Leveraging Gemini CLI and the underlying Gemini LLM to build Model Context Protocol (MCP) AI applications in the Rust programming language with a local development environment and the HTTPS MCP transport.
Why not just use Python?
Python has traditionally been the main coding language for ML and AI tools. One of the strengths of the MCP protocol is that the actual implementation details are independent of the development language. The reality is that not every project is coded in Python- and MCP allows you to use the latest AI appt roaches with other coding languages.
What is this Tutorial Trying to Do?
Building on previous tutorials, the goal is to extend a Rust MCP server with basic support for API key ennablement. The ultimate goal is allowing MCP servers to be deployed as unauthenticated Cloud Run endpoints but be protected by an API key.
What is Rust?
Rust is a high performance, memory safe, compiled language:
Rust provides memory safe operations beyond C/C++ and also can provide exceptional performance gains as it is compiled directly to native binaries.
Initial Environment Setup
The environment is meant to be run from a Bash like shell. You can run this from a Linux VM, ChromeOS Linux VM, Firebase Studio environment, or any environment that provides a basic shell. You will also need a working Docker environment.
Rust Setup
Instructions to install Rust are available here:
For a Linux like environment the command looks like this:
curl — proto ‘=https’ — tlsv1.2 -sSf https://sh.rustup.rs | sh
Rust also depends on a working C compiler and OpenSSL setup. For a Debian 12 system — install the basic tools for development:
sudo apt install build-essential
sudo apt install libssl-dev
sudo apt install pkg-config
sudo apt-get install libudev-dev
sudo apt install make
sudo apt install git
Gemini CLI
If not pre-installed you can download the Gemini CLI to interact with the source files and provide real-time assistance:
sudo npm install -g @google/gemini-cli
Note- if you are an a non standard environment — you will need to make sure to have at least Node version 20 available in order to run Gemini CLI.
Testing the Gemini CLI Environment
Once you have all the tools and the correct Node.js version in place- you can test the startup of Gemini CLI. You will need to authenticate with a Key or your Google Account:
gemini
Getting Started with Rust and MCP
When MCP was first released, there were several competing Rust frameworks that provided support for the protocol. Eventually, one official supported SDK was consolidated to provide a standard package for building MCP applications with Rust. This SDK is more like a toolbox that provides many options- clients/servers, different transports, and even more advanced integration options.
The official MCP Rust SDK (rmcp) is available here:
GitHub - modelcontextprotocol/rust-sdk: The official Rust SDK for the Model Context Protocol
Where do I start?
The strategy for validating Rust for MCP development is a incremental step by step approach.
First, the basic development environment is setup with the required system variables and a working Gemini CLI configuration.
A command line version of the System Information tool is built with Gemini CLI.
Then, a minimal Rust MCP Server is built with the HTTP transport working directly with Gemini CLI in the local environment. This validates the connection from Gemini CLI to the local compiled Rust process via MCP. The MCP client (Gemini CLI) and the Rust MCP compiled binary Server both run in the same environment.
Setup the Basic Environment
At this point you should have a working Rust compiler and a working Gemini CLI installation. The next step is to clone the GitHub samples repository with support scripts:
cd ~
git clone https://github.com/xbill9/iap-https-rust
Then run init.sh from the cloned directory.
The script will attempt to determine your shell environment and set the correct variables:
cd iap-https-rust
source init.sh
If your session times out or you need to re-authenticate- you can run the set_env.sh script to reset your environment variables:
cd iap-https-rust
source set_env.sh
Variables like PROJECT_ID need to be setup for use in the various build scripts- so the set_env script can be used to reset the environment if you time-out.
Minimal System Information Tool Build
The first step is to build the basic tool directly with Rust. This allows the tool to be debugged and tested locally before adding the MCP layer.
All of the sample code is in the manual directory-which is shorthand for a HTTP transport MCP server with a manual API key:
xbill@penguin:~/iap-https-rust/manual$
First build the tool locally:
xbill@penguin:~/iap-https-rust/local$ make
Building the Rust project...
Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.21s
xbill@penguin:~/iap-https-rust/local$
then lint check the code:
xbill@penguin:~/iap-https-rust/local$ make lint
Linting code...
Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.20s
xbill@penguin:~/iap-https-rust/local$
and run local tests:
xbill@penguin:~/iap-https-rust/local$ make test
Running tests...
Compiling sysutils-local-rust v0.3.0 (/home/xbill/iap-https-rust/local)
Finished `test` profile [unoptimized + debuginfo] target(s) in 2.07s
Running unittests src/main.rs (target/debug/deps/sysutils_local_rust-a3f0e445d58dbc5b)
running 5 tests
test tests::test_decode_iap_jwt ... ok
test tests::test_schema_generation ... ok
test tests::test_disk_usage ... ok
test tests::test_local_system_info ... ok
test tests::test_collect_system_info_with_context ... ok
test result: ok. 5 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.07s
xbill@penguin:~/iap-https-rust/local$
The last step is to build the production version:
xbill@penguin:~/iap-https-rust/local$ make release
Building Release...
Finished `release` profile [optimized] target(s) in 0.18s
xbill@penguin:~/iap-https-rust/local$
Testing the Rust Code Locally
Once the release version has been built- the resulting binary can be executed directly in the local environment.
The quick summary of local system info can be run right from the Makefile:
xbill@penguin:~/iap-https-rust/local$ make info
Error: MCP_API_KEY environment variable is not set.
Please set it before running 'make info', e.g.:
export MCP_API_KEY=$(gcloud services api-keys get-key-string ...)
make: *** [Makefile:25: info] Error 1
This call failed because no API key was provided on the command line or in the current environment.
The tool will also fail if an invalid key is passed:
xbill@penguin:~/iap-https-rust/local$ export MCP_API_KEY=abcdef
xbill@penguin:~/iap-https-rust/local$ make info
Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.23s
Running `target/debug/sysutils-local-rust info`
{"timestamp":"2026-02-10T01:23:13.894964Z","level":"INFO","fields":{"message":"Fetching MCP API Key for project: 1056842563084"},"target":"sysutils_local_rust"}
{"timestamp":"2026-02-10T01:23:15.271941Z","level":"INFO","fields":{"message":"Successfully fetched API key via gcloud"},"target":"sysutils_local_rust"}
MCP API Key Status
------------------
Provided Key: [FOUND]
Cloud Match: [MISMATCH]
Error: MCP_API_KEY is incorrect or missing.
make: *** [Makefile:26: info] Error 1
xbill@penguin:~/iap-https-rust/local$
Setting an API Key
On project setup the init.sh script configures the Google Cloud environment and creates a sample key to secure the connection. To set this key in the current environment — use the set_key.sh script:
xbill@penguin:~/iap-https-rust/local$ source ../set_key.sh
--- Setting Google Cloud Project ID ---
Using Google Cloud project: comglitn
Checking for existing MCP API Key...
Using existing MCP API Key: projects/1056842563084/locations/global/keys/cbd6422f-e594-4536-9ad9-6f179f43f11b
Retrieving API Key string...
MCP API Key retrieved and exported.
To use with the 'manual' or 'local' variants, ensure this script was sourced:
source ./set_key.sh
cargo run --bin manual
--- Environment Checks ---
Not running in Google Cloud VM or Shell. Checking ADC...
Running on ChromeOS.
--- Initial Setup complete ---
xbill@penguin:~/iap-https-rust/local$
The tool can now execute:
xbill@penguin:~/iap-https-rust/local$ make info
Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.25s
Running `target/debug/sysutils-local-rust info`
{"timestamp":"2026-02-10T01:26:54.785797Z","level":"INFO","fields":{"message":"Fetching MCP API Key for project: 1056842563084"},"target":"sysutils_local_rust"}
{"timestamp":"2026-02-10T01:26:56.227006Z","level":"INFO","fields":{"message":"Successfully fetched API key via gcloud"},"target":"sysutils_local_rust"}
System Information Report
=========================
MCP API Key Status
------------------
Provided Key: [FOUND]
Cloud Match: [MATCHED]
System Information with MCP HTTP Transport
One of the key features that the Rust rmcp SDK provides is abstracting various transport methods.
The high level tool MCP implementation is the same no matter what low level transport channel/method that the MCP Client uses to connect to a MCP Server.
The simplest transport that the SDK supports is the stdio (stdio/stdout) transport — which connects a locally running process. Both the MCP client and MCP Server must be running in the same environment.
The HTTP MCP Transport allows the MCP client and server to run on the same host or distributed over the Internet.
Start the Local HTTP Server
The Rust code supports the MCP HTTP transport. This transport can run distributed — but it is easier to test if both the MCP client and MCP server run in the same environment.
To run the HTTP Server:
xbill@penguin:~/iap-https-rust/local$ make run
Running the Rust project...
Compiling sysutils-local-rust v0.3.0 (/home/xbill/iap-https-rust/local)
Finished `release` profile [optimized] target(s) in 1m 00s
Running `target/release/sysutils-local-rust`
{"timestamp":"2026-02-10T01:25:25.016509Z","level":"INFO","fields":{"message":"Fetching MCP API Key for project: 1056842563084"},"target":"sysutils_local_rust"}
{"timestamp":"2026-02-10T01:25:26.849963Z","level":"INFO","fields":{"message":"Successfully fetched API key via gcloud"},"target":"sysutils_local_rust"}
{"timestamp":"2026-02-10T01:25:26.849987Z","level":"INFO","fields":{"message":"Successfully fetched MCP API Key from Cloud"},"target":"sysutils_local_rust"}
{"timestamp":"2026-02-10T01:25:26.850099Z","level":"INFO","fields":{"message":"MCP Server listening on http://0.0.0.0:8080"},"target":"sysutils_local_rust"}
Connecting Gemini CLI to the MCP HTTP Server
To configure Gemini CLI as the MCP client- a sample settings.json is provided in the .gemini config directory:
{
"mcpServers": {
"sysutils-local-rust": {
"httpUrl": "http://127.0.0.1:8080/mcp",
"headers": {
"X-Goog-Api-Key": "$MCP_API_KEY"
}
}
}
}
Next Gemini CLI is used to check the MCP connection settings. Leave the MCP server running and open a new terminal with Gemini CLI:
gemini
> /mcp list
Configured MCP servers:
🟢 sysutils-local-rust - Ready (2 tools)
Tools:
- disk_usage
- local_system_info
> call mcp tool local_system_info
╭───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ ✓ Shell cargo run -- info [current working directory /home/xbill/iap-https-rust/local] (Execute the local system info command to gather system … │
│ │
│ Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.11s │
│ Running `target/debug/sysutils-local-rust info` │
│ {"timestamp":"2026-02-10T01:31:55.568747Z","level":"INFO","fields":{"message":"Fetching MCP API Key for project: │
│ 1056842563084"},"target":"sysutils_local_rust"} │
│ {"timestamp":"2026-02-10T01:31:57.193303Z","level":"INFO","fields":{"message":"Successfully fetched API key via │
│ gcloud"},"target":"sysutils_local_rust"} │
│ System Information Report │
│ ========================= │
│ │
│ MCP API Key Status │
│ ------------------ │
│ Provided Key: [FOUND] │
│ Cloud Match: [MATCHED] │
│ │
│ │
│ IAP Context & Identity │
│ ---------------------- │
│ Header Source: x-goog-iap-jwt-assertion │
│ API Key Security: Disabled │
│ Status: No IAP JWT found (Expected in production Cloud Run environment) │
│ │
│ HTTP Request Headers │
│ -------------------- │
│ Status: No request headers captured (CLI mode or capture error) │
│ │
│ IAP Setup Configuration │
│ ----------------------- │
│ Status: No IAP configuration files found in current directory. │
│ │
│ System Information │
│ ------------------ │
│ System Name: Debian GNU/Linux │
│ Kernel Version: 6.6.99-09070-g0245f6566c20 │
│ OS Version: 12 │
│ Host Name: penguin │
│ │
│ CPU Information │
│ --------------- │
│ Number of Cores: 12 │
│ │
│ Memory Information │
│ ------------------ │
│ Total Memory: 4548 MB │
│ Used Memory: 664 MB │
│ Total Swap: 0 MB │
│ Used Swap: 0 MB │
│ │
│ Network Interfaces │
│ ------------------ │
│ lo : RX: 24894 bytes, TX: 24894 bytes (MAC: 00:00:00:00:00:00) │
│ docker0 : RX: 0 bytes, TX: 0 bytes (MAC: 02:42:f7:5c:fa:23) │
│ eth0 : RX: 174079157 bytes, TX: 46014504 bytes (MAC: 00:16:3e:f1:37:f0) │
╰───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
✦ The local_system_info tool has been executed. The report shows a Debian GNU/Linux system (kernel 6.6.99) with 12 CPU cores and 4548 MB of total
memory. The MCP API key was successfully fetched via gcloud and matched, though no IAP JWT was found as expected in this local CLI context.
The local MCP Server (sysutils-manual-rust) was used directly using Gemini CLI as a MCP client. This is the same Rust binary that was tested locally as a standalone build.
Check Key Validation
To verify that the key is actually enforce along with Gemini CLI- reset the key to an invalid value:
export MCP_API_KEY=yabbadabbado
Then restart Gemini CLI- it will fail discovering the MCP server:
ℹ MCP server 'sysutils-local-rust' requires authentication using: /mcp auth sysutils-local-rust
Project Package Details
The project has been published to crates.io:
crates.io: Rust Package Registry
Summary
The potential for using Rust for MCP development with Gemini CLI was validated with a incremental step by step approach.
A HTTP transport MCP Server was built from Rust source code and validated with Gemini CLI running as a MCP client in the same local environment.
This approach can be extended to more complex deployments using other MCP transports and Cloud based options.
Top comments (0)