitStruct string, routeTimeoutStruct string, namespace string) []*networking.EnvoyFilter_EnvoyConfigObjectPatch {
 	var downstreamConfig []*networking.EnvoyFilter_EnvoyConfigObjectPatch

pkg/ingress/kube/configmap/gzip.go

@@ -23,6 +23,7 @@ import (
 
 	"github.com/alibaba/higress/pkg/ingress/kube/util"
 	. "github.com/alibaba/higress/pkg/ingress/log"
+	"github.com/alibaba/higress/registry/reconcile"
 	networking "istio.io/api/networking/v1alpha3"
 	"istio.io/istio/pkg/config"
 	"istio.io/istio/pkg/config/schema/gvk"
@@ -291,6 +292,9 @@ func (g *GzipController) RegisterItemEventHandler(eventHandler ItemEventHandler)
 	g.eventHandler = eventHandler
 }
 
+func (g *GzipController) RegisterMcpReconciler(reconciler *reconcile.Reconciler) {
+}
+
 func (g *GzipController) constructGzipStruct(gzip *Gzip, namespace string) string {
 	gzipConfig := ""
 	contentType := ""

pkg/ingress/kube/configmap/mcp_server.go

@@ -24,6 +24,7 @@ import (
 
 	"github.com/alibaba/higress/pkg/ingress/kube/util"
 	. "github.com/alibaba/higress/pkg/ingress/log"
+	"github.com/alibaba/higress/registry/reconcile"
 	networking "istio.io/api/networking/v1alpha3"
 	"istio.io/istio/pkg/config"
 	"istio.io/istio/pkg/config/schema/gvk"
@@ -41,16 +42,44 @@ type RedisConfig struct {
 	DB int `json:"db,omitempty"`
 }
 
+// MCPRatelimitConfig defines the configuration for rate limit
+type MCPRatelimitConfig struct {
+	// The limit of the rate limit
+	Limit int64 `json:"limit,omitempty"`
+	// The window of the rate limit
+	Window int64 `json:"window,omitempty"`
+	// The white list of the rate limit
+	WhiteList []string `json:"white_list,omitempty"`
+}
+
 // SSEServer defines the configuration for Server-Sent Events (SSE) server
 type SSEServer struct {
 	// The name of the SSE server
 	Name string `json:"name,omitempty"`
-	// The path where the SSE server will be mounted, the full path is (PATH + SsePathSuffix)
+	// The path where the SSE server will be mounted, the full path is (PATH + SSEPathSuffix)
 	Path string `json:"path,omitempty"`
 	// The type of the SSE server
 	Type string `json:"type,omitempty"`
 	// Additional Config parameters for the real MCP server implementation
 	Config map[string]interface{} `json:"config,omitempty"`
+	// The domain list of the SSE server
+	DomainList []string `json:"domain_list,omitempty"`
+}
+
+// MatchRule defines a rule for matching requests
+type MatchRule struct {
+	// Domain pattern, supports wildcards
+	MatchRuleDomain string `json:"match_rule_domain,omitempty"`
+	// Path pattern to match
+	MatchRulePath string `json:"match_rule_path,omitempty"`
+	// Type of match rule: exact, prefix, suffix, contains, regex
+	MatchRuleType string `json:"match_rule_type,omitempty"`
+	// Type of upstream(s) matched by the rule: rest (default), sse
+	UpstreamType string `json:"upstream_type"`
+	// Enable request path rewrite for matched routes
+	EnablePathRewrite bool `json:"enable_path_rewrite"`
+	// Prefix the request path would be rewritten to.
+	PathRewritePrefix string `json:"path_rewrite_prefix"`
 }
 
 // McpServer defines the configuration for MCP (Model Context Protocol) server
@@ -60,13 +89,24 @@ type McpServer struct {
 	// Redis Config for MCP server
 	Redis *RedisConfig `json:"redis,omitempty"`
 	// The suffix to be appended to SSE paths, default is "/sse"
-	SsePathSuffix string `json:"sse_path_suffix,omitempty"`
+	SSEPathSuffix string `json:"sse_path_suffix,omitempty"`
 	// List of SSE servers Configs
 	Servers []*SSEServer `json:"servers,omitempty"`
+	// List of match rules for filtering requests
+	MatchList []*MatchRule `json:"match_list,omitempty"`
+	// Flag to control whether user level server is enabled
+	EnableUserLevelServer bool `json:"enable_user_level_server,omitempty"`
+	// Rate limit config for MCP server
+	Ratelimit *MCPRatelimitConfig `json:"rate_limit,omitempty"`
 }
 
 func NewDefaultMcpServer() *McpServer {
-	return &McpServer{Enable: false}
+	return &McpServer{
+		Enable:                false,
+		Servers:               make([]*SSEServer, 0),
+		MatchList:             make([]*MatchRule, 0),
+		EnableUserLevelServer: false,
+	}
 }
 
 const (
@@ -78,8 +118,39 @@ func validMcpServer(m *McpServer) error {
 		return nil
 	}
 
-	if m.Enable && m.Redis == nil {
-		return errors.New("redis config cannot be empty when mcp server is enabled")
+	if m.EnableUserLevelServer && m.Redis == nil {
+		return errors.New("redis config cannot be empty when user level server is enabled")
+	}
+
+	// Validate match rule types
+	if m.MatchList != nil {
+		validMatchRuleTypes := map[string]bool{
+			"exact":    true,
+			"prefix":   true,
+			"suffix":   true,
+			"contains": true,
+			"regex":    true,
+		}
+		validUpstreamTypes := map[string]bool{
+			"rest":       true,
+			"sse":        true,
+			"streamable": true,
+		}
+
+		for _, rule := range m.MatchList {
+			if rule.MatchRuleType == "" {
+				return errors.New("match_rule_type cannot be empty, must be one of: exact, prefix, suffix, contains, regex")
+			}
+			if !validMatchRuleTypes[rule.MatchRuleType] {
+				return fmt.Errorf("invalid match_rule_type: %s, must be one of: exact, prefix, suffix, contains, regex", rule.MatchRuleType)
+			}
+			if rule.UpstreamType != "" && !validUpstreamTypes[rule.UpstreamType] {
+				return fmt.Errorf("invalid upstream_type: %s, must be one of: rest, sse, streamable", rule.UpstreamType)
+			}
+			if rule.EnablePathRewrite && rule.UpstreamType != "sse" {
+				return errors.New("path rewrite is only supported for SSE upstream type")
+			}
+		}
 	}
 
 	return nil
@@ -113,16 +184,25 @@ func deepCopyMcpServer(mcp *McpServer) (*McpServer, error) {
 			DB:       mcp.Redis.DB,
 		}
 	}
+	if mcp.Ratelimit != nil {
+		newMcp.Ratelimit = &MCPRatelimitConfig{
+			Limit:     mcp.Ratelimit.Limit,
+			Window:    mcp.Ratelimit.Window,
+			WhiteList: mcp.Ratelimit.WhiteList,
+		}
+	}
+	newMcp.SSEPathSuffix = mcp.SSEPathSuffix
 
-	newMcp.SsePathSuffix = mcp.SsePathSuffix
+	newMcp.EnableUserLevelServer = mcp.EnableUserLevelServer
 
 	if len(mcp.Servers) > 0 {
 		newMcp.Servers = make([]*SSEServer, len(mcp.Servers))
 		for i, server := range mcp.Servers {
 			newServer := &SSEServer{
-				Name: server.Name,
-				Path: server.Path,
-				Type: server.Type,
+				Name:       server.Name,
+				Path:       server.Path,
+				Type:       server.Type,
+				DomainList: server.DomainList,
 			}
 			if server.Config != nil {
 				newServer.Config = make(map[string]interface{})
@@ -134,6 +214,20 @@ func deepCopyMcpServer(mcp *McpServer) (*McpServer, error) {
 		}
 	}
 
+	if len(mcp.MatchList) > 0 {
+		newMcp.MatchList = make([]*MatchRule, len(mcp.MatchList))
+		for i, rule := range mcp.MatchList {
+			newMcp.MatchList[i] = &MatchRule{
+				MatchRuleDomain:   rule.MatchRuleDomain,
+				MatchRulePath:     rule.MatchRulePath,
+				MatchRuleType:     rule.MatchRuleType,
+				UpstreamType:      rule.UpstreamType,
+				EnablePathRewrite: rule.EnablePathRewrite,
+				PathRewritePrefix: rule.PathRewritePrefix,
+			}
+		}
+	}
+
 	return newMcp, nil
 }
 
@@ -142,6 +236,7 @@ type McpServerController struct {
 	mcpServer    atomic.Value
 	Name         string
 	eventHandler ItemEventHandler
+	reconciler   *reconcile.Reconciler
 }
 
 func NewMcpServerController(namespace string) *McpServerController {
@@ -215,6 +310,10 @@ func (m *McpServerController) RegisterItemEventHandler(eventHandler ItemEventHan
 	m.eventHandler = eventHandler
 }
 
+func (m *McpServerController) RegisterMcpReconciler(reconciler *reconcile.Reconciler) {
+	m.reconciler = reconciler
+}
+
 func (m *McpServerController) ConstructEnvoyFilters() ([]*config.Config, error) {
 	configs := make([]*config.Config, 0)
 	mcpServer := m.GetMcpServer()
@@ -224,51 +323,181 @@ func (m *McpServerController) ConstructEnvoyFilters() ([]*config.Config, error)
 		return configs, nil
 	}
 
-	mcpStruct := m.constructMcpServerStruct(mcpServer)
-	if mcpStruct == "" {
-		return configs, nil
-	}
-
-	config := &config.Config{
-		Meta: config.Meta{
-			GroupVersionKind: gvk.EnvoyFilter,
-			Name:             higressMcpServerEnvoyFilterName,
-			Namespace:        namespace,
-		},
-		Spec: &networking.EnvoyFilter{
-			ConfigPatches: []*networking.EnvoyFilter_EnvoyConfigObjectPatch{
-				{
-					ApplyTo: networking.EnvoyFilter_HTTP_FILTER,
-					Match: &networking.EnvoyFilter_EnvoyConfigObjectMatch{
-						Context: networking.EnvoyFilter_GATEWAY,
-						ObjectTypes: &networking.EnvoyFilter_EnvoyConfigObjectMatch_Listener{
-							Listener: &networking.EnvoyFilter_ListenerMatch{
-								FilterChain: &networking.EnvoyFilter_ListenerMatch_FilterChainMatch{
-									Filter: &networking.EnvoyFilter_ListenerMatch_FilterMatch{
-										Name: "envoy.filters.network.http_connection_manager",
-										SubFilter: &networking.EnvoyFilter_ListenerMatch_SubFilterMatch{
-											Name: "envoy.filters.http.cors",
+	// mcp-session envoy filter
+	mcpSessionStruct := m.constructMcpSessionStruct(mcpServer)
+	if mcpSessionStruct != "" {
+		sessionConfig := &config.Config{
+			Meta: config.Meta{
+				GroupVersionKind: gvk.EnvoyFilter,
+				Name:             higressMcpServerEnvoyFilterName,
+				Namespace:        namespace,
+			},
+			Spec: &networking.EnvoyFilter{
+				ConfigPatches: []*networking.EnvoyFilter_EnvoyConfigObjectPatch{
+					{
+						ApplyTo: networking.EnvoyFilter_HTTP_FILTER,
+						Match: &networking.EnvoyFilter_EnvoyConfigObjectMatch{
+							Context: networking.EnvoyFilter_GATEWAY,
+							ObjectTypes: &networking.EnvoyFilter_EnvoyConfigObjectMatch_Listener{
+								Listener: &networking.EnvoyFilter_ListenerMatch{
+									FilterChain: &networking.EnvoyFilter_ListenerMatch_FilterChainMatch{
+										Filter: &networking.EnvoyFilter_ListenerMatch_FilterMatch{
+											Name: "envoy.filters.network.http_connection_manager",
+											SubFilter: &networking.EnvoyFilter_ListenerMatch_SubFilterMatch{
+												Name: "envoy.filters.http.cors",
+											},
 										},
 									},
 								},
 							},
 						},
-					},
-					Patch: &networking.EnvoyFilter_Patch{
-						Operation: networking.EnvoyFilter_Patch_INSERT_AFTER,
-						Value:     util.BuildPatchStruct(mcpStruct),
+						Patch: &networking.EnvoyFilter_Patch{
+							Operation: networking.EnvoyFilter_Patch_INSERT_AFTER,
+							Value:     util.BuildPatchStruct(mcpSessionStruct),
+						},
 					},
 				},
 			},
-		},
+		}
+		configs = append(configs, sessionConfig)
+	}
+
+	// mcp-server envoy filter
+	mcpServerStruct := m.constructMcpServerStruct(mcpServer)
+	if mcpServerStruct != "" {
+		serverConfig := &config.Config{
+			Meta: config.Meta{
+				GroupVersionKind: gvk.EnvoyFilter,
+				Name:             higressMcpServerEnvoyFilterName + "-server",
+				Namespace:        namespace,
+			},
+			Spec: &networking.EnvoyFilter{
+				ConfigPatches: []*networking.EnvoyFilter_EnvoyConfigObjectPatch{
+					{
+						ApplyTo: networking.EnvoyFilter_HTTP_FILTER,
+						Match: &networking.EnvoyFilter_EnvoyConfigObjectMatch{
+							Context: networking.EnvoyFilter_GATEWAY,
+							ObjectTypes: &networking.EnvoyFilter_EnvoyConfigObjectMatch_Listener{
+								Listener: &networking.EnvoyFilter_ListenerMatch{
+									FilterChain: &networking.EnvoyFilter_ListenerMatch_FilterChainMatch{
+										Filter: &networking.EnvoyFilter_ListenerMatch_FilterMatch{
+											Name: "envoy.filters.network.http_connection_manager",
+											SubFilter: &networking.EnvoyFilter_ListenerMatch_SubFilterMatch{
+												Name: "envoy.filters.http.router",
+											},
+										},
+									},
+								},
+							},
+						},
+						Patch: &networking.EnvoyFilter_Patch{
+							Operation: networking.EnvoyFilter_Patch_INSERT_BEFORE,
+							Value:     util.BuildPatchStruct(mcpServerStruct),
+						},
+					},
+				},
+			},
+		}
+		configs = append(configs, serverConfig)
 	}
 
-	configs = append(configs, config)
 	return configs, nil
 }
 
+func (m *McpServerController) constructMcpSessionStruct(mcp *McpServer) string {
+	// Build match_list configuration
+	matchList := "[]"
+	var matchConfigs []string
+	if len(mcp.MatchList) > 0 {
+		for _, rule := range mcp.MatchList {
+			matchConfigs = append(matchConfigs, fmt.Sprintf(`{
+				"match_rule_domain": "%s",
+				"match_rule_path": "%s",
+				"match_rule_type": "%s",
+				"upstream_type": "%s",
+				"enable_path_rewrite": %t,
+				"path_rewrite_prefix": "%s"
+			}`, rule.MatchRuleDomain, rule.MatchRulePath, rule.MatchRuleType, rule.UpstreamType, rule.EnablePathRewrite, rule.PathRewritePrefix))
+		}
+	}
+
+	if m.reconciler != nil {
+		vsFromMcp := m.reconciler.GetAllConfigs(gvk.VirtualService)
+		for _, c := range vsFromMcp {
+			vs := c.Spec.(*networking.VirtualService)
+			var host string
+			if len(vs.Hosts) > 1 {
+				host = fmt.Sprintf("(%s)", strings.Join(vs.Hosts, "|"))
+			} else {
+				host = vs.Hosts[0]
+			}
+			path := vs.Http[0].Match[0].Uri.GetPrefix()
+			matchConfigs = append(matchConfigs, fmt.Sprintf(`{
+				"match_rule_domain": "%s",
+				"match_rule_path": "%s",
+				"match_rule_type": "prefix"
+			}`, host, path))
+		}
+	}
+	matchList = fmt.Sprintf("[%s]", strings.Join(matchConfigs, ","))
+
+	// Build redis configuration
+	redisConfig := "null"
+	if mcp.Redis != nil {
+		redisConfig = fmt.Sprintf(`{
+							"address": "%s",
+							"username": "%s",
+							"password": "%s",
+							"db": %d
+						}`, mcp.Redis.Address, mcp.Redis.Username, mcp.Redis.Password, mcp.Redis.DB)
+	}
+
+	// Build rate limit configuration
+	rateLimitConfig := "null"
+	if mcp.Ratelimit != nil {
+		whiteList := "[]"
+		if len(mcp.Ratelimit.WhiteList) > 0 {
+			whiteList = fmt.Sprintf(`["%s"]`, strings.Join(mcp.Ratelimit.WhiteList, `","`))
+		}
+		rateLimitConfig = fmt.Sprintf(`{
+							"limit": %d,
+							"window": %d,
+							"white_list": %s
+						}`, mcp.Ratelimit.Limit, mcp.Ratelimit.Window, whiteList)
+	}
+
+	// Build complete configuration structure
+	return fmt.Sprintf(`{
+		"name": "envoy.filters.http.golang",
+		"typed_config": {
+			"@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
+			"type_url": "type.googleapis.com/envoy.extensions.filters.http.golang.v3alpha.Config",
+			"value": {
+				"library_id": "mcp-session",
+				"library_path": "/var/lib/istio/envoy/golang-filter.so",
+				"plugin_name": "mcp-session",
+				"plugin_config": {
+					"@type": "type.googleapis.com/xds.type.v3.TypedStruct",
+					"value": {
+						"redis": %s,
+						"rate_limit": %s,
+						"sse_path_suffix": "%s",
+						"match_list": %s,
+						"enable_user_level_server": %t
+					}
+				}
+			}
+		}
+	}`,
+		redisConfig,
+		rateLimitConfig,
+		mcp.SSEPathSuffix,
+		matchList,
+		mcp.EnableUserLevelServer)
+}
+
 func (m *McpServerController) constructMcpServerStruct(mcp *McpServer) string {
-	// 构建 servers 配置
+	// Build servers configuration
 	servers := "[]"
 	if len(mcp.Servers) > 0 {
 		serverConfigs := make([]string, len(mcp.Servers))
@@ -278,50 +507,39 @@ func (m *McpServerController) constructMcpServerStruct(mcp *McpServer) string {
 				"path": "%s",
 				"type": "%s"`,
 				server.Name, server.Path, server.Type)
-
+			if len(server.DomainList) > 0 {
+				domainList := fmt.Sprintf(`["%s"]`, strings.Join(server.DomainList, `","`))
+				serverConfig += fmt.Sprintf(`,
+				"domain_list": %s`, domainList)
+			}
 			if len(server.Config) > 0 {
 				config, _ := json.Marshal(server.Config)
 				serverConfig += fmt.Sprintf(`,
 				"config": %s`, string(config))
 			}
-
 			serverConfig += "}"
 			serverConfigs[i] = serverConfig
 		}
 		servers = fmt.Sprintf("[%s]", strings.Join(serverConfigs, ","))
 	}
 
-	// 构建完整的配置结构
-	structFmt := `{
+	// Build complete configuration structure
+	return fmt.Sprintf(`{
 		"name": "envoy.filters.http.golang",
 		"typed_config": {
-			"@type": "type.googleapis.com/envoy.extensions.filters.http.golang.v3alpha.Config",
+			"@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
+			"type_url": "type.googleapis.com/envoy.extensions.filters.http.golang.v3alpha.Config",
 			"value": {
 				"library_id": "mcp-server",
-				"library_path": "/var/lib/istio/envoy/mcp-server.so",
+				"library_path": "/var/lib/istio/envoy/golang-filter.so",
 				"plugin_name": "mcp-server",
 				"plugin_config": {
 					"@type": "type.googleapis.com/xds.type.v3.TypedStruct",
 					"value": {
-						"redis": {
-							"address": "%s",
-							"username": "%s",
-							"password": "%s",
-							"db": %d
-						},
-						"sse_path_suffix": "%s",
 						"servers": %s
 					}
 				}
 			}
 		}
-	}`
-
-	return fmt.Sprintf(structFmt,
-		mcp.Redis.Address,
-		mcp.Redis.Username,
-		mcp.Redis.Password,
-		mcp.Redis.DB,
-		mcp.SsePathSuffix,
-		servers)
+	}`, servers)
 }

pkg/ingress/kube/configmap/mcp_server_test.go

@@ -15,6 +15,7 @@
 package configmap
 
 import (
+	"encoding/json"
 	"errors"
 	"testing"
 
@@ -31,7 +32,9 @@ func Test_validMcpServer(t *testing.T) {
 		{
 			name: "default",
 			mcp: &McpServer{
-				Enable: false,
+				Enable:    false,
+				MatchList: []*MatchRule{},
+				Servers:   []*SSEServer{},
 			},
 			wantErr: nil,
 		},
@@ -43,22 +46,99 @@ func Test_validMcpServer(t *testing.T) {
 		{
 			name: "enabled but no redis config",
 			mcp: &McpServer{
-				Enable: true,
-				Redis:  nil,
+				Enable:                true,
+				EnableUserLevelServer: false,
+				Redis:                 nil,
+				MatchList:             []*MatchRule{},
+				Servers:               []*SSEServer{},
 			},
-			wantErr: errors.New("redis config cannot be empty when mcp server is enabled"),
+			wantErr: nil,
+		},
+		{
+			name: "enabled but bad match_rule_type",
+			mcp: &McpServer{
+				Enable:                true,
+				EnableUserLevelServer: false,
+				Redis:                 nil,
+				MatchList: []*MatchRule{
+					{
+						MatchRuleDomain: "*",
+						MatchRulePath:   "/mcp",
+						MatchRuleType:   "bad-type",
+					},
+				},
+				Servers: []*SSEServer{},
+			},
+			wantErr: errors.New("invalid match_rule_type: bad-type, must be one of: exact, prefix, suffix, contains, regex"),
+		},
+		{
+			name: "enabled but bad upstream_type",
+			mcp: &McpServer{
+				Enable:                true,
+				EnableUserLevelServer: false,
+				Redis:                 nil,
+				MatchList: []*MatchRule{
+					{
+						MatchRuleDomain: "*",
+						MatchRulePath:   "/mcp",
+						MatchRuleType:   "prefix",
+						UpstreamType:    "bad-type",
+					},
+				},
+				Servers: []*SSEServer{},
+			},
+			wantErr: errors.New("invalid upstream_type: bad-type, must be one of: rest, sse, streamable"),
+		},
+		{
+			name: "enabled but path rewrite with unsupported upstream type",
+			mcp: &McpServer{
+				Enable:                true,
+				EnableUserLevelServer: false,
+				Redis:                 nil,
+				MatchList: []*MatchRule{
+					{
+						MatchRuleDomain:   "*",
+						MatchRulePath:     "/mcp",
+						MatchRuleType:     "prefix",
+						UpstreamType:      "rest",
+						EnablePathRewrite: true,
+						PathRewritePrefix: "/",
+					},
+				},
+				Servers: []*SSEServer{},
+			},
+			wantErr: errors.New("path rewrite is only supported for SSE upstream type"),
+		},
+		{
+			name: "enabled with user level server but no redis config",
+			mcp: &McpServer{
+				Enable:                true,
+				EnableUserLevelServer: true,
+				Redis:                 nil,
+				MatchList:             []*MatchRule{},
+				Servers:               []*SSEServer{},
+			},
+			wantErr: errors.New("redis config cannot be empty when user level server is enabled"),
 		},
 		{
 			name: "valid config with redis",
 			mcp: &McpServer{
-				Enable: true,
+				Enable:                true,
+				EnableUserLevelServer: true,
 				Redis: &RedisConfig{
 					Address:  "localhost:6379",
 					Username: "default",
 					Password: "password",
 					DB:       0,
 				},
-				SsePathSuffix: "/sse",
+				SSEPathSuffix: "/sse",
+				MatchList: []*MatchRule{
+					{
+						MatchRuleDomain: "*",
+						MatchRulePath:   "*",
+						MatchRuleType:   "exact",
+					},
+				},
 				Servers: []*SSEServer{
 					{
 						Name: "test-server",
@@ -104,6 +184,8 @@ func Test_compareMcpServer(t *testing.T) {
 				Redis: &RedisConfig{
 					Address: "localhost:6379",
 				},
+				MatchList: []*MatchRule{},
+				Servers:   []*SSEServer{},
 			},
 			new:        nil,
 			wantResult: ResultDelete,
@@ -116,12 +198,16 @@ func Test_compareMcpServer(t *testing.T) {
 				Redis: &RedisConfig{
 					Address: "localhost:6379",
 				},
+				MatchList: []*MatchRule{},
+				Servers:   []*SSEServer{},
 			},
 			new: &McpServer{
 				Enable: true,
 				Redis: &RedisConfig{
 					Address: "localhost:6379",
 				},
+				MatchList: []*MatchRule{},
+				Servers:   []*SSEServer{},
 			},
 			wantResult: ResultNothing,
 			wantErr:    nil,
@@ -133,12 +219,22 @@ func Test_compareMcpServer(t *testing.T) {
 				Redis: &RedisConfig{
 					Address: "localhost:6379",
 				},
+				MatchList: []*MatchRule{},
+				Servers:   []*SSEServer{},
 			},
 			new: &McpServer{
 				Enable: true,
 				Redis: &RedisConfig{
 					Address: "redis:6379",
 				},
+				MatchList: []*MatchRule{
+					{
+						MatchRuleDomain: "*",
+						MatchRulePath:   "/test",
+						MatchRuleType:   "exact",
+					},
+				},
+				Servers: []*SSEServer{},
 			},
 			wantResult: ResultReplace,
 			wantErr:    nil,
@@ -171,6 +267,8 @@ func Test_deepCopyMcpServer(t *testing.T) {
 					Password: "password",
 					DB:       0,
 				},
+				MatchList: []*MatchRule{},
+				Servers:   []*SSEServer{},
 			},
 			wantMcp: &McpServer{
 				Enable: true,
@@ -180,6 +278,8 @@ func Test_deepCopyMcpServer(t *testing.T) {
 					Password: "password",
 					DB:       0,
 				},
+				MatchList: []*MatchRule{},
+				Servers:   []*SSEServer{},
 			},
 			wantErr: nil,
 		},
@@ -193,7 +293,14 @@ func Test_deepCopyMcpServer(t *testing.T) {
 					Password: "password",
 					DB:       0,
 				},
-				SsePathSuffix: "/sse",
+				SSEPathSuffix: "/sse",
+				MatchList: []*MatchRule{
+					{
+						MatchRuleDomain: "*",
+						MatchRulePath:   "*",
+						MatchRuleType:   "exact",
+					},
+				},
 				Servers: []*SSEServer{
 					{
 						Name: "test-server",
@@ -213,7 +320,14 @@ func Test_deepCopyMcpServer(t *testing.T) {
 					Password: "password",
 					DB:       0,
 				},
-				SsePathSuffix: "/sse",
+				SSEPathSuffix: "/sse",
+				MatchList: []*MatchRule{
+					{
+						MatchRuleDomain: "*",
+						MatchRulePath:   "*",
+						MatchRuleType:   "exact",
+					},
+				},
 				Servers: []*SSEServer{
 					{
 						Name: "test-server",
@@ -280,6 +394,8 @@ func TestMcpServerController_AddOrUpdateHigressConfig(t *testing.T) {
 						Password: "password",
 						DB:       0,
 					},
+					Servers:   []*SSEServer{},
+					MatchList: []*MatchRule{},
 				},
 			},
 			wantErr:       nil,
@@ -292,6 +408,8 @@ func TestMcpServerController_AddOrUpdateHigressConfig(t *testing.T) {
 					Password: "password",
 					DB:       0,
 				},
+				Servers:   []*SSEServer{},
+				MatchList: []*MatchRule{},
 			},
 		},
 		{
@@ -302,6 +420,8 @@ func TestMcpServerController_AddOrUpdateHigressConfig(t *testing.T) {
 					Redis: &RedisConfig{
 						Address: "localhost:6379",
 					},
+					Servers:   []*SSEServer{},
+					MatchList: []*MatchRule{},
 				},
 			},
 			new: &HigressConfig{
@@ -310,6 +430,8 @@ func TestMcpServerController_AddOrUpdateHigressConfig(t *testing.T) {
 					Redis: &RedisConfig{
 						Address: "redis:6379",
 					},
+					Servers:   []*SSEServer{},
+					MatchList: []*MatchRule{},
 				},
 			},
 			wantErr:       nil,
@@ -319,6 +441,8 @@ func TestMcpServerController_AddOrUpdateHigressConfig(t *testing.T) {
 				Redis: &RedisConfig{
 					Address: "redis:6379",
 				},
+				Servers:   []*SSEServer{},
+				MatchList: []*MatchRule{},
 			},
 		},
 		{
@@ -329,6 +453,8 @@ func TestMcpServerController_AddOrUpdateHigressConfig(t *testing.T) {
 					Redis: &RedisConfig{
 						Address: "localhost:6379",
 					},
+					Servers:   []*SSEServer{},
+					MatchList: []*MatchRule{},
 				},
 			},
 			new: &HigressConfig{
@@ -352,3 +478,342 @@ func TestMcpServerController_AddOrUpdateHigressConfig(t *testing.T) {
 		})
 	}
 }
+
+func TestMcpServerController_ValidHigressConfig(t *testing.T) {
+	tests := []struct {
+		name          string
+		higressConfig *HigressConfig
+		wantErr       error
+	}{
+		{
+			name:          "nil config",
+			higressConfig: nil,
+			wantErr:       nil,
+		},
+		{
+			name: "nil mcp server",
+			higressConfig: &HigressConfig{
+				McpServer: nil,
+			},
+			wantErr: nil,
+		},
+		{
+			name: "valid config",
+			higressConfig: &HigressConfig{
+				McpServer: &McpServer{
+					Enable: true,
+					Redis: &RedisConfig{
+						Address: "localhost:6379",
+					},
+					MatchList: []*MatchRule{},
+					Servers:   []*SSEServer{},
+				},
+			},
+			wantErr: nil,
+		},
+		{
+			name: "invalid config - user level server without redis",
+			higressConfig: &HigressConfig{
+				McpServer: &McpServer{
+					Enable:                true,
+					EnableUserLevelServer: true,
+					Redis:                 nil,
+					MatchList:             []*MatchRule{},
+					Servers:               []*SSEServer{},
+				},
+			},
+			wantErr: errors.New("redis config cannot be empty when user level server is enabled"),
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			m := NewMcpServerController("test-namespace")
+			err := m.ValidHigressConfig(tt.higressConfig)
+			assert.Equal(t, tt.wantErr, err)
+		})
+	}
+}
+
+func TestMcpServerController_ConstructEnvoyFilters(t *testing.T) {
+	tests := []struct {
+		name        string
+		mcpServer   *McpServer
+		wantConfigs int
+		wantErr     error
+	}{
+		{
+			name:        "nil mcp server",
+			mcpServer:   nil,
+			wantConfigs: 0,
+			wantErr:     nil,
+		},
+		{
+			name: "disabled mcp server",
+			mcpServer: &McpServer{
+				Enable: false,
+			},
+			wantConfigs: 0,
+			wantErr:     nil,
+		},
+		{
+			name: "valid mcp server with redis",
+			mcpServer: &McpServer{
+				Enable: true,
+				Redis: &RedisConfig{
+					Address: "localhost:6379",
+				},
+				MatchList: []*MatchRule{},
+				Servers:   []*SSEServer{},
+			},
+			wantConfigs: 2, // Both session and server filters
+			wantErr:     nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			m := NewMcpServerController("test-namespace")
+			m.mcpServer.Store(tt.mcpServer)
+			configs, err := m.ConstructEnvoyFilters()
+			assert.Equal(t, tt.wantErr, err)
+			assert.Equal(t, tt.wantConfigs, len(configs))
+		})
+	}
+}
+
+func TestMcpServerController_constructMcpSessionStruct(t *testing.T) {
+	tests := []struct {
+		name     string
+		mcp      *McpServer
+		wantJSON string
+	}{
+		{
+			name: "minimal config",
+			mcp: &McpServer{
+				Enable: true,
+				Redis: &RedisConfig{
+					Address: "localhost:6379",
+				},
+				MatchList: []*MatchRule{},
+				Servers:   []*SSEServer{},
+			},
+			wantJSON: `{
+				"name": "envoy.filters.http.golang",
+				"typed_config": {
+					"@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
+					"type_url": "type.googleapis.com/envoy.extensions.filters.http.golang.v3alpha.Config",
+					"value": {
+						"library_id": "mcp-session",
+						"library_path": "/var/lib/istio/envoy/golang-filter.so",
+						"plugin_name": "mcp-session",
+						"plugin_config": {
+							"@type": "type.googleapis.com/xds.type.v3.TypedStruct",
+							"value": {
+								"redis": {
+									"address": "localhost:6379",
+									"username": "",
+									"password": "",
+									"db": 0
+								},
+								"rate_limit": null,
+								"sse_path_suffix": "",
+								"match_list": [],
+								"enable_user_level_server": false
+							}
+						}
+					}
+				}
+			}`,
+		},
+		{
+			name: "full config",
+			mcp: &McpServer{
+				Enable: true,
+				Redis: &RedisConfig{
+					Address:  "localhost:6379",
+					Username: "user",
+					Password: "pass",
+					DB:       1,
+				},
+				SSEPathSuffix: "/sse",
+				MatchList: []*MatchRule{
+					{
+						MatchRuleDomain: "*",
+						MatchRulePath:   "/test",
+						MatchRuleType:   "exact",
+					},
+					{
+						MatchRuleDomain: "*",
+						MatchRulePath:   "/sse-test-1",
+						MatchRuleType:   "prefix",
+						UpstreamType:    "sse",
+					},
+					{
+						MatchRuleDomain:   "*",
+						MatchRulePath:     "/sse-test-2",
+						MatchRuleType:     "prefix",
+						UpstreamType:      "sse",
+						EnablePathRewrite: true,
+						PathRewritePrefix: "/mcp",
+					},
+				},
+				EnableUserLevelServer: true,
+				Ratelimit: &MCPRatelimitConfig{
+					Limit:     100,
+					Window:    3600,
+					WhiteList: []string{"user1", "user2"},
+				},
+			},
+			wantJSON: `{
+				"name": "envoy.filters.http.golang",
+				"typed_config": {
+					"@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
+					"type_url": "type.googleapis.com/envoy.extensions.filters.http.golang.v3alpha.Config",
+					"value": {
+						"library_id": "mcp-session",
+						"library_path": "/var/lib/istio/envoy/golang-filter.so",
+						"plugin_name": "mcp-session",
+						"plugin_config": {
+							"@type": "type.googleapis.com/xds.type.v3.TypedStruct",
+							"value": {
+								"redis": {
+									"address": "localhost:6379",
+									"username": "user",
+									"password": "pass",
+									"db": 1
+								},
+								"rate_limit": {
+									"limit": 100,
+									"window": 3600,
+									"white_list": ["user1","user2"]
+								},
+								"sse_path_suffix": "/sse",
+								"match_list": [{
+									"match_rule_domain": "*",
+									"match_rule_path": "/test",
+									"match_rule_type": "exact",
+									"upstream_type": "",
+									"enable_path_rewrite": false,
+									"path_rewrite_prefix": ""
+								},{
+									"match_rule_domain": "*",
+									"match_rule_path": "/sse-test-1",
+									"match_rule_type": "prefix",
+									"upstream_type": "sse",
+									"enable_path_rewrite": false,
+									"path_rewrite_prefix": ""
+								},{
+									"match_rule_domain": "*",
+									"match_rule_path": "/sse-test-2",
+									"match_rule_type": "prefix",
+									"upstream_type": "sse",
+									"enable_path_rewrite": true,
+									"path_rewrite_prefix": "/mcp"
+								}],
+								"enable_user_level_server": true
+							}
+						}
+					}
+				}
+			}`,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			m := NewMcpServerController("test-namespace")
+			got := m.constructMcpSessionStruct(tt.mcp)
+			// Normalize JSON strings for comparison
+			var gotJSON, wantJSON interface{}
+			json.Unmarshal([]byte(got), &gotJSON)
+			json.Unmarshal([]byte(tt.wantJSON), &wantJSON)
+			assert.Equal(t, wantJSON, gotJSON)
+		})
+	}
+}
+
+func TestMcpServerController_constructMcpServerStruct(t *testing.T) {
+	tests := []struct {
+		name     string
+		mcp      *McpServer
+		wantJSON string
+	}{
+		{
+			name: "no servers",
+			mcp: &McpServer{
+				Servers: []*SSEServer{},
+			},
+			wantJSON: `{
+				"name": "envoy.filters.http.golang",
+				"typed_config": {
+					"@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
+					"type_url": "type.googleapis.com/envoy.extensions.filters.http.golang.v3alpha.Config",
+					"value": {
+						"library_id": "mcp-server",
+						"library_path": "/var/lib/istio/envoy/golang-filter.so",
+						"plugin_name": "mcp-server",
+						"plugin_config": {
+							"@type": "type.googleapis.com/xds.type.v3.TypedStruct",
+							"value": {
+								"servers": []
+							}
+						}
+					}
+				}
+			}`,
+		},
+		{
+			name: "with servers",
+			mcp: &McpServer{
+				Servers: []*SSEServer{
+					{
+						Name: "test-server",
+						Path: "/test",
+						Type: "test",
+						Config: map[string]interface{}{
+							"key": "value",
+						},
+						DomainList: []string{"example.com"},
+					},
+				},
+			},
+			wantJSON: `{
+				"name": "envoy.filters.http.golang",
+				"typed_config": {
+					"@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
+					"type_url": "type.googleapis.com/envoy.extensions.filters.http.golang.v3alpha.Config",
+					"value": {
+						"library_id": "mcp-server",
+						"library_path": "/var/lib/istio/envoy/golang-filter.so",
+						"plugin_name": "mcp-server",
+						"plugin_config": {
+							"@type": "type.googleapis.com/xds.type.v3.TypedStruct",
+							"value": {
+								"servers": [{
+									"name": "test-server",
+									"path": "/test",
+									"type": "test",
+									"domain_list": ["example.com"],
+									"config": {"key":"value"}
+								}]
+							}
+						}
+					}
+				}
+			}`,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			m := NewMcpServerController("test-namespace")
+			got := m.constructMcpServerStruct(tt.mcp)
+			// Normalize JSON strings for comparison
+			var gotJSON, wantJSON interface{}
+			json.Unmarshal([]byte(got), &gotJSON)
+			json.Unmarshal([]byte(tt.wantJSON), &wantJSON)
+			assert.Equal(t, wantJSON, gotJSON)
+		})
+	}
+}

pkg/ingress/kube/configmap/tracing.go

@@ -21,6 +21,7 @@ import (
 	"reflect"
 	"sync/atomic"
 
+	"github.com/alibaba/higress/registry/reconcile"
 	"istio.io/istio/pkg/config"
 	"istio.io/istio/pkg/config/schema/gvk"
 
@@ -237,6 +238,9 @@ func (t *TracingController) RegisterItemEventHandler(eventHandler ItemEventHandl
 	t.eventHandler = eventHandler
 }
 
+func (t *TracingController) RegisterMcpReconciler(reconciler *reconcile.Reconciler) {
+}
+
 func (t *TracingController) ConstructEnvoyFilters() ([]*config.Config, error) {
 	configs := make([]*config.Config, 0)
 	tracing := t.GetTracing()

plugins/golang-filter/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.23-bullseye AS golang-base
+FROM golang:1.22-bullseye AS golang-base
 
 ARG GOPROXY
 ARG GO_FILTER_NAME
@@ -24,7 +24,7 @@ WORKDIR /workspace
 
 COPY . .
 
-WORKDIR /workspace/$GO_FILTER_NAME
+WORKDIR /workspace
 
 RUN go mod tidy
 RUN if [ "$GOARCH" = "arm64" ]; then \
@@ -36,4 +36,4 @@ RUN if [ "$GOARCH" = "arm64" ]; then \
 FROM scratch AS output
 ARG GO_FILTER_NAME
 ARG GOARCH
-COPY --from=golang-base /${GO_FILTER_NAME}.so ${GO_FILTER_NAME}_${GOARCH}.so
+COPY --from=golang-base /${GO_FILTER_NAME}.so golang-filter_${GOARCH}.so

plugins/golang-filter/Makefile

@@ -1,4 +1,4 @@
-GO_FILTER_NAME ?= mcp-server
+GO_FILTER_NAME ?= golang-filter
 GOPROXY := $(shell go env GOPROXY)
 GOARCH ?= amd64
 
@@ -8,5 +8,5 @@ build:
 								    --build-arg GO_FILTER_NAME=${GO_FILTER_NAME} \
 									--build-arg GOARCH=${GOARCH} \
 									-t ${GO_FILTER_NAME} \
-									--output ./${GO_FILTER_NAME} \
+									--output . \
 									.

plugins/golang-filter/README.md

@@ -20,28 +20,42 @@ Golang HTTP Filter 允许开发者使用 Go 语言编写自定义的 Envoy Filte
 
 请参考 [Envoy Golang HTTP Filter 示例](https://github.com/envoyproxy/examples/tree/main/golang-http) 了解如何开发和运行一个基本的 Golang Filter。
 
+## 插件注册
+
+在开发新的 Golang Filter 时，需要在`main.go` 的 `init()` 函数中注册你的插件。注册时需要提供插件名称、Filter 工厂函数和配置解析器：
+
+```go
+func init() {
+    envoyHttp.RegisterHttpFilterFactoryAndConfigParser(
+        "your-plugin-name",    // 插件名称
+        yourFilterFactory,     // Filter 工厂函数
+        &yourConfigParser{},   // 配置解析器
+    )
+}
+```
+
 ## 配置示例
 
+多个 Golang Filter 插件可以共同编译到一个 `golang-filter.so` 文件中，通过 `plugin_name` 来指定要使用的插件。配置示例如下：
+
 ```yaml
 http_filters:
 - name: envoy.filters.http.golang
   typed_config:
     "@type": type.googleapis.com/envoy.extensions.filters.http.golang.v3alpha.Config
-    library_id: my-go-filter
-    library_path: "./my-go-filter.so"
-    plugin_name: my-go-filter
+    library_id: your-plugin-name
+    library_path: "./golang-filter.so"  # 包含多个插件的共享库文件
+    plugin_name: your-plugin-name       # 指定要使用的插件名称，需要与 init() 函数中注册的插件名称保持一致
     plugin_config:
       "@type": type.googleapis.com/xds.type.v3.TypedStruct
       value:
           your_config_here: value
-                  
 ```
 
-
 ## 快速构建
 
 使用以下命令可以快速构建 golang filter 插件:
 
 ```bash
-GO_FILTER_NAME=mcp-server make build
+make build
 ```

plugins/golang-filter/README_en.md

@@ -20,16 +20,32 @@ The Golang HTTP Filter allows developers to write custom Envoy Filters using the
 
 Please refer to [Envoy Golang HTTP Filter Example](https://github.com/envoyproxy/examples/tree/main/golang-http) to learn how to develop and run a basic Golang Filter.
 
+## Plugin Registration
+
+When developing a new Golang Filter, you need to register your plugin in the `init()` function of `main.go`. The registration requires a plugin name, Filter factory function, and configuration parser:
+
+```go
+func init() {
+    envoyHttp.RegisterHttpFilterFactoryAndConfigParser(
+        "your-plugin-name",    // Plugin name
+        yourFilterFactory,     // Filter factory function
+        &yourConfigParser{},   // Configuration parser
+    )
+}
+```
+
 ## Configuration Example
 
+Multiple Golang Filter plugins can be compiled into a single `golang-filter.so` file, and the desired plugin can be specified using `plugin_name`. Here's an example configuration:
+
 ```yaml
 http_filters:
 - name: envoy.filters.http.golang
   typed_config:
     "@type": type.googleapis.com/envoy.extensions.filters.http.golang.v3alpha.Config
-    library_id: my-go-filter
-    library_path: "./my-go-filter.so"
-    plugin_name: my-go-filter
+    library_id: your-plugin-name
+    library_path: "./golang-filter.so"  # Shared library file containing multiple plugins
+    plugin_name: your-plugin-name       # Specify which plugin to use, must match the name registered in init()
     plugin_config:
       "@type": type.googleapis.com/xds.type.v3.TypedStruct
       value:
@@ -41,5 +57,5 @@ http_filters:
 Use the following command to quickly build the golang filter plugin:
 
 ```bash
-GO_FILTER_NAME=mcp-server make build
+make build
 ``` 

plugins/golang-filter/go.mod

@@ -0,0 +1,108 @@
+module github.com/alibaba/higress/plugins/golang-filter
+
+go 1.22
+
+replace github.com/envoyproxy/envoy => github.com/higress-group/envoy v0.0.0-20250430151331-2c556780b65c
+
+replace github.com/mark3labs/mcp-go => github.com/higress-group/mcp-go v0.0.0-20250428145706-792ce64b4b30
+
+require (
+	github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42
+	github.com/envoyproxy/envoy v1.33.1-0.20250325161043-11ab50a29d99
+	github.com/go-redis/redis/v8 v8.11.5
+	github.com/google/uuid v1.6.0
+	github.com/mark3labs/mcp-go v0.12.0
+	google.golang.org/protobuf v1.36.5
+	gorm.io/driver/clickhouse v0.6.1
+	gorm.io/driver/mysql v1.5.7
+	gorm.io/driver/postgres v1.5.11
+	gorm.io/driver/sqlite v1.5.7
+	gorm.io/gorm v1.25.12
+)
+
+require (
+	github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6 // indirect
+	github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 // indirect
+	github.com/alibabacloud-go/darabonba-array v0.1.0 // indirect
+	github.com/alibabacloud-go/darabonba-encode-util v0.0.2 // indirect
+	github.com/alibabacloud-go/darabonba-map v0.0.2 // indirect
+	github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10 // indirect
+	github.com/alibabacloud-go/darabonba-signature-util v0.0.7 // indirect
+	github.com/alibabacloud-go/darabonba-string v1.0.2 // indirect
+	github.com/alibabacloud-go/debug v1.0.1 // indirect
+	github.com/alibabacloud-go/endpoint-util v1.1.0 // indirect
+	github.com/alibabacloud-go/kms-20160120/v3 v3.2.3 // indirect
+	github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
+	github.com/alibabacloud-go/tea v1.2.2 // indirect
+	github.com/alibabacloud-go/tea-utils v1.4.4 // indirect
+	github.com/alibabacloud-go/tea-utils/v2 v2.0.7 // indirect
+	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
+	github.com/aliyun/alibaba-cloud-sdk-go v1.61.1800 // indirect
+	github.com/aliyun/alibabacloud-dkms-gcs-go-sdk v0.5.1 // indirect
+	github.com/aliyun/alibabacloud-dkms-transfer-go-sdk v0.1.8 // indirect
+	github.com/aliyun/aliyun-secretsmanager-client-go v1.1.5 // indirect
+	github.com/aliyun/credentials-go v1.4.3 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/buger/jsonparser v1.1.1 // indirect
+	github.com/clbanning/mxj/v2 v2.5.5 // indirect
+	github.com/deckarep/golang-set v1.7.1 // indirect
+	github.com/golang/mock v1.6.0 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/orcaman/concurrent-map v0.0.0-20210501183033-44dafcb38ecc // indirect
+	github.com/prometheus/client_golang v1.14.0 // indirect
+	github.com/prometheus/client_model v0.4.0 // indirect
+	github.com/prometheus/common v0.37.0 // indirect
+	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/tjfoc/gmsm v1.4.1 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	google.golang.org/grpc v1.59.0 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
+)
+
+require (
+	cel.dev/expr v0.15.0 // indirect
+	github.com/ClickHouse/ch-go v0.61.5 // indirect
+	github.com/ClickHouse/clickhouse-go/v2 v2.23.2 // indirect
+	github.com/andybalholm/brotli v1.1.0 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
+	github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect
+	github.com/go-faster/city v1.0.1 // indirect
+	github.com/go-faster/errors v0.7.1 // indirect
+	github.com/go-sql-driver/mysql v1.7.0 // indirect
+	github.com/hashicorp/go-version v1.6.0 // indirect
+	github.com/jackc/pgpassfile v1.0.0 // indirect
+	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
+	github.com/jackc/pgx/v5 v5.5.5 // indirect
+	github.com/jackc/puddle/v2 v2.2.1 // indirect
+	github.com/jinzhu/inflection v1.0.0 // indirect
+	github.com/jinzhu/now v1.1.5 // indirect
+	github.com/klauspost/compress v1.17.8 // indirect
+	github.com/mattn/go-sqlite3 v1.14.22 // indirect
+	github.com/nacos-group/nacos-sdk-go/v2 v2.2.9
+	github.com/paulmach/orb v0.11.1 // indirect
+	github.com/pierrec/lz4/v4 v4.1.21 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/segmentio/asm v1.2.0 // indirect
+	github.com/shopspring/decimal v1.4.0 // indirect
+	go.opentelemetry.io/otel v1.26.0 // indirect
+	go.opentelemetry.io/otel/trace v1.26.0 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
+
+replace github.com/nacos-group/nacos-sdk-go/v2 v2.2.9 => github.com/luoxiner/nacos-sdk-go/v2 v2.2.9-40

plugins/golang-filter/go.sum

@@ -0,0 +1,790 @@
+cel.dev/expr v0.15.0 h1:O1jzfJCQBfL5BFoYktaxwIhuttaQPsVWerH9/EEKx0w=
+cel.dev/expr v0.15.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg=
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
+cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
+cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
+cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
+cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
+cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
+cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
+cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
+cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
+cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
+cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
+cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
+cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
+cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
+cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
+cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
+cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
+cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
+cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
+cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
+cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
+cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
+cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
+cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
+cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
+cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
+cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
+dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
+github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/ClickHouse/ch-go v0.61.5 h1:zwR8QbYI0tsMiEcze/uIMK+Tz1D3XZXLdNrlaOpeEI4=
+github.com/ClickHouse/ch-go v0.61.5/go.mod h1:s1LJW/F/LcFs5HJnuogFMta50kKDO0lf9zzfrbl0RQg=
+github.com/ClickHouse/clickhouse-go/v2 v2.23.2 h1:+DAKPMnxLS7pduQZsrJc8OhdLS2L9MfDEJ2TS+hpYDM=
+github.com/ClickHouse/clickhouse-go/v2 v2.23.2/go.mod h1:aNap51J1OM3yxQJRgM+AlP/MPkGBCL8A74uQThoQhR0=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
+github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6 h1:eIf+iGJxdU4U9ypaUfbtOWCsZSbTb8AUHvyPrxu6mAA=
+github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6/go.mod h1:4EUIoxs/do24zMOGGqYVWgw0s9NtiylnJglOeEB5UJo=
+github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc=
+github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 h1:zE8vH9C7JiZLNJJQ5OwjU9mSi4T9ef9u3BURT6LCLC8=
+github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5/go.mod h1:tWnyE9AjF8J8qqLk645oUmVUnFybApTQWklQmi5tY6g=
+github.com/alibabacloud-go/darabonba-array v0.1.0 h1:vR8s7b1fWAQIjEjWnuF0JiKsCvclSRTfDzZHTYqfufY=
+github.com/alibabacloud-go/darabonba-array v0.1.0/go.mod h1:BLKxr0brnggqOJPqT09DFJ8g3fsDshapUD3C3aOEFaI=
+github.com/alibabacloud-go/darabonba-encode-util v0.0.2 h1:1uJGrbsGEVqWcWxrS9MyC2NG0Ax+GpOM5gtupki31XE=
+github.com/alibabacloud-go/darabonba-encode-util v0.0.2/go.mod h1:JiW9higWHYXm7F4PKuMgEUETNZasrDM6vqVr/Can7H8=
+github.com/alibabacloud-go/darabonba-map v0.0.2 h1:qvPnGB4+dJbJIxOOfawxzF3hzMnIpjmafa0qOTp6udc=
+github.com/alibabacloud-go/darabonba-map v0.0.2/go.mod h1:28AJaX8FOE/ym8OUFWga+MtEzBunJwQGceGQlvaPGPc=
+github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.9/go.mod h1:bb+Io8Sn2RuM3/Rpme6ll86jMyFSrD1bxeV/+v61KeU=
+github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10 h1:GEYkMApgpKEVDn6z12DcH1EGYpDYRB8JxsazM4Rywak=
+github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10/go.mod h1:26a14FGhZVELuz2cc2AolvW4RHmIO3/HRwsdHhaIPDE=
+github.com/alibabacloud-go/darabonba-signature-util v0.0.7 h1:UzCnKvsjPFzApvODDNEYqBHMFt1w98wC7FOo0InLyxg=
+github.com/alibabacloud-go/darabonba-signature-util v0.0.7/go.mod h1:oUzCYV2fcCH797xKdL6BDH8ADIHlzrtKVjeRtunBNTQ=
+github.com/alibabacloud-go/darabonba-string v1.0.2 h1:E714wms5ibdzCqGeYJ9JCFywE5nDyvIXIIQbZVFkkqo=
+github.com/alibabacloud-go/darabonba-string v1.0.2/go.mod h1:93cTfV3vuPhhEwGGpKKqhVW4jLe7tDpo3LUM0i0g6mA=
+github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68/go.mod h1:6pb/Qy8c+lqua8cFpEy7g39NRRqOWc3rOwAy8m5Y2BY=
+github.com/alibabacloud-go/debug v1.0.0/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc=
+github.com/alibabacloud-go/debug v1.0.1 h1:MsW9SmUtbb1Fnt3ieC6NNZi6aEwrXfDksD4QA6GSbPg=
+github.com/alibabacloud-go/debug v1.0.1/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc=
+github.com/alibabacloud-go/endpoint-util v1.1.0 h1:r/4D3VSw888XGaeNpP994zDUaxdgTSHBbVfZlzf6b5Q=
+github.com/alibabacloud-go/endpoint-util v1.1.0/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE=
+github.com/alibabacloud-go/kms-20160120/v3 v3.2.3 h1:vamGcYQFwXVqR6RWcrVTTqlIXZVsYjaA7pZbx+Xw6zw=
+github.com/alibabacloud-go/kms-20160120/v3 v3.2.3/go.mod h1:3rIyughsFDLie1ut9gQJXkWkMg/NfXBCk+OtXnPu3lw=
+github.com/alibabacloud-go/openapi-util v0.1.0 h1:0z75cIULkDrdEhkLWgi9tnLe+KhAFE/r5Pb3312/eAY=
+github.com/alibabacloud-go/openapi-util v0.1.0/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws=
+github.com/alibabacloud-go/tea v1.1.0/go.mod h1:IkGyUSX4Ba1V+k4pCtJUc6jDpZLFph9QMy2VUPTwukg=
+github.com/alibabacloud-go/tea v1.1.7/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4=
+github.com/alibabacloud-go/tea v1.1.8/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4=
+github.com/alibabacloud-go/tea v1.1.11/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4=
+github.com/alibabacloud-go/tea v1.1.17/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A=
+github.com/alibabacloud-go/tea v1.1.20/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A=
+github.com/alibabacloud-go/tea v1.2.1/go.mod h1:qbzof29bM/IFhLMtJPrgTGK3eauV5J2wSyEUo4OEmnA=
+github.com/alibabacloud-go/tea v1.2.2 h1:aTsR6Rl3ANWPfqeQugPglfurloyBJY85eFy7Gc1+8oU=
+github.com/alibabacloud-go/tea v1.2.2/go.mod h1:CF3vOzEMAG+bR4WOql8gc2G9H3EkH3ZLAQdpmpXMgwk=
+github.com/alibabacloud-go/tea-utils v1.3.1/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE=
+github.com/alibabacloud-go/tea-utils v1.4.4 h1:lxCDvNCdTo9FaXKKq45+4vGETQUKNOW/qKTcX9Sk53o=
+github.com/alibabacloud-go/tea-utils v1.4.4/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw=
+github.com/alibabacloud-go/tea-utils/v2 v2.0.3/go.mod h1:sj1PbjPodAVTqGTA3olprfeeqqmwD0A5OQz94o9EuXQ=
+github.com/alibabacloud-go/tea-utils/v2 v2.0.5/go.mod h1:dL6vbUT35E4F4bFTHL845eUloqaerYBYPsdWR2/jhe4=
+github.com/alibabacloud-go/tea-utils/v2 v2.0.6/go.mod h1:qxn986l+q33J5VkialKMqT/TTs3E+U9MJpd001iWQ9I=
+github.com/alibabacloud-go/tea-utils/v2 v2.0.7 h1:WDx5qW3Xa5ZgJ1c8NfqJkF6w+AU5wB8835UdhPr6Ax0=
+github.com/alibabacloud-go/tea-utils/v2 v2.0.7/go.mod h1:qxn986l+q33J5VkialKMqT/TTs3E+U9MJpd001iWQ9I=
+github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0=
+github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
+github.com/aliyun/alibaba-cloud-sdk-go v1.61.1800 h1:ie/8RxBOfKZWcrbYSJi2Z8uX8TcOlSMwPlEJh83OeOw=
+github.com/aliyun/alibaba-cloud-sdk-go v1.61.1800/go.mod h1:RcDobYh8k5VP6TNybz9m++gL3ijVI5wueVr0EM10VsU=
+github.com/aliyun/alibabacloud-dkms-gcs-go-sdk v0.5.1 h1:nJYyoFP+aqGKgPs9JeZgS1rWQ4NndNR0Zfhh161ZltU=
+github.com/aliyun/alibabacloud-dkms-gcs-go-sdk v0.5.1/go.mod h1:WzGOmFFTlUzXM03CJnHWMQ85UN6QGpOXZocCjwkiyOg=
+github.com/aliyun/alibabacloud-dkms-transfer-go-sdk v0.1.8 h1:QeUdR7JF7iNCvO/81EhxEr3wDwxk4YBoYZOq6E0AjHI=
+github.com/aliyun/alibabacloud-dkms-transfer-go-sdk v0.1.8/go.mod h1:xP0KIZry6i7oGPF24vhAPr1Q8vLZRcMcxtft5xDKwCU=
+github.com/aliyun/aliyun-secretsmanager-client-go v1.1.5 h1:8S0mtD101RDYa0LXwdoqgN0RxdMmmJYjq8g2mk7/lQ4=
+github.com/aliyun/aliyun-secretsmanager-client-go v1.1.5/go.mod h1:M19fxYz3gpm0ETnoKweYyYtqrtnVtrpKFpwsghbw+cQ=
+github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw=
+github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0=
+github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM=
+github.com/aliyun/credentials-go v1.3.10/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U=
+github.com/aliyun/credentials-go v1.4.3 h1:N3iHyvHRMyOwY1+0qBLSf3hb5JFiOujVSVuEpgeGttY=
+github.com/aliyun/credentials-go v1.4.3/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U=
+github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
+github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
+github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
+github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/clbanning/mxj/v2 v2.5.5 h1:oT81vUeEiQQ/DcHbzSytRngP6Ky9O+L+0Bw0zSJag9E=
+github.com/clbanning/mxj/v2 v2.5.5/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42 h1:Om6kYQYDUk5wWbT0t0q6pvyM49i9XZAv9dDrkDA7gjk=
+github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/deckarep/golang-set v1.7.1 h1:SCQV0S6gTtp6itiFrTqI+pfmJ4LN85S1YzhDf9rTHJQ=
+github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A=
+github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew=
+github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
+github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/go-faster/city v1.0.1 h1:4WAxSZ3V2Ws4QRDrscLEDcibJY8uf41H6AhXDrNDcGw=
+github.com/go-faster/city v1.0.1/go.mod h1:jKcUJId49qdW3L1qKHH/3wPeUstCVpVSXTM6vO3VcTw=
+github.com/go-faster/errors v0.7.1 h1:MkJTnDoEdi9pDabt1dpWf7AA8/BaSYZqibYyhZ20AYg=
+github.com/go-faster/errors v0.7.1/go.mod h1:5ySTjWFiphBs07IKuiL69nxdfd5+fzh1u7FPGZP2quo=
+github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
+github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
+github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
+github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
+github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI=
+github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo=
+github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ7YPc=
+github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
+github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
+github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
+github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
+github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/higress-group/envoy v0.0.0-20250430151331-2c556780b65c h1:chAOZk/qEXFhLILWoNucj3X6r9xYnRR+SWFvhsOa2oo=
+github.com/higress-group/envoy v0.0.0-20250430151331-2c556780b65c/go.mod h1:SU+IJUAfh1kkZtH+u0E1dnwho8AhbGeYMgp5vvjU+Gc=
+github.com/higress-group/mcp-go v0.0.0-20250428145706-792ce64b4b30 h1:N4NMq8M1nZyyChPyzn+EUUdHi5asig2uLR5hOyRmsXI=
+github.com/higress-group/mcp-go v0.0.0-20250428145706-792ce64b4b30/go.mod h1:O9gri9UOzthw728vusc2oNu99lVh8cKCajpxNfC90gE=
+github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
+github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
+github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk=
+github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
+github.com/jackc/pgx/v5 v5.5.5 h1:amBjrZVmksIdNjxGW/IiIMzxMKZFelXbUoPNb+8sjQw=
+github.com/jackc/pgx/v5 v5.5.5/go.mod h1:ez9gk+OAat140fv9ErkZDYFWmXLfV+++K0uAOiwgm1A=
+github.com/jackc/puddle/v2 v2.2.1 h1:RhxXJtFG022u4ibrCSMSiu5aOq1i77R3OHKNJj77OAk=
+github.com/jackc/puddle/v2 v2.2.1/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
+github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
+github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
+github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
+github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
+github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
+github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
+github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
+github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
+github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/luoxiner/nacos-sdk-go/v2 v2.2.9-40 h1:nzRTBplC0riQqQwEHZThw5H4/TH5LgWTQTm6A7t1lpY=
+github.com/luoxiner/nacos-sdk-go/v2 v2.2.9-40/go.mod h1:9FKXl6FqOiVmm72i8kADtbeK71egyG9y3uRDBg41tpQ=
+github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
+github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
+github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
+github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
+github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
+github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
+github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
+github.com/onsi/gomega v1.24.2 h1:J/tulyYK6JwBldPViHJReihxxZ+22FHs0piGjQAvoUE=
+github.com/onsi/gomega v1.24.2/go.mod h1:gs3J10IS7Z7r7eXRoNJIrNqU4ToQukCJhFtKrWgHWnk=
+github.com/orcaman/concurrent-map v0.0.0-20210501183033-44dafcb38ecc h1:Ak86L+yDSOzKFa7WM5bf5itSOo1e3Xh8bm5YCMUXIjQ=
+github.com/orcaman/concurrent-map v0.0.0-20210501183033-44dafcb38ecc/go.mod h1:Lu3tH6HLW3feq74c2GC+jIMS/K2CFcDWnWD9XkenwhI=
+github.com/paulmach/orb v0.11.1 h1:3koVegMC4X/WeiXYz9iswopaTwMem53NzTJuTF20JzU=
+github.com/paulmach/orb v0.11.1/go.mod h1:5mULz1xQfs3bmQm63QEJA6lNGujuRafwA5S/EnuLaLU=
+github.com/paulmach/protoscan v0.2.1/go.mod h1:SpcSwydNLrxUGSDvXvO0P7g7AuhJ7lcKfDlhJCDw2gY=
+github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ=
+github.com/pierrec/lz4/v4 v4.1.21/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
+github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
+github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
+github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
+github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
+github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
+github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
+github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
+github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
+github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
+github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
+github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
+github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
+github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
+github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
+github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
+github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
+github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
+github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
+github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+github.com/smartystreets/assertions v1.1.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
+github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
+github.com/tjfoc/gmsm v1.3.2/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
+github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
+github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
+github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
+github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
+github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
+github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
+github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.30/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.mongodb.org/mongo-driver v1.11.4/go.mod h1:PTSz5yu21bkT/wXpkS7WR5f0ddqw5quethTUn9WM+2g=
+go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
+go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs=
+go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4=
+go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA=
+go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191219195013-becbf705a915/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
+golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
+golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
+golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
+golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200509044756-6aff5f38e54f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
+golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
+google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
+google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
+google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
+google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d h1:DoPTO70H+bcDXcd39vOqb2viZxgqeBeSGtZ55yZU4/Q=
+google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 h1:NnYq6UN9ReLM9/Y01KWNOWyI5xQ9kbIms5GGJVwS/Yc=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
+google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
+google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
+google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
+google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/ini.v1 v1.56.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=
+gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gorm.io/driver/clickhouse v0.6.1 h1:t7JMB6sLBXxN8hEO6RdzCbJCwq/jAEVZdwXlmQs1Sd4=
+gorm.io/driver/clickhouse v0.6.1/go.mod h1:riMYpJcGZ3sJ/OAZZ1rEP1j/Y0H6cByOAnwz7fo2AyM=
+gorm.io/driver/mysql v1.5.7 h1:MndhOPYOfEp2rHKgkZIhJ16eVUIRf2HmzgoPmh7FCWo=
+gorm.io/driver/mysql v1.5.7/go.mod h1:sEtPWMiqiN1N1cMXoXmBbd8C6/l+TESwriotuRRpkDM=
+gorm.io/driver/postgres v1.5.11 h1:ubBVAfbKEUld/twyKZ0IYn9rSQh448EdelLYk9Mv314=
+gorm.io/driver/postgres v1.5.11/go.mod h1:DX3GReXH+3FPWGrrgffdvCk3DQ1dwDPdmbenSkweRGI=
+gorm.io/driver/sqlite v1.5.7 h1:8NvsrhP0ifM7LX9G4zPB97NwovUakUxc+2V2uuf3Z1I=
+gorm.io/driver/sqlite v1.5.7/go.mod h1:U+J8craQU6Fzkcvu8oLeAQmi50TkwPEhHDEjQZXDah4=
+gorm.io/gorm v1.25.7/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
+gorm.io/gorm v1.25.12 h1:I0u8i2hWQItBq1WfE0o2+WuL9+8L21K9e2HHSTE/0f8=
+gorm.io/gorm v1.25.12/go.mod h1:xh7N7RHfYlNc5EmcI/El95gXusucDrQnHXe0+CgWcLQ=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
+rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

plugins/golang-filter/main.go

@@ -0,0 +1,25 @@
+package main
+
+import (
+	"net/http"
+
+	mcp_server "github.com/alibaba/higress/plugins/golang-filter/mcp-server"
+	mcp_session "github.com/alibaba/higress/plugins/golang-filter/mcp-session"
+	"github.com/envoyproxy/envoy/contrib/golang/common/go/api"
+	envoyHttp "github.com/envoyproxy/envoy/contrib/golang/filters/http/source/go/pkg/http"
+)
+
+func init() {
+	envoyHttp.RegisterHttpFilterFactoryAndConfigParser(mcp_session.Name, mcp_session.FilterFactory, &mcp_session.Parser{})
+	envoyHttp.RegisterHttpFilterFactoryAndConfigParser(mcp_server.Name, mcp_server.FilterFactory, &mcp_server.Parser{})
+	go func() {
+		defer func() {
+			if r := recover(); r != nil {
+				api.LogErrorf("PProf server recovered from panic: %v", r)
+			}
+		}()
+		api.LogError(http.ListenAndServe("localhost:6060", nil).Error())
+	}()
+}
+
+func main() {}

plugins/golang-filter/mcp-server/README.md

@@ -3,27 +3,22 @@
 
 ## 概述
 
-MCP Server 是一个基于 Envoy 的 Golang Filter 插件，用于实现服务器端事件（SSE）和消息通信功能。该插件支持多种数据库类型，并使用 Redis 作为消息队列来实现负载均衡的请求通过对应的SSE连接发送。
+MCP Server 是一个基于 Envoy 的 Golang Filter 插件，提供了统一的 MCP (Model Context Protocol) 服务接口。它支持多种后端服务的集成，包括：
 
-> **注意**：MCP Server需要 Higress 2.1.0 或更高版本才能使用。
-## 项目结构
-```
-mcp-server/
-├── config.go                # 配置解析相关代码
-├── filter.go                # 请求处理相关代码
-├── internal/                # 内部实现逻辑
-├── servers/                 # MCP 服务器实现
-├── go.mod                   # Go模块依赖定义
-└── go.sum                   # Go模块依赖校验
-```
-## MCP Server开发指南
+- 数据库服务：通过 GORM 支持多种数据库的访问和管理
+- 配置中心：支持 Nacos 配置中心的集成
+- 可扩展性：支持自定义服务器实现，方便集成其他服务
+
+> **注意**：MCP Server 需要 Higress 2.1.0 或更高版本才能使用。
+
+## MCP Server 开发指南
 
 ```go
 // 在init函数中注册你的服务器
 // 参数1: 服务器名称
 // 参数2: 配置结构体实例
 func init() {
-	internal.GlobalRegistry.RegisterServer("demo", &DemoConfig{})
+	common.GlobalRegistry.RegisterServer("demo", &DemoConfig{})
 }
 
 // 服务器配置结构体
@@ -43,8 +38,8 @@ func (c *DBConfig) ParseConfig(config map[string]any) error {
 // 创建新的MCP服务器实例
 // serverName: 服务器名称
 // 返回值: MCP服务器实例和可能的错误
-func (c *DBConfig) NewServer(serverName string) (*internal.MCPServer, error) {
-	mcpServer := internal.NewMCPServer(serverName, Version)
+func (c *DBConfig) NewServer(serverName string) (*common.MCPServer, error) {
+	mcpServer := common.NewMCPServer(serverName, Version)
     
 	// 添加工具方法到服务器
 	// mcpServer.AddTool()	

plugins/golang-filter/mcp-server/README_en.md

@@ -3,29 +3,22 @@ English | [简体中文](./README.md)
 
 ## Overview
 
-MCP Server is a Golang Filter plugin based on Envoy, designed to implement Server-Sent Events (SSE) and message communication functionality. This plugin supports various database types and uses Redis as a message queue to enable load-balanced requests to be sent through corresponding SSE connections.
+MCP Server is a Golang Filter plugin based on Envoy that provides a unified MCP (Model Context Protocol) service interface. It supports integration with various backend services, including:
 
-> **Note**: MCP Server requires Higress 2.1.0 or higher version.
+- Database Services: Supports multiple database access and management through GORM
+- Configuration Service: Supports integration with Nacos configuration service
+- Extensibility: Supports custom server implementations for easy integration with other services
 
-## Project Structure
-```
-mcp-server/
-├── config.go                # Configuration parsing code
-├── filter.go                # Request processing code
-├── internal/                # Internal implementation logic
-├── servers/                 # MCP server implementation
-├── go.mod                   # Go module dependency definition
-└── go.sum                   # Go module dependency checksum
-```
+> **Note**: MCP Server requires Higress version 2.1.0 or higher to be used.
 
 ## MCP Server Development Guide
 
 ```go
 // Register your server in the init function
-// Param 1: Server name
-// Param 2: Config struct instance
+// Parameter 1: Server name
+// Parameter 2: Configuration struct instance
 func init() {
-	internal.GlobalRegistry.RegisterServer("demo", &DemoConfig{})
+	common.GlobalRegistry.RegisterServer("demo", &DemoConfig{})
 }
 
 // Server configuration struct
@@ -33,7 +26,7 @@ type DemoConfig struct {
 	helloworld string
 }
 
-// Configuration parsing method
+// Parse configuration method
 // Parse and validate configuration items from the config map
 func (c *DBConfig) ParseConfig(config map[string]any) error {
 	helloworld, ok := config["helloworld"].(string)
@@ -45,13 +38,13 @@ func (c *DBConfig) ParseConfig(config map[string]any) error {
 // Create a new MCP server instance
 // serverName: Server name
 // Returns: MCP server instance and possible error
-func (c *DBConfig) NewServer(serverName string) (*internal.MCPServer, error) {
-	mcpServer := internal.NewMCPServer(serverName, Version)
+func (c *DBConfig) NewServer(serverName string) (*common.MCPServer, error) {
+	mcpServer := common.NewMCPServer(serverName, Version)
     
-	// Add tool methods to server
+	// Add tool methods to the server
 	// mcpServer.AddTool()	
 	
-	// Add resources to server
+	// Add resources to the server
 	// mcpServer.AddResource()
 	
 	return mcpServer, nil
@@ -59,7 +52,7 @@ func (c *DBConfig) NewServer(serverName string) (*internal.MCPServer, error) {
 ```
 
 **Note**: 
-Need to use underscore import in config.go to execute the package's init function
+You need to use underscore imports in config.go to execute the package's init function
 ```go
 import (
 	_ "github.com/alibaba/higress/plugins/golang-filter/mcp-server/servers/gorm"

plugins/golang-filter/mcp-server/config.go

@@ -1,71 +1,49 @@
-package main
+package mcp_server
 
 import (
 	"fmt"
 
-	xds "github.com/cncf/xds/go/xds/type/v3"
-	"google.golang.org/protobuf/types/known/anypb"
-
-	"github.com/alibaba/higress/plugins/golang-filter/mcp-server/internal"
 	_ "github.com/alibaba/higress/plugins/golang-filter/mcp-server/registry/nacos"
 	_ "github.com/alibaba/higress/plugins/golang-filter/mcp-server/servers/gorm"
+	mcp_session "github.com/alibaba/higress/plugins/golang-filter/mcp-session"
+	"github.com/alibaba/higress/plugins/golang-filter/mcp-session/common"
+	xds "github.com/cncf/xds/go/xds/type/v3"
 	"github.com/envoyproxy/envoy/contrib/golang/common/go/api"
-	envoyHttp "github.com/envoyproxy/envoy/contrib/golang/filters/http/source/go/pkg/http"
+	"google.golang.org/protobuf/types/known/anypb"
 )
 
 const Name = "mcp-server"
 const Version = "1.0.0"
-const DefaultServerName = "defaultServer"
-const MessageEndpoint = "/message"
 
-func init() {
-	envoyHttp.RegisterHttpFilterFactoryAndConfigParser(Name, filterFactory, &parser{})
+type SSEServerWrapper struct {
+	BaseServer *common.SSEServer
+	DomainList []string
 }
 
 type config struct {
-	ssePathSuffix string
-	redisClient   *internal.RedisClient
-	stopChan      chan struct{}
-	servers       []*internal.SSEServer
-	defaultServer *internal.SSEServer
+	servers []*SSEServerWrapper
 }
 
-type parser struct {
+func (c *config) Destroy() {
+	for _, server := range c.servers {
+		server.BaseServer.Close()
+	}
 }
 
-// Parse the filter configuration
-func (p *parser) Parse(any *anypb.Any, callbacks api.ConfigCallbackHandler) (interface{}, error) {
+type Parser struct {
+}
+
+func (p *Parser) Parse(any *anypb.Any, callbacks api.ConfigCallbackHandler) (interface{}, error) {
 	configStruct := &xds.TypedStruct{}
 	if err := any.UnmarshalTo(configStruct); err != nil {
 		return nil, err
 	}
 	v := configStruct.Value
 
-	conf := &config{}
-	conf.stopChan = make(chan struct{})
-
-	redisConfigMap, ok := v.AsMap()["redis"].(map[string]interface{})
-	if !ok {
-		return nil, fmt.Errorf("redis config is not set")
+	conf := &config{
+		servers: make([]*SSEServerWrapper, 0),
 	}
 
-	redisConfig, err := internal.ParseRedisConfig(redisConfigMap)
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse redis config: %w", err)
-	}
-
-	redisClient, err := internal.NewRedisClient(redisConfig, conf.stopChan)
-	if err != nil {
-		return nil, fmt.Errorf("failed to initialize RedisClient: %w", err)
-	}
-	conf.redisClient = redisClient
-
-	ssePathSuffix, ok := v.AsMap()["sse_path_suffix"].(string)
-	if !ok {
-		return nil, fmt.Errorf("sse path suffix is not set")
-	}
-	conf.ssePathSuffix = ssePathSuffix
-
 	serverConfigs, ok := v.AsMap()["servers"].([]interface{})
 	if !ok {
 		api.LogDebug("No servers are configured")
@@ -77,19 +55,33 @@ func (p *parser) Parse(any *anypb.Any, callbacks api.ConfigCallbackHandler) (int
 		if !ok {
 			return nil, fmt.Errorf("server config must be an object")
 		}
+
 		serverType, ok := serverConfigMap["type"].(string)
 		if !ok {
 			return nil, fmt.Errorf("server type is not set")
 		}
+
 		serverPath, ok := serverConfigMap["path"].(string)
 		if !ok {
 			return nil, fmt.Errorf("server %s path is not set", serverType)
 		}
+
+		serverDomainList := []string{}
+		if domainList, ok := serverConfigMap["domain_list"].([]interface{}); ok {
+			for _, domain := range domainList {
+				if domainStr, ok := domain.(string); ok {
+					serverDomainList = append(serverDomainList, domainStr)
+				}
+			}
+		} else {
+			serverDomainList = []string{"*"}
+		}
+
 		serverName, ok := serverConfigMap["name"].(string)
 		if !ok {
 			return nil, fmt.Errorf("server %s name is not set", serverType)
 		}
-		server := internal.GlobalRegistry.GetServer(serverType)
+		server := common.GlobalRegistry.GetServer(serverType)
 
 		if server == nil {
 			return nil, fmt.Errorf("server %s is not registered", serverType)
@@ -100,7 +92,7 @@ func (p *parser) Parse(any *anypb.Any, callbacks api.ConfigCallbackHandler) (int
 		}
 		api.LogDebug(fmt.Sprintf("Server config: %+v", serverConfig))
 
-		err = server.ParseConfig(serverConfig)
+		err := server.ParseConfig(serverConfig)
 		if err != nil {
 			return nil, fmt.Errorf("failed to parse server config: %w", err)
 		}
@@ -110,44 +102,36 @@ func (p *parser) Parse(any *anypb.Any, callbacks api.ConfigCallbackHandler) (int
 			return nil, fmt.Errorf("failed to initialize DBServer: %w", err)
 		}
 
-		conf.servers = append(conf.servers, internal.NewSSEServer(serverInstance,
-			internal.WithRedisClient(redisClient),
-			internal.WithSSEEndpoint(fmt.Sprintf("%s%s", serverPath, ssePathSuffix)),
-			internal.WithMessageEndpoint(fmt.Sprintf("%s%s", serverPath, MessageEndpoint))))
+		conf.servers = append(conf.servers, &SSEServerWrapper{
+			BaseServer: common.NewSSEServer(serverInstance,
+				common.WithSSEEndpoint(fmt.Sprintf("%s%s", serverPath, mcp_session.GlobalSSEPathSuffix)),
+				common.WithMessageEndpoint(serverPath)),
+			DomainList: serverDomainList,
+		})
 		api.LogDebug(fmt.Sprintf("Registered MCP Server: %s", serverType))
 	}
+
 	return conf, nil
 }
 
-func (p *parser) Merge(parent interface{}, child interface{}) interface{} {
+func (p *Parser) Merge(parent interface{}, child interface{}) interface{} {
 	parentConfig := parent.(*config)
 	childConfig := child.(*config)
 
 	newConfig := *parentConfig
-	if childConfig.redisClient != nil {
-		newConfig.redisClient = childConfig.redisClient
-	}
-	if childConfig.ssePathSuffix != "" {
-		newConfig.ssePathSuffix = childConfig.ssePathSuffix
-	}
 	if childConfig.servers != nil {
-		newConfig.servers = append(newConfig.servers, childConfig.servers...)
-	}
-	if childConfig.defaultServer != nil {
-		newConfig.defaultServer = childConfig.defaultServer
+		newConfig.servers = childConfig.servers
 	}
 	return &newConfig
 }
 
-func filterFactory(c interface{}, callbacks api.FilterCallbackHandler) api.StreamFilter {
+func FilterFactory(c interface{}, callbacks api.FilterCallbackHandler) api.StreamFilter {
 	conf, ok := c.(*config)
 	if !ok {
 		panic("unexpected config type")
 	}
 	return &filter{
-		callbacks: callbacks,
 		config:    conf,
+		callbacks: callbacks,
 	}
 }
-
-func main() {}

plugins/golang-filter/mcp-server/filter.go

@@ -1,80 +1,44 @@
-package main
+package mcp_server
 
 import (
-	"fmt"
 	"net/http"
 	"net/http/httptest"
-	"net/url"
-	"strings"
 
-	"github.com/alibaba/higress/plugins/golang-filter/mcp-server/internal"
+	"github.com/alibaba/higress/plugins/golang-filter/mcp-session/common"
 	"github.com/envoyproxy/envoy/contrib/golang/common/go/api"
 )
 
-// The callbacks in the filter, like `DecodeHeaders`, can be implemented on demand.
-// Because api.PassThroughStreamFilter provides a default implementation.
 type filter struct {
 	api.PassThroughStreamFilter
 
 	callbacks api.FilterCallbackHandler
-	path      string
-	config    *config
 
-	req        *http.Request
-	serverName string
-	message    bool
-	bodyBuffer []byte
+	config  *config
+	req     *http.Request
+	message bool
+	path    string
 }
 
-type RequestURL struct {
-	method    string
-	scheme    string
-	host      string
-	path      string
-	baseURL   string
-	parsedURL *url.URL
-}
-
-func NewRequestURL(header api.RequestHeaderMap) *RequestURL {
-	method, _ := header.Get(":method")
-	scheme, _ := header.Get(":scheme")
-	host, _ := header.Get(":authority")
-	path, _ := header.Get(":path")
-	baseURL := fmt.Sprintf("%s://%s", scheme, host)
-	parsedURL, _ := url.Parse(path)
-	api.LogDebugf("RequestURL: method=%s, scheme=%s, host=%s, path=%s", method, scheme, host, path)
-	return &RequestURL{method: method, scheme: scheme, host: host, path: path, baseURL: baseURL, parsedURL: parsedURL}
-}
-
-// Callbacks which are called in request path
-// The endStream is true if the request doesn't have body
 func (f *filter) DecodeHeaders(header api.RequestHeaderMap, endStream bool) api.StatusType {
-	url := NewRequestURL(header)
-	f.path = url.parsedURL.Path
+	url := common.NewRequestURL(header)
+	if url == nil {
+		return api.Continue
+	}
+	f.path = url.ParsedURL.Path
 
 	for _, server := range f.config.servers {
-		if f.path == server.GetSSEEndpoint() {
-			if url.method != http.MethodGet {
-				f.callbacks.DecoderFilterCallbacks().SendLocalReply(http.StatusMethodNotAllowed, "Method not allowed", nil, 0, "")
-			} else {
-				f.serverName = server.GetServerName()
-				body := "SSE connection create"
-				f.callbacks.DecoderFilterCallbacks().SendLocalReply(http.StatusOK, body, nil, 0, "")
-			}
-			api.LogDebugf("%s SSE connection started", server.GetServerName())
-			server.SetBaseURL(url.baseURL)
-			return api.LocalReply
-		} else if f.path == server.GetMessageEndpoint() {
-			if url.method != http.MethodPost {
+		if common.MatchDomainList(url.ParsedURL.Host, server.DomainList) && url.ParsedURL.Path == server.BaseServer.GetMessageEndpoint() {
+			if url.Method != http.MethodPost {
 				f.callbacks.DecoderFilterCallbacks().SendLocalReply(http.StatusMethodNotAllowed, "Method not allowed", nil, 0, "")
+				return api.LocalReply
 			}
 			// Create a new http.Request object
 			f.req = &http.Request{
-				Method: url.method,
-				URL:    url.parsedURL,
+				Method: url.Method,
+				URL:    url.ParsedURL,
 				Header: make(http.Header),
 			}
-			api.LogDebugf("Message request: %v", url.parsedURL)
+			api.LogDebugf("Message request: %v", url.ParsedURL)
 			// Copy headers from api.RequestHeaderMap to http.Header
 			header.Range(func(key, value string) bool {
 				f.req.Header.Add(key, value)
@@ -88,101 +52,34 @@ func (f *filter) DecodeHeaders(header api.RequestHeaderMap, endStream bool) api.
 			}
 		}
 	}
-	if !strings.HasSuffix(url.parsedURL.Path, f.config.ssePathSuffix) {
-		if endStream {
-			return api.Continue
-		} else {
-			return api.StopAndBuffer
-		}
-	}
 
-	if url.method != http.MethodGet {
-		f.callbacks.DecoderFilterCallbacks().SendLocalReply(http.StatusMethodNotAllowed, "Method not allowed", nil, 0, "")
-	} else {
-		f.config.defaultServer = internal.NewSSEServer(internal.NewMCPServer(DefaultServerName, Version),
-			internal.WithSSEEndpoint(f.config.ssePathSuffix),
-			internal.WithMessageEndpoint(strings.TrimSuffix(url.parsedURL.Path, f.config.ssePathSuffix)),
-			internal.WithRedisClient(f.config.redisClient))
-		f.serverName = f.config.defaultServer.GetServerName()
-		body := "SSE connection create"
-		f.callbacks.DecoderFilterCallbacks().SendLocalReply(http.StatusOK, body, nil, 0, "")
-		f.config.defaultServer.SetBaseURL(url.baseURL)
-	}
-	return api.LocalReply
+	return api.Continue
 }
 
-// DecodeData might be called multiple times during handling the request body.
-// The endStream is true when handling the last piece of the body.
 func (f *filter) DecodeData(buffer api.BufferInstance, endStream bool) api.StatusType {
-	if f.message {
-		f.bodyBuffer = append(f.bodyBuffer, buffer.Bytes()...)
-
-		if endStream {
-			for _, server := range f.config.servers {
-				if f.path == server.GetMessageEndpoint() {
-					// Create a response recorder to capture the response
-					recorder := httptest.NewRecorder()
-					// Call the handleMessage method of SSEServer with complete body
-					server.HandleMessage(recorder, f.req, f.bodyBuffer)
-					f.message = false
-					// clear buffer
-					f.bodyBuffer = nil
-					f.callbacks.DecoderFilterCallbacks().SendLocalReply(recorder.Code, recorder.Body.String(), recorder.Header(), 0, "")
-					return api.LocalReply
-				}
-			}
-		}
+	if !endStream {
 		return api.StopAndBuffer
 	}
-	return api.Continue
-}
-
-// Callbacks which are called in response path
-// The endStream is true if the response doesn't have body
-func (f *filter) EncodeHeaders(header api.ResponseHeaderMap, endStream bool) api.StatusType {
-	if f.serverName != "" {
-		header.Set("Content-Type", "text/event-stream")
-		header.Set("Cache-Control", "no-cache")
-		header.Set("Connection", "keep-alive")
-		header.Set("Access-Control-Allow-Origin", "*")
-		header.Del("Content-Length")
-		return api.Continue
-	}
-	return api.Continue
-}
-
-// EncodeData might be called multiple times during handling the response body.
-// The endStream is true when handling the last piece of the body.
-func (f *filter) EncodeData(buffer api.BufferInstance, endStream bool) api.StatusType {
-	if f.serverName != "" {
-		// handle specific server
+	if f.message {
 		for _, server := range f.config.servers {
-			if f.serverName == server.GetServerName() {
-				buffer.Reset()
-				server.HandleSSE(f.callbacks)
-				return api.Running
+			if f.path == server.BaseServer.GetMessageEndpoint() {
+				// Create a response recorder to capture the response
+				recorder := httptest.NewRecorder()
+				// Call the handleMessage method of SSEServer with complete body
+				httpStatus := server.BaseServer.HandleMessage(recorder, f.req, buffer.Bytes())
+				f.message = false
+				f.callbacks.DecoderFilterCallbacks().SendLocalReply(httpStatus, recorder.Body.String(), recorder.Header(), 0, "")
+				return api.LocalReply
 			}
 		}
-		// handle default server
-		if f.serverName == f.config.defaultServer.GetServerName() {
-			buffer.Reset()
-			f.config.defaultServer.HandleSSE(f.callbacks)
-			return api.Running
-		}
-		return api.Continue
 	}
 	return api.Continue
 }
 
-// OnDestroy stops the goroutine
-func (f *filter) OnDestroy(reason api.DestroyReason) {
-	if f.serverName != "" && f.config.stopChan != nil {
-		select {
-		case <-f.config.stopChan:
-			return
-		default:
-			api.LogDebug("Stopping SSE connection")
-			close(f.config.stopChan)
-		}
-	}
+func (f *filter) EncodeHeaders(header api.ResponseHeaderMap, endStream bool) api.StatusType {
+	return api.Continue
+}
+
+func (f *filter) EncodeData(buffer api.BufferInstance, endStream bool) api.StatusType {
+	return api.Continue
 }

plugins/golang-filter/mcp-server/go.mod

@@ -1,54 +0,0 @@
-module github.com/alibaba/higress/plugins/golang-filter/mcp-server
-
-go 1.23
-
-require (
-	github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42
-	github.com/envoyproxy/envoy v1.33.1-0.20250224062430-6c11eac01993
-	github.com/go-redis/redis/v8 v8.11.5
-	github.com/google/uuid v1.6.0
-	github.com/mark3labs/mcp-go v0.12.0
-	google.golang.org/protobuf v1.36.5
-	gorm.io/driver/clickhouse v0.6.1
-	gorm.io/driver/mysql v1.5.7
-	gorm.io/driver/postgres v1.5.11
-	gorm.io/driver/sqlite v1.5.7
-	gorm.io/gorm v1.25.12
-)
-
-require (
-	cel.dev/expr v0.15.0 // indirect
-	github.com/ClickHouse/ch-go v0.61.5 // indirect
-	github.com/ClickHouse/clickhouse-go/v2 v2.23.2 // indirect
-	github.com/andybalholm/brotli v1.1.0 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
-	github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect
-	github.com/go-faster/city v1.0.1 // indirect
-	github.com/go-faster/errors v0.7.1 // indirect
-	github.com/go-sql-driver/mysql v1.7.0 // indirect
-	github.com/hashicorp/go-version v1.6.0 // indirect
-	github.com/jackc/pgpassfile v1.0.0 // indirect
-	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
-	github.com/jackc/pgx/v5 v5.5.5 // indirect
-	github.com/jackc/puddle/v2 v2.2.1 // indirect
-	github.com/jinzhu/inflection v1.0.0 // indirect
-	github.com/jinzhu/now v1.1.5 // indirect
-	github.com/klauspost/compress v1.17.8 // indirect
-	github.com/mattn/go-sqlite3 v1.14.22 // indirect
-	github.com/nacos-group/nacos-sdk-go/v2 v2.2.9
-	github.com/paulmach/orb v0.11.1 // indirect
-	github.com/pierrec/lz4/v4 v4.1.21 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/segmentio/asm v1.2.0 // indirect
-	github.com/shopspring/decimal v1.4.0 // indirect
-	go.opentelemetry.io/otel v1.26.0 // indirect
-	go.opentelemetry.io/otel/trace v1.26.0 // indirect
-	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/sync v0.6.0 // indirect
-	golang.org/x/sys v0.19.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
-)

plugins/golang-filter/mcp-server/go.sum

@@ -1,182 +0,0 @@
-cel.dev/expr v0.15.0 h1:O1jzfJCQBfL5BFoYktaxwIhuttaQPsVWerH9/EEKx0w=
-cel.dev/expr v0.15.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg=
-github.com/ClickHouse/ch-go v0.61.5 h1:zwR8QbYI0tsMiEcze/uIMK+Tz1D3XZXLdNrlaOpeEI4=
-github.com/ClickHouse/ch-go v0.61.5/go.mod h1:s1LJW/F/LcFs5HJnuogFMta50kKDO0lf9zzfrbl0RQg=
-github.com/ClickHouse/clickhouse-go/v2 v2.23.2 h1:+DAKPMnxLS7pduQZsrJc8OhdLS2L9MfDEJ2TS+hpYDM=
-github.com/ClickHouse/clickhouse-go/v2 v2.23.2/go.mod h1:aNap51J1OM3yxQJRgM+AlP/MPkGBCL8A74uQThoQhR0=
-github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
-github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42 h1:Om6kYQYDUk5wWbT0t0q6pvyM49i9XZAv9dDrkDA7gjk=
-github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
-github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
-github.com/envoyproxy/envoy v1.33.1-0.20250224062430-6c11eac01993 h1:98rKr5Irapq0t68+sHM78LIkflsiDVttSExZTaqsxSo=
-github.com/envoyproxy/envoy v1.33.1-0.20250224062430-6c11eac01993/go.mod h1:x7d0dNbE0xGuDBUkBg19VGCgnPQ+lJ2k8lDzDzKExow=
-github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A=
-github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew=
-github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
-github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
-github.com/go-faster/city v1.0.1 h1:4WAxSZ3V2Ws4QRDrscLEDcibJY8uf41H6AhXDrNDcGw=
-github.com/go-faster/city v1.0.1/go.mod h1:jKcUJId49qdW3L1qKHH/3wPeUstCVpVSXTM6vO3VcTw=
-github.com/go-faster/errors v0.7.1 h1:MkJTnDoEdi9pDabt1dpWf7AA8/BaSYZqibYyhZ20AYg=
-github.com/go-faster/errors v0.7.1/go.mod h1:5ySTjWFiphBs07IKuiL69nxdfd5+fzh1u7FPGZP2quo=
-github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI=
-github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo=
-github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ7YPc=
-github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
-github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
-github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
-github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
-github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
-github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk=
-github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
-github.com/jackc/pgx/v5 v5.5.5 h1:amBjrZVmksIdNjxGW/IiIMzxMKZFelXbUoPNb+8sjQw=
-github.com/jackc/pgx/v5 v5.5.5/go.mod h1:ez9gk+OAat140fv9ErkZDYFWmXLfV+++K0uAOiwgm1A=
-github.com/jackc/puddle/v2 v2.2.1 h1:RhxXJtFG022u4ibrCSMSiu5aOq1i77R3OHKNJj77OAk=
-github.com/jackc/puddle/v2 v2.2.1/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
-github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
-github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
-github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
-github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
-github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
-github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
-github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/mark3labs/mcp-go v0.12.0 h1:Pue1Tdwqcz77GHq18uzgmLT3wmeDUxXUSAqSwhGLhVo=
-github.com/mark3labs/mcp-go v0.12.0/go.mod h1:cjMlBU0cv/cj9kjlgmRhoJ5JREdS7YX83xeIG9Ko/jE=
-github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
-github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
-github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
-github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
-github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
-github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
-github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
-github.com/onsi/gomega v1.24.2 h1:J/tulyYK6JwBldPViHJReihxxZ+22FHs0piGjQAvoUE=
-github.com/onsi/gomega v1.24.2/go.mod h1:gs3J10IS7Z7r7eXRoNJIrNqU4ToQukCJhFtKrWgHWnk=
-github.com/paulmach/orb v0.11.1 h1:3koVegMC4X/WeiXYz9iswopaTwMem53NzTJuTF20JzU=
-github.com/paulmach/orb v0.11.1/go.mod h1:5mULz1xQfs3bmQm63QEJA6lNGujuRafwA5S/EnuLaLU=
-github.com/paulmach/protoscan v0.2.1/go.mod h1:SpcSwydNLrxUGSDvXvO0P7g7AuhJ7lcKfDlhJCDw2gY=
-github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ=
-github.com/pierrec/lz4/v4 v4.1.21/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
-github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
-github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
-github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
-github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
-github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
-github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
-github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
-github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
-github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-go.mongodb.org/mongo-driver v1.11.4/go.mod h1:PTSz5yu21bkT/wXpkS7WR5f0ddqw5quethTUn9WM+2g=
-go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs=
-go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4=
-go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA=
-go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
-golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
-golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
-golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
-golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d h1:DoPTO70H+bcDXcd39vOqb2viZxgqeBeSGtZ55yZU4/Q=
-google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 h1:NnYq6UN9ReLM9/Y01KWNOWyI5xQ9kbIms5GGJVwS/Yc=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
-google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gorm.io/driver/clickhouse v0.6.1 h1:t7JMB6sLBXxN8hEO6RdzCbJCwq/jAEVZdwXlmQs1Sd4=
-gorm.io/driver/clickhouse v0.6.1/go.mod h1:riMYpJcGZ3sJ/OAZZ1rEP1j/Y0H6cByOAnwz7fo2AyM=
-gorm.io/driver/mysql v1.5.7 h1:MndhOPYOfEp2rHKgkZIhJ16eVUIRf2HmzgoPmh7FCWo=
-gorm.io/driver/mysql v1.5.7/go.mod h1:sEtPWMiqiN1N1cMXoXmBbd8C6/l+TESwriotuRRpkDM=
-gorm.io/driver/postgres v1.5.11 h1:ubBVAfbKEUld/twyKZ0IYn9rSQh448EdelLYk9Mv314=
-gorm.io/driver/postgres v1.5.11/go.mod h1:DX3GReXH+3FPWGrrgffdvCk3DQ1dwDPdmbenSkweRGI=
-gorm.io/driver/sqlite v1.5.7 h1:8NvsrhP0ifM7LX9G4zPB97NwovUakUxc+2V2uuf3Z1I=
-gorm.io/driver/sqlite v1.5.7/go.mod h1:U+J8craQU6Fzkcvu8oLeAQmi50TkwPEhHDEjQZXDah4=
-gorm.io/gorm v1.25.7/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
-gorm.io/gorm v1.25.12 h1:I0u8i2hWQItBq1WfE0o2+WuL9+8L21K9e2HHSTE/0f8=
-gorm.io/gorm v1.25.12/go.mod h1:xh7N7RHfYlNc5EmcI/El95gXusucDrQnHXe0+CgWcLQ=

plugins/golang-filter/mcp-server/registry/nacos/nacos.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"regexp"
+	"strings"
 
 	"github.com/alibaba/higress/plugins/golang-filter/mcp-server/registry"
 	"github.com/envoyproxy/envoy/contrib/golang/common/go/api"
@@ -39,6 +40,9 @@ func (n *NacosMcpRegsitry) ListToolsDesciption() []*registry.ToolDescription {
 }
 
 func (n *NacosMcpRegsitry) GetToolRpcContext(toolName string) (*registry.RpcContext, bool) {
+	if n.toolsRpcContext == nil {
+		n.refreshToolsList()
+	}
 	tool, ok := n.toolsRpcContext[toolName]
 	return tool, ok
 }
@@ -76,21 +80,77 @@ func (n *NacosMcpRegsitry) refreshToolsListForGroup(group string, serviceMatcher
 		api.LogErrorf("Match service error for patter %s", serviceMatcher)
 		return false
 	}
+
+	currentServiceList := map[string]bool{}
+
 	for _, service := range serviceList {
 		if !pattern.MatchString(service) {
 			continue
 		}
 
-		if _, ok := n.currentServiceSet[group+service]; !ok {
-			changed = true
-			n.refreshToolsListForService(group, service)
+		formatServiceName := getFormatServiceName(group, service)
+		if _, ok := n.currentServiceSet[formatServiceName]; !ok {
+			refreshed := n.refreshToolsListForService(group, service)
 			n.listenToService(group, service)
+			if refreshed {
+				changed = true
+			}
+		}
+
+		currentServiceList[formatServiceName] = true
+	}
+
+	serviceShouldBeDeleted := []string{}
+	for serviceName, _ := range n.currentServiceSet {
+		if !strings.HasPrefix(serviceName, group) {
+			continue
+		}
+
+		if _, ok := currentServiceList[serviceName]; !ok {
+			serviceShouldBeDeleted = append(serviceShouldBeDeleted, serviceName)
+			changed = true
+			toolsShouldBeDeleted := []string{}
+			for toolName, _ := range n.toolsDescription {
+				if strings.HasPrefix(toolName, serviceName) {
+					toolsShouldBeDeleted = append(toolsShouldBeDeleted, toolName)
+				}
+			}
+
+			for _, toolName := range toolsShouldBeDeleted {
+				delete(n.toolsDescription, toolName)
+				delete(n.toolsRpcContext, toolName)
+			}
 		}
 	}
+
+	for _, service := range serviceShouldBeDeleted {
+		delete(n.currentServiceSet, service)
+	}
+
 	return changed
 }
 
-func (n *NacosMcpRegsitry) refreshToolsListForServiceWithContent(group string, service string, newConfig *string, instances *[]model.Instance) {
+func getFormatServiceName(group string, service string) string {
+	return fmt.Sprintf("%s_%s", group, service)
+}
+
+func (n *NacosMcpRegsitry) deleteToolForService(group string, service string) {
+	toolsNeedReset := []string{}
+
+	formatServiceName := getFormatServiceName(group, service)
+	for tool, _ := range n.toolsDescription {
+		if strings.HasPrefix(tool, formatServiceName) {
+			toolsNeedReset = append(toolsNeedReset, tool)
+		}
+	}
+
+	for _, tool := range toolsNeedReset {
+		delete(n.toolsDescription, tool)
+		delete(n.toolsRpcContext, tool)
+	}
+}
+
+func (n *NacosMcpRegsitry) refreshToolsListForServiceWithContent(group string, service string, newConfig *string, instances *[]model.Instance) bool {
 
 	if newConfig == nil {
 		dataId := makeToolsConfigId(service)
@@ -101,7 +161,7 @@ func (n *NacosMcpRegsitry) refreshToolsListForServiceWithContent(group string, s
 
 		if err != nil {
 			api.LogError(fmt.Sprintf("Get tools config for sercice %s:%s error %s", group, service, err))
-			return
+			return false
 		}
 
 		newConfig = &content
@@ -116,17 +176,27 @@ func (n *NacosMcpRegsitry) refreshToolsListForServiceWithContent(group string, s
 
 		if err != nil {
 			api.LogError(fmt.Sprintf("List instance for sercice %s:%s error %s", group, service, err))
-			return
+			return false
 		}
 
 		instances = &instancesFromNacos
 	}
 
 	var applicationDescription registry.McpApplicationDescription
+	if newConfig == nil {
+		return false
+	}
+
+	// config deleted, tools should be removed
+	if len(*newConfig) == 0 {
+		n.deleteToolForService(group, service)
+		return true
+	}
+
 	err := json.Unmarshal([]byte(*newConfig), &applicationDescription)
 	if err != nil {
 		api.LogError(fmt.Sprintf("Parse tools config for sercice %s:%s error, config is %s, error is %s", group, service, *newConfig, err))
-		return
+		return false
 	}
 
 	wrappedInstances := []registry.Instance{}
@@ -147,6 +217,8 @@ func (n *NacosMcpRegsitry) refreshToolsListForServiceWithContent(group string, s
 		n.toolsRpcContext = map[string]*registry.RpcContext{}
 	}
 
+	n.deleteToolForService(group, service)
+
 	for _, tool := range applicationDescription.ToolsDescription {
 		meta := applicationDescription.ToolsMeta[tool.Name]
 
@@ -167,8 +239,8 @@ func (n *NacosMcpRegsitry) refreshToolsListForServiceWithContent(group string, s
 		n.toolsDescription[tool.Name] = tool
 		n.toolsRpcContext[tool.Name] = &context
 	}
-	n.currentServiceSet[group+service] = true
-	api.LogInfo(fmt.Sprintf("Refresh tools list for service success %s:%s", group, service))
+	n.currentServiceSet[getFormatServiceName(group, service)] = true
+	return true
 }
 
 func (n *NacosMcpRegsitry) GetCredential(name string, group string) *registry.CredentialInfo {
@@ -193,8 +265,8 @@ func (n *NacosMcpRegsitry) GetCredential(name string, group string) *registry.Cr
 	return &credential
 }
 
-func (n *NacosMcpRegsitry) refreshToolsListForService(group string, service string) {
-	n.refreshToolsListForServiceWithContent(group, service, nil, nil)
+func (n *NacosMcpRegsitry) refreshToolsListForService(group string, service string) bool {
+	return n.refreshToolsListForServiceWithContent(group, service, nil, nil)
 }
 
 func (n *NacosMcpRegsitry) listenToService(group string, service string) {

plugins/golang-filter/mcp-server/registry/nacos/server.go

@@ -5,8 +5,8 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/alibaba/higress/plugins/golang-filter/mcp-server/internal"
 	"github.com/alibaba/higress/plugins/golang-filter/mcp-server/registry"
+	"github.com/alibaba/higress/plugins/golang-filter/mcp-session/common"
 	"github.com/envoyproxy/envoy/contrib/golang/common/go/api"
 	"github.com/mark3labs/mcp-go/mcp"
 	"github.com/nacos-group/nacos-sdk-go/v2/clients"
@@ -15,7 +15,7 @@ import (
 )
 
 func init() {
-	internal.GlobalRegistry.RegisterServer("nacos-mcp-registry", &NacosConfig{})
+	common.GlobalRegistry.RegisterServer("nacos-mcp-registry", &NacosConfig{})
 }
 
 type NacosConfig struct {
@@ -28,7 +28,7 @@ type NacosConfig struct {
 }
 
 type McpServerToolsChangeListener struct {
-	mcpServer *internal.MCPServer
+	mcpServer *common.MCPServer
 }
 
 func (l *McpServerToolsChangeListener) OnToolChanged(reg registry.McpServerRegistry) {
@@ -45,7 +45,11 @@ func CreateNacosMcpRegsitry(config *NacosConfig) (*NacosMcpRegsitry, error) {
 		constant.WithTimeoutMs(5000),
 		constant.WithNotLoadCacheAtStart(true),
 		constant.WithOpenKMS(true),
+		constant.WithLogLevel("error"),
 	)
+	cc.AppendToStdout = true
+
+	cc.DiableLog = true
 
 	if config.Namespace != nil {
 		cc.NamespaceId = *config.Namespace
@@ -108,6 +112,10 @@ func (c *NacosConfig) ParseConfig(config map[string]any) error {
 		return errors.New("missing serviceMatcher")
 	}
 
+	if namespace, ok := config["namespace"].(string); ok {
+		c.Namespace = &namespace
+	}
+
 	matchers := map[string]string{}
 	for key, value := range serviceMatcher {
 		matchers[key] = value.(string)
@@ -129,8 +137,8 @@ func (c *NacosConfig) ParseConfig(config map[string]any) error {
 	return nil
 }
 
-func (c *NacosConfig) NewServer(serverName string) (*internal.MCPServer, error) {
-	mcpServer := internal.NewMCPServer(
+func (c *NacosConfig) NewServer(serverName string) (*common.MCPServer, error) {
+	mcpServer := common.NewMCPServer(
 		serverName,
 		"1.0.0",
 	)
@@ -146,25 +154,31 @@ func (c *NacosConfig) NewServer(serverName string) (*internal.MCPServer, error)
 	nacosRegistry.RegisterToolChangeEventListener(&listener)
 
 	go func() {
+		defer func() {
+			if r := recover(); r != nil {
+				api.LogErrorf("NacosToolsListRefresh recovered from panic: %v", r)
+			}
+		}()
+
 		for {
 			if nacosRegistry.refreshToolsList() {
 				resetToolsToMcpServer(mcpServer, nacosRegistry)
 			}
-			time.Sleep(time.Second * 10)
+			time.Sleep(time.Second * 3)
 		}
 	}()
 	return mcpServer, nil
 }
 
-func resetToolsToMcpServer(mcpServer *internal.MCPServer, reg registry.McpServerRegistry) {
-	wrappedTools := []internal.ServerTool{}
+func resetToolsToMcpServer(mcpServer *common.MCPServer, reg registry.McpServerRegistry) {
+	wrappedTools := []common.ServerTool{}
 	tools := reg.ListToolsDesciption()
 	for _, tool := range tools {
-		wrappedTools = append(wrappedTools, internal.ServerTool{
+		wrappedTools = append(wrappedTools, common.ServerTool{
 			Tool:    mcp.NewToolWithRawSchema(tool.Name, tool.Description, tool.InputSchema),
 			Handler: registry.HandleRegistryToolsCall(reg),
 		})
 	}
 	mcpServer.SetTools(wrappedTools...)
-	api.LogInfo("Config changed reset tools")
+	api.LogInfof("Tools reset, new tools list len %d", len(wrappedTools))
 }

plugins/golang-filter/mcp-server/registry/remote.go

@@ -9,7 +9,7 @@ import (
 	"net/url"
 	"strings"
 
-	"github.com/alibaba/higress/plugins/golang-filter/mcp-server/internal"
+	"github.com/alibaba/higress/plugins/golang-filter/mcp-session/common"
 	"github.com/mark3labs/mcp-go/mcp"
 )
 
@@ -50,8 +50,11 @@ func FixedQueryToken(cred *CredentialInfo, h *HttpRemoteCallHandle) {
 	h.Query[key.(string)] = value.(string)
 }
 
-func newHttpRemoteCallHandle(ctx *RpcContext) *HttpRemoteCallHandle {
-	instance := selectOneInstance(ctx)
+func newHttpRemoteCallHandle(ctx *RpcContext) (*HttpRemoteCallHandle, error) {
+	instance, err := selectOneInstance(ctx)
+	if err != nil {
+		return nil, err
+	}
 	method, ok := ctx.ToolMeta.InvokeContext["method"]
 	if !ok {
 		method = DEFAULT_HTTP_METHOD
@@ -64,7 +67,7 @@ func newHttpRemoteCallHandle(ctx *RpcContext) *HttpRemoteCallHandle {
 
 	return &HttpRemoteCallHandle{
 		CommonRemoteCallHandle: CommonRemoteCallHandle{
-			Instance: &instance,
+			Instance: instance,
 		},
 		Protocol: ctx.Protocol,
 		Headers:  http.Header{},
@@ -72,7 +75,7 @@ func newHttpRemoteCallHandle(ctx *RpcContext) *HttpRemoteCallHandle {
 		Query:    map[string]string{},
 		Path:     path,
 		Method:   method,
-	}
+	}, nil
 }
 
 // http remote handle implementation
@@ -119,14 +122,14 @@ func (h *HttpRemoteCallHandle) handleParamMapping(mapInfo *map[string]ParameterM
 	for param, value := range params {
 		if info, ok := paramMapInfo[param]; ok {
 			if info.Position == "Query" {
-				h.Query[info.BackendName] = fmt.Sprintf("%s", value)
+				h.Query[info.BackendName] = fmt.Sprintf("%v", value)
 			} else if info.Position == "Header" {
-				h.Headers[info.BackendName] = []string{fmt.Sprintf("%s", value)}
+				h.Headers[info.BackendName] = []string{fmt.Sprintf("%v", value)}
 			} else {
 				return fmt.Errorf("Unsupport position for args %s, pos is %s", param, info.Position)
 			}
 		} else {
-			h.Query[param] = fmt.Sprintf("%s", value)
+			h.Query[param] = fmt.Sprintf("%v", value)
 		}
 	}
 	return nil
@@ -160,20 +163,25 @@ func (h *HttpRemoteCallHandle) doHttpCall() (*http.Response, error) {
 	return http.DefaultClient.Do(&request)
 }
 
-func selectOneInstance(ctx *RpcContext) Instance {
+func selectOneInstance(ctx *RpcContext) (*Instance, error) {
 	instanceId := 0
+	if ctx.Instances == nil || len(*ctx.Instances) == 0 {
+		return nil, fmt.Errorf("No instance")
+	}
+
 	instances := *ctx.Instances
-	if len(instances) != 1 {
+	if len(instances) > 1 {
 		instanceId = rand.Intn(len(instances) - 1)
 	}
-	return instances[instanceId]
+	select_instance := instances[instanceId]
+	return &select_instance, nil
 }
 
-func getRemoteCallhandle(ctx *RpcContext) RemoteCallHandle {
+func getRemoteCallhandle(ctx *RpcContext) (RemoteCallHandle, error) {
 	if ctx.Protocol == PROTOCOL_HTTP || ctx.Protocol == PROTOCOL_HTTPS {
 		return newHttpRemoteCallHandle(ctx)
 	} else {
-		return nil
+		return nil, nil
 	}
 }
 
@@ -184,15 +192,19 @@ func CommonRemoteCall(reg McpServerRegistry, toolName string, parameters map[str
 		return nil, fmt.Errorf("Unknown tool %s", toolName)
 	}
 
-	remoteHandle := getRemoteCallhandle(ctx)
+	remoteHandle, err := getRemoteCallhandle(ctx)
 	if remoteHandle == nil {
 		return nil, fmt.Errorf("Unknown backend protocol %s", ctx.Protocol)
 	}
 
+	if err != nil {
+		return nil, fmt.Errorf("Call backend server error: %w", err)
+	}
+
 	return remoteHandle.HandleToolCall(ctx, parameters)
 }
 
-func HandleRegistryToolsCall(reg McpServerRegistry) internal.ToolHandlerFunc {
+func HandleRegistryToolsCall(reg McpServerRegistry) common.ToolHandlerFunc {
 	return func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
 		arguments := request.Params.Arguments
 		return CommonRemoteCall(reg, request.Params.Name, arguments)

plugins/golang-filter/mcp-server/servers/gorm/db.go

@@ -1,47 +1,148 @@
 package gorm
 
 import (
+	"context"
 	"fmt"
+	"sync/atomic"
+	"time"
 
+	"github.com/envoyproxy/envoy/contrib/golang/common/go/api"
 	"gorm.io/driver/clickhouse"
 	"gorm.io/driver/mysql"
 	"gorm.io/driver/postgres"
 	"gorm.io/driver/sqlite"
 	"gorm.io/gorm"
+	"gorm.io/gorm/logger"
 )
 
-// DBClient is a struct to handle PostgreSQL connections and operations
+// DBClient is a struct to handle database connections and operations
 type DBClient struct {
-	db *gorm.DB
+	db         *gorm.DB
+	dsn        string
+	dbType     string
+	reconnect  chan struct{}
+	stop       chan struct{}
+	panicCount int32 // Add panic counter
 }
 
-// NewDBClient creates a new DBClient instance and establishes a connection to the PostgreSQL database
-func NewDBClient(dsn string, dbType string) (*DBClient, error) {
-	var db *gorm.DB
-	var err error
-	if dbType == "postgres" {
-		db, err = gorm.Open(postgres.Open(dsn), &gorm.Config{})
-	} else if dbType == "clickhouse" {
-		db, err = gorm.Open(clickhouse.Open(dsn), &gorm.Config{})
-	} else if dbType == "mysql" {
-		db, err = gorm.Open(mysql.Open(dsn), &gorm.Config{})
-	} else if dbType == "sqlite" {
-		db, err = gorm.Open(sqlite.Open(dsn), &gorm.Config{})
-	} else {
-		return nil, fmt.Errorf("unsupported database type %s", dbType)
-	}
-	// Connect to the database
-	if err != nil {
-		return nil, fmt.Errorf("failed to connect to database: %w", err)
+// NewDBClient creates a new DBClient instance and establishes a connection to the database
+func NewDBClient(dsn string, dbType string, stop chan struct{}) *DBClient {
+	client := &DBClient{
+		dsn:       dsn,
+		dbType:    dbType,
+		reconnect: make(chan struct{}, 1),
+		stop:      stop,
 	}
 
-	return &DBClient{db: db}, nil
+	// Start reconnection goroutine
+	go client.reconnectLoop()
+
+	// Try initial connection
+	if err := client.connect(); err != nil {
+		api.LogErrorf("Initial database connection failed: %v", err)
+	}
+
+	return client
+}
+
+func (c *DBClient) connect() error {
+	var db *gorm.DB
+	var err error
+	gormConfig := gorm.Config{
+		Logger: logger.Default.LogMode(logger.Silent),
+	}
+
+	switch c.dbType {
+	case "postgres":
+		db, err = gorm.Open(postgres.Open(c.dsn), &gormConfig)
+	case "clickhouse":
+		db, err = gorm.Open(clickhouse.Open(c.dsn), &gormConfig)
+	case "mysql":
+		db, err = gorm.Open(mysql.Open(c.dsn), &gormConfig)
+	case "sqlite":
+		db, err = gorm.Open(sqlite.Open(c.dsn), &gormConfig)
+	default:
+		return fmt.Errorf("unsupported database type %s", c.dbType)
+	}
+
+	if err != nil {
+		return fmt.Errorf("failed to connect to database: %w", err)
+	}
+
+	c.db = db
+	return nil
+}
+
+func (c *DBClient) reconnectLoop() {
+	defer func() {
+		if r := recover(); r != nil {
+			api.LogErrorf("Recovered from panic in reconnectLoop: %v", r)
+
+			// Increment panic counter
+			atomic.AddInt32(&c.panicCount, 1)
+
+			// If panic count exceeds threshold, stop trying to reconnect
+			if atomic.LoadInt32(&c.panicCount) > 3 {
+				api.LogErrorf("Too many panics in reconnectLoop, stopping reconnection attempts")
+				return
+			}
+
+			// Wait for a while before restarting
+			time.Sleep(5 * time.Second)
+
+			// Restart the reconnect loop
+			go c.reconnectLoop()
+		}
+	}()
+
+	ticker := time.NewTicker(30 * time.Second) // Try to reconnect every 30 seconds
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-c.stop:
+			api.LogInfof("Database %s connection closed", c.dbType)
+			return
+		case <-ticker.C:
+			if c.db == nil || c.Ping() != nil {
+				if err := c.connect(); err != nil {
+					api.LogErrorf("Database reconnection failed: %v", err)
+				} else {
+					api.LogInfof("Database reconnected successfully")
+					// Reset panic count on successful connection
+					atomic.StoreInt32(&c.panicCount, 0)
+				}
+			}
+		case <-c.reconnect:
+			if err := c.connect(); err != nil {
+				api.LogErrorf("Database reconnection failed: %v", err)
+			} else {
+				api.LogInfof("Database reconnected successfully")
+				// Reset panic count on successful connection
+				atomic.StoreInt32(&c.panicCount, 0)
+			}
+		}
+	}
 }
 
 // ExecuteSQL executes a raw SQL query and returns the result as a slice of maps
 func (c *DBClient) ExecuteSQL(query string, args ...interface{}) ([]map[string]interface{}, error) {
+	if c.db == nil {
+		// Trigger reconnection
+		select {
+		case c.reconnect <- struct{}{}:
+		default:
+		}
+		return nil, fmt.Errorf("database is not connected, attempting to reconnect")
+	}
+
 	rows, err := c.db.Raw(query, args...).Rows()
 	if err != nil {
+		// If execution fails, connection might be lost, trigger reconnection
+		select {
+		case c.reconnect <- struct{}{}:
+		default:
+		}
 		return nil, fmt.Errorf("failed to execute SQL query: %w", err)
 	}
 	defer rows.Close()
@@ -88,3 +189,21 @@ func (c *DBClient) ExecuteSQL(query string, args ...interface{}) ([]map[string]i
 
 	return results, nil
 }
+
+func (c *DBClient) Ping() error {
+	if c.db == nil {
+		return fmt.Errorf("database connection is nil")
+	}
+
+	// Use context to set timeout
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+	defer cancel()
+
+	// Try to ping the database
+	sqlDB, err := c.db.DB()
+	if err != nil {
+		return fmt.Errorf("failed to get underlying *sql.DB: %v", err)
+	}
+
+	return sqlDB.PingContext(ctx)
+}

plugins/golang-filter/mcp-server/servers/gorm/server.go

@@ -4,7 +4,7 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/alibaba/higress/plugins/golang-filter/mcp-server/internal"
+	"github.com/alibaba/higress/plugins/golang-filter/mcp-session/common"
 	"github.com/envoyproxy/envoy/contrib/golang/common/go/api"
 	"github.com/mark3labs/mcp-go/mcp"
 )
@@ -12,12 +12,13 @@ import (
 const Version = "1.0.0"
 
 func init() {
-	internal.GlobalRegistry.RegisterServer("database", &DBConfig{})
+	common.GlobalRegistry.RegisterServer("database", &DBConfig{})
 }
 
 type DBConfig struct {
-	dbType string
-	dsn    string
+	dbType      string
+	dsn         string
+	description string
 }
 
 func (c *DBConfig) ParseConfig(config map[string]any) error {
@@ -33,24 +34,24 @@ func (c *DBConfig) ParseConfig(config map[string]any) error {
 	}
 	c.dbType = dbType
 	api.LogDebugf("DBConfig ParseConfig: %+v", config)
+	c.description, ok = config["description"].(string)
+	if !ok {
+		c.description = ""
+	}
 	return nil
 }
 
-func (c *DBConfig) NewServer(serverName string) (*internal.MCPServer, error) {
-	mcpServer := internal.NewMCPServer(
+func (c *DBConfig) NewServer(serverName string) (*common.MCPServer, error) {
+	mcpServer := common.NewMCPServer(
 		serverName,
 		Version,
-		internal.WithInstructions(fmt.Sprintf("This is a %s database server", c.dbType)),
+		common.WithInstructions(fmt.Sprintf("This is a %s database server", c.dbType)),
 	)
 
-	dbClient, err := NewDBClient(c.dsn, c.dbType)
-	if err != nil {
-		return nil, fmt.Errorf("failed to initialize DBClient: %w", err)
-	}
-
+	dbClient := NewDBClient(c.dsn, c.dbType, mcpServer.GetDestoryChannel())
 	// Add query tool
 	mcpServer.AddTool(
-		mcp.NewToolWithRawSchema("query", "Run a read-only SQL query in database", GetQueryToolSchema()),
+		mcp.NewToolWithRawSchema("query", fmt.Sprintf("Run a read-only SQL query in database %s. Database description: %s", c.dbType, c.description), GetQueryToolSchema()),
 		HandleQueryTool(dbClient),
 	)
 

plugins/golang-filter/mcp-server/servers/gorm/tools.go

@@ -5,12 +5,12 @@ import (
 	"encoding/json"
 	"fmt"
 
-	"github.com/alibaba/higress/plugins/golang-filter/mcp-server/internal"
+	"github.com/alibaba/higress/plugins/golang-filter/mcp-session/common"
 	"github.com/mark3labs/mcp-go/mcp"
 )
 
 // HandleQueryTool handles SQL query execution
-func HandleQueryTool(dbClient *DBClient) internal.ToolHandlerFunc {
+func HandleQueryTool(dbClient *DBClient) common.ToolHandlerFunc {
 	return func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
 		arguments := request.Params.Arguments
 		message, ok := arguments["sql"].(string)

plugins/golang-filter/mcp-session/common/crypto.go

@@ -0,0 +1,76 @@
+package common
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/base64"
+	"fmt"
+	"io"
+)
+
+// Crypto handles encryption and decryption operations using AES-GCM
+type Crypto struct {
+	gcm cipher.AEAD
+}
+
+func NewCrypto(secret string) (*Crypto, error) {
+	if secret == "" {
+		return nil, fmt.Errorf("secret cannot be empty")
+	}
+
+	// Generate a 32-byte key using SHA-256
+	hash := sha256.Sum256([]byte(secret))
+	block, err := aes.NewCipher(hash[:])
+	if err != nil {
+		return nil, fmt.Errorf("failed to create cipher: %v", err)
+	}
+
+	// Create GCM mode
+	gcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create GCM: %v", err)
+	}
+
+	return &Crypto{gcm: gcm}, nil
+}
+
+// Encrypt encrypts the plaintext data using AES-GCM
+func (c *Crypto) Encrypt(plaintext []byte) (string, error) {
+	// Generate random nonce
+	nonce := make([]byte, c.gcm.NonceSize())
+	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+		return "", fmt.Errorf("failed to generate nonce: %v", err)
+	}
+
+	// Encrypt and authenticate data
+	ciphertext := c.gcm.Seal(nonce, nonce, plaintext, nil)
+	return base64.StdEncoding.EncodeToString(ciphertext), nil
+}
+
+// Decrypt decrypts the encrypted string using AES-GCM
+func (c *Crypto) Decrypt(encryptedStr string) ([]byte, error) {
+	// Decode base64
+	ciphertext, err := base64.StdEncoding.DecodeString(encryptedStr)
+	if err != nil {
+		return nil, fmt.Errorf("invalid encrypted data format")
+	}
+
+	// Check if the ciphertext is too short
+	if len(ciphertext) < c.gcm.NonceSize() {
+		return nil, fmt.Errorf("invalid encrypted data length")
+	}
+
+	// Extract nonce and ciphertext
+	nonce := ciphertext[:c.gcm.NonceSize()]
+	ciphertext = ciphertext[c.gcm.NonceSize():]
+
+	// Decrypt and verify data
+	plaintext, err := c.gcm.Open(nil, nonce, ciphertext, nil)
+	if err != nil {
+		return nil, fmt.Errorf("decryption failed")
+	}
+
+	return plaintext, nil
+}

plugins/golang-filter/mcp-session/common/match.go

@@ -0,0 +1,160 @@
+package common
+
+import (
+	"regexp"
+	"strings"
+
+	"github.com/envoyproxy/envoy/contrib/golang/common/go/api"
+)
+
+// RuleType defines the type of matching rule
+type RuleType string
+
+// UpstreamType defines the type of matching rule
+type UpstreamType string
+
+const (
+	ExactMatch    RuleType = "exact"
+	PrefixMatch   RuleType = "prefix"
+	SuffixMatch   RuleType = "suffix"
+	ContainsMatch RuleType = "contains"
+	RegexMatch    RuleType = "regex"
+
+	RestUpstream       UpstreamType = "rest"
+	SSEUpstream        UpstreamType = "sse"
+	StreamableUpstream UpstreamType = "streamable"
+)
+
+// MatchRule defines the structure for a matching rule
+type MatchRule struct {
+	MatchRuleDomain   string       `json:"match_rule_domain"`   // Domain pattern, supports wildcards
+	MatchRulePath     string       `json:"match_rule_path"`     // Path pattern to match
+	MatchRuleType     RuleType     `json:"match_rule_type"`     // Type of match rule
+	UpstreamType      UpstreamType `json:"upstream_type"`       // Type of upstream(s) matched by the rule
+	EnablePathRewrite bool         `json:"enable_path_rewrite"` // Enable request path rewrite for matched routes
+	PathRewritePrefix string       `json:"path_rewrite_prefix"` // Prefix the request path would be rewritten to.
+}
+
+// ParseMatchList parses the match list from the config
+func ParseMatchList(matchListConfig []interface{}) []MatchRule {
+	matchList := make([]MatchRule, 0)
+	for _, item := range matchListConfig {
+		if ruleMap, ok := item.(map[string]interface{}); ok {
+			rule := MatchRule{}
+			if domain, ok := ruleMap["match_rule_domain"].(string); ok {
+				rule.MatchRuleDomain = domain
+			}
+			if path, ok := ruleMap["match_rule_path"].(string); ok {
+				rule.MatchRulePath = path
+			}
+			if ruleType, ok := ruleMap["match_rule_type"].(string); ok {
+				rule.MatchRuleType = RuleType(ruleType)
+			}
+			if upstreamType, ok := ruleMap["upstream_type"].(string); ok {
+				rule.UpstreamType = UpstreamType(upstreamType)
+			}
+			if len(rule.UpstreamType) == 0 {
+				rule.UpstreamType = RestUpstream
+			} else {
+				switch rule.UpstreamType {
+				case RestUpstream, SSEUpstream, StreamableUpstream:
+					break
+				default:
+					api.LogWarnf("Unknown upstream type: %s", rule.UpstreamType)
+				}
+			}
+			if enablePathRewrite, ok := ruleMap["enable_path_rewrite"].(bool); ok {
+				rule.EnablePathRewrite = enablePathRewrite
+			}
+			if pathRewritePrefix, ok := ruleMap["path_rewrite_prefix"].(string); ok {
+				rule.PathRewritePrefix = pathRewritePrefix
+			}
+			if rule.EnablePathRewrite {
+				if rule.UpstreamType != SSEUpstream {
+					api.LogWarnf("Path rewrite is only supported for SSE upstream type")
+				} else if rule.MatchRuleType != PrefixMatch {
+					api.LogWarnf("Path rewrite is only supported for prefix match type")
+				} else if !strings.HasPrefix(rule.PathRewritePrefix, "/") {
+					rule.PathRewritePrefix = "/" + rule.PathRewritePrefix
+				}
+			}
+			matchList = append(matchList, rule)
+		}
+	}
+	return matchList
+}
+
+// convertWildcardToRegex converts wildcard pattern to regex pattern
+func convertWildcardToRegex(pattern string) string {
+	pattern = regexp.QuoteMeta(pattern)
+	pattern = "^" + strings.ReplaceAll(pattern, "\\*", ".*") + "$"
+	return pattern
+}
+
+// matchPattern checks if the target matches the pattern based on rule type
+func matchPattern(pattern string, target string, ruleType RuleType) bool {
+	if pattern == "" {
+		return true
+	}
+
+	switch ruleType {
+	case ExactMatch:
+		return pattern == target
+	case PrefixMatch:
+		return strings.HasPrefix(target, pattern)
+	case SuffixMatch:
+		return strings.HasSuffix(target, pattern)
+	case ContainsMatch:
+		return strings.Contains(target, pattern)
+	case RegexMatch:
+		matched, err := regexp.MatchString(pattern, target)
+		if err != nil {
+			return false
+		}
+		return matched
+	default:
+		return false
+	}
+}
+
+// matchDomain checks if the domain matches the pattern
+func matchDomain(domain string, pattern string) bool {
+	if pattern == "" || pattern == "*" {
+		return true
+	}
+	// Convert wildcard pattern to regex pattern
+	regexPattern := convertWildcardToRegex(pattern)
+	matched, _ := regexp.MatchString(regexPattern, domain)
+	return matched
+}
+
+// matchDomainAndPath checks if both domain and path match the rule
+func matchDomainAndPath(domain, path string, rule MatchRule) bool {
+	return matchDomain(domain, rule.MatchRuleDomain) &&
+		matchPattern(rule.MatchRulePath, path, rule.MatchRuleType)
+}
+
+// IsMatch checks if the request matches any rule in the rule list
+// Returns true if no rules are specified
+func IsMatch(rules []MatchRule, host, path string) (bool, MatchRule) {
+	if len(rules) == 0 {
+		return true, MatchRule{}
+	}
+
+	for _, rule := range rules {
+		if matchDomainAndPath(host, path, rule) {
+			return true, rule
+		}
+	}
+	return false, MatchRule{}
+}
+
+// MatchDomainList checks if the domain matches any of the domains in the list
+func MatchDomainList(domain string, domainList []string) bool {
+	for _, d := range domainList {
+		if matchDomain(domain, d) {
+			return true
+		}
+	}
+	return false
+}

plugins/golang-filter/mcp-session/common/redis.go

@@ -1,4 +1,4 @@
-package internal
+package common
 
 import (
 	"context"
@@ -10,35 +10,42 @@ import (
 )
 
 type RedisConfig struct {
-	Address  string
-	Username string
-	Password string
-	DB       int
+	address  string
+	username string
+	password string
+	db       int
+	secret   string // Encryption key
 }
 
-func ParseRedisConfig(config map[string]any) (*RedisConfig, error) {
+// ParseRedisConfig parses Redis configuration from a map
+func ParseRedisConfig(config map[string]interface{}) (*RedisConfig, error) {
 	c := &RedisConfig{}
 
 	// address is required
-	addr, ok := config["address"].(string)
-	if !ok {
-		return nil, fmt.Errorf("address is required and must be a string")
+	if addr, ok := config["address"].(string); ok && addr != "" {
+		c.address = addr
+	} else {
+		return nil, fmt.Errorf("address is required and must be a non-empty string")
 	}
-	c.Address = addr
 
 	// username is optional
 	if username, ok := config["username"].(string); ok {
-		c.Username = username
+		c.username = username
 	}
 
 	// password is optional
 	if password, ok := config["password"].(string); ok {
-		c.Password = password
+		c.password = password
 	}
 
 	// db is optional, default to 0
 	if db, ok := config["db"].(int); ok {
-		c.DB = db
+		c.db = db
+	}
+
+	// secret is optional
+	if secret, ok := config["secret"].(string); ok {
+		c.secret = secret
 	}
 
 	return c, nil
@@ -46,33 +53,47 @@ func ParseRedisConfig(config map[string]any) (*RedisConfig, error) {
 
 // RedisClient is a struct to handle Redis connections and operations
 type RedisClient struct {
-	client   *redis.Client
-	ctx      context.Context
-	stopChan chan struct{}
-	config   *RedisConfig
+	client *redis.Client
+	ctx    context.Context
+	cancel context.CancelFunc
+	config *RedisConfig
+	crypto *Crypto
 }
 
 // NewRedisClient creates a new RedisClient instance and establishes a connection to the Redis server
-func NewRedisClient(config *RedisConfig, stopChan chan struct{}) (*RedisClient, error) {
+func NewRedisClient(config *RedisConfig) (*RedisClient, error) {
 	client := redis.NewClient(&redis.Options{
-		Addr:     config.Address,
-		Username: config.Username,
-		Password: config.Password,
-		DB:       config.DB,
+		Addr:     config.address,
+		Username: config.username,
+		Password: config.password,
+		DB:       config.db,
 	})
 
 	// Ping the Redis server to check the connection
 	pong, err := client.Ping(context.Background()).Result()
 	if err != nil {
-		return nil, fmt.Errorf("failed to connect to Redis: %w", err)
+		api.LogErrorf("Failed to connect to Redis: %v", err)
+	} else {
+		api.LogDebugf("Connected to Redis: %s", pong)
+	}
+
+	ctx, cancel := context.WithCancel(context.Background())
+
+	var crypto *Crypto
+	if config.secret != "" {
+		crypto, err = NewCrypto(config.secret)
+		if err != nil {
+			cancel()
+			api.LogWarnf("Failed to initialize redis crypto: %v", err)
+		}
 	}
-	api.LogDebugf("Connected to Redis: %s", pong)
 
 	redisClient := &RedisClient{
-		client:   client,
-		ctx:      context.Background(),
-		stopChan: stopChan,
-		config:   config,
+		client: client,
+		ctx:    ctx,
+		cancel: cancel,
+		config: config,
+		crypto: crypto,
 	}
 
 	// Start keep-alive check
@@ -83,12 +104,12 @@ func NewRedisClient(config *RedisConfig, stopChan chan struct{}) (*RedisClient,
 
 // keepAlive periodically checks Redis connection and attempts to reconnect if needed
 func (r *RedisClient) keepAlive() {
-	ticker := time.NewTicker(30 * time.Second)
+	ticker := time.NewTicker(5 * time.Second)
 	defer ticker.Stop()
 
 	for {
 		select {
-		case <-r.stopChan:
+		case <-r.ctx.Done():
 			return
 		case <-ticker.C:
 			if err := r.checkConnection(); err != nil {
@@ -116,10 +137,10 @@ func (r *RedisClient) reconnect() error {
 
 	// Create new client
 	r.client = redis.NewClient(&redis.Options{
-		Addr:     r.config.Address,
-		Username: r.config.Username,
-		Password: r.config.Password,
-		DB:       r.config.DB,
+		Addr:     r.config.address,
+		Username: r.config.username,
+		Password: r.config.password,
+		DB:       r.config.db,
 	})
 
 	// Test the new connection
@@ -141,7 +162,7 @@ func (r *RedisClient) Publish(channel string, message string) error {
 }
 
 // Subscribe subscribes to a Redis channel and processes messages
-func (r *RedisClient) Subscribe(channel string, callback func(message string)) error {
+func (r *RedisClient) Subscribe(channel string, stopChan chan struct{}, callback func(message string)) error {
 	pubsub := r.client.Subscribe(r.ctx, channel)
 	_, err := pubsub.Receive(r.ctx)
 	if err != nil {
@@ -149,6 +170,12 @@ func (r *RedisClient) Subscribe(channel string, callback func(message string)) e
 	}
 
 	go func() {
+		defer func() {
+			if r := recover(); r != nil {
+				api.LogErrorf("Redis Subscribe recovered from panic: %v", r)
+			}
+		}()
+
 		defer func() {
 			pubsub.Close()
 			api.LogDebugf("Closed subscription to channel %s", channel)
@@ -157,7 +184,7 @@ func (r *RedisClient) Subscribe(channel string, callback func(message string)) e
 		ch := pubsub.Channel()
 		for {
 			select {
-			case <-r.stopChan:
+			case <-stopChan:
 				api.LogDebugf("Stopping subscription to channel %s", channel)
 				return
 			case msg, ok := <-ch:
@@ -183,7 +210,19 @@ func (r *RedisClient) Subscribe(channel string, callback func(message string)) e
 
 // Set sets the value of a key in Redis
 func (r *RedisClient) Set(key string, value string, expiration time.Duration) error {
-	err := r.client.Set(r.ctx, key, value, expiration).Err()
+	var finalValue string
+	if r.crypto != nil {
+		// Encrypt the data
+		encryptedValue, err := r.crypto.Encrypt([]byte(value))
+		if err != nil {
+			return fmt.Errorf("failed to encrypt value: %w", err)
+		}
+		finalValue = encryptedValue
+	} else {
+		finalValue = value
+	}
+
+	err := r.client.Set(r.ctx, key, finalValue, expiration).Err()
 	if err != nil {
 		return fmt.Errorf("failed to set key: %w", err)
 	}
@@ -192,11 +231,49 @@ func (r *RedisClient) Set(key string, value string, expiration time.Duration) er
 
 // Get retrieves the value of a key from Redis
 func (r *RedisClient) Get(key string) (string, error) {
-	val, err := r.client.Get(r.ctx, key).Result()
+	value, err := r.client.Get(r.ctx, key).Result()
 	if err == redis.Nil {
 		return "", fmt.Errorf("key does not exist")
 	} else if err != nil {
 		return "", fmt.Errorf("failed to get key: %w", err)
 	}
-	return val, nil
+
+	if r.crypto != nil {
+		// Decrypt the data
+		decryptedValue, err := r.crypto.Decrypt(value)
+		if err != nil {
+			return "", fmt.Errorf("failed to decrypt value: %w", err)
+		}
+		return string(decryptedValue), nil
+	}
+
+	return value, nil
+}
+
+// Expire sets the expiration time for a key
+func (r *RedisClient) Expire(key string, expiration time.Duration) error {
+	ok, err := r.client.Expire(r.ctx, key, expiration).Result()
+	if err != nil {
+		return fmt.Errorf("failed to set expiration for key: %w", err)
+	}
+	if !ok {
+		return fmt.Errorf("key does not exist")
+	}
+	return nil
+}
+
+// Close closes the Redis client and stops the keepalive goroutine
+func (r *RedisClient) Close() error {
+	r.cancel()
+	return r.client.Close()
+}
+
+// Eval executes a Lua script
+func (r *RedisClient) Eval(script string, numKeys int, keys []string, args []interface{}) (interface{}, error) {
+	result, err := r.client.Eval(r.ctx, script, keys, args...).Result()
+	if err != nil {
+		return nil, fmt.Errorf("failed to execute Lua script: %w", err)
+	}
+
+	return result, nil
 }

plugins/golang-filter/mcp-session/common/registry.go

@@ -1,4 +1,4 @@
-package internal
+package common
 
 var GlobalRegistry = NewServerRegistry()
 

plugins/golang-filter/mcp-session/common/server.go

@@ -1,4 +1,4 @@
-package internal
+package common
 
 import (
 	"context"
@@ -78,6 +78,7 @@ type MCPServer struct {
 	clientMu             sync.Mutex // Separate mutex for client context
 	currentClient        NotificationContext
 	initialized          atomic.Bool // Use atomic for the initialized flag
+	destory              chan struct{}
 }
 
 // serverKey is the context key for storing the server instance
@@ -226,6 +227,7 @@ func NewMCPServer(
 			prompts:   nil,
 			logging:   false,
 		},
+		destory: make(chan struct{}),
 	}
 
 	for _, opt := range opts {
@@ -241,6 +243,7 @@ func (s *MCPServer) HandleMessage(
 	message json.RawMessage,
 ) mcp.JSONRPCMessage {
 	// Add server to context
+
 	ctx = context.WithValue(ctx, serverKey{}, s)
 
 	var baseMessage struct {
@@ -419,6 +422,16 @@ func (s *MCPServer) HandleMessage(
 			)
 		}
 		return s.handleToolCall(ctx, baseMessage.ID, request)
+	case "":
+		var response mcp.JSONRPCResponse
+		if err := json.Unmarshal(message, &response); err != nil {
+			return createErrorResponse(
+				baseMessage.ID,
+				mcp.INVALID_REQUEST,
+				"Invalid message format",
+			)
+		}
+		return nil
 	default:
 		return createErrorResponse(
 			baseMessage.ID,
@@ -572,7 +585,7 @@ func (s *MCPServer) handleInitialize(
 	}
 
 	result := mcp.InitializeResult{
-		ProtocolVersion: mcp.LATEST_PROTOCOL_VERSION,
+		ProtocolVersion: request.Params.ProtocolVersion,
 		ServerInfo: mcp.Implementation{
 			Name:    s.name,
 			Version: s.version,
@@ -816,6 +829,14 @@ func (s *MCPServer) handleNotification(
 	return nil
 }
 
+func (s *MCPServer) Close() {
+	close(s.destory)
+}
+
+func (s *MCPServer) GetDestoryChannel() chan struct{} {
+	return s.destory
+}
+
 func createResponse(id interface{}, result interface{}) mcp.JSONRPCMessage {
 	return mcp.JSONRPCResponse{
 		JSONRPC: mcp.JSONRPC_VERSION,

plugins/golang-filter/mcp-session/common/sse.go

@@ -1,4 +1,4 @@
-package internal
+package common
 
 import (
 	"encoding/json"
@@ -12,6 +12,11 @@ import (
 	"github.com/mark3labs/mcp-go/mcp"
 )
 
+// GetSSEChannelName returns the Redis channel name for the given session ID
+func GetSSEChannelName(sessionID string) string {
+	return fmt.Sprintf("mcp-server-sse:%s", sessionID)
+}
+
 // SSEServer implements a Server-Sent Events (SSE) based MCP server.
 // It provides real-time communication capabilities over HTTP using the SSE protocol.
 type SSEServer struct {
@@ -23,10 +28,6 @@ type SSEServer struct {
 	redisClient     *RedisClient // Redis client for pub/sub
 }
 
-func (s *SSEServer) SetBaseURL(baseURL string) {
-	s.baseURL = baseURL
-}
-
 func (s *SSEServer) GetMessageEndpoint() string {
 	return s.messageEndpoint
 }
@@ -86,13 +87,13 @@ func NewSSEServer(server *MCPServer, opts ...Option) *SSEServer {
 
 // handleSSE handles incoming SSE connection requests.
 // It sets up appropriate headers and creates a new session for the client.
-func (s *SSEServer) HandleSSE(cb api.FilterCallbackHandler) {
+func (s *SSEServer) HandleSSE(cb api.FilterCallbackHandler, stopChan chan struct{}) {
 	sessionID := uuid.New().String()
 
 	s.sessions.Store(sessionID, true)
 	defer s.sessions.Delete(sessionID)
 
-	channel := fmt.Sprintf("sse:%s", sessionID)
+	channel := GetSSEChannelName(sessionID)
 
 	messageEndpoint := fmt.Sprintf(
 		"%s%s?sessionId=%s",
@@ -125,7 +126,7 @@ func (s *SSEServer) HandleSSE(cb api.FilterCallbackHandler) {
 	// 	}
 	// }()
 
-	err := s.redisClient.Subscribe(channel, func(message string) {
+	err := s.redisClient.Subscribe(channel, stopChan, func(message string) {
 		defer cb.EncoderFilterCallbacks().RecoverPanic()
 		api.LogDebugf("SSE Send message: %s", message)
 		cb.EncoderFilterCallbacks().InjectData([]byte(message))
@@ -143,16 +144,31 @@ func (s *SSEServer) HandleSSE(cb api.FilterCallbackHandler) {
 
 	// Start health check handler
 	go func() {
-		ticker := time.NewTicker(time.Minute)
+		defer func() {
+			if r := recover(); r != nil {
+				api.LogErrorf("Health check handler recovered from panic: %v", r)
+			}
+		}()
+
+		ticker := time.NewTicker(5 * time.Second)
 		defer ticker.Stop()
 
 		for {
 			select {
-			case <-s.redisClient.stopChan:
+			case <-stopChan:
 				return
 			case <-ticker.C:
 				// Send health check message
-				healthCheckEvent := "event: health_check\ndata: ping\r\n\r\n"
+				currentTime := time.Now().Format(time.RFC3339)
+				pingRequest := mcp.JSONRPCRequest{
+					JSONRPC: mcp.JSONRPC_VERSION,
+					ID:      currentTime,
+					Request: mcp.Request{
+						Method: "ping",
+					},
+				}
+				pingData, _ := json.Marshal(pingRequest)
+				healthCheckEvent := fmt.Sprintf("event: message\ndata: %s\n\n", pingData)
 				if err := s.redisClient.Publish(channel, healthCheckEvent); err != nil {
 					api.LogErrorf("Failed to send health check: %v", err)
 				}
@@ -163,17 +179,18 @@ func (s *SSEServer) HandleSSE(cb api.FilterCallbackHandler) {
 
 // handleMessage processes incoming JSON-RPC messages from clients and sends responses
 // back through both the SSE connection and HTTP response.
-func (s *SSEServer) HandleMessage(w http.ResponseWriter, r *http.Request, body json.RawMessage) {
+func (s *SSEServer) HandleMessage(w http.ResponseWriter, r *http.Request, body json.RawMessage) int {
 	if r.Method != http.MethodPost {
 		s.writeJSONRPCError(w, nil, mcp.INVALID_REQUEST, fmt.Sprintf("Method %s not allowed", r.Method))
-		return
+		return http.StatusBadRequest
 	}
 
 	sessionID := r.URL.Query().Get("sessionId")
-	if sessionID == "" {
-		s.writeJSONRPCError(w, nil, mcp.INVALID_PARAMS, "Missing sessionId")
-		return
-	}
+	// support streamable http without sessionId
+	// if sessionID == "" {
+	// 	s.writeJSONRPCError(w, nil, mcp.INVALID_PARAMS, "Missing sessionId")
+	// 	return
+	// }
 
 	// Set the client context in the server before handling the message
 	ctx := s.server.WithContext(r.Context(), NotificationContext{
@@ -190,27 +207,26 @@ func (s *SSEServer) HandleMessage(w http.ResponseWriter, r *http.Request, body j
 
 	// Process message through MCPServer
 	response := s.server.HandleMessage(ctx, body)
-
+	var status int
 	// Only send response if there is one (not for notifications)
 	if response != nil {
-		eventData, _ := json.Marshal(response)
-
-		if sessionID != "" {
-			channel := fmt.Sprintf("sse:%s", sessionID)
-			publishErr := s.redisClient.Publish(channel, fmt.Sprintf("event: message\ndata: %s\n\n", eventData))
-
-			if publishErr != nil {
-				api.LogErrorf("Failed to publish message to Redis: %v", publishErr)
-			}
+		if sessionID != ""{
+			w.WriteHeader(http.StatusAccepted)
+			status = http.StatusAccepted
+		} else {
+			// support streamable http
+			w.WriteHeader(http.StatusOK)
+			status = http.StatusOK
 		}
 		// Send HTTP response
 		w.Header().Set("Content-Type", "application/json")
-		w.WriteHeader(http.StatusAccepted)
 		json.NewEncoder(w).Encode(response)
 	} else {
 		// For notifications, just send 202 Accepted with no body
 		w.WriteHeader(http.StatusAccepted)
+		status = http.StatusAccepted
 	}
+	return status
 }
 
 // writeJSONRPCError writes a JSON-RPC error response with the given error details.
@@ -225,3 +241,7 @@ func (s *SSEServer) writeJSONRPCError(
 	w.WriteHeader(http.StatusBadRequest)
 	json.NewEncoder(w).Encode(response)
 }
+
+func (s *SSEServer) Close() {
+	s.server.Close()
+}

plugins/golang-filter/mcp-session/common/utils.go

@@ -0,0 +1,34 @@
+package common
+
+import (
+	"fmt"
+	"net/url"
+
+	"github.com/envoyproxy/envoy/contrib/golang/common/go/api"
+)
+
+type RequestURL struct {
+	Method     string
+	Scheme     string
+	Host       string
+	Path       string
+	BaseURL    string
+	ParsedURL  *url.URL
+	InternalIP bool
+}
+
+func NewRequestURL(header api.RequestHeaderMap) *RequestURL {
+	method, _ := header.Get(":method")
+	scheme, _ := header.Get(":scheme")
+	host, _ := header.Get(":authority")
+	path, _ := header.Get(":path")
+	internalIP, _ := header.Get("x-envoy-internal")
+	baseURL := fmt.Sprintf("%s://%s", scheme, host)
+	parsedURL, err := url.Parse(path)
+	if err != nil {
+		api.LogWarnf("url parse path:%s failed:%s", path, err)
+		return nil
+	}
+	api.LogDebugf("RequestURL: method=%s, scheme=%s, host=%s, path=%s", method, scheme, host, path)
+	return &RequestURL{Method: method, Scheme: scheme, Host: host, Path: path, BaseURL: baseURL, ParsedURL: parsedURL, InternalIP: internalIP == "true"}
+}

plugins/golang-filter/mcp-session/config.go

@@ -0,0 +1,145 @@
+package mcp_session
+
+import (
+	"fmt"
+
+	_ "net/http/pprof"
+
+	xds "github.com/cncf/xds/go/xds/type/v3"
+	"google.golang.org/protobuf/types/known/anypb"
+
+	"github.com/alibaba/higress/plugins/golang-filter/mcp-session/common"
+	"github.com/alibaba/higress/plugins/golang-filter/mcp-session/handler"
+	"github.com/envoyproxy/envoy/contrib/golang/common/go/api"
+)
+
+const Name = "mcp-session"
+const Version = "1.0.0"
+const ConfigPathSuffix = "/config"
+const DefaultServerName = "higress-mcp-server"
+
+var GlobalSSEPathSuffix = "/sse"
+
+type config struct {
+	matchList             []common.MatchRule
+	enableUserLevelServer bool
+	rateLimitConfig       *handler.MCPRatelimitConfig
+	defaultServer         *common.SSEServer
+	redisClient           *common.RedisClient
+}
+
+func (c *config) Destroy() {
+	if c.redisClient != nil {
+		api.LogDebug("Closing Redis client")
+		c.redisClient.Close()
+	}
+}
+
+type Parser struct {
+}
+
+// Parse the filter configuration
+func (p *Parser) Parse(any *anypb.Any, callbacks api.ConfigCallbackHandler) (interface{}, error) {
+	configStruct := &xds.TypedStruct{}
+	if err := any.UnmarshalTo(configStruct); err != nil {
+		return nil, err
+	}
+	v := configStruct.Value
+
+	conf := &config{
+		matchList: make([]common.MatchRule, 0),
+	}
+
+	// Parse match_list if exists
+	if matchList, ok := v.AsMap()["match_list"].([]interface{}); ok {
+		conf.matchList = common.ParseMatchList(matchList)
+	}
+
+	// Redis configuration is optional
+	if redisConfigMap, ok := v.AsMap()["redis"].(map[string]interface{}); ok {
+		redisConfig, err := common.ParseRedisConfig(redisConfigMap)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse redis config: %w", err)
+		}
+
+		redisClient, err := common.NewRedisClient(redisConfig)
+		if err != nil {
+			api.LogErrorf("Failed to initialize Redis client: %w", err)
+		} else {
+			api.LogDebug("Redis client initialized")
+		}
+		conf.redisClient = redisClient
+	} else {
+		api.LogDebug("Redis configuration not provided, running without Redis")
+	}
+
+	enableUserLevelServer, ok := v.AsMap()["enable_user_level_server"].(bool)
+	if !ok {
+		enableUserLevelServer = false
+		if conf.redisClient == nil {
+			return nil, fmt.Errorf("redis configuration is not provided, enable_user_level_server is true")
+		}
+	}
+	conf.enableUserLevelServer = enableUserLevelServer
+
+	if rateLimit, ok := v.AsMap()["rate_limit"].(map[string]interface{}); ok {
+		rateLimitConfig := &handler.MCPRatelimitConfig{}
+		if limit, ok := rateLimit["limit"].(float64); ok {
+			rateLimitConfig.Limit = int(limit)
+		}
+		if window, ok := rateLimit["window"].(float64); ok {
+			rateLimitConfig.Window = int(window)
+		}
+		if whiteList, ok := rateLimit["white_list"].([]interface{}); ok {
+			for _, item := range whiteList {
+				if uid, ok := item.(string); ok {
+					rateLimitConfig.Whitelist = append(rateLimitConfig.Whitelist, uid)
+				}
+			}
+		}
+		if errorText, ok := rateLimit["error_text"].(string); ok {
+			rateLimitConfig.ErrorText = errorText
+		}
+		conf.rateLimitConfig = rateLimitConfig
+	}
+
+	ssePathSuffix, ok := v.AsMap()["sse_path_suffix"].(string)
+	if !ok || ssePathSuffix == "" {
+		return nil, fmt.Errorf("sse path suffix is not set or empty")
+	}
+	GlobalSSEPathSuffix = ssePathSuffix
+
+	return conf, nil
+}
+
+func (p *Parser) Merge(parent interface{}, child interface{}) interface{} {
+	parentConfig := parent.(*config)
+	childConfig := child.(*config)
+
+	newConfig := *parentConfig
+	if childConfig.matchList != nil {
+		newConfig.matchList = childConfig.matchList
+	}
+	newConfig.enableUserLevelServer = childConfig.enableUserLevelServer
+	if childConfig.rateLimitConfig != nil {
+		newConfig.rateLimitConfig = childConfig.rateLimitConfig
+	}
+	if childConfig.defaultServer != nil {
+		newConfig.defaultServer = childConfig.defaultServer
+	}
+	return &newConfig
+}
+
+func FilterFactory(c interface{}, callbacks api.FilterCallbackHandler) api.StreamFilter {
+	conf, ok := c.(*config)
+	if !ok {
+		panic("unexpected config type")
+	}
+	return &filter{
+		callbacks:           callbacks,
+		config:              conf,
+		stopChan:            make(chan struct{}),
+		mcpConfigHandler:    handler.NewMCPConfigHandler(conf.redisClient, callbacks),
+		mcpRatelimitHandler: handler.NewMCPRatelimitHandler(conf.redisClient, callbacks, conf.rateLimitConfig),
+	}
+}

plugins/golang-filter/mcp-session/filter.go

@@ -0,0 +1,488 @@
+package mcp_session
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+
+	"github.com/alibaba/higress/plugins/golang-filter/mcp-session/common"
+	"github.com/alibaba/higress/plugins/golang-filter/mcp-session/handler"
+	"github.com/envoyproxy/envoy/contrib/golang/common/go/api"
+	"github.com/mark3labs/mcp-go/mcp"
+)
+
+const (
+	RedisNotEnabledResponseBody = "Redis is not enabled, SSE connection is not supported"
+)
+
+// The callbacks in the filter, like `DecodeHeaders`, can be implemented on demand.
+// Because api.PassThroughStreamFilter provides a default implementation.
+type filter struct {
+	api.PassThroughStreamFilter
+
+	callbacks api.FilterCallbackHandler
+	path      string
+	config    *config
+	stopChan  chan struct{}
+
+	req                *http.Request
+	serverName         string
+	proxyURL           *url.URL
+	matchedRule        common.MatchRule
+	needProcess        bool
+	skipRequestBody    bool
+	skipResponseBody   bool
+	cachedResponseBody []byte
+
+	userLevelConfig     bool
+	mcpConfigHandler    *handler.MCPConfigHandler
+	ratelimit           bool
+	mcpRatelimitHandler *handler.MCPRatelimitHandler
+}
+
+// Callbacks which are called in request path
+// The endStream is true if the request doesn't have body
+func (f *filter) DecodeHeaders(header api.RequestHeaderMap, endStream bool) api.StatusType {
+	requestUrl := common.NewRequestURL(header)
+	if requestUrl == nil {
+		return api.Continue
+	}
+	f.path = requestUrl.ParsedURL.Path
+
+	// Check if request matches any rule in match_list
+	matched, matchedRule := common.IsMatch(f.config.matchList, requestUrl.Host, f.path)
+	if !matched {
+		api.LogDebugf("Request does not match any rule in match_list: %s", requestUrl.ParsedURL.String())
+		return api.Continue
+	}
+	f.needProcess = true
+	f.matchedRule = matchedRule
+
+	f.req = &http.Request{
+		Method: requestUrl.Method,
+		URL:    requestUrl.ParsedURL,
+	}
+
+	if strings.HasSuffix(f.path, ConfigPathSuffix) && f.config.enableUserLevelServer {
+		if !requestUrl.InternalIP {
+			api.LogWarnf("Access denied: non-Internal IP address %s", requestUrl.ParsedURL.String())
+			f.callbacks.DecoderFilterCallbacks().SendLocalReply(http.StatusForbidden, "", nil, 0, "")
+			return api.LocalReply
+		}
+		if strings.HasSuffix(f.path, ConfigPathSuffix) && requestUrl.Method == http.MethodGet {
+			api.LogDebugf("Handling config request: %s", f.path)
+			f.mcpConfigHandler.HandleConfigRequest(f.req, []byte{})
+			return api.LocalReply
+		}
+		f.userLevelConfig = true
+		if endStream {
+			return api.Continue
+		} else {
+			return api.StopAndBuffer
+		}
+	}
+
+	return f.processMcpRequestHeaders(header, endStream)
+}
+
+func (f *filter) processMcpRequestHeaders(header api.RequestHeaderMap, endStream bool) api.StatusType {
+	switch f.matchedRule.UpstreamType {
+	case common.RestUpstream, common.StreamableUpstream:
+		return f.processMcpRequestHeadersForRestUpstream(header, endStream)
+	case common.SSEUpstream:
+		return f.processMcpRequestHeadersForSSEUpstream(header, endStream)
+	}
+	f.needProcess = false
+	return api.Continue
+}
+
+func (f *filter) processMcpRequestHeadersForRestUpstream(header api.RequestHeaderMap, endStream bool) api.StatusType {
+	method := f.req.Method
+	requestUrl := f.req.URL
+	if !strings.HasSuffix(requestUrl.Path, GlobalSSEPathSuffix) {
+		f.proxyURL = requestUrl
+		if f.config.enableUserLevelServer {
+			parts := strings.Split(requestUrl.Path, "/")
+			if len(parts) >= 3 {
+				serverName := parts[1]
+				uid := parts[2]
+				// Get encoded config
+				encodedConfig, _ := f.mcpConfigHandler.GetEncodedConfig(serverName, uid)
+				if encodedConfig != "" {
+					header.Set("x-higress-mcpserver-config", encodedConfig)
+					api.LogDebugf("Set x-higress-mcpserver-config Header for %s:%s", serverName, uid)
+				}
+			}
+			f.ratelimit = true
+		}
+		if endStream {
+			return api.Continue
+		} else {
+			return api.StopAndBuffer
+		}
+	}
+
+	if method != http.MethodGet {
+		f.callbacks.DecoderFilterCallbacks().SendLocalReply(http.StatusMethodNotAllowed, "Method not allowed", nil, 0, "")
+	} else {
+		f.config.defaultServer = common.NewSSEServer(common.NewMCPServer(DefaultServerName, Version),
+			common.WithSSEEndpoint(GlobalSSEPathSuffix),
+			common.WithMessageEndpoint(strings.TrimSuffix(requestUrl.Path, GlobalSSEPathSuffix)),
+			common.WithRedisClient(f.config.redisClient))
+		f.serverName = f.config.defaultServer.GetServerName()
+		body := "SSE connection create"
+		f.callbacks.DecoderFilterCallbacks().SendLocalReply(http.StatusOK, body, nil, 0, "")
+	}
+	return api.LocalReply
+}
+
+func (f *filter) processMcpRequestHeadersForSSEUpstream(header api.RequestHeaderMap, endStream bool) api.StatusType {
+	// We don't need to process the request body for SSE upstream.
+	f.skipRequestBody = true
+	f.rewritePathForSSEUpstream(header)
+	return api.Continue
+}
+
+func (f *filter) rewritePathForSSEUpstream(header api.RequestHeaderMap) {
+	matchedRule := f.matchedRule
+	if !matchedRule.EnablePathRewrite || matchedRule.MatchRuleType != common.PrefixMatch {
+		// No rewrite required, so we don't need to process the response body, either.
+		f.skipResponseBody = true
+		return
+	}
+
+	path := f.req.URL.Path
+	if !strings.HasPrefix(path, matchedRule.MatchRulePath) {
+		api.LogWarnf("Unexpected: Path %s does not match the configured prefix %s", path, matchedRule.MatchRulePath)
+		return
+	}
+
+	rewrittenPath := path[len(matchedRule.MatchRulePath):]
+
+	if rewrittenPath == "" {
+		rewrittenPath = matchedRule.PathRewritePrefix
+	} else {
+		rewritePrefixHasTrailingSlash := strings.HasSuffix(matchedRule.PathRewritePrefix, "/")
+		pathSuffixHasLeadingSlash := strings.HasPrefix(rewrittenPath, "/")
+		if rewritePrefixHasTrailingSlash != pathSuffixHasLeadingSlash {
+			// One has, the other doesn't have.
+			rewrittenPath = matchedRule.PathRewritePrefix + rewrittenPath
+		} else if pathSuffixHasLeadingSlash {
+			// Both have.
+			rewrittenPath = matchedRule.PathRewritePrefix + rewrittenPath[1:]
+		} else {
+			// Neither have.
+			rewrittenPath = matchedRule.PathRewritePrefix + "/" + rewrittenPath
+		}
+	}
+
+	if f.req.URL.RawQuery != "" {
+		rewrittenPath = rewrittenPath + "?" + f.req.URL.RawQuery
+	}
+
+	header.SetPath(rewrittenPath)
+}
+
+// DecodeData might be called multiple times during handling the request body.
+// The endStream is true when handling the last piece of the body.
+func (f *filter) DecodeData(buffer api.BufferInstance, endStream bool) api.StatusType {
+	if !f.needProcess || f.skipRequestBody {
+		return api.Continue
+	}
+	if f.matchedRule.UpstreamType != common.RestUpstream && f.matchedRule.UpstreamType != common.StreamableUpstream {
+		return api.Continue
+	}
+	if !endStream {
+		return api.StopAndBuffer
+	}
+	if f.userLevelConfig {
+		// Handle config POST request
+		api.LogDebugf("Handling config request: %s", f.path)
+		f.mcpConfigHandler.HandleConfigRequest(f.req, buffer.Bytes())
+		return api.LocalReply
+	} else if f.ratelimit {
+		if checkJSONRPCMethod(buffer.Bytes(), "tools/list") {
+			api.LogDebugf("Not a tools call request, skipping ratelimit")
+			return api.Continue
+		}
+		parts := strings.Split(f.req.URL.Path, "/")
+		if len(parts) < 3 {
+			api.LogWarnf("Access denied: no valid uid found")
+			f.callbacks.DecoderFilterCallbacks().SendLocalReply(http.StatusForbidden, "", nil, 0, "")
+			return api.LocalReply
+		}
+		serverName := parts[1]
+		uid := parts[2]
+		encodedConfig, err := f.mcpConfigHandler.GetEncodedConfig(serverName, uid)
+		if err != nil {
+			api.LogWarnf("Access denied: no valid config found for uid %s", uid)
+			f.callbacks.DecoderFilterCallbacks().SendLocalReply(http.StatusForbidden, "", nil, 0, "")
+			return api.LocalReply
+		} else if encodedConfig == "" && checkJSONRPCMethod(buffer.Bytes(), "tools/call") {
+			api.LogDebugf("Empty config found for %s:%s", serverName, uid)
+			if !f.mcpRatelimitHandler.HandleRatelimit(f.req, buffer.Bytes()) {
+				return api.LocalReply
+			}
+		}
+	}
+	return api.Continue
+}
+
+// EncodeHeaders Callbacks which are called in response path.
+// The endStream is true if the response doesn't have body.
+func (f *filter) EncodeHeaders(header api.ResponseHeaderMap, endStream bool) api.StatusType {
+	if !f.needProcess {
+		return api.Continue
+	}
+	if f.matchedRule.UpstreamType != common.RestUpstream && f.matchedRule.UpstreamType != common.StreamableUpstream {
+		if contentType, ok := header.Get("content-type"); !ok || !strings.HasPrefix(contentType, "text/event-stream") {
+			api.LogDebugf("Skip response body for non-SSE upstream. Content-Type: %s", contentType)
+			f.skipResponseBody = true
+		}
+		return api.Continue
+	}
+	if f.serverName != "" {
+		if f.config.redisClient != nil {
+			header.Set("Content-Type", "text/event-stream")
+			header.Set("Cache-Control", "no-cache")
+			header.Set("Connection", "keep-alive")
+			header.Set("Access-Control-Allow-Origin", "*")
+			header.Del("Content-Length")
+		} else {
+			header.Set("Content-Length", strconv.Itoa(len(RedisNotEnabledResponseBody)))
+		}
+		return api.Continue
+	}
+	return api.Continue
+}
+
+// EncodeData might be called multiple times during handling the response body.
+// The endStream is true when handling the last piece of the body.
+func (f *filter) EncodeData(buffer api.BufferInstance, endStream bool) api.StatusType {
+	if !f.needProcess || f.skipResponseBody {
+		return api.Continue
+	}
+
+	ret := api.Continue
+	api.LogDebugf("Upstream Type: %s", f.matchedRule.UpstreamType)
+	switch f.matchedRule.UpstreamType {
+	case common.RestUpstream, common.StreamableUpstream:
+		api.LogDebugf("Encoding data from Rest upstream")
+		ret = f.encodeDataFromRestUpstream(buffer, endStream)
+		break
+	case common.SSEUpstream:
+		api.LogDebugf("Encoding data from SSE upstream")
+		ret = f.encodeDataFromSSEUpstream(buffer, endStream)
+		if endStream {
+			// Always continue as long as the stream has ended.
+			ret = api.Continue
+		}
+	}
+	return ret
+}
+
+func (f *filter) encodeDataFromRestUpstream(buffer api.BufferInstance, endStream bool) api.StatusType {
+	if !f.needProcess {
+		return api.Continue
+	}
+	if !endStream {
+		return api.StopAndBuffer
+	}
+	if f.proxyURL != nil && f.config.redisClient != nil {
+		sessionID := f.proxyURL.Query().Get("sessionId")
+		if sessionID != "" {
+			channel := common.GetSSEChannelName(sessionID)
+			eventData := fmt.Sprintf("event: message\ndata: %s\n\n", buffer.String())
+			publishErr := f.config.redisClient.Publish(channel, eventData)
+			if publishErr != nil {
+				api.LogErrorf("Failed to publish wasm mcp server message to Redis: %v", publishErr)
+			}
+		}
+	}
+
+	if f.serverName != "" {
+		if f.config.redisClient != nil {
+			// handle default server
+			buffer.Reset()
+			f.config.defaultServer.HandleSSE(f.callbacks, f.stopChan)
+			return api.Running
+		} else {
+			_ = buffer.SetString(RedisNotEnabledResponseBody)
+			return api.Continue
+		}
+	}
+	return api.Continue
+}
+
+func (f *filter) encodeDataFromSSEUpstream(buffer api.BufferInstance, endStream bool) api.StatusType {
+	bufferBytes := buffer.Bytes()
+	bufferData := string(bufferBytes)
+
+	err, lineBreak := f.findSSELineBreak(bufferData)
+	if err != nil {
+		api.LogWarnf("Failed to find line break in SSE data: %v", err)
+		f.needProcess = false
+		return api.Continue
+	}
+	if lineBreak == "" {
+		// Have not found any line break. Need to buffer and check again.
+		return api.StopAndBuffer
+	}
+
+	api.LogDebugf("Line break sequence: %v", []byte(lineBreak))
+
+	err, endpointUrl := f.findEndpointUrl(bufferData, lineBreak)
+	if err != nil {
+		api.LogWarnf("Failed to find endpoint URL in SSE data: %v", err)
+		f.needProcess = false
+		return api.Continue
+	}
+	if endpointUrl == "" {
+		// No endpoint URL found. Need to buffer and check again.
+		return api.StopAndBuffer
+	}
+
+	// Remove query string since we don't need to change it.
+	queryStringIndex := strings.IndexAny(endpointUrl, "?")
+	if queryStringIndex != -1 {
+		endpointUrl = endpointUrl[:queryStringIndex]
+	}
+
+	if changed, newEndpointUrl := f.rewriteEndpointUrl(endpointUrl); changed {
+		api.LogDebugf("The endpoint URL is changed.\n  Old: %s\n  New: %s", endpointUrl, newEndpointUrl)
+
+		endpointUrlIndex := strings.Index(bufferData, endpointUrl)
+		if endpointUrlIndex == -1 {
+			api.LogWarnf("Something wrong, the previously found endpoint URL %s not found in the SSE data now", endpointUrl)
+		} else {
+			bufferData = bufferData[:endpointUrlIndex] + newEndpointUrl + bufferData[endpointUrlIndex+len(endpointUrl):]
+			_ = buffer.SetString(bufferData)
+		}
+	} else {
+		api.LogDebugf("The endpoint URL %s is not changed", endpointUrl)
+	}
+
+	f.needProcess = false
+	return api.Continue
+}
+
+func (f *filter) rewriteEndpointUrl(endpointUrl string) (bool, string) {
+	if !f.matchedRule.EnablePathRewrite {
+		return false, ""
+	}
+
+	if schemeIndex := strings.Index(endpointUrl, "://"); schemeIndex != -1 {
+		endpointUrl = endpointUrl[schemeIndex+3:]
+		if slashIndex := strings.Index(endpointUrl, "/"); slashIndex != -1 {
+			endpointUrl = endpointUrl[slashIndex:]
+		} else {
+			endpointUrl = "/"
+		}
+	}
+
+	if !strings.HasPrefix(endpointUrl, f.matchedRule.PathRewritePrefix) {
+		// The endpoint URL does not match the path rewrite prefix. We are unable to rewrite it back.
+		api.LogWarnf("The endpoint URL %s does not match the path rewrite prefix %s", endpointUrl, f.matchedRule.PathRewritePrefix)
+		return false, ""
+	}
+
+	suffix := endpointUrl[len(f.matchedRule.PathRewritePrefix):]
+
+	if len(suffix) == 0 {
+		endpointUrl = f.matchedRule.MatchRulePath
+	} else {
+		matchPathHasTrailingSlash := strings.HasSuffix(f.matchedRule.MatchRulePath, "/")
+		suffixHasLeadingSlash := strings.HasPrefix(suffix, "/")
+		if matchPathHasTrailingSlash != suffixHasLeadingSlash {
+			// One has, the other doesn't have.
+			endpointUrl = f.matchedRule.MatchRulePath + suffix
+		} else if matchPathHasTrailingSlash {
+			// Both have.
+			endpointUrl = f.matchedRule.MatchRulePath + suffix[1:]
+		} else {
+			// Neither have.
+			endpointUrl = f.matchedRule.MatchRulePath + "/" + suffix
+		}
+	}
+
+	return true, endpointUrl
+}
+
+func (f *filter) findSSELineBreak(bufferData string) (error, string) {
+	// See https://html.spec.whatwg.org/multipage/server-sent-events.html
+	crIndex := strings.IndexAny(bufferData, "\r")
+	lfIndex := strings.IndexAny(bufferData, "\n")
+	if crIndex == -1 && lfIndex == -1 {
+		// No line break found.
+		return nil, ""
+	}
+	lineBreak := ""
+	if crIndex != -1 && lfIndex != -1 {
+		if crIndex+1 != lfIndex {
+			// Found both line breaks, but they are not adjacent. Skip body processing.
+			return errors.New("found non-adjacent CR and LF"), ""
+		}
+		lineBreak = "\r\n"
+	} else if crIndex != -1 {
+		lineBreak = "\r"
+	} else {
+		lineBreak = "\n"
+	}
+	return nil, lineBreak
+}
+
+func (f *filter) findEndpointUrl(bufferData, lineBreak string) (error, string) {
+	eventIndex := strings.Index(bufferData, "event:")
+	if eventIndex == -1 {
+		return nil, ""
+	}
+	bufferData = bufferData[eventIndex:]
+	eventEndIndex := strings.Index(bufferData, lineBreak)
+	if eventEndIndex == -1 {
+		return nil, ""
+	}
+	eventName := strings.TrimSpace(bufferData[len("event:"):eventEndIndex])
+	if eventName != "endpoint" {
+		return fmt.Errorf("the initial event [%s] is not an endpoint event. Skip processing", eventName), ""
+	}
+	bufferData = bufferData[eventEndIndex+len(lineBreak):]
+	dataEndIndex := strings.Index(bufferData, lineBreak)
+	if dataEndIndex == -1 {
+		// Data received not enough.
+		return nil, ""
+	}
+	eventData := bufferData[:dataEndIndex]
+	if !strings.HasPrefix(eventData, "data:") {
+		return fmt.Errorf("an unexpected non-data field found in the event. Skip processing. Field: %s", eventData), ""
+	}
+	return nil, strings.TrimSpace(eventData[len("data:"):])
+}
+
+// OnDestroy stops the goroutine
+func (f *filter) OnDestroy(reason api.DestroyReason) {
+	api.LogDebugf("OnDestroy: reason=%v", reason)
+	if f.serverName != "" && f.stopChan != nil {
+		select {
+		case <-f.stopChan:
+			return
+		default:
+			api.LogDebug("Stopping SSE connection")
+			close(f.stopChan)
+		}
+	}
+}
+
+// check if the request is a tools/call request
+func checkJSONRPCMethod(body []byte, method string) bool {
+	var request mcp.CallToolRequest
+	if err := json.Unmarshal(body, &request); err != nil {
+		api.LogWarnf("Failed to unmarshal request body: %v, not a JSON RPC request", err)
+		return true
+	}
+
+	return request.Method == method
+}

plugins/golang-filter/mcp-session/handler/config_handler.go

@@ -0,0 +1,162 @@
+package handler
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/alibaba/higress/plugins/golang-filter/mcp-session/common"
+	"github.com/envoyproxy/envoy/contrib/golang/common/go/api"
+)
+
+// MCPConfigHandler handles configuration requests for MCP server
+type MCPConfigHandler struct {
+	configStore ConfigStore
+	callbacks   api.FilterCallbackHandler
+}
+
+// NewMCPConfigHandler creates a new instance of MCP configuration handler
+func NewMCPConfigHandler(redisClient *common.RedisClient, callbacks api.FilterCallbackHandler) *MCPConfigHandler {
+	return &MCPConfigHandler{
+		configStore: NewRedisConfigStore(redisClient),
+		callbacks:   callbacks,
+	}
+}
+
+// HandleConfigRequest processes configuration requests
+func (h *MCPConfigHandler) HandleConfigRequest(req *http.Request, body []byte) bool {
+	// Check if it's a configuration request
+	if !strings.HasSuffix(req.URL.Path, "/config") {
+		return false
+	}
+
+	// Extract serverName and uid from path
+	pathParts := strings.Split(strings.TrimSuffix(req.URL.Path, "/config"), "/")
+	if len(pathParts) < 2 {
+		h.sendErrorResponse(http.StatusBadRequest, "INVALID_PATH", "Invalid path format")
+		return true
+	}
+	uid := pathParts[len(pathParts)-1]
+	serverName := pathParts[len(pathParts)-2]
+
+	switch req.Method {
+	case http.MethodGet:
+		return h.handleGetConfig(serverName, uid)
+	case http.MethodPost:
+		return h.handleStoreConfig(serverName, uid, body)
+	default:
+		h.sendErrorResponse(http.StatusMethodNotAllowed, "METHOD_NOT_ALLOWED", "Method not allowed")
+		return true
+	}
+}
+
+// handleGetConfig handles configuration retrieval requests
+func (h *MCPConfigHandler) handleGetConfig(serverName string, uid string) bool {
+	config, err := h.configStore.GetConfig(serverName, uid)
+	if err != nil {
+		api.LogErrorf("Failed to get config for server %s, uid %s: %v", serverName, uid, err)
+		h.sendErrorResponse(http.StatusInternalServerError, "CONFIG_ERROR", fmt.Sprintf("Failed to get configuration: %s", err.Error()))
+		return true
+	}
+
+	response := struct {
+		Success bool              `json:"success"`
+		Config  map[string]string `json:"config"`
+	}{
+		Success: true,
+		Config:  config,
+	}
+
+	responseBytes, _ := json.Marshal(response)
+	headers := map[string][]string{
+		"Content-Type": {"application/json"},
+	}
+	h.callbacks.DecoderFilterCallbacks().SendLocalReply(
+		http.StatusOK,
+		string(responseBytes),
+		headers, 0, "",
+	)
+	return true
+}
+
+// handleStoreConfig handles configuration storage requests
+func (h *MCPConfigHandler) handleStoreConfig(serverName string, uid string, body []byte) bool {
+	// Parse request body
+	var requestBody struct {
+		Config map[string]string `json:"config"`
+	}
+	if err := json.Unmarshal(body, &requestBody); err != nil {
+		api.LogErrorf("Invalid request format for server %s, uid %s: %v", serverName, uid, err)
+		h.sendErrorResponse(http.StatusBadRequest, "INVALID_REQUEST", fmt.Sprintf("Invalid request format: %s", err.Error()))
+		return true
+	}
+
+	if requestBody.Config == nil {
+		h.sendErrorResponse(http.StatusBadRequest, "INVALID_REQUEST", "Config cannot be null")
+		return true
+	}
+
+	response, err := h.configStore.StoreConfig(serverName, uid, requestBody.Config)
+	if err != nil {
+		api.LogErrorf("Failed to store config for server %s, uid %s: %v", serverName, uid, err)
+		h.sendErrorResponse(http.StatusInternalServerError, "CONFIG_ERROR", fmt.Sprintf("Failed to store configuration: %s", err.Error()))
+		return true
+	}
+
+	responseBytes, _ := json.Marshal(response)
+	headers := map[string][]string{
+		"Content-Type": {"application/json"},
+	}
+	h.callbacks.DecoderFilterCallbacks().SendLocalReply(
+		http.StatusOK,
+		string(responseBytes),
+		headers, 0, "",
+	)
+	return true
+}
+
+// sendErrorResponse sends an error response with the specified status, code and message
+func (h *MCPConfigHandler) sendErrorResponse(status int, code string, message string) {
+	response := &ConfigResponse{
+		Success: false,
+		Error: &struct {
+			Code    string `json:"code"`
+			Message string `json:"message"`
+		}{
+			Code:    code,
+			Message: message,
+		},
+	}
+	responseBytes, _ := json.Marshal(response)
+	headers := map[string][]string{
+		"Content-Type": {"application/json"},
+	}
+	h.callbacks.DecoderFilterCallbacks().SendLocalReply(
+		status,
+		string(responseBytes),
+		headers, 0, "",
+	)
+}
+
+// GetEncodedConfig retrieves and encodes the configuration for a given server and uid
+func (h *MCPConfigHandler) GetEncodedConfig(serverName string, uid string) (string, error) {
+	conf, err := h.configStore.GetConfig(serverName, uid)
+	if err != nil {
+		return "", fmt.Errorf("failed to get config: %w", err)
+	}
+
+	// Check if config exists and is not empty
+	if len(conf) > 0 {
+		// Convert config map to JSON string
+		configBytes, err := json.Marshal(conf)
+		if err != nil {
+			return "", fmt.Errorf("failed to marshal config: %w", err)
+		}
+		// Encode JSON string to base64
+		return base64.StdEncoding.EncodeToString(configBytes), nil
+	}
+
+	return "", nil
+}

plugins/golang-filter/mcp-session/handler/config_store.go

@@ -0,0 +1,111 @@
+package handler
+
+import (
+	"encoding/json"
+	"fmt"
+	"time"
+
+	"github.com/alibaba/higress/plugins/golang-filter/mcp-session/common"
+)
+
+const (
+	configExpiry = 7 * 24 * time.Hour
+)
+
+// GetConfigStoreKey returns the Redis channel name for the given session ID
+func GetConfigStoreKey(serverName string, uid string) string {
+	return fmt.Sprintf("mcp-server-config:%s:%s", serverName, uid)
+}
+
+// ConfigResponse represents the response structure for configuration operations
+type ConfigResponse struct {
+	Success bool `json:"success"`
+	Error   *struct {
+		Code    string `json:"code"`
+		Message string `json:"message"`
+	} `json:"error,omitempty"`
+}
+
+// ConfigStore defines the interface for configuration storage operations
+type ConfigStore interface {
+	// StoreConfig stores user configuration
+	StoreConfig(serverName string, uid string, config map[string]string) (*ConfigResponse, error)
+	// GetConfig retrieves user configuration
+	GetConfig(serverName string, uid string) (map[string]string, error)
+}
+
+// RedisConfigStore implements configuration storage using Redis
+type RedisConfigStore struct {
+	redisClient *common.RedisClient
+}
+
+// NewRedisConfigStore creates a new instance of Redis configuration storage
+func NewRedisConfigStore(redisClient *common.RedisClient) ConfigStore {
+	return &RedisConfigStore{
+		redisClient: redisClient,
+	}
+}
+
+// StoreConfig stores configuration in Redis
+func (s *RedisConfigStore) StoreConfig(serverName string, uid string, config map[string]string) (*ConfigResponse, error) {
+	key := GetConfigStoreKey(serverName, uid)
+
+	// Convert config to JSON
+	configBytes, err := json.Marshal(config)
+	if err != nil {
+		return &ConfigResponse{
+			Success: false,
+			Error: &struct {
+				Code    string `json:"code"`
+				Message string `json:"message"`
+			}{
+				Code:    "MARSHAL_ERROR",
+				Message: "Failed to marshal configuration",
+			},
+		}, err
+	}
+
+	// Store in Redis with expiry
+	err = s.redisClient.Set(key, string(configBytes), configExpiry)
+	if err != nil {
+		return &ConfigResponse{
+			Success: false,
+			Error: &struct {
+				Code    string `json:"code"`
+				Message string `json:"message"`
+			}{
+				Code:    "REDIS_ERROR",
+				Message: "Failed to store configuration in Redis",
+			},
+		}, err
+	}
+
+	return &ConfigResponse{
+		Success: true,
+	}, nil
+}
+
+// GetConfig retrieves configuration from Redis
+func (s *RedisConfigStore) GetConfig(serverName string, uid string) (map[string]string, error) {
+	key := GetConfigStoreKey(serverName, uid)
+
+	// Get from Redis
+	value, err := s.redisClient.Get(key)
+	if err != nil {
+		return nil, err
+	}
+
+	// Parse JSON
+	var config map[string]string
+	if err := json.Unmarshal([]byte(value), &config); err != nil {
+		return nil, err
+	}
+
+	// Refresh TTL
+	if err := s.redisClient.Expire(key, configExpiry); err != nil {
+		// Log error but don't fail the request
+		fmt.Printf("Failed to refresh TTL for key %s: %v\n", key, err)
+	}
+
+	return config, nil
+}

plugins/golang-filter/mcp-session/handler/rate_limit_handler.go

@@ -0,0 +1,181 @@
+package handler
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/alibaba/higress/plugins/golang-filter/mcp-session/common"
+	"github.com/envoyproxy/envoy/contrib/golang/common/go/api"
+	"github.com/mark3labs/mcp-go/mcp"
+)
+
+type MCPRatelimitHandler struct {
+	redisClient *common.RedisClient
+	callbacks   api.FilterCallbackHandler
+	limit       int      // Maximum requests allowed per window
+	window      int      // Time window in seconds
+	whitelist   []string // Whitelist of UIDs that bypass rate limiting
+	errorText   string   // Error text to be displayed
+}
+
+// MCPRatelimitConfig is the configuration for the rate limit handler
+type MCPRatelimitConfig struct {
+	Limit     int      `json:"limit"`
+	Window    int      `json:"window"`
+	Whitelist []string `json:"white_list"` // List of UIDs that bypass rate limiting
+	ErrorText string   `json:"error_text"` // Error text to be displayed
+}
+
+// NewMCPRatelimitHandler creates a new rate limit handler
+func NewMCPRatelimitHandler(redisClient *common.RedisClient, callbacks api.FilterCallbackHandler, conf *MCPRatelimitConfig) *MCPRatelimitHandler {
+	if conf == nil {
+		conf = &MCPRatelimitConfig{
+			Limit:     100,
+			Window:    int(24 * time.Hour / time.Second), // 24 hours in seconds
+			Whitelist: []string{},
+			ErrorText: "API rate limit exceeded",
+		}
+	}
+	return &MCPRatelimitHandler{
+		redisClient: redisClient,
+		callbacks:   callbacks,
+		limit:       conf.Limit,
+		window:      conf.Window,
+		whitelist:   conf.Whitelist,
+		errorText:   conf.ErrorText,
+	}
+}
+
+const (
+	// Lua script for rate limiting
+	LimitScript = `
+        local ttl = redis.call('ttl', KEYS[1])
+    	if ttl < 0 then
+        	redis.call('set', KEYS[1], ARGV[1] - 1, 'EX', ARGV[2])
+        	return {ARGV[1], ARGV[1] - 1, ARGV[2]}
+    	end
+    	return {ARGV[1], redis.call('incrby', KEYS[1], -1), ttl}
+    `
+)
+
+type LimitContext struct {
+	Count     int // Current request count
+	Remaining int // Remaining requests allowed
+	Reset     int // Time until reset in seconds
+}
+
+// TODO: needs to be refactored, rate limit should be registered as a request hook in MCP server
+func (h *MCPRatelimitHandler) HandleRatelimit(req *http.Request, body []byte) bool {
+	parts := strings.Split(req.URL.Path, "/")
+	if len(parts) < 3 {
+		h.callbacks.DecoderFilterCallbacks().SendLocalReply(http.StatusForbidden, "", nil, 0, "")
+		return false
+	}
+	serverName := parts[1]
+	uid := parts[2]
+
+	// Check if the UID is in whitelist
+	for _, whitelistedUID := range h.whitelist {
+		if whitelistedUID == uid {
+			return true // Bypass rate limiting for whitelisted UIDs
+		}
+	}
+
+	// Build rate limit key using serverName, uid, window and limit
+	limitKey := fmt.Sprintf("mcp-server-limit:%s:%s:%d:%d", serverName, uid, h.window, h.limit)
+	keys := []string{limitKey}
+
+	args := []interface{}{h.limit, h.window}
+
+	result, err := h.redisClient.Eval(LimitScript, 1, keys, args)
+	if err != nil {
+		api.LogErrorf("Failed to check rate limit: %v", err)
+		h.callbacks.DecoderFilterCallbacks().SendLocalReply(http.StatusInternalServerError, "", nil, 0, "")
+		return false
+	}
+
+	// Process response
+	resultArray, ok := result.([]interface{})
+	if !ok || len(resultArray) != 3 {
+		api.LogErrorf("Invalid response format: %v", result)
+		h.callbacks.DecoderFilterCallbacks().SendLocalReply(http.StatusInternalServerError, "", nil, 0, "")
+		return false
+	}
+
+	context := LimitContext{
+		Count:     parseRedisValue(resultArray[0]),
+		Remaining: parseRedisValue(resultArray[1]),
+		Reset:     parseRedisValue(resultArray[2]),
+	}
+
+	if context.Remaining < 0 {
+		// Create error response content
+		errorContent := []mcp.TextContent{
+			{
+				Type: "text",
+				Text: h.errorText,
+			},
+		}
+		// Create response result
+		result := map[string]interface{}{
+			"content": errorContent,
+			"isError": true,
+		}
+		// Create JSON-RPC response
+		id := getJSONPRCID(body)
+		response := mcp.JSONRPCResponse{
+			JSONRPC: mcp.JSONRPC_VERSION,
+			ID:      id,
+			Result:  result,
+		}
+		// Convert response to JSON
+		jsonResponse, err := json.Marshal(response)
+		if err != nil {
+			api.LogErrorf("Failed to marshal JSON response: %v", err)
+			h.callbacks.DecoderFilterCallbacks().SendLocalReply(http.StatusInternalServerError, "", nil, 0, "")
+			return false
+		}
+		// Send JSON-RPC response
+		sessionID := req.URL.Query().Get("sessionId")
+		if sessionID != "" {
+			h.callbacks.DecoderFilterCallbacks().SendLocalReply(http.StatusAccepted, string(jsonResponse), nil, 0, "")
+		} else {
+			h.callbacks.DecoderFilterCallbacks().SendLocalReply(http.StatusOK, string(jsonResponse), nil, 0, "")
+		}
+		return false
+	}
+
+	return true
+}
+
+func getJSONPRCID(body []byte) mcp.RequestId {
+	baseMessage := struct {
+		JSONRPC string      `json:"jsonrpc"`
+		Method  string      `json:"method"`
+		ID      interface{} `json:"id,omitempty"`
+	}{}
+	if err := json.Unmarshal(body, &baseMessage); err != nil {
+		api.LogWarnf("Failed to unmarshal request body: %v, not a JSON RPC request", err)
+		return ""
+	}
+	return baseMessage.ID
+}
+
+// parseRedisValue converts the value from Redis to an int
+func parseRedisValue(value interface{}) int {
+	switch v := value.(type) {
+	case int:
+		return v
+	case int64:
+		return int(v)
+	case string:
+		if i, err := strconv.Atoi(v); err == nil {
+			return i
+		}
+	}
+	return 0
+}

plugins/wasm-cpp/common/http_util.h

@@ -55,6 +55,7 @@ constexpr std::string_view Host(":authority");
 constexpr std::string_view Path(":path");
 constexpr std::string_view EnvoyOriginalPath("x-envoy-original-path");
 constexpr std::string_view Accept("accept");
+constexpr std::string_view ContentDisposition("content-disposition");
 constexpr std::string_view ContentMD5("content-md5");
 constexpr std::string_view ContentType("content-type");
 constexpr std::string_view ContentLength("content-length");
@@ -68,6 +69,7 @@ constexpr std::string_view StrictTransportSecurity("strict-transport-security");
 namespace ContentTypeValues {
 constexpr std::string_view Grpc{"application/grpc"};
 constexpr std::string_view Json{"application/json"};
+constexpr std::string_view MultipartFormData{"multipart/form-data"};
 }  // namespace ContentTypeValues
 
 class PercentEncoding {

plugins/wasm-cpp/extensions/model_router/README.md

@@ -8,7 +8,7 @@
 | `modelKey`           | string          | 选填                    | model                    | 请求body中model参数的位置                             |
 | `addProviderHeader`  | string          | 选填                    | -                        | 从model参数中解析出的provider名字放到哪个请求header中 |
 | `modelToHeader`      | string          | 选填                    | -                        | 直接将model参数放到哪个请求header中                   |
-| `enableOnPathSuffix` | array of string | 选填                    | ["/v1/chat/completions"] | 只对这些特定路径后缀的请求生效，可以配置为 "*" 以匹配所有路径 |
+| `enableOnPathSuffix` | array of string | 选填                    | ["/completions","/embeddings","/images/generations","/audio/speech","/fine_tuning/jobs","/moderations"] | 只对这些特定路径后缀的请求生效，可以配置为 "*" 以匹配所有路径 |
 
 ## 运行属性
 

plugins/wasm-cpp/extensions/model_router/plugin.cc

@@ -16,6 +16,7 @@
 
 #include <array>
 #include <limits>
+#include <regex>
 
 #include "absl/strings/str_cat.h"
 #include "absl/strings/str_split.h"
@@ -123,6 +124,7 @@ bool PluginRootContext::configure(size_t configuration_size) {
 }
 
 FilterHeadersStatus PluginRootContext::onHeader(
+    PluginContext& ctx,
     const ModelRouterConfigRule& rule) {
   if (!Wasm::Common::Http::hasRequestBody()) {
     return FilterHeadersStatus::Continue;
@@ -150,19 +152,49 @@ FilterHeadersStatus PluginRootContext::onHeader(
   if (!enable) {
     return FilterHeadersStatus::Continue;
   }
-  auto content_type_value =
+  auto content_type_ptr =
       getRequestHeader(Wasm::Common::Http::Header::ContentType);
-  if (!absl::StrContains(content_type_value->view(),
+  auto content_type_value = content_type_ptr->view();
+  LOG_DEBUG(absl::StrCat("Content-Type: ", content_type_value));
+  if (absl::StrContains(content_type_value,
                          Wasm::Common::Http::ContentTypeValues::Json)) {
-    return FilterHeadersStatus::Continue;
+    ctx.mode_ = MODE_JSON;
+    LOG_DEBUG("Enable JSON mode.");
+    removeRequestHeader(Wasm::Common::Http::Header::ContentLength);
+    setFilterState(SetDecoderBufferLimitKey, DefaultMaxBodyBytes);
+    LOG_INFO(absl::StrCat("SetRequestBodyBufferLimit: ", DefaultMaxBodyBytes));
+    return FilterHeadersStatus::StopIteration;
   }
-  removeRequestHeader(Wasm::Common::Http::Header::ContentLength);
-  setFilterState(SetDecoderBufferLimitKey, DefaultMaxBodyBytes);
-  LOG_INFO(absl::StrCat("SetRequestBodyBufferLimit: ", DefaultMaxBodyBytes));
-  return FilterHeadersStatus::StopIteration;
+  if (absl::StrContains(content_type_value,
+                         Wasm::Common::Http::ContentTypeValues::MultipartFormData)) {
+    // Get the boundary from the content type
+    auto boundary_start = content_type_value.find("boundary=");
+    if (boundary_start == std::string::npos) {
+      LOG_WARN(absl::StrCat("No boundary found in a multipart/form-data content-type: ", content_type_value));
+      return FilterHeadersStatus::Continue;
+    }
+    boundary_start += 9;
+    auto boundary_end = content_type_value.find(';', boundary_start);
+    if (boundary_end == std::string::npos) {
+      boundary_end = content_type_value.size();
+    }
+    auto boundary_length = boundary_end - boundary_start;
+    if (boundary_length < 1 || boundary_length > 70) {
+      // See https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html
+      LOG_WARN(absl::StrCat("Invalid boundary value in a multipart/form-data content-type: ", content_type_value));
+      return FilterHeadersStatus::Continue;
+    }
+    auto boundary_value = content_type_value.substr(boundary_start, boundary_end - boundary_start);
+    ctx.mode_ = MODE_MULTIPART;
+    ctx.boundary_ = boundary_value;
+    LOG_DEBUG(absl::StrCat("Enable multipart/form-data mode. Boundary=", boundary_value));
+    removeRequestHeader(Wasm::Common::Http::Header::ContentLength);
+    return FilterHeadersStatus::StopIteration;
+  }
+  return FilterHeadersStatus::Continue;
 }
 
-FilterDataStatus PluginRootContext::onBody(const ModelRouterConfigRule& rule,
+FilterDataStatus PluginRootContext::onJsonBody(const ModelRouterConfigRule& rule,
                                            std::string_view body) {
   const auto& model_key = rule.model_key_;
   const auto& add_provider_header = rule.add_provider_header_;
@@ -198,10 +230,85 @@ FilterDataStatus PluginRootContext::onBody(const ModelRouterConfigRule& rule,
   return FilterDataStatus::Continue;
 }
 
+FilterDataStatus PluginRootContext::onMultipartBody(
+    PluginContext& ctx,
+    const ModelRouterConfigRule& rule,
+    WasmDataPtr& body,
+    bool end_stream) {
+  const auto& add_provider_header = rule.add_provider_header_;
+  const auto& model_to_header = rule.model_to_header_;
+
+  const auto boundary = ctx.boundary_;
+  const auto body_view = body->view();
+  const auto model_param_header = absl::StrCat("Content-Disposition: form-data; name=\"", rule.model_key_, "\"");
+
+  for (size_t pos = 0; (pos = body_view.find(boundary, pos)) != std::string_view::npos;) {
+    LOG_DEBUG(absl::StrCat("Found boundary at ", pos));
+    pos += boundary.length();
+    size_t end_pos = body_view.find(boundary, pos);
+    if (end_pos == std::string_view::npos) {
+      end_pos = body_view.length();
+    }
+    std::string_view part = body_view.substr(pos, end_pos - pos);
+    LOG_DEBUG(absl::StrCat("Part: ", part));
+    auto part_pos = pos;
+    pos = end_pos;
+
+    // Check if this part contains the model parameter
+    if (!absl::StrContains(part, model_param_header)) {
+      LOG_DEBUG("Part does not contain model parameter");
+      continue;
+    }
+    size_t value_start = part.find(CRLF_CRLF);
+    if (value_start == std::string_view::npos) {
+      LOG_DEBUG("No value start found in part");
+      break;
+    }
+    value_start += 4; // Skip the "\r\n\r\n"
+    // model parameter should be only one line
+    size_t value_end = part.find(CRLF, value_start);
+    if (value_end == std::string_view::npos) {
+      LOG_DEBUG("No value end found in part");
+      break;
+    }
+    auto model_value = part.substr(value_start, value_end - value_start);
+    LOG_DEBUG(absl::StrCat("Model value: ", model_value));
+    if (!model_to_header.empty()) {
+      replaceRequestHeader(model_to_header, model_value);
+    }
+    if (!add_provider_header.empty()) {
+      auto pos = model_value.find('/');
+      if (pos != std::string::npos) {
+        const auto& provider = model_value.substr(0, pos);
+        const auto& model = model_value.substr(pos + 1);
+        replaceRequestHeader(add_provider_header, provider);
+        size_t new_size = 0;
+        auto new_buffer_data = absl::StrCat(body_view.substr(0, part_pos + value_start), model, body_view.substr(part_pos + value_end));
+        auto result = setBuffer(WasmBufferType::HttpRequestBody, 0, std::numeric_limits<size_t>::max(), new_buffer_data, &new_size);
+        LOG_DEBUG(absl::StrCat("model route to provider:", provider,
+                               ", model:", model));
+        LOG_DEBUG(absl::StrCat("result=", result, "  new_size=", new_size));
+      } else {
+        LOG_DEBUG(absl::StrCat("model route to provider not work, model:",
+                               model_value));
+      }
+    }
+    // We are done now. We can stop processing the body.
+    LOG_DEBUG(absl::StrCat("Done processing multipart body after caching ", body_view.length() , " bytes."));
+    ctx.mode_ = MODE_BYPASS;
+    return FilterDataStatus::Continue;
+  }
+  if (end_stream) {
+    LOG_DEBUG("No model parameter found in the body");
+    return FilterDataStatus::Continue;
+  }
+  return FilterDataStatus::StopIterationAndBuffer;
+}
+
 FilterHeadersStatus PluginContext::onRequestHeaders(uint32_t, bool) {
   auto* rootCtx = rootContext();
   return rootCtx->onHeaders([rootCtx, this](const auto& config) {
-    auto ret = rootCtx->onHeader(config);
+    auto ret = rootCtx->onHeader(*this, config);
     if (ret == FilterHeadersStatus::StopIteration) {
       this->config_ = &config;
     }
@@ -214,14 +321,28 @@ FilterDataStatus PluginContext::onRequestBody(size_t body_size,
   if (config_ == nullptr) {
     return FilterDataStatus::Continue;
   }
-  body_total_size_ += body_size;
-  if (!end_stream) {
-    return FilterDataStatus::StopIterationAndBuffer;
-  }
-  auto body =
-      getBufferBytes(WasmBufferType::HttpRequestBody, 0, body_total_size_);
   auto* rootCtx = rootContext();
-  return rootCtx->onBody(*config_, body->view());
+  body_total_size_ += body_size;
+  switch (mode_) {
+    case MODE_JSON:
+    {
+      if (!end_stream) {
+        return FilterDataStatus::StopIterationAndBuffer;
+      }
+      auto body =
+          getBufferBytes(WasmBufferType::HttpRequestBody, 0, body_total_size_);
+      return rootCtx->onJsonBody(*config_, body->view());
+    }
+    case MODE_MULTIPART:
+    {
+      auto body =
+          getBufferBytes(WasmBufferType::HttpRequestBody, 0, body_total_size_);
+      return rootCtx->onMultipartBody(*this, *config_, body, end_stream);
+    }
+    case MODE_BYPASS:
+    default:
+      return FilterDataStatus::Continue;
+  }
 }
 
 #ifdef NULL_PLUGIN

plugins/wasm-cpp/extensions/model_router/plugin.h

@@ -36,6 +36,13 @@ namespace model_router {
 
 #endif
 
+#define MODE_BYPASS 0
+#define MODE_JSON 1
+#define MODE_MULTIPART 2
+
+#define CRLF ("\r\n")
+#define CRLF_CRLF ("\r\n\r\n")
+
 struct ModelRouterConfigRule {
   std::string model_key_ = "model";
   std::string add_provider_header_;
@@ -45,6 +52,8 @@ struct ModelRouterConfigRule {
       "/audio/speech", "/fine_tuning/jobs", "/moderations"};
 };
 
+class PluginContext;
+
 // PluginRootContext is the root context for all streams processed by the
 // thread. It has the same lifetime as the worker thread and acts as target for
 // interactions that outlives individual stream, e.g. timer, async calls.
@@ -55,8 +64,9 @@ class PluginRootContext : public RootContext,
       : RootContext(id, root_id) {}
   ~PluginRootContext() {}
   bool onConfigure(size_t) override;
-  FilterHeadersStatus onHeader(const ModelRouterConfigRule&);
-  FilterDataStatus onBody(const ModelRouterConfigRule&, std::string_view);
+  FilterHeadersStatus onHeader(PluginContext& ctx, const ModelRouterConfigRule&);
+  FilterDataStatus onJsonBody(const ModelRouterConfigRule&, std::string_view);
+  FilterDataStatus onMultipartBody(PluginContext& ctx, const ModelRouterConfigRule& rule, WasmDataPtr& body, bool end_stream);
   bool configure(size_t);
 
  private:
@@ -69,6 +79,8 @@ class PluginContext : public Context {
   explicit PluginContext(uint32_t id, RootContext* root) : Context(id, root) {}
   FilterHeadersStatus onRequestHeaders(uint32_t, bool) override;
   FilterDataStatus onRequestBody(size_t, bool) override;
+  int mode_;
+  std::string boundary_;
 
  private:
   inline PluginRootContext* rootContext() {

plugins/wasm-cpp/extensions/model_router/plugin_test.cc

@@ -15,6 +15,7 @@
 #include "extensions/model_router/plugin.h"
 
 #include <cstddef>
+#include <regex>
 
 #include "gmock/gmock.h"
 #include "gtest/gtest.h"
@@ -86,7 +87,7 @@ class ModelRouterTest : public ::testing::Test {
         .WillByDefault([&](WasmHeaderMapType, std::string_view header,
                            std::string_view* result) {
           if (header == "content-type") {
-            *result = "application/json";
+            *result = content_type_;
           } else if (header == "content-length") {
             *result = "1024";
           } else if (header == ":path") {
@@ -125,6 +126,7 @@ class ModelRouterTest : public ::testing::Test {
   std::unique_ptr<PluginContext> context_;
   std::string route_name_;
   std::string path_;
+  std::string content_type_ = "application/json";
   BufferBase body_;
   BufferBase config_;
 };
@@ -133,7 +135,7 @@ TEST_F(ModelRouterTest, RewriteModelAndHeader) {
   std::string configuration = R"(
 {
   "addProviderHeader": "x-higress-llm-provider"
-    })";
+})";
 
   config_.set(configuration);
   EXPECT_TRUE(root_context_->configure(configuration.size()));
@@ -155,14 +157,14 @@ TEST_F(ModelRouterTest, RewriteModelAndHeader) {
   body_.set(request_json);
   EXPECT_EQ(context_->onRequestHeaders(0, false),
             FilterHeadersStatus::StopIteration);
-  EXPECT_EQ(context_->onRequestBody(28, true), FilterDataStatus::Continue);
+  EXPECT_EQ(context_->onRequestBody(request_json.length(), true), FilterDataStatus::Continue);
 }
 
 TEST_F(ModelRouterTest, ModelToHeader) {
   std::string configuration = R"(
 {
   "modelToHeader": "x-higress-llm-model"
-    })";
+})";
 
   config_.set(configuration);
   EXPECT_TRUE(root_context_->configure(configuration.size()));
@@ -181,14 +183,14 @@ TEST_F(ModelRouterTest, ModelToHeader) {
   body_.set(request_json);
   EXPECT_EQ(context_->onRequestHeaders(0, false),
             FilterHeadersStatus::StopIteration);
-  EXPECT_EQ(context_->onRequestBody(28, true), FilterDataStatus::Continue);
+  EXPECT_EQ(context_->onRequestBody(request_json.length(), true), FilterDataStatus::Continue);
 }
 
 TEST_F(ModelRouterTest, IgnorePath) {
   std::string configuration = R"(
 {
   "addProviderHeader": "x-higress-llm-provider"
-    })";
+})";
 
   config_.set(configuration);
   EXPECT_TRUE(root_context_->configure(configuration.size()));
@@ -208,7 +210,7 @@ TEST_F(ModelRouterTest, IgnorePath) {
   body_.set(request_json);
   EXPECT_EQ(context_->onRequestHeaders(0, false),
             FilterHeadersStatus::Continue);
-  EXPECT_EQ(context_->onRequestBody(28, true), FilterDataStatus::Continue);
+  EXPECT_EQ(context_->onRequestBody(request_json.length(), true), FilterDataStatus::Continue);
 }
 
 TEST_F(ModelRouterTest, RouteLevelRewriteModelAndHeader) {
@@ -242,7 +244,178 @@ TEST_F(ModelRouterTest, RouteLevelRewriteModelAndHeader) {
   route_name_ = "route-a";
   EXPECT_EQ(context_->onRequestHeaders(0, false),
             FilterHeadersStatus::StopIteration);
-  EXPECT_EQ(context_->onRequestBody(28, true), FilterDataStatus::Continue);
+  EXPECT_EQ(context_->onRequestBody(request_json.length(), true), FilterDataStatus::Continue);
+}
+
+
+TEST_F(ModelRouterTest, RewriteModelAndHeaderMultipartFormData) {
+  std::string configuration = R"({
+  "addProviderHeader": "x-higress-llm-provider"
+})";
+
+  config_.set(configuration);
+  EXPECT_TRUE(root_context_->configure(configuration.size()));
+
+  path_ = "/v1/chat/completions";
+  content_type_ = "multipart/form-data; boundary=--------------------------100751621174704322650451";
+  std::string request_data = std::regex_replace(R"(
+----------------------------100751621174704322650451
+Content-Disposition: form-data; name="purpose"
+
+batch
+----------------------------100751621174704322650451
+Content-Disposition: form-data; name="model"
+
+qwen/qwen-turbo
+----------------------------100751621174704322650451
+Content-Disposition: form-data; name="file"; filename="test-data.json"
+Content-Type: application/json
+
+[
+]
+----------------------------100751621174704322650451--
+)", std::regex("\n"), "\r\n"); // Multipart data requires CRLF line endings
+  EXPECT_CALL(*mock_context_,
+              setBuffer(testing::_, testing::_, testing::_, testing::_))
+      .WillOnce([&](WasmBufferType, size_t start, size_t length, std::string_view body) {
+        std::cerr << "===============" << "\n";
+        std::cerr << body << "\n";
+        std::cerr << "===============" << "\n";
+        EXPECT_EQ(start, 0);
+        EXPECT_EQ(length, std::numeric_limits<size_t>::max());
+        auto expected_body= std::regex_replace(R"(
+----------------------------100751621174704322650451
+Content-Disposition: form-data; name="purpose"
+
+batch
+----------------------------100751621174704322650451
+Content-Disposition: form-data; name="model"
+
+qwen-turbo
+)", std::regex("\n"), "\r\n"); // Multipart data requires CRLF line endings
+        EXPECT_EQ(body, expected_body);
+        return WasmResult::Ok;
+      });
+
+  EXPECT_CALL(*mock_context_,
+              replaceHeaderMapValue(testing::_,
+                                    std::string_view("x-higress-llm-provider"),
+                                    std::string_view("qwen")));
+
+  body_.set(request_data);
+  EXPECT_EQ(context_->onRequestHeaders(0, false),
+            FilterHeadersStatus::StopIteration);
+
+  auto last_body_size = 0;
+
+  auto body = request_data.substr(0, request_data.find("batch") + 5 + 2 /* batch + CRLF */);
+  body_.set(body);
+  EXPECT_EQ(context_->onRequestBody(body.size() - last_body_size, false), FilterDataStatus::StopIterationAndBuffer);
+  last_body_size = body.size();
+
+  body = request_data.substr(0, request_data.find("\"model\"") + 5 + 2 + 2 /* "model" + CRLF + CRLF */);
+  body_.set(body);
+  EXPECT_EQ(context_->onRequestBody(body.size() - last_body_size, false), FilterDataStatus::StopIterationAndBuffer);
+  last_body_size = body.size();
+
+  body = request_data.substr(0, request_data.find("qwen") + 4 /* "qwen" */);
+  body_.set(body);
+  EXPECT_EQ(context_->onRequestBody(body.size() - last_body_size, false), FilterDataStatus::StopIterationAndBuffer);
+  last_body_size = body.size();
+
+  body = request_data.substr(0, request_data.find("qwen-turbo") + 10 /* "qwen-turbo" */);
+  body_.set(body);
+  EXPECT_EQ(context_->onRequestBody(body.size() - last_body_size, false), FilterDataStatus::StopIterationAndBuffer);
+  last_body_size = body.size();
+
+  body = request_data.substr(0, request_data.find("qwen-turbo") + 10 + 2 /* "qwen-turbo" + CRLF */);
+  body_.set(body);
+  EXPECT_EQ(context_->onRequestBody(body.size() - last_body_size, false), FilterDataStatus::Continue);
+  last_body_size = body.size();
+
+  body = request_data.substr(0, request_data.find("qwen-turbo") + 10 + 2 + 50 /* "qwen-turbo" + CRLF + boundary */);
+  body_.set(body);
+  EXPECT_EQ(context_->onRequestBody(body.size() - last_body_size, false), FilterDataStatus::Continue);
+  last_body_size = body.size();
+
+  body_.set(request_data);
+  EXPECT_EQ(context_->onRequestBody(body.size() - last_body_size, true), FilterDataStatus::Continue);
+}
+
+TEST_F(ModelRouterTest, ModelToHeaderMultipartFormData) {
+  std::string configuration =  R"(
+{
+  "modelToHeader": "x-higress-llm-model"
+})";
+
+  config_.set(configuration);
+  EXPECT_TRUE(root_context_->configure(configuration.size()));
+
+  path_ = "/v1/chat/completions";
+  content_type_ = "multipart/form-data; boundary=--------------------------100751621174704322650451";
+  std::string request_data = std::regex_replace(R"(
+----------------------------100751621174704322650451
+Content-Disposition: form-data; name="purpose"
+
+batch
+----------------------------100751621174704322650451
+Content-Disposition: form-data; name="model"
+
+qwen-max
+----------------------------100751621174704322650451
+Content-Disposition: form-data; name="file"; filename="test-data.json"
+Content-Type: application/json
+
+[
+]
+----------------------------100751621174704322650451--
+)", std::regex("\n"), "\r\n"); // Multipart data requires CRLF line endings
+  EXPECT_CALL(*mock_context_,
+              setBuffer(testing::_, testing::_, testing::_, testing::_))
+      .Times(0);
+
+  EXPECT_CALL(
+      *mock_context_,
+      replaceHeaderMapValue(testing::_, std::string_view("x-higress-llm-model"),
+                            std::string_view("qwen-max")));
+
+  EXPECT_EQ(context_->onRequestHeaders(0, false),
+            FilterHeadersStatus::StopIteration);
+
+  auto last_body_size = 0;
+
+  auto body = request_data.substr(0, request_data.find("batch") + 5 + 2 /* batch + CRLF */);
+  body_.set(body);
+  EXPECT_EQ(context_->onRequestBody(body.size() - last_body_size, false), FilterDataStatus::StopIterationAndBuffer);
+  last_body_size = body.size();
+
+  body = request_data.substr(0, request_data.find("\"model\"") + 5 + 2 + 2 /* "model" + CRLF + CRLF */);
+  body_.set(body);
+  EXPECT_EQ(context_->onRequestBody(body.size() - last_body_size, false), FilterDataStatus::StopIterationAndBuffer);
+  last_body_size = body.size();
+
+  body = request_data.substr(0, request_data.find("qwen") + 4 /* "qwen" */);
+  body_.set(body);
+  EXPECT_EQ(context_->onRequestBody(body.size() - last_body_size, false), FilterDataStatus::StopIterationAndBuffer);
+  last_body_size = body.size();
+
+  body = request_data.substr(0, request_data.find("qwen-max") + 8 /* "qwen-max" */);
+  body_.set(body);
+  EXPECT_EQ(context_->onRequestBody(body.size() - last_body_size, false), FilterDataStatus::StopIterationAndBuffer);
+  last_body_size = body.size();
+
+  body = request_data.substr(0, request_data.find("qwen-max") + 8 + 2 /* "qwen-max" + CRLF */);
+  body_.set(body);
+  EXPECT_EQ(context_->onRequestBody(body.size() - last_body_size, false), FilterDataStatus::Continue);
+  last_body_size = body.size();
+
+  body = request_data.substr(0, request_data.find("qwen-max") + 8 + 2 + 50 /* "qwen-max" + CRLF */);
+  body_.set(body);
+  EXPECT_EQ(context_->onRequestBody(body.size() - last_body_size, false), FilterDataStatus::Continue);
+  last_body_size = body.size();
+
+  body_.set(request_data);
+  EXPECT_EQ(context_->onRequestBody(body.size() - last_body_size, true), FilterDataStatus::Continue);
 }
 
 }  // namespace model_router

plugins/wasm-go/Dockerfile

@@ -17,7 +17,14 @@ COPY . .
 WORKDIR /workspace/extensions/$PLUGIN_NAME
 
 RUN go mod tidy
-RUN tinygo build -o /main.wasm -scheduler=none -gc=custom -tags="custommalloc nottinygc_finalizer $EXTRA_TAGS" -target=wasi ./
+RUN \
+  if echo "$PLUGIN_NAME" | grep -Eq '^waf$'; then \
+    # Please use higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/wasm-go-builder:go1.19-tinygo0.28.1-oras1.0.0 as BUILDER
+    go run mage.go build && \
+      mv ./local/main.wasm /main.wasm ; \
+  else \
+    tinygo build -o /main.wasm -scheduler=none -gc=custom -tags="custommalloc nottinygc_finalizer $EXTRA_TAGS" -target=wasi ./ ; \
+  fi
 
 FROM scratch as output
 

plugins/wasm-go/extensions/ai-cache/README.md

@@ -102,6 +102,24 @@ LLM 结果缓存插件，默认配置方式可以直接用于 openai 协议的
 
 ## 文本向量化提供商特有配置
 
+### Azure OpenAI
+
+Azure OpenAI 所对应的 `embedding.type` 为 `azure`。它需要提前创建[Azure OpenAI 账户](https://portal.azure.com/#view/Microsoft_Azure_ProjectOxford/CognitiveServicesHub/~/overview)，然后您需要在[Azure AI Foundry](https://ai.azure.com/resource/deployments)中挑选一个模型并将其部署，点击您部署好的模型，您可以在终结点中看到目标 URI 以及密钥。请将 URI 中的 host 填入`embedding.serviceHost`，密钥填入`apiKey`。
+
+一个完整的 URI 示例为 https://YOUR_RESOURCE_NAME.openai.azure.com/openai/deployments/YOUR_DEPLOYMENT_NAME/embeddings?api-version=2024-10-21，您需要将`YOUR_RESOURCE_NAME.openai.azure.com`填入`embedding.serviceHost`。
+
+它特有的配置字段如下：
+
+| 名称                   | 数据类型 | 填写要求 | 默认值 | 描述    | 填写值                       |
+| ---------------------- | -------- | -------- | ------ | ------- | ---------------------------- |
+| `embedding.apiVersion` | string   | 必填     | -      | api版本 | 获取到的URI中api-version的值 |
+
+需要注意的是您必须要指定`embedding.serviceHost`，如`YOUR_RESOURCE_NAME.openai.azure.com`。模型默认使用了`text-embedding-ada-002`，如需其他模型，请在`embedding.model`中进行指定。
+
+### Cohere
+
+Cohere 所对应的 `embedding.type` 为 `cohere`。它并无特有的配置字段。需要提前创建 [API Key](https://docs.cohere.com/reference/embed)，并将其填入`embedding.apiKey`。
+
 ### OpenAI
 
 OpenAI 所对应的 `embedding.type` 为 `openai`。它并无特有的配置字段。需要提前创建 [API Key](https://platform.openai.com/settings/organization/api-keys)，并将其填入`embedding.apiKey`，一个 API Key 的示例为` sk-xxxxxxx`。
@@ -110,16 +128,11 @@ OpenAI 所对应的 `embedding.type` 为 `openai`。它并无特有的配置字
 
 Ollama 所对应的 `embedding.type` 为 `ollama`。它并无特有的配置字段。
 
-### 讯飞星火
+### Hugging Face
 
-讯飞星火 所对应的 `embedding.type` 为 `xfyun`。它需要提前创建[应用](https://console.xfyun.cn/services/emb)，获取`APPID`  、`APISecret`和`APIKey`，并将`APIKey`填入`embedding.apiKey`中。
+Hugging Face 所对应的 `embedding.type` 为 `huggingface`。它并无特有的配置字段。需要提前创建 [hf_token](https://huggingface.co/blog/getting-started-with-embeddings)，并将其填入`embedding.apiKey`，一个 hf_token 的示例为` hf_xxxxxxx`。
 
-它特有的配置字段如下：
-
-| 名称                  | 数据类型 | 填写要求 | 默认值 | 描述                 | 填写值           |
-| --------------------- | -------- | -------- | ------ | -------------------- | ---------------- |
-| `embedding.appId`     | string   | 必填     | -      | 应用 ID              | 获取的 APPID     |
-| `embedding.apiSecret` | string   | 必填     | -      | 调用 API 所需 Secret | 获取的 APISecret |
+`embedding.model`默认指定为`sentence-transformers/all-MiniLM-L6-v2`
 
 ### Textln
 
@@ -133,15 +146,16 @@ Textln 所对应的 `embedding.type` 为 `textln`。它需要提前获取[`app-i
 | `embedding.textinSecretCode`    | string   | 必填     | -      | 调用 API 所需 Secret | 获取的 secret-code |
 | `embedding.textinMatryoshkaDim` | int      | 必填     | -      | 返回的单个向量长度   |                    |
 
-### Hugging Face
+### 讯飞星火
 
-Hugging Face 所对应的 `embedding.type` 为 `huggingface`。它并无特有的配置字段。需要提前创建 [hf_token](https://huggingface.co/blog/getting-started-with-embeddings)，并将其填入`embedding.apiKey`，一个 hf_token 的示例为` hf_xxxxxxx`。
+讯飞星火 所对应的 `embedding.type` 为 `xfyun`。它需要提前创建[应用](https://console.xfyun.cn/services/emb)，获取`APPID`  、`APISecret`和`APIKey`，并将`APIKey`填入`embedding.apiKey`中。
 
-`embedding.model`默认指定为`sentence-transformers/all-MiniLM-L6-v2`
+它特有的配置字段如下：
 
-### Cohere
-
-Cohere 所对应的 `embedding.type` 为 `cohere`。它并无特有的配置字段。需要提前创建 [API Key](https://docs.cohere.com/reference/embed)，并将其填入`embedding.apiKey`。
+| 名称                  | 数据类型 | 填写要求 | 默认值 | 描述                 | 填写值           |
+| --------------------- | -------- | -------- | ------ | -------------------- | ---------------- |
+| `embedding.appId`     | string   | 必填     | -      | 应用 ID              | 获取的 APPID     |
+| `embedding.apiSecret` | string   | 必填     | -      | 调用 API 所需 Secret | 获取的 APISecret |
 
 ## 向量数据库提供商特有配置
 

plugins/wasm-go/extensions/ai-cache/core.go

@@ -130,7 +130,7 @@ func performEmbeddingQuery(key string, ctx wrapper.HttpContext, c config.PluginC
 		return logAndReturnError(log, fmt.Sprintf("[performEmbeddingQuery] no embedding provider configured for similarity search"))
 	}
 
-	return activeEmbeddingProvider.GetEmbedding(key, ctx, log, func(textEmbedding []float64, err error) {
+	return activeEmbeddingProvider.GetEmbedding(key, ctx, func(textEmbedding []float64, err error) {
 		log.Debugf("[%s] [performEmbeddingQuery] GetEmbedding success, length of embedding: %d, error: %v", PLUGIN_NAME, len(textEmbedding), err)
 		if err != nil {
 			handleInternalError(err, fmt.Sprintf("[%s] [performEmbeddingQuery] error getting embedding for key: %s", PLUGIN_NAME, key), log)

plugins/wasm-go/extensions/ai-cache/embedding/azure.go

@@ -0,0 +1,172 @@
+package embedding
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/alibaba/higress/plugins/wasm-go/pkg/log"
+	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
+	"github.com/tidwall/gjson"
+)
+
+const (
+	AZURE_PORT               = 443
+	AZURE_DEFAULT_MODEL_NAME = "text-embedding-ada-002"
+	AZURE_ENDPOINT           = "/openai/deployments/{model}/embeddings"
+)
+
+type azureProviderInitializer struct {
+}
+
+var azureConfig azureProviderConfig
+
+type azureProviderConfig struct {
+	// @Title zh-CN 文本特征提取服务 API Key
+	// @Description zh-CN 文本特征提取服务 API Key
+	apiKey string
+	// @Title zh-CN 文本特征提取 api-version
+	// @Description zh-CN 文本特征提取服务 api-version
+	apiVersion string
+}
+
+func (c *azureProviderInitializer) InitConfig(json gjson.Result) {
+	azureConfig.apiKey = json.Get("apiKey").String()
+	azureConfig.apiVersion = json.Get("apiVersion").String()
+}
+
+func (c *azureProviderInitializer) ValidateConfig() error {
+	if azureConfig.apiKey == "" {
+		return errors.New("[Azure] apiKey is required")
+	}
+	if azureConfig.apiVersion == "" {
+		return errors.New("[Azure] apiVersion is required")
+	}
+	return nil
+}
+
+func (t *azureProviderInitializer) CreateProvider(c ProviderConfig) (Provider, error) {
+	if c.servicePort == 0 {
+		c.servicePort = AZURE_PORT
+	}
+
+	if c.model == "" {
+		c.model = AZURE_DEFAULT_MODEL_NAME
+	}
+
+	return &AzureProvider{
+		config: c,
+		client: wrapper.NewClusterClient(wrapper.FQDNCluster{
+			FQDN: c.serviceName,
+			Host: c.serviceHost,
+			Port: c.servicePort,
+		}),
+	}, nil
+}
+
+func (t *AzureProvider) GetProviderType() string {
+	return PROVIDER_TYPE_AZURE
+}
+
+type AzureProvider struct {
+	config ProviderConfig
+	client wrapper.HttpClient
+}
+
+type AzureEmbeddingRequest struct {
+	Input string `json:"input"`
+}
+
+func (t *AzureProvider) constructParameters(text string) (string, [][2]string, []byte, error) {
+	if text == "" {
+		err := errors.New("queryString text cannot be empty")
+		return "", nil, nil, err
+	}
+
+	data := AzureEmbeddingRequest{
+		Input: text,
+	}
+
+	requestBody, err := json.Marshal(data)
+	if err != nil {
+		log.Errorf("failed to marshal request data: %v", err)
+		return "", nil, nil, err
+	}
+
+	model := t.config.model
+	if model == "" {
+		model = AZURE_DEFAULT_MODEL_NAME
+	}
+
+	// 拼接 endpoint
+	endpoint := strings.Replace(AZURE_ENDPOINT, "{model}", model, 1)
+	endpoint = endpoint + "?" + "api-version=" + azureConfig.apiVersion
+
+	headers := [][2]string{
+		{"api-key", azureConfig.apiKey},
+		{"Content-Type", "application/json"},
+	}
+
+	return endpoint, headers, requestBody, err
+}
+
+type AzureEmbeddingResponse struct {
+	Object string `json:"object"`
+	Model  string `json:"model"`
+	Data   []struct {
+		Object    string    `json:"object"`
+		Embedding []float64 `json:"embedding"`
+		Index     int       `json:"index"`
+	} `json:"data"`
+}
+
+func (t *AzureProvider) parseTextEmbedding(responseBody []byte) (*AzureEmbeddingResponse, error) {
+	var resp AzureEmbeddingResponse
+	if err := json.Unmarshal(responseBody, &resp); err != nil {
+		return nil, fmt.Errorf("failed to parse response: %w", err)
+	}
+	return &resp, nil
+}
+
+func (t *AzureProvider) GetEmbedding(
+	queryString string,
+	ctx wrapper.HttpContext,
+	callback func(emb []float64, err error)) error {
+	embUrl, embHeaders, embRequestBody, err := t.constructParameters(queryString)
+	if err != nil {
+		log.Errorf("failed to construct parameters: %v", err)
+		return err
+	}
+
+	var resp *AzureEmbeddingResponse
+	err = t.client.Post(embUrl, embHeaders, embRequestBody,
+		func(statusCode int, responseHeaders http.Header, responseBody []byte) {
+
+			if statusCode != http.StatusOK {
+				err = fmt.Errorf("failed to get embedding due to status code: %d, resp: %s", statusCode, responseBody)
+				callback(nil, err)
+				return
+			}
+
+			resp, err = t.parseTextEmbedding(responseBody)
+			if err != nil {
+				err = fmt.Errorf("failed to parse response: %v", err)
+				callback(nil, err)
+				return
+			}
+
+			log.Debugf("get embedding response: %d, %s", statusCode, responseBody)
+
+			if len(resp.Data) == 0 {
+				err = errors.New("no embedding found in response")
+				callback(nil, err)
+				return
+			}
+
+			callback(resp.Data[0].Embedding, nil)
+
+		}, t.config.timeout)
+	return err
+}

plugins/wasm-go/extensions/ai-cache/embedding/cohere.go

@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"strconv"
 
+	"github.com/alibaba/higress/plugins/wasm-go/pkg/log"
 	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
 	"github.com/tidwall/gjson"
 )
@@ -79,7 +80,7 @@ type CohereProvider struct {
 func (t *CohereProvider) GetProviderType() string {
 	return PROVIDER_TYPE_COHERE
 }
-func (t *CohereProvider) constructParameters(texts []string, log wrapper.Log) (string, [][2]string, []byte, error) {
+func (t *CohereProvider) constructParameters(texts []string) (string, [][2]string, []byte, error) {
 	model := t.config.model
 
 	if model == "" {
@@ -118,9 +119,8 @@ func (t *CohereProvider) parseTextEmbedding(responseBody []byte) (*cohereRespons
 func (t *CohereProvider) GetEmbedding(
 	queryString string,
 	ctx wrapper.HttpContext,
-	log wrapper.Log,
 	callback func(emb []float64, err error)) error {
-	embUrl, embHeaders, embRequestBody, err := t.constructParameters([]string{queryString}, log)
+	embUrl, embHeaders, embRequestBody, err := t.constructParameters([]string{queryString})
 	if err != nil {
 		log.Errorf("failed to construct parameters: %v", err)
 		return err

plugins/wasm-go/extensions/ai-cache/embedding/dashscope.go

@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"strconv"
 
+	"github.com/alibaba/higress/plugins/wasm-go/pkg/log"
 	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
 	"github.com/tidwall/gjson"
 )
@@ -103,7 +104,7 @@ type DSProvider struct {
 	client wrapper.HttpClient
 }
 
-func (d *DSProvider) constructParameters(texts []string, log wrapper.Log) (string, [][2]string, []byte, error) {
+func (d *DSProvider) constructParameters(texts []string) (string, [][2]string, []byte, error) {
 
 	model := d.config.model
 
@@ -159,9 +160,8 @@ func (d *DSProvider) parseTextEmbedding(responseBody []byte) (*Response, error)
 func (d *DSProvider) GetEmbedding(
 	queryString string,
 	ctx wrapper.HttpContext,
-	log wrapper.Log,
 	callback func(emb []float64, err error)) error {
-	embUrl, embHeaders, embRequestBody, err := d.constructParameters([]string{queryString}, log)
+	embUrl, embHeaders, embRequestBody, err := d.constructParameters([]string{queryString})
 	if err != nil {
 		log.Errorf("failed to construct parameters: %v", err)
 		return err

plugins/wasm-go/extensions/ai-cache/embedding/huggingface.go

@@ -4,11 +4,13 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
-	"github.com/tidwall/gjson"
 	"net/http"
 	"strconv"
 	"strings"
+
+	"github.com/alibaba/higress/plugins/wasm-go/pkg/log"
+	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
+	"github.com/tidwall/gjson"
 )
 
 const (
@@ -18,29 +20,29 @@ const (
 	HUGGINGFACE_ENDPOINT           = "/pipeline/feature-extraction/{modelId}"
 )
 
-type HuggingFaceProviderInitializer struct {
+type huggingfaceProviderInitializer struct {
 }
 
-var HuggingFaceConfig HuggingFaceProviderConfig
+var huggingfaceConfig huggingfaceProviderConfig
 
-type HuggingFaceProviderConfig struct {
+type huggingfaceProviderConfig struct {
 	// @Title zh-CN 文本特征提取服务 API Key
 	// @Description zh-CN 文本特征提取服务 API Key。在HuggingFace定义为 hf_token
 	apiKey string
 }
 
-func (c *HuggingFaceProviderInitializer) InitConfig(json gjson.Result) {
-	HuggingFaceConfig.apiKey = json.Get("apiKey").String()
+func (c *huggingfaceProviderInitializer) InitConfig(json gjson.Result) {
+	huggingfaceConfig.apiKey = json.Get("apiKey").String()
 }
 
-func (c *HuggingFaceProviderInitializer) ValidateConfig() error {
-	if HuggingFaceConfig.apiKey == "" {
+func (c *huggingfaceProviderInitializer) ValidateConfig() error {
+	if huggingfaceConfig.apiKey == "" {
 		return errors.New("[HuggingFace] hfTokens is required")
 	}
 	return nil
 }
 
-func (t *HuggingFaceProviderInitializer) CreateProvider(c ProviderConfig) (Provider, error) {
+func (t *huggingfaceProviderInitializer) CreateProvider(c ProviderConfig) (Provider, error) {
 	if c.servicePort == 0 {
 		c.servicePort = HUGGINGFACE_PORT
 	}
@@ -78,7 +80,7 @@ type HuggingFaceEmbeddingRequest struct {
 	} `json:"options"`
 }
 
-func (t *HuggingFaceProvider) constructParameters(text string, log wrapper.Log) (string, [][2]string, []byte, error) {
+func (t *HuggingFaceProvider) constructParameters(text string) (string, [][2]string, []byte, error) {
 	if text == "" {
 		err := errors.New("queryString text cannot be empty")
 		return "", nil, nil, err
@@ -108,7 +110,7 @@ func (t *HuggingFaceProvider) constructParameters(text string, log wrapper.Log)
 	endpoint := strings.Replace(HUGGINGFACE_ENDPOINT, "{modelId}", modelId, 1)
 
 	headers := [][2]string{
-		{"Authorization", "Bearer " + HuggingFaceConfig.apiKey},
+		{"Authorization", "Bearer " + huggingfaceConfig.apiKey},
 		{"Content-Type", "application/json"},
 	}
 
@@ -127,9 +129,8 @@ func (t *HuggingFaceProvider) parseTextEmbedding(responseBody []byte) ([]float64
 func (t *HuggingFaceProvider) GetEmbedding(
 	queryString string,
 	ctx wrapper.HttpContext,
-	log wrapper.Log,
 	callback func(emb []float64, err error)) error {
-	embUrl, embHeaders, embRequestBody, err := t.constructParameters(queryString, log)
+	embUrl, embHeaders, embRequestBody, err := t.constructParameters(queryString)
 	if err != nil {
 		log.Errorf("failed to construct parameters: %v", err)
 		return err

plugins/wasm-go/extensions/ai-cache/embedding/ollama.go

@@ -4,10 +4,12 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
-	"github.com/tidwall/gjson"
 	"net/http"
 	"strconv"
+
+	"github.com/alibaba/higress/plugins/wasm-go/pkg/log"
+	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
+	"github.com/tidwall/gjson"
 )
 
 const (
@@ -69,7 +71,7 @@ type ollamaEmbeddingRequest struct {
 	Model string `json:"model"`
 }
 
-func (t *ollamaProvider) constructParameters(text string, log wrapper.Log) (string, [][2]string, []byte, error) {
+func (t *ollamaProvider) constructParameters(text string) (string, [][2]string, []byte, error) {
 	if text == "" {
 		err := errors.New("queryString text cannot be empty")
 		return "", nil, nil, err
@@ -105,9 +107,8 @@ func (t *ollamaProvider) parseTextEmbedding(responseBody []byte) (*ollamaRespons
 func (t *ollamaProvider) GetEmbedding(
 	queryString string,
 	ctx wrapper.HttpContext,
-	log wrapper.Log,
 	callback func(emb []float64, err error)) error {
-	embUrl, embHeaders, embRequestBody, err := t.constructParameters(queryString, log)
+	embUrl, embHeaders, embRequestBody, err := t.constructParameters(queryString)
 	if err != nil {
 		log.Errorf("failed to construct parameters: %v", err)
 		return err

plugins/wasm-go/extensions/ai-cache/embedding/openai.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"net/http"
 
+	"github.com/alibaba/higress/plugins/wasm-go/pkg/log"
 	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
 	"github.com/tidwall/gjson"
 )
@@ -93,7 +94,7 @@ type OpenAIProvider struct {
 	client wrapper.HttpClient
 }
 
-func (t *OpenAIProvider) constructParameters(text string, log wrapper.Log) (string, [][2]string, []byte, error) {
+func (t *OpenAIProvider) constructParameters(text string) (string, [][2]string, []byte, error) {
 	if text == "" {
 		err := errors.New("queryString text cannot be empty")
 		return "", nil, nil, err
@@ -130,9 +131,8 @@ func (t *OpenAIProvider) parseTextEmbedding(responseBody []byte) (*OpenAIRespons
 func (t *OpenAIProvider) GetEmbedding(
 	queryString string,
 	ctx wrapper.HttpContext,
-	log wrapper.Log,
 	callback func(emb []float64, err error)) error {
-	embUrl, embHeaders, embRequestBody, err := t.constructParameters(queryString, log)
+	embUrl, embHeaders, embRequestBody, err := t.constructParameters(queryString)
 	if err != nil {
 		log.Errorf("failed to construct parameters: %v", err)
 		return err

plugins/wasm-go/extensions/ai-cache/embedding/provider.go

@@ -15,6 +15,7 @@ const (
 	PROVIDER_TYPE_OLLAMA      = "ollama"
 	PROVIDER_TYPE_HUGGINGFACE = "huggingface"
 	PROVIDER_TYPE_XFYUN       = "xfyun"
+	PROVIDER_TYPE_AZURE       = "azure"
 )
 
 type providerInitializer interface {
@@ -30,8 +31,9 @@ var (
 		PROVIDER_TYPE_COHERE:      &cohereProviderInitializer{},
 		PROVIDER_TYPE_OPENAI:      &openAIProviderInitializer{},
 		PROVIDER_TYPE_OLLAMA:      &ollamaProviderInitializer{},
-		PROVIDER_TYPE_HUGGINGFACE: &HuggingFaceProviderInitializer{},
-		PROVIDER_TYPE_XFYUN:       &XfyunProviderInitializer{},
+		PROVIDER_TYPE_HUGGINGFACE: &huggingfaceProviderInitializer{},
+		PROVIDER_TYPE_XFYUN:       &xfyunProviderInitializer{},
+		PROVIDER_TYPE_AZURE:       &azureProviderInitializer{},
 	}
 )
 
@@ -108,6 +110,5 @@ type Provider interface {
 	GetEmbedding(
 		queryString string,
 		ctx wrapper.HttpContext,
-		log wrapper.Log,
 		callback func(emb []float64, err error)) error
 }

plugins/wasm-go/extensions/ai-cache/embedding/textin.go

@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"strconv"
 
+	"github.com/alibaba/higress/plugins/wasm-go/pkg/log"
 	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
 	"github.com/tidwall/gjson"
 )
@@ -97,7 +98,7 @@ type TIProvider struct {
 	client wrapper.HttpClient
 }
 
-func (t *TIProvider) constructParameters(texts []string, log wrapper.Log) (string, [][2]string, []byte, error) {
+func (t *TIProvider) constructParameters(texts []string) (string, [][2]string, []byte, error) {
 
 	data := TextInEmbeddingRequest{
 		Input:         texts,
@@ -142,9 +143,8 @@ func (t *TIProvider) parseTextEmbedding(responseBody []byte) (*TextInResponse, e
 func (t *TIProvider) GetEmbedding(
 	queryString string,
 	ctx wrapper.HttpContext,
-	log wrapper.Log,
 	callback func(emb []float64, err error)) error {
-	embUrl, embHeaders, embRequestBody, err := t.constructParameters([]string{queryString}, log)
+	embUrl, embHeaders, embRequestBody, err := t.constructParameters([]string{queryString})
 	if err != nil {
 		log.Errorf("failed to construct parameters: %v", err)
 		return err

plugins/wasm-go/extensions/ai-cache/embedding/xfyun.go

@@ -8,13 +8,15 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
-	"github.com/tidwall/gjson"
 	"math"
 	"net/http"
 	"net/url"
 	"strconv"
 	"time"
+
+	"github.com/alibaba/higress/plugins/wasm-go/pkg/log"
+	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
+	"github.com/tidwall/gjson"
 )
 
 const (
@@ -22,12 +24,12 @@ const (
 	XFYUN_PORT   = 443
 )
 
-type XfyunProviderInitializer struct {
+type xfyunProviderInitializer struct {
 }
 
-var XfyunConfig XfyunProviderConfig
+var xfyunConfig xfyunProviderConfig
 
-type XfyunProviderConfig struct {
+type xfyunProviderConfig struct {
 	// @Title zh-CN 文本特征提取服务 API Key
 	// @Description zh-CN 文本特征提取服务 API Key。
 	apiKey string
@@ -39,26 +41,26 @@ type XfyunProviderConfig struct {
 	xfyunApiSecret string
 }
 
-func (c *XfyunProviderInitializer) InitConfig(json gjson.Result) {
-	XfyunConfig.xfyunAppID = json.Get("appId").String()
-	XfyunConfig.xfyunApiSecret = json.Get("apiSecret").String()
-	XfyunConfig.apiKey = json.Get("apiKey").String()
+func (c *xfyunProviderInitializer) InitConfig(json gjson.Result) {
+	xfyunConfig.xfyunAppID = json.Get("appId").String()
+	xfyunConfig.xfyunApiSecret = json.Get("apiSecret").String()
+	xfyunConfig.apiKey = json.Get("apiKey").String()
 }
 
-func (c *XfyunProviderInitializer) ValidateConfig() error {
-	if XfyunConfig.apiKey == "" {
+func (c *xfyunProviderInitializer) ValidateConfig() error {
+	if xfyunConfig.apiKey == "" {
 		return errors.New("[Xfyun] apiKey is required")
 	}
-	if XfyunConfig.xfyunAppID == "" {
+	if xfyunConfig.xfyunAppID == "" {
 		return errors.New("[Xfyun] appId is required")
 	}
-	if XfyunConfig.xfyunApiSecret == "" {
+	if xfyunConfig.xfyunApiSecret == "" {
 		return errors.New("[Xfyun] apiSecret is required")
 	}
 	return nil
 }
 
-func (t *XfyunProviderInitializer) CreateProvider(c ProviderConfig) (Provider, error) {
+func (t *xfyunProviderInitializer) CreateProvider(c ProviderConfig) (Provider, error) {
 	if c.servicePort == 0 {
 		c.servicePort = XFYUN_PORT
 	}
@@ -160,14 +162,14 @@ func constructAuth(requestURL, method, apiKey, apiSecret string) (string, error)
 	return "?" + params.Encode(), nil
 }
 
-func (t *XfyunProvider) constructParameters(text string, log wrapper.Log) (string, [][2]string, []byte, error) {
+func (t *XfyunProvider) constructParameters(text string) (string, [][2]string, []byte, error) {
 	if text == "" {
 		err := errors.New("queryString text cannot be empty")
 		return "", nil, nil, err
 	}
 
 	host := "https://" + t.config.serviceHost + "/"
-	auth, err := constructAuth(host, "POST", XfyunConfig.apiKey, XfyunConfig.xfyunApiSecret)
+	auth, err := constructAuth(host, "POST", xfyunConfig.apiKey, xfyunConfig.xfyunApiSecret)
 	if err != nil {
 		return "", nil, nil, err
 	}
@@ -199,7 +201,7 @@ func (t *XfyunProvider) constructParameters(text string, log wrapper.Log) (strin
 	// 构建请求体
 	data := XfyunReqBody{
 		Header: XfyunHeader{
-			AppID:  XfyunConfig.xfyunAppID,
+			AppID:  xfyunConfig.xfyunAppID,
 			Status: 3,
 		},
 		Parameter: XfyunParameter{
@@ -265,9 +267,8 @@ func (t *XfyunProvider) parseTextEmbedding(responseBody []byte) ([]float32, erro
 func (t *XfyunProvider) GetEmbedding(
 	queryString string,
 	ctx wrapper.HttpContext,
-	log wrapper.Log,
 	callback func(emb []float64, err error)) error {
-	embUrl, embHeaders, embRequestBody, err := t.constructParameters(queryString, log)
+	embUrl, embHeaders, embRequestBody, err := t.constructParameters(queryString)
 	if err != nil {
 		log.Errorf("failed to construct parameters: %v", err)
 		return err

plugins/wasm-go/extensions/ai-proxy/README.md

@@ -36,7 +36,7 @@ description: AI 代理插件配置参考
 | `type`           | string          | 必填     | -      | AI 服务提供商名称                                                                                                                                                                                                                                |
 | `apiTokens`      | array of string | 非必填   | -      | 用于在访问 AI 服务时进行认证的令牌。如果配置了多个 token，插件会在请求时随机进行选择。部分服务提供商只支持配置一个 token。                                                                                                                                                                     |
 | `timeout`        | number          | 非必填   | -      | 访问 AI 服务的超时时间。单位为毫秒。默认值为 120000，即 2 分钟。此项配置目前仅用于获取上下文信息，并不影响实际转发大模型请求。                                                                                                                                                                    |
-| `modelMapping`   | map of string   | 非必填   | -      | AI 模型映射表，用于将请求中的模型名称映射为服务提供商支持模型名称。<br/>1. 支持前缀匹配。例如用 "gpt-3-*" 匹配所有名称以“gpt-3-”开头的模型；<br/>2. 支持使用 "*" 为键来配置通用兜底映射关系；<br/>3. 如果映射的目标名称为空字符串 ""，则表示保留原模型名称。                                                                                 |
+| `modelMapping`   | map of string   | 非必填   | -      | AI 模型映射表，用于将请求中的模型名称映射为服务提供商支持模型名称。<br/>1. 支持前缀匹配。例如用 "gpt-3-\*" 匹配所有名称以“gpt-3-”开头的模型；<br/>2. 支持使用 "\*" 为键来配置通用兜底映射关系；<br/>3. 如果映射的目标名称为空字符串 ""，则表示保留原模型名称。                                                                               |
 | `protocol`       | string          | 非必填   | -      | 插件对外提供的 API 接口契约。目前支持以下取值：openai（默认值，使用 OpenAI 的接口契约）、original（使用目标服务提供商的原始接口契约）                                                                                                                                                          |
 | `context`        | object          | 非必填   | -      | 配置 AI 对话上下文信息                                                                                                                                                                                                                             |
 | `customSettings` | array of customSetting | 非必填   | -      | 为AI请求指定覆盖或者填充参数                                                                                                                                                                                                                           |

plugins/wasm-go/extensions/ai-proxy/README_EN.md

@@ -34,7 +34,7 @@ Plugin execution priority: `100`
 | `type`         | string          | Required     | -      | Name of the AI service provider                                                                                                                                                                                                                                              |
 | `apiTokens`    | array of string | Optional   | -      | Tokens used for authentication when accessing AI services. If multiple tokens are configured, the plugin randomly selects one for each request. Some service providers only support configuring a single token.                                                                                                                                     |
 | `timeout`      | number          | Optional   | -      | Timeout for accessing AI services, in milliseconds. The default value is 120000, which equals 2 minutes. Only used when retrieving context data. Won't affect the request forwarded to the LLM upstream.                                                                                                                                                                              |
-| `modelMapping` | map of string   | Optional   | -      | Mapping table for AI models, used to map model names in requests to names supported by the service provider.<br/>1. Supports prefix matching. For example, "gpt-3-*" matches all model names starting with “gpt-3-”;<br/>2. Supports using "*" as a key for a general fallback mapping;<br/>3. If the mapped target name is an empty string "", the original model name is preserved. |
+| `modelMapping` | map of string   | Optional   | -      | Mapping table for AI models, used to map model names in requests to names supported by the service provider.<br/>1. Supports prefix matching. For example, "gpt-3-\*" matches all model names starting with “gpt-3-”;<br/>2. Supports using "\*" as a key for a general fallback mapping;<br/>3. If the mapped target name is an empty string "", the original model name is preserved. |
 | `protocol`     | string          | Optional   | -      | API contract provided by the plugin. Currently supports the following values: openai (default, uses OpenAI's interface contract), original (uses the raw interface contract of the target service provider)                                                                                                                          |
 | `context`      | object          | Optional   | -      | Configuration for AI conversation context information                                                                                                                                                                                                                                         |
 | `customSettings` | array of customSetting | Optional   | -      | Specifies overrides or fills parameters for AI requests                                                                                                                                                                                                                                 |

plugins/wasm-go/extensions/ai-proxy/envoy.yaml

@@ -59,6 +59,7 @@ static_resources:
                                 "activeProviderId": "moonshot",
                                 "providers": [
                                   {
+                                    "id": "moonshot",
                                     "type": "moonshot",
                                     "domain": "api.moonshot.cn",
                                     "apiTokens": [
@@ -71,11 +72,13 @@ static_resources:
                                       "gpt-35-turbo": "moonshot-v1-32k",
                                       "gpt-4-turbo": "moonshot-v1-128k",
                                       "*": "moonshot-v1-8k"
-                                    },
+                                    }
                                   }
                                 ]
                               }
                   - name: envoy.filters.http.router
+                    typed_config:
+                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
   clusters:
     - name: httpbin
       connect_timeout: 30s

plugins/wasm-go/extensions/ai-proxy/main.go

@@ -358,6 +358,9 @@ func getApiName(path string) provider.ApiName {
 	if strings.HasSuffix(path, "/v1/files") {
 		return provider.ApiNameFiles
 	}
+	if strings.HasSuffix(path, "/v1/models") {
+		return provider.ApiNameModels
+	}
 	// cohere style
 	if strings.HasSuffix(path, "/v1/rerank") {
 		return provider.ApiNameCohereV1Rerank

plugins/wasm-go/extensions/ai-proxy/provider/bedrock.go

@@ -0,0 +1,817 @@
+package provider
+
+import (
+	"bytes"
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/binary"
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"hash"
+	"hash/crc32"
+	"io"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/alibaba/higress/plugins/wasm-go/extensions/ai-proxy/util"
+	"github.com/alibaba/higress/plugins/wasm-go/pkg/log"
+	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
+	"github.com/higress-group/proxy-wasm-go-sdk/proxywasm"
+	"github.com/higress-group/proxy-wasm-go-sdk/proxywasm/types"
+)
+
+const (
+	httpPostMethod = "POST"
+	awsService     = "bedrock"
+	// bedrock-runtime.{awsRegion}.amazonaws.com
+	bedrockDefaultDomain = "bedrock-runtime.%s.amazonaws.com"
+	// converse路径 /model/{modelId}/converse
+	bedrockChatCompletionPath = "/model/%s/converse"
+	// converseStream路径 /model/{modelId}/converse-stream
+	bedrockStreamChatCompletionPath = "/model/%s/converse-stream"
+	bedrockSignedHeaders            = "host;x-amz-date"
+)
+
+type bedrockProviderInitializer struct {
+}
+
+func (b *bedrockProviderInitializer) ValidateConfig(config *ProviderConfig) error {
+	if len(config.awsAccessKey) == 0 || len(config.awsSecretKey) == 0 {
+		return errors.New("missing bedrock access authentication parameters")
+	}
+	if len(config.awsRegion) == 0 {
+		return errors.New("missing bedrock region parameters")
+	}
+	return nil
+}
+
+func (b *bedrockProviderInitializer) DefaultCapabilities() map[string]string {
+	return map[string]string{
+		string(ApiNameChatCompletion): bedrockChatCompletionPath,
+	}
+}
+
+func (b *bedrockProviderInitializer) CreateProvider(config ProviderConfig) (Provider, error) {
+	config.setDefaultCapabilities(b.DefaultCapabilities())
+	return &bedrockProvider{
+		config:       config,
+		contextCache: createContextCache(&config),
+	}, nil
+}
+
+type bedrockProvider struct {
+	config       ProviderConfig
+	contextCache *contextCache
+}
+
+func (b *bedrockProvider) OnStreamingResponseBody(ctx wrapper.HttpContext, name ApiName, chunk []byte, isLastChunk bool) ([]byte, error) {
+	events := extractAmazonEventStreamEvents(ctx, chunk)
+	if len(events) == 0 {
+		return chunk, fmt.Errorf("No events are extracted ")
+	}
+	var responseBuilder strings.Builder
+	for _, event := range events {
+		outputEvent, err := b.convertEventFromBedrockToOpenAI(ctx, event)
+		if err != nil {
+			log.Errorf("[onStreamingResponseBody] failed to process streaming event: %v\n%s", err, chunk)
+			return chunk, err
+		}
+		responseBuilder.WriteString(string(outputEvent))
+	}
+	return []byte(responseBuilder.String()), nil
+}
+
+func (b *bedrockProvider) convertEventFromBedrockToOpenAI(ctx wrapper.HttpContext, bedrockEvent ConverseStreamEvent) ([]byte, error) {
+	choices := make([]chatCompletionChoice, 0)
+	chatChoice := chatCompletionChoice{
+		Delta: &chatMessage{},
+	}
+	if bedrockEvent.Role != nil {
+		chatChoice.Delta.Role = *bedrockEvent.Role
+	}
+	if bedrockEvent.Delta != nil {
+		chatChoice.Delta = &chatMessage{Content: bedrockEvent.Delta.Text}
+	}
+	if bedrockEvent.StopReason != nil {
+		chatChoice.FinishReason = stopReasonBedrock2OpenAI(*bedrockEvent.StopReason)
+	}
+	choices = append(choices, chatChoice)
+	requestId := ctx.GetStringContext("X-Amzn-Requestid", "")
+	openAIFormattedChunk := &chatCompletionResponse{
+		Id:                requestId,
+		Created:           time.Now().UnixMilli() / 1000,
+		Model:             ctx.GetStringContext(ctxKeyFinalRequestModel, ""),
+		SystemFingerprint: "",
+		Object:            objectChatCompletion,
+		Choices:           choices,
+	}
+	if bedrockEvent.Usage != nil {
+		openAIFormattedChunk.Choices = choices[:0]
+		openAIFormattedChunk.Usage = usage{
+			CompletionTokens: bedrockEvent.Usage.OutputTokens,
+			PromptTokens:     bedrockEvent.Usage.InputTokens,
+			TotalTokens:      bedrockEvent.Usage.TotalTokens,
+		}
+	}
+
+	openAIFormattedChunkBytes, _ := json.Marshal(openAIFormattedChunk)
+	var openAIChunk strings.Builder
+	openAIChunk.WriteString(ssePrefix)
+	openAIChunk.WriteString(string(openAIFormattedChunkBytes))
+	openAIChunk.WriteString("\n\n")
+	return []byte(openAIChunk.String()), nil
+}
+
+type ConverseStreamEvent struct {
+	ContentBlockIndex int                                   `json:"contentBlockIndex,omitempty"`
+	Delta             *converseStreamEventContentBlockDelta `json:"delta,omitempty"`
+	Role              *string                               `json:"role,omitempty"`
+	StopReason        *string                               `json:"stopReason,omitempty"`
+	Usage             *tokenUsage                           `json:"usage,omitempty"`
+	Start             *contentBlockStart                    `json:"start,omitempty"`
+}
+
+type converseStreamEventContentBlockDelta struct {
+	Text    *string            `json:"text,omitempty"`
+	ToolUse *toolUseBlockDelta `json:"toolUse,omitempty"`
+}
+
+type toolUseBlockStart struct {
+	Name      string `json:"name"`
+	ToolUseID string `json:"toolUseId"`
+}
+
+type contentBlockStart struct {
+	ToolUse *toolUseBlockStart `json:"toolUse,omitempty"`
+}
+
+type toolUseBlockDelta struct {
+	Input string `json:"input"`
+}
+
+func extractAmazonEventStreamEvents(ctx wrapper.HttpContext, chunk []byte) []ConverseStreamEvent {
+	body := chunk
+	if bufferedStreamingBody, has := ctx.GetContext(ctxKeyStreamingBody).([]byte); has {
+		body = append(bufferedStreamingBody, chunk...)
+	}
+
+	r := bytes.NewReader(body)
+	var events []ConverseStreamEvent
+	var lastRead int64 = -1
+	messageBuffer := make([]byte, 1024)
+	defer func() {
+		log.Infof("extractAmazonEventStreamEvents: lastRead=%d, r.Size=%d", lastRead, r.Size())
+		ctx.SetContext(ctxKeyStreamingBody, nil)
+	}()
+
+	for {
+		msg, err := decodeMessage(r, messageBuffer)
+		if err != nil {
+			if err == io.EOF {
+				break
+			}
+			log.Errorf("failed to decode message: %v", err)
+			break
+		}
+		var event ConverseStreamEvent
+		if err = json.Unmarshal(msg.Payload, &event); err == nil {
+			events = append(events, event)
+		}
+		lastRead = r.Size() - int64(r.Len())
+	}
+	return events
+}
+
+type bedrockStreamMessage struct {
+	Headers headers
+	Payload []byte
+}
+
+type EventFrame struct {
+	TotalLength   uint32
+	HeadersLength uint32
+	PreludeCRC    uint32
+	Headers       map[string]interface{}
+	Payload       []byte
+	PayloadCRC    uint32
+}
+
+type headers []header
+
+type header struct {
+	Name  string
+	Value Value
+}
+
+func (hs *headers) Set(name string, value Value) {
+	var i int
+	for ; i < len(*hs); i++ {
+		if (*hs)[i].Name == name {
+			(*hs)[i].Value = value
+			return
+		}
+	}
+
+	*hs = append(*hs, header{
+		Name: name, Value: value,
+	})
+}
+
+func decodeMessage(reader io.Reader, payloadBuf []byte) (m bedrockStreamMessage, err error) {
+	crc := crc32.New(crc32.MakeTable(crc32.IEEE))
+	hashReader := io.TeeReader(reader, crc)
+
+	prelude, err := decodePrelude(hashReader, crc)
+	if err != nil {
+		return bedrockStreamMessage{}, err
+	}
+
+	if prelude.HeadersLen > 0 {
+		lr := io.LimitReader(hashReader, int64(prelude.HeadersLen))
+		m.Headers, err = decodeHeaders(lr)
+		if err != nil {
+			return bedrockStreamMessage{}, err
+		}
+	}
+
+	if payloadLen := prelude.PayloadLen(); payloadLen > 0 {
+		buf, err := decodePayload(payloadBuf, io.LimitReader(hashReader, int64(payloadLen)))
+		if err != nil {
+			return bedrockStreamMessage{}, err
+		}
+		m.Payload = buf
+	}
+
+	msgCRC := crc.Sum32()
+	if err := validateCRC(reader, msgCRC); err != nil {
+		return bedrockStreamMessage{}, err
+	}
+
+	return m, nil
+}
+
+func decodeHeaders(r io.Reader) (headers, error) {
+	hs := headers{}
+
+	for {
+		name, err := decodeHeaderName(r)
+		if err != nil {
+			if err == io.EOF {
+				// EOF while getting header name means no more headers
+				break
+			}
+			return nil, err
+		}
+
+		value, err := decodeHeaderValue(r)
+		if err != nil {
+			return nil, err
+		}
+
+		hs.Set(name, value)
+	}
+
+	return hs, nil
+}
+
+func decodeHeaderValue(r io.Reader) (Value, error) {
+	var raw rawValue
+
+	typ, err := decodeUint8(r)
+	if err != nil {
+		return nil, err
+	}
+	raw.Type = valueType(typ)
+
+	var v Value
+
+	switch raw.Type {
+	case stringValueType:
+		var tv StringValue
+		err = tv.decode(r)
+		v = tv
+	default:
+		log.Errorf("unknown value type %d", raw.Type)
+	}
+
+	// Error could be EOF, let caller deal with it
+	return v, err
+}
+
+type Value interface {
+	Get() interface{}
+}
+
+type StringValue string
+
+func (v StringValue) Get() interface{} {
+	return string(v)
+}
+
+func (v *StringValue) decode(r io.Reader) error {
+	s, err := decodeStringValue(r)
+	if err != nil {
+		return err
+	}
+
+	*v = StringValue(s)
+	return nil
+}
+
+func decodeBytesValue(r io.Reader) ([]byte, error) {
+	var raw rawValue
+	var err error
+	raw.Len, err = decodeUint16(r)
+	if err != nil {
+		return nil, err
+	}
+
+	buf := make([]byte, raw.Len)
+	_, err = io.ReadFull(r, buf)
+	if err != nil {
+		return nil, err
+	}
+
+	return buf, nil
+}
+
+func decodeUint16(r io.Reader) (uint16, error) {
+	var b [2]byte
+	bs := b[:]
+	_, err := io.ReadFull(r, bs)
+	if err != nil {
+		return 0, err
+	}
+	return binary.BigEndian.Uint16(bs), nil
+}
+
+func decodeStringValue(r io.Reader) (string, error) {
+	v, err := decodeBytesValue(r)
+	return string(v), err
+}
+
+type rawValue struct {
+	Type  valueType
+	Len   uint16 // Only set for variable length slices
+	Value []byte // byte representation of value, BigEndian encoding.
+}
+
+type valueType uint8
+
+const (
+	trueValueType valueType = iota
+	falseValueType
+	int8ValueType  // Byte
+	int16ValueType // Short
+	int32ValueType // Integer
+	int64ValueType // Long
+	bytesValueType
+	stringValueType
+	timestampValueType
+	uuidValueType
+)
+
+func decodeHeaderName(r io.Reader) (string, error) {
+	var n headerName
+
+	var err error
+	n.Len, err = decodeUint8(r)
+	if err != nil {
+		return "", err
+	}
+
+	name := n.Name[:n.Len]
+	if _, err := io.ReadFull(r, name); err != nil {
+		return "", err
+	}
+
+	return string(name), nil
+}
+
+func decodeUint8(r io.Reader) (uint8, error) {
+	type byteReader interface {
+		ReadByte() (byte, error)
+	}
+
+	if br, ok := r.(byteReader); ok {
+		v, err := br.ReadByte()
+		return v, err
+	}
+
+	var b [1]byte
+	_, err := io.ReadFull(r, b[:])
+	return b[0], err
+}
+
+const maxHeaderNameLen = 255
+
+type headerName struct {
+	Len  uint8
+	Name [maxHeaderNameLen]byte
+}
+
+func decodePayload(buf []byte, r io.Reader) ([]byte, error) {
+	w := bytes.NewBuffer(buf[0:0])
+
+	_, err := io.Copy(w, r)
+	return w.Bytes(), err
+}
+
+type messagePrelude struct {
+	Length     uint32
+	HeadersLen uint32
+	PreludeCRC uint32
+}
+
+func (p messagePrelude) ValidateLens() error {
+	if p.Length == 0 {
+		return fmt.Errorf("message prelude want: 16, have: %v", int(p.Length))
+	}
+	return nil
+}
+
+func (p messagePrelude) PayloadLen() uint32 {
+	return p.Length - p.HeadersLen - 16
+}
+
+func decodePrelude(r io.Reader, crc hash.Hash32) (messagePrelude, error) {
+	var p messagePrelude
+
+	var err error
+	p.Length, err = decodeUint32(r)
+	if err != nil {
+		return messagePrelude{}, err
+	}
+
+	p.HeadersLen, err = decodeUint32(r)
+	if err != nil {
+		return messagePrelude{}, err
+	}
+
+	if err := p.ValidateLens(); err != nil {
+		return messagePrelude{}, err
+	}
+
+	preludeCRC := crc.Sum32()
+	if err := validateCRC(r, preludeCRC); err != nil {
+		return messagePrelude{}, err
+	}
+
+	p.PreludeCRC = preludeCRC
+
+	return p, nil
+}
+
+func decodeUint32(r io.Reader) (uint32, error) {
+	var b [4]byte
+	bs := b[:]
+	_, err := io.ReadFull(r, bs)
+	if err != nil {
+		return 0, err
+	}
+	return binary.BigEndian.Uint32(bs), nil
+}
+
+func validateCRC(r io.Reader, expect uint32) error {
+	msgCRC, err := decodeUint32(r)
+	if err != nil {
+		return err
+	}
+
+	if msgCRC != expect {
+		return fmt.Errorf("message checksum mismatch")
+	}
+
+	return nil
+}
+
+func (b *bedrockProvider) TransformResponseHeaders(ctx wrapper.HttpContext, apiName ApiName, headers http.Header) {
+	ctx.SetContext("X-Amzn-Requestid", headers.Get("X-Amzn-Requestid"))
+	if headers.Get("Content-Type") == "application/vnd.amazon.eventstream" {
+		headers.Set("Content-Type", "text/event-stream; charset=utf-8")
+	}
+	headers.Del("Content-Length")
+}
+
+func (b *bedrockProvider) GetProviderType() string {
+	return providerTypeBedrock
+}
+
+func (b *bedrockProvider) OnRequestHeaders(ctx wrapper.HttpContext, apiName ApiName) error {
+	b.config.handleRequestHeaders(b, ctx, apiName)
+	return nil
+}
+
+func (b *bedrockProvider) TransformRequestHeaders(ctx wrapper.HttpContext, apiName ApiName, headers http.Header) {
+	util.OverwriteRequestHostHeader(headers, fmt.Sprintf(bedrockDefaultDomain, b.config.awsRegion))
+}
+
+func (b *bedrockProvider) OnRequestBody(ctx wrapper.HttpContext, apiName ApiName, body []byte) (types.Action, error) {
+	if !b.config.isSupportedAPI(apiName) {
+		return types.ActionContinue, errUnsupportedApiName
+	}
+	return b.config.handleRequestBody(b, b.contextCache, ctx, apiName, body)
+}
+
+func (b *bedrockProvider) insertHttpContextMessage(body []byte, content string, onlyOneSystemBeforeFile bool) ([]byte, error) {
+	request := &bedrockTextGenRequest{}
+	if err := json.Unmarshal(body, request); err != nil {
+		return nil, fmt.Errorf("unable to unmarshal request: %v", err)
+	}
+
+	if len(request.System) > 0 {
+		request.System = append(request.System, systemContentBlock{Text: content})
+	} else {
+		request.System = []systemContentBlock{{Text: content}}
+	}
+
+	requestBytes, err := json.Marshal(request)
+	b.setAuthHeaders(requestBytes, nil)
+	return requestBytes, err
+}
+
+func (b *bedrockProvider) TransformRequestBodyHeaders(ctx wrapper.HttpContext, apiName ApiName, body []byte, headers http.Header) ([]byte, error) {
+	switch apiName {
+	case ApiNameChatCompletion:
+		return b.onChatCompletionRequestBody(ctx, body, headers)
+	default:
+		return b.config.defaultTransformRequestBody(ctx, apiName, body)
+	}
+}
+
+func (b *bedrockProvider) TransformResponseBody(ctx wrapper.HttpContext, apiName ApiName, body []byte) ([]byte, error) {
+	if apiName == ApiNameChatCompletion {
+		return b.onChatCompletionResponseBody(ctx, body)
+	}
+	return nil, errUnsupportedApiName
+}
+
+func (b *bedrockProvider) onChatCompletionResponseBody(ctx wrapper.HttpContext, body []byte) ([]byte, error) {
+	bedrockResponse := &bedrockConverseResponse{}
+	if err := json.Unmarshal(body, bedrockResponse); err != nil {
+		log.Errorf("unable to unmarshal bedrock response: %v", err)
+		return nil, fmt.Errorf("unable to unmarshal bedrock response: %v", err)
+	}
+	response := b.buildChatCompletionResponse(ctx, bedrockResponse)
+	return json.Marshal(response)
+}
+
+func (b *bedrockProvider) onChatCompletionRequestBody(ctx wrapper.HttpContext, body []byte, headers http.Header) ([]byte, error) {
+	request := &chatCompletionRequest{}
+	err := b.config.parseRequestAndMapModel(ctx, request, body)
+	if err != nil {
+		return nil, err
+	}
+
+	streaming := request.Stream
+	headers.Set("Accept", "*/*")
+	if streaming {
+		util.OverwriteRequestPathHeader(headers, fmt.Sprintf(bedrockStreamChatCompletionPath, request.Model))
+	} else {
+		util.OverwriteRequestPathHeader(headers, fmt.Sprintf(bedrockChatCompletionPath, request.Model))
+	}
+	return b.buildBedrockTextGenerationRequest(request, headers)
+}
+
+func (b *bedrockProvider) buildBedrockTextGenerationRequest(origRequest *chatCompletionRequest, headers http.Header) ([]byte, error) {
+	messages := make([]bedrockMessage, 0, len(origRequest.Messages))
+	for i := range origRequest.Messages {
+		messages = append(messages, chatMessage2BedrockMessage(origRequest.Messages[i]))
+	}
+	request := &bedrockTextGenRequest{
+		Messages: messages,
+		InferenceConfig: bedrockInferenceConfig{
+			MaxTokens:   origRequest.MaxTokens,
+			Temperature: origRequest.Temperature,
+			TopP:        origRequest.TopP,
+		},
+		AdditionalModelRequestFields: map[string]interface{}{},
+		PerformanceConfig: PerformanceConfiguration{
+			Latency: "standard",
+		},
+	}
+	requestBytes, err := json.Marshal(request)
+	b.setAuthHeaders(requestBytes, headers)
+	return requestBytes, err
+}
+
+func (b *bedrockProvider) buildChatCompletionResponse(ctx wrapper.HttpContext, bedrockResponse *bedrockConverseResponse) *chatCompletionResponse {
+	var outputContent string
+	if len(bedrockResponse.Output.Message.Content) > 0 {
+		outputContent = bedrockResponse.Output.Message.Content[0].Text
+	}
+	choices := []chatCompletionChoice{
+		{
+			Index: 0,
+			Message: &chatMessage{
+				Role:    bedrockResponse.Output.Message.Role,
+				Content: outputContent,
+			},
+			FinishReason: stopReasonBedrock2OpenAI(bedrockResponse.StopReason),
+		},
+	}
+	requestId := ctx.GetStringContext("X-Amzn-Requestid", "")
+	return &chatCompletionResponse{
+		Id:                requestId,
+		Created:           time.Now().UnixMilli() / 1000,
+		Model:             ctx.GetStringContext(ctxKeyFinalRequestModel, ""),
+		SystemFingerprint: "",
+		Object:            objectChatCompletion,
+		Choices:           choices,
+		Usage: usage{
+			PromptTokens:     bedrockResponse.Usage.InputTokens,
+			CompletionTokens: bedrockResponse.Usage.OutputTokens,
+			TotalTokens:      bedrockResponse.Usage.TotalTokens,
+		},
+	}
+}
+
+func stopReasonBedrock2OpenAI(reason string) string {
+	switch reason {
+	case "end_turn":
+		return finishReasonStop
+	case "stop_sequence":
+		return finishReasonStop
+	case "max_tokens":
+		return finishReasonLength
+	default:
+		return reason
+	}
+}
+
+type bedrockTextGenRequest struct {
+	Messages                     []bedrockMessage         `json:"messages"`
+	System                       []systemContentBlock     `json:"system,omitempty"`
+	InferenceConfig              bedrockInferenceConfig   `json:"inferenceConfig,omitempty"`
+	AdditionalModelRequestFields map[string]interface{}   `json:"additionalModelRequestFields,omitempty"`
+	PerformanceConfig            PerformanceConfiguration `json:"performanceConfig,omitempty"`
+}
+
+type PerformanceConfiguration struct {
+	Latency string `json:"latency,omitempty"`
+}
+
+type bedrockMessage struct {
+	Role    string                  `json:"role"`
+	Content []bedrockMessageContent `json:"content"`
+}
+
+type bedrockMessageContent struct {
+	Text  string      `json:"text,omitempty"`
+	Image *imageBlock `json:"image,omitempty"`
+}
+
+type systemContentBlock struct {
+	Text string `json:"text,omitempty"`
+}
+
+type imageBlock struct {
+	Format string      `json:"format,omitempty"`
+	Source imageSource `json:"source,omitempty"`
+}
+
+type imageSource struct {
+	Bytes string `json:"bytes,omitempty"`
+}
+
+type bedrockInferenceConfig struct {
+	StopSequences []string `json:"stopSequences,omitempty"`
+	MaxTokens     int      `json:"maxTokens,omitempty"`
+	Temperature   float64  `json:"temperature,omitempty"`
+	TopP          float64  `json:"topP,omitempty"`
+}
+
+type bedrockConverseResponse struct {
+	Metrics    converseMetrics             `json:"metrics"`
+	Output     converseOutputMemberMessage `json:"output"`
+	StopReason string                      `json:"stopReason"`
+	Usage      tokenUsage                  `json:"usage"`
+}
+
+type converseMetrics struct {
+	LatencyMs int `json:"latencyMs"`
+}
+
+type converseOutputMemberMessage struct {
+	Message message `json:"message"`
+}
+
+type message struct {
+	Content []contentBlockMemberText `json:"content"`
+
+	Role string `json:"role"`
+}
+
+type contentBlockMemberText struct {
+	Text string `json:"text"`
+}
+
+type tokenUsage struct {
+	InputTokens int `json:"inputTokens,omitempty"`
+
+	OutputTokens int `json:"outputTokens,omitempty"`
+
+	TotalTokens int `json:"totalTokens"`
+}
+
+func chatMessage2BedrockMessage(chatMessage chatMessage) bedrockMessage {
+	if chatMessage.IsStringContent() {
+		return bedrockMessage{
+			Role:    chatMessage.Role,
+			Content: []bedrockMessageContent{{Text: chatMessage.StringContent()}},
+		}
+	} else {
+		var contents []bedrockMessageContent
+		openaiContent := chatMessage.ParseContent()
+		for _, part := range openaiContent {
+			var content bedrockMessageContent
+			if part.Type == contentTypeText {
+				content.Text = part.Text
+			} else {
+				log.Warnf("imageUrl is not supported: %s", part.Type)
+				continue
+			}
+			contents = append(contents, content)
+		}
+		return bedrockMessage{
+			Role:    chatMessage.Role,
+			Content: contents,
+		}
+	}
+}
+
+func (b *bedrockProvider) setAuthHeaders(body []byte, headers http.Header) {
+	t := time.Now().UTC()
+	amzDate := t.Format("20060102T150405Z")
+	dateStamp := t.Format("20060102")
+	path, _ := proxywasm.GetHttpRequestHeader(":path")
+	if headers != nil {
+		path = headers.Get(":path")
+	}
+	signature := b.generateSignature(path, amzDate, dateStamp, body)
+	if headers != nil {
+		headers.Set("X-Amz-Date", amzDate)
+		headers.Set("Authorization", fmt.Sprintf("AWS4-HMAC-SHA256 Credential=%s/%s/%s/%s/aws4_request, SignedHeaders=%s, Signature=%s", b.config.awsAccessKey, dateStamp, b.config.awsRegion, awsService, bedrockSignedHeaders, signature))
+	} else {
+		_ = proxywasm.ReplaceHttpRequestHeader("X-Amz-Date", amzDate)
+		_ = proxywasm.ReplaceHttpRequestHeader("Authorization", fmt.Sprintf("AWS4-HMAC-SHA256 Credential=%s/%s/%s/%s/aws4_request, SignedHeaders=%s, Signature=%s", b.config.awsAccessKey, dateStamp, b.config.awsRegion, awsService, bedrockSignedHeaders, signature))
+	}
+}
+
+func (b *bedrockProvider) generateSignature(path, amzDate, dateStamp string, body []byte) string {
+	hashedPayload := sha256Hex(body)
+	path = urlEncoding(path)
+
+	endpoint := fmt.Sprintf(bedrockDefaultDomain, b.config.awsRegion)
+	canonicalHeaders := fmt.Sprintf("host:%s\nx-amz-date:%s\n", endpoint, amzDate)
+	canonicalRequest := fmt.Sprintf("%s\n%s\n\n%s\n%s\n%s",
+		httpPostMethod, path, canonicalHeaders, bedrockSignedHeaders, hashedPayload)
+
+	credentialScope := fmt.Sprintf("%s/%s/%s/aws4_request", dateStamp, b.config.awsRegion, awsService)
+	hashedCanonReq := sha256Hex([]byte(canonicalRequest))
+	stringToSign := fmt.Sprintf("AWS4-HMAC-SHA256\n%s\n%s\n%s",
+		amzDate, credentialScope, hashedCanonReq)
+
+	signingKey := getSignatureKey(b.config.awsSecretKey, dateStamp, b.config.awsRegion, awsService)
+	signature := hmacHex(signingKey, stringToSign)
+	return signature
+}
+
+func urlEncoding(rawStr string) string {
+	encodedStr := strings.ReplaceAll(rawStr, ":", "%3A")
+	encodedStr = strings.ReplaceAll(encodedStr, "+", "%2B")
+	encodedStr = strings.ReplaceAll(encodedStr, "=", "%3D")
+	encodedStr = strings.ReplaceAll(encodedStr, "&", "%26")
+	encodedStr = strings.ReplaceAll(encodedStr, "$", "%24")
+	encodedStr = strings.ReplaceAll(encodedStr, "@", "%40")
+	return encodedStr
+}
+
+func getSignatureKey(key, dateStamp, region, service string) []byte {
+	kDate := hmacSha256([]byte("AWS4"+key), dateStamp)
+	kRegion := hmacSha256(kDate, region)
+	kService := hmacSha256(kRegion, service)
+	kSigning := hmacSha256(kService, "aws4_request")
+	return kSigning
+}
+
+func hmacSha256(key []byte, data string) []byte {
+	h := hmac.New(sha256.New, key)
+	h.Write([]byte(data))
+	return h.Sum(nil)
+}
+
+func sha256Hex(data []byte) string {
+	h := sha256.New()
+	h.Write(data)
+	return hex.EncodeToString(h.Sum(nil))
+}
+
+func hmacHex(key []byte, data string) string {
+	h := hmac.New(sha256.New, key)
+	h.Write([]byte(data))
+	return hex.EncodeToString(h.Sum(nil))
+}

plugins/wasm-go/extensions/ai-proxy/provider/gemini.go

@@ -36,7 +36,10 @@ func (g *geminiProviderInitializer) ValidateConfig(config *ProviderConfig) error
 }
 
 func (g *geminiProviderInitializer) DefaultCapabilities() map[string]string {
-	return map[string]string{}
+	return map[string]string{
+		string(ApiNameChatCompletion): "",
+		string(ApiNameEmbeddings):     "",
+	}
 }
 
 func (g *geminiProviderInitializer) CreateProvider(config ProviderConfig) (Provider, error) {

plugins/wasm-go/extensions/ai-proxy/provider/moonshot.go

@@ -20,6 +20,7 @@ import (
 const (
 	moonshotDomain             = "api.moonshot.cn"
 	moonshotChatCompletionPath = "/v1/chat/completions"
+	moonshotModelsPath         = "/v1/models"
 )
 
 type moonshotProviderInitializer struct {
@@ -38,6 +39,7 @@ func (m *moonshotProviderInitializer) ValidateConfig(config *ProviderConfig) err
 func (m *moonshotProviderInitializer) DefaultCapabilities() map[string]string {
 	return map[string]string{
 		string(ApiNameChatCompletion): moonshotChatCompletionPath,
+		string(ApiNameModels):         moonshotModelsPath,
 	}
 }
 

plugins/wasm-go/extensions/ai-proxy/provider/ollama.go

@@ -30,6 +30,7 @@ func (m *ollamaProviderInitializer) DefaultCapabilities() map[string]string {
 		// ollama的chat接口path和OpenAI的chat接口一样
 		string(ApiNameChatCompletion): PathOpenAIChatCompletions,
 		string(ApiNameEmbeddings):     PathOpenAIEmbeddings,
+		string(ApiNameModels):         PathOpenAIModels,
 	}
 }
 

plugins/wasm-go/extensions/ai-proxy/provider/openai.go

@@ -21,6 +21,7 @@ const (
 	defaultOpenaiEmbeddingsPath     = "/v1/embeddings"
 	defaultOpenaiAudioSpeech        = "/v1/audio/speech"
 	defaultOpenaiImageGeneration    = "/v1/images/generations"
+	defaultOpenaiModels             = "/v1/models"
 )
 
 type openaiProviderInitializer struct {
@@ -37,6 +38,7 @@ func (m *openaiProviderInitializer) DefaultCapabilities() map[string]string {
 		string(ApiNameEmbeddings):      defaultOpenaiEmbeddingsPath,
 		string(ApiNameImageGeneration): defaultOpenaiImageGeneration,
 		string(ApiNameAudioSpeech):     defaultOpenaiAudioSpeech,
+		string(ApiNameModels):          defaultOpenaiModels,
 	}
 }
 

plugins/wasm-go/extensions/ai-proxy/provider/provider.go

@@ -31,12 +31,14 @@ const (
 	ApiNameAudioSpeech     ApiName = "openai/v1/audiospeech"
 	ApiNameFiles           ApiName = "openai/v1/files"
 	ApiNameBatches         ApiName = "openai/v1/batches"
+	ApiNameModels          ApiName = "openai/v1/models"
 
 	PathOpenAICompletions     = "/v1/completions"
 	PathOpenAIChatCompletions = "/v1/chat/completions"
 	PathOpenAIEmbeddings      = "/v1/embeddings"
 	PathOpenAIFiles           = "/v1/files"
 	PathOpenAIBatches         = "/v1/batches"
+	PathOpenAIModels          = "/v1/models"
 
 	// TODO: 以下是一些非标准的API名称，需要进一步确认是否支持
 	ApiNameCohereV1Rerank ApiName = "cohere/v1/rerank"
@@ -68,6 +70,7 @@ const (
 	providerTypeCoze       = "coze"
 	providerTypeTogetherAI = "together-ai"
 	providerTypeDify       = "dify"
+	providerTypeBedrock    = "bedrock"
 
 	protocolOpenAI   = "openai"
 	protocolOriginal = "original"
@@ -138,6 +141,7 @@ var (
 		providerTypeCoze:       &cozeProviderInitializer{},
 		providerTypeTogetherAI: &togetherAIProviderInitializer{},
 		providerTypeDify:       &difyProviderInitializer{},
+		providerTypeBedrock:    &bedrockProviderInitializer{},
 	}
 )
 
@@ -242,6 +246,15 @@ type ProviderConfig struct {
 	// @Title zh-CN hunyuan api id for authorization
 	// @Description zh-CN 仅适用于Hun Yuan AI服务鉴权
 	hunyuanAuthId string `required:"false" yaml:"hunyuanAuthId" json:"hunyuanAuthId"`
+	// @Title zh-CN Amazon Bedrock AccessKey for authorization
+	// @Description zh-CN 仅适用于Amazon Bedrock服务鉴权，API key/id 参考：https://docs.aws.amazon.com/zh_cn/IAM/latest/UserGuide/reference_sigv.html
+	awsAccessKey string `required:"false" yaml:"awsAccessKey" json:"awsAccessKey"`
+	// @Title zh-CN Amazon Bedrock SecretKey for authorization
+	// @Description zh-CN 仅适用于Amazon Bedrock服务鉴权
+	awsSecretKey string `required:"false" yaml:"awsSecretKey" json:"awsSecretKey"`
+	// @Title zh-CN Amazon Bedrock Region
+	// @Description zh-CN 仅适用于Amazon Bedrock服务访问
+	awsRegion string `required:"false" yaml:"awsRegion" json:"awsRegion"`
 	// @Title zh-CN minimax API type
 	// @Description zh-CN 仅适用于 minimax 服务。minimax API 类型，v2 和 pro 中选填一项，默认值为 v2
 	minimaxApiType string `required:"false" yaml:"minimaxApiType" json:"minimaxApiType"`
@@ -346,6 +359,9 @@ func (c *ProviderConfig) FromJson(json gjson.Result) {
 	c.claudeVersion = json.Get("claudeVersion").String()
 	c.hunyuanAuthId = json.Get("hunyuanAuthId").String()
 	c.hunyuanAuthKey = json.Get("hunyuanAuthKey").String()
+	c.awsAccessKey = json.Get("awsAccessKey").String()
+	c.awsSecretKey = json.Get("awsSecretKey").String()
+	c.awsRegion = json.Get("awsRegion").String()
 	c.minimaxApiType = json.Get("minimaxApiType").String()
 	c.minimaxGroupId = json.Get("minimaxGroupId").String()
 	c.cloudflareAccountId = json.Get("cloudflareAccountId").String()

plugins/wasm-go/extensions/ai-search/README.md

@@ -75,18 +75,22 @@ description: higress 支持通过集成搜索引擎（Google/Bing/Arxiv/Elastics
 
 ## Elasticsearch 特定配置
 
-| 名称 | 数据类型 | 填写要求 | 默认值 | 描述                    |
-|------|----------|----------|--------|-----------------------|
-| index | string | 必填 | - | 要搜索的Elasticsearch索引名称 |
-| contentField | string | 必填 | - | 要查询的内容字段名称            |
-| semanticTextField | string | 必填 | - | 要查询的 embedding 字段名称   | 
-| linkField | string | 必填 | - | 结果链接字段名称              |
-| titleField | string | 必填 | - | 结果标题字段名称              |
-| username | string | 选填 | - | Elasticsearch 用户名          |
-| password | string | 选填 | - | Elasticsearch 密码          |
+| 名称 | 数据类型 | 填写要求 | 默认值 | 描述                                 |
+|------|----------|------|--------|------------------------------------|
+| index | string | 必填   | - | 要搜索的 Elasticsearch 索引名称            |
+| contentField | string | 必填   | - | 要查询的内容字段名称                         |
+| semanticTextField | string | 必填   | - | 要查询的 embedding 字段名称                | 
+| linkField | string | 选填   | - | 结果链接字段名称，当配置 `needReference` 时需要填写 |
+| titleField | string | 选填   | - | 结果标题字段名称，当配置 `needReference` 时需要填写 |
+| username | string | 选填   | - | Elasticsearch 用户名                  |
+| password | string | 选填   | - | Elasticsearch 密码                   |
 
 混合搜索中使用的 [Reciprocal Rank Fusion (RRF)](https://www.elastic.co/guide/en/elasticsearch/reference/8.17/rrf.html) 查询要求 Elasticsearch 的版本在 8.8 及以上。
 
+目前文档向量化依赖于 Elasticsearch 的 Embedding 模型，该功能需要 Elasticsearch 企业版 License，或可使用 30 天的 Trial License。安装 Elasticsearch 内置 Embedding 模型的步骤可参考[该文档](https://www.elastic.co/docs/explore-analyze/machine-learning/nlp/ml-nlp-elser#alternative-download-deploy)；若需安装第三方 Embedding 模型，可参考[该文档](https://www.elastic.co/docs/explore-analyze/machine-learning/nlp/ml-nlp-text-emb-vector-search-example)。
+
+有关 ai-search 插件集成 Elasticsearch 的完整教程，请参考：[使用 LangChain + Higress + Elasticsearch 构建 RAG 应用](https://cr7258.github.io/blogs/original/2025/15-rag-higress-es-langchain)。
+
 ## Quark 特定配置
 
 | 名称 | 数据类型 | 填写要求 | 默认值 | 描述 |
@@ -204,13 +208,9 @@ searchFrom:
 searchFrom:
 - type: elasticsearch
   serviceName: "es-svc.static"
-  # 固定地址服务的端口默认是80
-  servicePort: 80
   index: "knowledge_base"
   contentField: "content"
   semanticTextField: "semantic_text"
-  linkField: "url" 
-  titleField: "title"
   # username: "elastic"
   # password: "password"
 ```