Use the OpenEdge MCP Server

Configure middleware settings

Save PDF

Configure middleware settings

Save PDF

Last Updated: December 23, 2025
1 minute read

OpenEdge
Version 12.8
Documentation

The middleware components in the OpenEdge MCP Server enhance reliability, security, and performance. Middleware provides features such as error handling, logging, request timing, rate limiting, and circuit breaking. Proper configuration ensures production hardening and prevents resource exhaustion.

The following table lists the runtime.middleware subsections, their configurable fields, default values, and production hardening recommendations:


Subsection	Fields (flags / knobs)	Defaults	Production hardening
`error_handling`	`enabled`, `transform_errors`, `include_traceback`	`true`, `true`, `false`	Enabled by default
`logging`	`enabled`, `structured`, `include_payloads`	`true`, `false`, `false`	Enabled by default For more information, see Configure logging and related middleware.
`timing`	`enabled`	`false`	Optional For more information, see Configure timing middleware.
`rate_limiting`	`enabled`, `max_rps`, `burst`, `global`	`false`, `10`, `20`, `false`	Enable for production For more information, see Rate limiting in OpenEdge MCP Server.
`request_timeout`	`enabled`, `timeout_ms`	`true`, `500`	Critical for production environments. Terminates requests that exceed the configured timeout (default 500 ms) to prevent resource exhaustion. Enabled by default.
`method_validation`	`enabled`	`true`	Critical for production environments. Rejects unknown tool names before expensive parameter parsing. Enabled by default to reduce attack surface. Enabled by default.
`circuit_breaker`	`enabled`, `error_threshold`, `window_seconds`, `min_requests`	`false`, `0.5`, `60`, `10`	Critical for production environments. Monitors error rates in a sliding window and rejects requests when thresholds are exceeded to prevent cascading failures. Disabled by default, however it can be enabled explicitly for production with tuned thresholds.

Additional runtime hardening options

Additional runtime settings help prevent resource exhaustion:

runtime.max_request_bytes—Rejects oversized payloads at the ASGI layer before MCP parsing. Default is 10 KB. Configure per use case and keep ≤100 KB for production.
runtime.http.limits—Connection pool limits prevent resource exhaustion from excessive connections. Default values are:
- max_connections: 100
- max_keepalive_connections: 20

Example production configuration

The following example shows a recommended production configuration for middleware and runtime hardening:

{
  "runtime": {
    "max_request_bytes": 10240,
    "http": {
      "limits": {
        "max_connections": 100,
        "max_keepalive_connections": 20
      }
    },
    "middleware": {
      "request_timeout": {
        "enabled": true,
        "timeout_ms": 500
      },
      "method_validation": {
        "enabled": true
      },
      "circuit_breaker": {
        "enabled": true,
        "error_threshold": 0.5,
        "window_seconds": 60,
        "min_requests": 10
      },
      "rate_limiting": {
        "enabled": true,
        "max_requests_per_second": 10.0,
        "burst_capacity": 20
      }
    }
  }
}