actionmcp 0.109.0 → 0.110.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dbc03b1ba75f2efaf3c94ff2e664d3ca4e21013e8c55651f1fccff0b8c4e889b
-  data.tar.gz: 1576d864115954653182d05080352a28b7be2a11c8fb376f0e426503a320eb7f
+  metadata.gz: b49e1bd20853c60ec17b35b3ba822a275b8258800ce615707dcf85ecaa606dc8
+  data.tar.gz: c1abbbe666dbea818abde461aaae5d65f867700fa96e6d5c8011b12b10be1fcd
 SHA512:
-  metadata.gz: da5bcfd15ecc9e76b4ac6c557a84a95cf91090520ec7d11fb6c3652168c80cc1820660a8311b8b173db8bd4a1773a26cd53e83b2bae4fb6874f0b79aff489482
-  data.tar.gz: 28235fee76f77b9a7a87cca20a149231d31649a980e2d19480fde5f38543d0aa7ca61d16e7d97d89a83de9d849dda6c9e323e03cbc73dacca68572a7ba2dbaf5
+  metadata.gz: 984a0a14b69ed4684ee7054db880320711c18613d4f5242922ac6eeb6946fb4c21954831c4ac935796f234f3abf8e691bc24c8ab219910fce8f9dd7a77600828
+  data.tar.gz: 8356febeb0097488d56a50e42160cf09c5e9be1e9952bf170fefb6f56e991079efc183bbca2e2080d2d3d9406c21a57e9211888eee405171bc4730903904559e

data/README.md

@@ -315,7 +315,7 @@ class BatchIndexTool < ApplicationMCPTool
 end
 ```
 
-Call it as a task from a client by adding `_meta.task` (creates a Task record and runs the tool via `ToolExecutionJob`):
+Call it as a task from a client by adding top-level `task` params (creates a Task record and runs the tool via `ToolExecutionJob`):
 
 ```json
 {
@@ -325,12 +325,27 @@ Call it as a task from a client by adding `_meta.task` (creates a Task record an
   "params": {
     "name": "batch_index",
     "arguments": { "items": ["a", "b", "c"] },
-    "_meta": { "task": { "ttl": 120000, "pollInterval": 2000 } }
+    "task": { "ttl": 120000 }
   }
 }
 ```
 
-Poll task status with `tasks/get` or fetch the result when finished with `tasks/result`. Use `tasks/cancel` to stop non-terminal tasks. `tasks/list` returns tasks in recent-first order and always paginates (default 50 per page, or `pagination_page_size` if configured). The response includes an opaque `nextCursor` when more results are available — treat cursors as opaque tokens.
+Poll task status with `tasks/get` or fetch the result with `tasks/result`.
+By default, `tasks/result` uses spec-aligned blocking HTTP: if the task is still working, the request waits until the task reaches `completed`, `failed`, `cancelled`, or `input_required`, then returns one JSON response. Configure the wait bounds for your Rails app:
+
+```ruby
+config.action_mcp.tasks_result_strategy = :blocking_http
+config.action_mcp.tasks_result_timeout = 30.seconds
+config.action_mcp.tasks_result_poll_interval = 0.25.seconds
+```
+
+Rails apps that cannot hold request workers open can opt into `:polling_only`, where clients must poll `tasks/get` until terminal or `input_required` before calling `tasks/result`. This is a deliberate MCP spec deviation:
+
+```ruby
+config.action_mcp.tasks_result_strategy = :polling_only
+```
+
+Use `tasks/cancel` to stop non-terminal tasks. `tasks/list` returns tasks in recent-first order and always paginates (default 50 per page, or `pagination_page_size` if configured). The response includes an opaque `nextCursor` when more results are available; treat cursors as opaque tokens.
 
 ### ActionMCP::ResourceTemplate
 
@@ -1282,6 +1297,21 @@ For comprehensive client documentation, including examples, session management,
 - **Implement proper authorization** in your tools and prompts
 - **Validate all inputs** using property definitions and Rails validations
 - **Use consent management** for sensitive operations
+- **Protect against DNS rebinding**: ActionMCP validates the `Origin` header on every request. If `Origin` is present and its host doesn't match the server's own host, the server returns HTTP 403 with a JSON-RPC error body (no `id`), as required by the MCP spec. Non-browser clients (Claude Desktop, CLI tools) don't send `Origin` and are unaffected. To allow additional trusted origins, configure `allowed_origins`:
+
+  ```ruby
+  # config/initializers/action_mcp.rb
+  ActionMCP.configure do |config|
+    config.allowed_origins = ["app.example.com", "api.example.com"]
+  end
+  ```
+
+  For defence-in-depth, also configure Rails' `ActionDispatch::HostAuthorization` to restrict which `Host` headers are accepted (a separate check against host-header injection):
+
+  ```ruby
+  # config/environments/production.rb
+  config.hosts = ["api.example.com"]
+  ```
 
 ### Performance
 

data/app/controllers/action_mcp/application_controller.rb

@@ -11,6 +11,9 @@ module ActionMCP
     include JSONRPC_Rails::ControllerHelpers
     include ActionController::Instrumentation
 
+    # Origin validation is enforced by ActionMCP::Middleware::OriginValidation
+    # (see engine.rb) so invalid requests are rejected before routing.
+
     # Provides the ActionMCP::Session for the current request.
     # Handles finding existing sessions via header/param or initializing a new one.
     # Specific controllers/handlers might need to enforce session ID presence based on context.

data/app/jobs/action_mcp/tool_execution_job.rb

@@ -53,6 +53,7 @@ module ActionMCP
       session = task.session
       unless session
         task.update(status_message: "Session not found")
+        task.result_payload = { code: -32_603, message: "Session not found" }
         task.mark_failed!
         return nil
       end
@@ -64,6 +65,10 @@ module ActionMCP
       tool_class = session.registered_tools.find { |t| t.tool_name == tool_name }
       unless tool_class
         @task.update(status_message: "Tool '#{tool_name}' not found")
+        @task.result_payload = {
+          code: -32_601,
+          message: "Tool '#{tool_name}' not found"
+        }
         @task.mark_failed!
         return nil
       end
@@ -101,12 +106,13 @@ module ActionMCP
     def update_task_result(task, result)
       return if task.terminal? # Guard against double-complete
 
-      if result.is_error
-        task.result_payload = result.to_h
+      payload = result.to_h
+      if result.is_error || payload[:isError] || payload["isError"]
+        task.result_payload = payload
         task.status_message = result.respond_to?(:error_message) ? result.error_message : "Tool returned error"
         task.mark_failed!
       else
-        task.result_payload = result.to_h
+        task.result_payload = payload
         task.record_step!(:completed)
         task.complete!
       end
@@ -123,6 +129,10 @@ module ActionMCP
 
       task.update(
         status_message: "Job failed: #{error.message}",
+        result_payload: {
+          code: -32_603,
+          message: "Job failed: #{error.message}"
+        },
         continuation_state: {
           step: :failed,
           error: { class: error.class.name, message: error.message },

data/app/models/action_mcp/session/task.rb

@@ -52,6 +52,8 @@ module ActionMCP
     #   input_required -> completed | failed | cancelled
     #
     class Task < ApplicationRecord
+      RELATED_TASK_META_KEY = "io.modelcontextprotocol/related-task"
+
       self.table_name = "action_mcp_session_tasks"
 
       attribute :id, :string, default: -> { SecureRandom.uuid_v7 }
@@ -139,6 +141,10 @@ module ActionMCP
         status.in?(%w[completed failed cancelled])
       end
 
+      def result_ready?
+        terminal? || input_required?
+      end
+
       # Check if task is in a non-terminal state
       def non_terminal?
         !terminal?
@@ -148,32 +154,73 @@ module ActionMCP
       # @return [Hash] Task data for JSON-RPC responses
       def to_task_data
         data = {
-          id: id,
+          taskId: id,
           status: status,
-          lastUpdatedAt: last_updated_at.iso8601(3)
+          createdAt: created_at.iso8601(3),
+          lastUpdatedAt: last_updated_at.iso8601(3),
+          ttl: ttl
         }
         data[:statusMessage] = status_message if status_message.present?
-
-        # Add progress if available (ActiveJob::Continuable support)
-        if progress_percent.present? || progress_message.present?
-          data[:progress] = {}.tap do |progress|
-            progress[:percent] = progress_percent if progress_percent.present?
-            progress[:message] = progress_message if progress_message.present?
-          end
-        end
+        data[:pollInterval] = poll_interval if poll_interval.present?
 
         data
       end
 
-      # Convert to full task result format
-      # @return [Hash] Complete task with result for tasks/result response
-      def to_task_result
+      def to_create_task_result
         {
           task: to_task_data,
-          result: result_payload
+          _meta: related_task_meta
         }
       end
 
+      # Convert to the original request's result payload for tasks/result.
+      # The result carries related-task metadata because its structure does not
+      # otherwise include the task identifier.
+      # @return [Hash] Result payload for tasks/result response
+      def to_task_result
+        payload = result_payload.is_a?(Hash) ? result_payload.deep_dup : {}
+        meta = payload.delete("_meta") || payload.delete(:_meta) || {}
+        meta = meta.to_h if meta.respond_to?(:to_h)
+        meta = {} unless meta.is_a?(Hash)
+
+        payload[:_meta] = meta.deep_merge(related_task_meta)
+        payload
+      end
+
+      def to_task_error
+        return unless result_payload.is_a?(Hash)
+
+        code = result_payload["code"] || result_payload[:code]
+        message = result_payload["message"] || result_payload[:message]
+        return unless code && message
+        return if result_payload.key?("content") || result_payload.key?(:content)
+        return if result_payload.key?("isError") || result_payload.key?(:isError)
+
+        error = { code: code, message: message }
+        data = result_payload["data"] || result_payload[:data]
+        error[:data] = data unless data.nil?
+        error
+      end
+
+      def related_task_meta
+        {
+          RELATED_TASK_META_KEY => {
+            "taskId" => id
+          }
+        }
+      end
+
+      def request_meta_with_related_task(meta = nil)
+        existing_meta =
+          if meta.respond_to?(:to_h)
+            meta.to_h.deep_dup
+          else
+            {}
+          end
+
+        existing_meta.deep_merge(related_task_meta)
+      end
+
       # Broadcast status change notification to the session
       # @param transition [StateMachines::Transition] The state transition that occurred
       def broadcast_status_change(transition = nil)

data/app/models/action_mcp/session.rb

@@ -114,7 +114,7 @@ module ActionMCP
       payload = {
         protocolVersion: protocol_version || ActionMCP::DEFAULT_PROTOCOL_VERSION,
         serverInfo: server_info,
-        capabilities: server_capabilities
+        capabilities: capabilities_for_protocol(server_capabilities)
       }
       # Add instructions at top level if configured
       instructions = ActionMCP.configuration.instructions
@@ -130,6 +130,23 @@ module ActionMCP
       super(parsed_json_attribute(value))
     end
 
+    def capabilities_for_protocol(capabilities)
+      parsed = parsed_json_attribute(capabilities)
+      filtered =
+        if parsed.respond_to?(:deep_dup)
+          parsed.deep_dup
+        elsif parsed
+          parsed.dup
+        else
+          {}
+        end
+      return filtered if protocol_version == "2025-11-25"
+
+      filtered.delete("tasks")
+      filtered.delete(:tasks)
+      filtered
+    end
+
     def initialize!
       # update the session initialized to true
       return false if initialized?

data/lib/action_mcp/apps.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module ActionMCP
+  # Constants for the MCP Apps extension (ext-apps, SEP-1865, draft 2026-01-26).
+  # See: https://github.com/modelcontextprotocol/ext-apps/blob/main/specification/draft/apps.mdx
+  module Apps
+    EXTENSION_KEY = "io.modelcontextprotocol/ui"
+    VISIBILITY_VALUES = %w[model app].freeze
+    URI_SCHEME = %r{\Aui://\S+\z}
+    MIME_TYPE = MimeTypes::APP_HTML
+
+    # `_meta.ui.csp` directive keys per ext-apps spec.
+    CSP_KEYS = %i[connectDomains resourceDomains frameDomains baseUriDomains].freeze
+
+    # Accepts http/https origins only. Wildcard subdomain (`https://*.example.com`),
+    # ports, and paths are allowed. WebSocket origins (ws://, wss://) are not
+    # accepted by ActionMCP — declare them via `ws://` over fetch if you must.
+    ORIGIN_PATTERN = %r{\Ahttps?://[^\s"'<>]+\z}
+  end
+end

data/lib/action_mcp/capability.rb

@@ -32,6 +32,11 @@ module ActionMCP
 
     delegate :session_data, to: :session, allow_nil: true
 
+    # Returns true when the connected client advertises the MCP Apps UI extension.
+    def client_supports_ui?
+      !session&.client_capabilities&.dig("extensions", Apps::EXTENSION_KEY).nil?
+    end
+
     # use _capability_name or default_capability_name
     def self.capability_name
       _capability_name || default_capability_name

data/lib/action_mcp/configuration.rb

@@ -45,12 +45,17 @@ module ActionMCP
                   :tasks_enabled,
                   :tasks_list_enabled,
                   :tasks_cancel_enabled,
+                  :tasks_result_strategy,
+                  :tasks_result_timeout,
+                  :tasks_result_poll_interval,
                   # --- Schema Validation Options ---
                   :validate_structured_content,
                   # --- Allowed identity keys for gateway ---
                   :allowed_identity_keys,
                   # --- JSON-RPC Path ---
-                  :base_path
+                  :base_path,
+                  # --- Origin validation (DNS rebinding protection) ---
+                  :allowed_origins
 
     def initialize
       @logging_enabled = false
@@ -70,6 +75,9 @@ module ActionMCP
       @tasks_enabled = false
       @tasks_list_enabled = true
       @tasks_cancel_enabled = true
+      @tasks_result_strategy = :blocking_http
+      @tasks_result_timeout = 30.seconds
+      @tasks_result_poll_interval = 0.25
 
       # Pagination - nil means off. Set a number to enable with that page size.
       # Most MCP clients (including Claude Code) don't follow nextCursor yet.
@@ -96,6 +104,9 @@ module ActionMCP
 
       # Path for JSON-RPC endpoint
       @base_path = "/"
+
+      # Allowed origins for DNS rebinding protection (nil = derive from request.host)
+      @allowed_origins = nil
     end
 
     def name
@@ -147,6 +158,23 @@ module ActionMCP
       end
     end
 
+    def tasks_result_strategy=(value)
+      strategy = value.to_sym
+      unless %i[blocking_http polling_only].include?(strategy)
+        raise ArgumentError, "tasks_result_strategy must be :blocking_http or :polling_only, got: #{value.inspect}"
+      end
+
+      @tasks_result_strategy = strategy
+    end
+
+    def tasks_result_timeout=(value)
+      @tasks_result_timeout = normalize_positive_duration(value, "tasks_result_timeout")
+    end
+
+    def tasks_result_poll_interval=(value)
+      @tasks_result_poll_interval = normalize_positive_duration(value, "tasks_result_poll_interval")
+    end
+
     def gateway_class
       # Resolve gateway class lazily to account for Zeitwerk autoloading
       # This allows ApplicationGateway to be loaded from app/mcp even if the
@@ -402,6 +430,17 @@ module ActionMCP
       if config.key?("pagination_page_size")
         self.pagination_page_size = config["pagination_page_size"]
       end
+
+      self.tasks_result_strategy = config["tasks_result_strategy"] if config.key?("tasks_result_strategy")
+      self.tasks_result_timeout = config["tasks_result_timeout"] if config.key?("tasks_result_timeout")
+      if config.key?("tasks_result_poll_interval")
+        self.tasks_result_poll_interval = config["tasks_result_poll_interval"]
+      end
+
+      # Extract allowed origins for DNS rebinding protection
+      if config["allowed_origins"]
+        @allowed_origins = Array(config["allowed_origins"])
+      end
     end
 
     def should_include_all?(type)
@@ -424,6 +463,13 @@ module ActionMCP
       Array(instructions).map(&:to_s)
     end
 
+    def normalize_positive_duration(value, setting_name)
+      duration = value.respond_to?(:to_f) ? value.to_f : value.to_s.to_f
+      raise ArgumentError, "#{setting_name} must be positive, got: #{value.inspect}" unless duration.positive?
+
+      duration
+    end
+
     def ensure_mcp_components_loaded
       # Only load if we haven't loaded yet - but in development, always reload
       return if @mcp_components_loaded && !Rails.env.development?

data/lib/action_mcp/engine.rb

@@ -46,6 +46,9 @@ module ActionMCP
     end
 
     initializer "action_mcp.insert_middleware" do |app|
+      config.middleware.use ActionDispatch::HostAuthorization, app.config.hosts if app.config.hosts.present?
+      config.middleware.use ActionMCP::Middleware::OriginValidation,
+                            [ ActionMCP.configuration.base_path ].compact.freeze
       config.middleware.use JSONRPC_Rails::Middleware::Validator, [ ActionMCP.configuration.base_path ].compact.freeze
     end
 

data/lib/action_mcp/json_rpc_handler_base.rb

@@ -40,7 +40,6 @@ module ActionMCP
       TASKS_RESULT = "tasks/result"
       TASKS_LIST = "tasks/list"
       TASKS_CANCEL = "tasks/cancel"
-      TASKS_RESUME = "tasks/resume"
 
       # Task notifications
       NOTIFICATIONS_TASKS_STATUS = "notifications/tasks/status"

data/lib/action_mcp/middleware/origin_validation.rb

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+require "uri"
+
+module ActionMCP
+  module Middleware
+    # Rack middleware that validates the Origin header on MCP requests to
+    # prevent DNS rebinding attacks per the MCP Streamable HTTP security
+    # section. Non-browser clients (Claude Desktop, curl) never send Origin
+    # and are always allowed. Present Origins must match either
+    # `ActionMCP.configuration.allowed_origins` or the server's own host.
+    #
+    # Runs as middleware — same layer as `ActionDispatch::HostAuthorization` —
+    # so invalid requests are rejected before they reach routing.
+    class OriginValidation
+      INVALID_REQUEST_CODE = -32_600
+
+      # @param app [#call]
+      # @param paths [Array<String, Regexp, Proc>, nil] paths to guard.
+      #   Nil or empty means every request is guarded.
+      def initialize(app, paths = nil)
+        @app = app
+        @paths = Array(paths)
+      end
+
+      def call(env)
+        return @app.call(env) unless guard_path?(env["PATH_INFO"])
+
+        request = ActionDispatch::Request.new(env)
+        origin = request.origin
+        return @app.call(env) if origin.nil? || origin.empty?
+        return @app.call(env) if origin_allowed?(origin, request)
+
+        forbidden_response
+      end
+
+      private
+
+      def guard_path?(path)
+        return true if @paths.empty?
+
+        @paths.any? do |matcher|
+          case matcher
+          when String then path == matcher
+          when Regexp then matcher.match?(path)
+          when Proc   then matcher.call(path)
+          else             false
+          end
+        end
+      end
+
+      def origin_allowed?(origin, request)
+        return false if origin == "null"
+
+        uri = URI.parse(origin)
+        return false if uri.host.nil? || uri.host.empty?
+
+        origin_host = strip_brackets(uri.host)
+        allowed = ActionMCP.configuration.allowed_origins
+
+        if allowed && !allowed.empty?
+          allowed.any? { |pattern| match?(pattern, origin_host) }
+        else
+          # ActionDispatch::Request#host strips the port and handles IPv6 brackets
+          origin_host.casecmp?(strip_brackets(request.host))
+        end
+      rescue URI::InvalidURIError
+        false
+      end
+
+      def match?(pattern, host)
+        case pattern
+        when Regexp then pattern.match?(host)
+        when String then host.casecmp?(strip_brackets(pattern))
+        else             false
+        end
+      end
+
+      def strip_brackets(host)
+        host.to_s.delete_prefix("[").delete_suffix("]")
+      end
+
+      def forbidden_response
+        body = {
+          jsonrpc: "2.0",
+          id: nil,
+          error: { code: INVALID_REQUEST_CODE, message: "Forbidden: invalid Origin header" }
+        }.to_json
+
+        [ 403, { "Content-Type" => "application/json" }, [ body ] ]
+      end
+    end
+  end
+end

data/lib/action_mcp/mime_types.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module ActionMCP
+  # Engine-owned MIME type registry. Keeps protocol-level MIME values out of
+  # Rails' global `Mime::Type` registry while still letting the DSL accept
+  # short symbols. For symbols not in our table, falls back to Rails' global
+  # registry so apps can still use their own registered formats.
+  module MimeTypes
+    APP_HTML = "text/html;profile=mcp-app" # MCP Apps (ext-apps, SEP-1865)
+
+    TYPES = {
+      mcp_app: APP_HTML
+    }.freeze
+
+    # Resolve a user-supplied MIME value to a wire string.
+    #
+    # @param value [Symbol, String, Mime::Type]
+    # @return [String]
+    def self.resolve(value)
+      case value
+      when Symbol
+        TYPES[value] || Mime[value]&.to_s || raise(KeyError, "unknown MIME type: #{value.inspect}")
+      when Mime::Type
+        value.to_s
+      else
+        value.to_s
+      end
+    end
+  end
+end

data/lib/action_mcp/resource_template.rb

@@ -20,7 +20,7 @@ module ActionMCP
 
     class << self
       attr_reader :registered_templates, :description, :uri_template,
-                  :mime_type, :template_name, :parameters, :_meta
+                  :mime_type, :template_name, :parameters, :_meta, :ui_meta
 
       def abstract?
         @abstract ||= false
@@ -94,7 +94,9 @@ module ActionMCP
       end
 
       def mime_type(value = nil)
-        value ? @mime_type = value : @mime_type
+        return @mime_type unless value
+
+        @mime_type = ActionMCP::MimeTypes.resolve(value)
       end
 
       # Sets or retrieves the _meta field
@@ -109,6 +111,38 @@ module ActionMCP
         end
       end
 
+      # Declares MCP Apps UI metadata for this resource template. Stored verbatim
+      # (camelCase keys per the ext-apps spec). Used both for the `resources/list`
+      # entry's `_meta.ui` and the default content `_meta.ui` produced by
+      # `render_ui`.
+      #
+      # @example
+      #   ui csp: { connectDomains: %w[api.openweathermap.org] }, prefersBorder: true
+      def ui(**data)
+        raise ArgumentError, "ui metadata must not be empty" if data.empty?
+
+        validate_ui_csp_origins!(data[:csp])
+        @ui_meta ||= {}
+        @ui_meta = @ui_meta.deep_merge(data)
+      end
+
+      private
+
+      def validate_ui_csp_origins!(csp)
+        return unless csp.is_a?(Hash)
+
+        Apps::CSP_KEYS.each do |key|
+          Array(csp[key]).each do |origin|
+            next if origin.is_a?(String) && Apps::ORIGIN_PATTERN.match?(origin)
+
+            raise ArgumentError,
+                  "ui csp #{key} entries must be http(s):// origins, got: #{origin.inspect}"
+          end
+        end
+      end
+
+      public
+
       def to_h
         name_value = defined?(@template_name) ? @template_name : name.demodulize.underscore.gsub(/_template$/, "")
 
@@ -298,6 +332,31 @@ module ActionMCP
       end
     end
 
+    # Build a `Content::Resource` for an MCP Apps UI view. Accepts either a raw
+    # `:text` string or a Rails `:template` path; the class-level `ui` macro
+    # supplies the content-level `_meta.ui` automatically.
+    #
+    # @example
+    #   render_ui(template: "mcp/ui/weather_dashboard")
+    def render_ui(text: nil, template: nil, layout: false, locals: {})
+      resolved =
+        if text
+          text
+        elsif template
+          ApplicationController.render(template: template, layout: layout, locals: locals)
+        else
+          raise ArgumentError, "render_ui requires :text or :template"
+        end
+
+      ui = self.class.ui_meta
+      ActionMCP::Content::Resource.new(
+        self.class.uri_template,
+        self.class.mime_type || ActionMCP::Apps::MIME_TYPE,
+        text: resolved,
+        meta: (ui&.any? ? { ui: ui } : nil)
+      )
+    end
+
     # Initialize with attribute values
     def initialize(attributes = {})
       super(attributes)

data/lib/action_mcp/server/base_session.rb

@@ -118,7 +118,7 @@ module ActionMCP
         payload = {
           protocolVersion: ActionMCP::LATEST_VERSION,
           serverInfo: server_info,
-          capabilities: server_capabilities
+          capabilities: capabilities_for_protocol(server_capabilities)
         }
         # Add instructions at top level if configured
         instructions = ActionMCP.configuration.instructions
@@ -280,6 +280,22 @@ module ActionMCP
 
       private
 
+      def capabilities_for_protocol(capabilities)
+        filtered =
+          if capabilities.respond_to?(:deep_dup)
+            capabilities.deep_dup
+          elsif capabilities
+            capabilities.dup
+          else
+            {}
+          end
+        return filtered if protocol_version == "2025-11-25"
+
+        filtered.delete("tasks")
+        filtered.delete(:tasks)
+        filtered
+      end
+
       def normalize_name(class_or_name, type)
         case class_or_name
         when String

data/lib/action_mcp/server/handlers/task_handler.rb

@@ -12,6 +12,11 @@ module ActionMCP
           params ||= {}
 
           with_error_handling(id) do
+            unless transport.session.protocol_version == "2025-11-25"
+              raise JSON_RPC::JsonRpcError.new(:method_not_found,
+                                               message: "Tasks are only available in MCP 2025-11-25")
+            end
+
             handler = task_method_handlers[rpc_method]
             if handler
               send(handler, id, params)
@@ -29,8 +34,7 @@ module ActionMCP
             JsonRpcHandlerBase::Methods::TASKS_GET => :handle_tasks_get,
             JsonRpcHandlerBase::Methods::TASKS_RESULT => :handle_tasks_result,
             JsonRpcHandlerBase::Methods::TASKS_LIST => :handle_tasks_list,
-            JsonRpcHandlerBase::Methods::TASKS_CANCEL => :handle_tasks_cancel,
-            JsonRpcHandlerBase::Methods::TASKS_RESUME => :handle_tasks_resume
+            JsonRpcHandlerBase::Methods::TASKS_CANCEL => :handle_tasks_cancel
           }
         end
 
@@ -63,15 +67,6 @@ module ActionMCP
           transport.send_tasks_cancel(id, task_id)
         end
 
-        def handle_tasks_resume(id, params)
-          task_id = validate_required_param(params, "taskId", "Task ID is required")
-          input = params["input"]
-          task = find_task_or_error(id, task_id)
-          return unless task
-
-          transport.send_tasks_resume(id, task_id, input)
-        end
-
         def find_task_or_error(id, task_id)
           task = transport.session.tasks.find_by(id: task_id)
           unless task

data/lib/action_mcp/server/handlers/tool_handler.rb

@@ -37,7 +37,8 @@ module ActionMCP
           name = validate_required_param(params, "name", "Tool name is required")
           arguments = extract_arguments(params)
           _meta = params["_meta"] || params[:_meta] || {}
-          transport.send_tools_call(id, name, arguments, _meta)
+          task_params = params.key?("task") ? params["task"] : params[:task]
+          transport.send_tools_call(id, name, arguments, _meta, task_params)
         end
 
         def extract_arguments(params)

data/lib/action_mcp/server/tasks.rb

@@ -5,7 +5,7 @@ module ActionMCP
     # Tasks module for MCP 2025-11-25 specification
     # Provides methods for handling task-related requests:
     # - tasks/get: Get task status and data
-    # - tasks/result: Get task result (blocking until terminal state)
+    # - tasks/result: Get task result (blocking until terminal or input_required state)
     # - tasks/list: List tasks for the session
     # - tasks/cancel: Cancel a task
     module Tasks
@@ -16,25 +16,47 @@ module ActionMCP
         task = find_task(task_id)
         return unless task
 
-        send_jsonrpc_response(request_id, result: { task: task.to_task_data })
+        send_jsonrpc_response(request_id, result: task.to_task_data)
       end
 
-      # Get task result, blocking until task reaches terminal state
+      # Get task result, blocking until task reaches terminal or input_required state
       # @param request_id [String, Integer] JSON-RPC request ID
       # @param task_id [String] Task ID to get result for
       def send_tasks_result(request_id, task_id)
         task = find_task(task_id)
         return unless task
 
-        # If task is not in terminal state, wait for it
-        # In async execution, client should poll or use SSE for notifications
-        unless task.terminal?
-          send_jsonrpc_error(request_id, :invalid_request,
-                             "Task is not yet complete. Current status: #{task.status}")
-          return
+        unless task.result_ready?
+          case ActionMCP.configuration.tasks_result_strategy
+          when :polling_only
+            send_jsonrpc_error(
+              request_id,
+              :invalid_request,
+              "Task is not ready. Poll tasks/get over HTTP until the task reaches a terminal or input_required status, then retry tasks/result."
+            )
+            return
+          else
+            task = wait_for_result_ready_task(task_id)
+            unless task&.result_ready?
+              send_jsonrpc_response(
+                request_id,
+                error: {
+                  code: -32_000,
+                  message: "Timed out waiting for task '#{task_id}' to reach a terminal or input_required status"
+                }
+              )
+              return
+            end
+          end
         end
 
-        send_jsonrpc_response(request_id, result: task.to_task_result)
+        if (error = task.to_task_error)
+          send_jsonrpc_response(request_id, error: error)
+        else
+          send_jsonrpc_response(request_id, result: task.to_task_result)
+        end
+      rescue ActiveRecord::RecordNotFound
+        send_jsonrpc_error(request_id, :invalid_params, "Task '#{task_id}' not found")
       end
 
       # List tasks for the session with keyset pagination.
@@ -67,33 +89,14 @@ module ActionMCP
           return
         end
 
+        task.status_message = "The task was cancelled by request." if task.status_message.blank?
+        task.result_payload ||= {
+          code: -32_000,
+          message: "Task was cancelled"
+        }
+        task.save! if task.changed?
         task.cancel!
-        send_jsonrpc_response(request_id, result: { task: task.to_task_data })
-      end
-
-      # Resume a task from input_required state
-      # @param request_id [String, Integer] JSON-RPC request ID
-      # @param task_id [String] Task ID to resume
-      # @param input [Object] Input data for the task
-      def send_tasks_resume(request_id, task_id, input)
-        task = find_task(task_id)
-        return unless task
-
-        unless task.input_required?
-          send_jsonrpc_error(request_id, :invalid_params,
-                             "Task is not awaiting input. Current status: #{task.status}")
-          return
-        end
-
-        # Store input in continuation state
-        continuation = task.continuation_state || {}
-        continuation[:input] = input
-        task.update!(continuation_state: continuation)
-
-        # Resume task and re-enqueue job
-        task.resume_from_continuation!
-
-        send_jsonrpc_response(request_id, result: { task: task.to_task_data })
+        send_jsonrpc_response(request_id, result: task.to_task_data)
       end
 
       # Send task status notification
@@ -101,7 +104,7 @@ module ActionMCP
       def send_task_status_notification(task)
         send_jsonrpc_notification(
           JsonRpcHandlerBase::Methods::NOTIFICATIONS_TASKS_STATUS,
-          { task: task.to_task_data }
+          task.to_task_data
         )
       end
 
@@ -140,6 +143,30 @@ module ActionMCP
 
         task
       end
+
+      def wait_for_result_ready_task(task_id)
+        deadline = monotonic_time + ActionMCP.configuration.tasks_result_timeout.to_f
+
+        loop do
+          task = load_task_for_result(task_id)
+          return task if task.nil? || task.result_ready?
+
+          remaining = deadline - monotonic_time
+          return task unless remaining.positive?
+
+          sleep [ ActionMCP.configuration.tasks_result_poll_interval.to_f, remaining ].min
+        end
+      end
+
+      def load_task_for_result(task_id)
+        ActiveRecord::Base.connection_pool.with_connection do
+          session.tasks.find_by(id: task_id)
+        end
+      end
+
+      def monotonic_time
+        Process.clock_gettime(Process::CLOCK_MONOTONIC)
+      end
     end
   end
 end

data/lib/action_mcp/server/tools.rb

@@ -25,7 +25,7 @@ module ActionMCP
         send_jsonrpc_error(request_id, :invalid_params, e.message)
       end
 
-      def send_tools_call(request_id, tool_name, arguments, _meta = {})
+      def send_tools_call(request_id, tool_name, arguments, _meta = {}, task_params = nil)
         # Find tool in session's registry
         tool_class = session.registered_tools.find { |t| t.tool_name == tool_name }
 
@@ -47,13 +47,39 @@ module ActionMCP
           return
         end
 
-        # Check for task-augmented execution (MCP 2025-11-25)
-        task_params = _meta["task"] || _meta[:task]
-        if task_params && tasks_enabled?
+        task_support = tool_task_support(tool_class)
+        task_requested = !task_params.nil?
+
+        if task_requested && !tasks_enabled?
+          send_jsonrpc_error(request_id, :method_not_found,
+                             "Task-augmented execution is not available for this session")
+          return
+        end
+
+        if task_requested
+          unless task_params.respond_to?(:to_h)
+            send_jsonrpc_error(request_id, :invalid_params, "Task parameters must be an object")
+            return
+          end
+
+          task_params = task_params.to_h
+
+          if task_support == :forbidden
+            send_jsonrpc_error(request_id, :method_not_found,
+                               "Tool '#{tool_name}' does not support task-augmented execution")
+            return
+          end
+
           handle_task_augmented_tool_call(request_id, tool_name, arguments, _meta, task_params)
           return
         end
 
+        if !task_requested && task_support == :required
+          send_jsonrpc_error(request_id, :method_not_found,
+                             "Tool '#{tool_name}' requires task-augmented execution")
+          return
+        end
+
         # Standard synchronous execution
         execute_tool_synchronously(request_id, tool_class, tool_name, arguments, _meta)
       end
@@ -114,7 +140,6 @@ module ActionMCP
       def handle_task_augmented_tool_call(request_id, tool_name, arguments, _meta, task_params)
         # Extract task configuration
         ttl = task_params["ttl"] || task_params[:ttl] || 60_000
-        poll_interval = task_params["pollInterval"] || task_params[:pollInterval] || 5_000
 
         # Create task record
         task = session.tasks.create!(
@@ -123,24 +148,39 @@ module ActionMCP
           request_params: {
             name: tool_name,
             arguments: arguments,
+            task: task_params,
             _meta: _meta
           },
-          ttl: ttl,
-          poll_interval: poll_interval
+          ttl: ttl
+        )
+        request_meta = task.request_meta_with_related_task(_meta)
+        task.update!(
+          request_params: {
+            name: tool_name,
+            arguments: arguments,
+            task: task_params,
+            _meta: request_meta
+          }
         )
 
         # Return CreateTaskResult immediately
-        send_jsonrpc_response(request_id, result: { task: task.to_task_data })
+        send_jsonrpc_response(request_id, result: task.to_create_task_result)
 
         # Execute tool asynchronously via ActiveJob
-        ToolExecutionJob.perform_later(task.id, tool_name, arguments, _meta)
+        ToolExecutionJob.perform_later(task.id, tool_name, arguments, request_meta)
       rescue StandardError => e
         Rails.logger.error "Failed to create task: #{e.class} - #{e.message}"
         send_jsonrpc_error(request_id, :internal_error, "Failed to create task")
       end
 
       def tasks_enabled?
-        ActionMCP.configuration.tasks_enabled
+        ActionMCP.configuration.tasks_enabled && session.protocol_version == "2025-11-25"
+      end
+
+      def tool_task_support(tool_class)
+        return :forbidden unless tool_class.respond_to?(:task_support)
+
+        (tool_class.task_support || :forbidden).to_sym
       end
 
       def format_registry_items(registry, protocol_version = nil)

data/lib/action_mcp/tool.rb

@@ -187,6 +187,31 @@ module ActionMCP
         end
       end
 
+      # Declares the UI resource this tool renders. Merges a `ui:` entry into
+      # `_meta` so the tool listing advertises the dashboard.
+      #
+      # @param resource_uri [String] a `ui://` URI
+      # @param visibility [Array<Symbol, String>, nil] subset of `[:model, :app]`
+      def renders_ui(resource_uri, visibility: nil)
+        unless resource_uri.is_a?(String) && Apps::URI_SCHEME.match?(resource_uri)
+          raise ArgumentError, "renders_ui requires a ui:// URI, got: #{resource_uri.inspect}"
+        end
+
+        normalized_visibility =
+          if visibility
+            normalized = Array(visibility).map(&:to_s)
+            invalid = normalized - Apps::VISIBILITY_VALUES
+            if invalid.any?
+              raise ArgumentError,
+                    "renders_ui visibility must be #{Apps::VISIBILITY_VALUES.join('/')}, got: #{visibility.inspect}"
+            end
+            normalized
+          end
+
+        ui_meta = { resourceUri: resource_uri, visibility: normalized_visibility }.compact
+        self._meta = _meta.deep_merge(ui: ui_meta)
+      end
+
       # Marks this tool as requiring consent before execution
       def requires_consent!
         self._requires_consent = true
@@ -397,7 +422,7 @@ module ActionMCP
 
       # Add execution metadata (MCP 2025-11-25)
       # Only include if not default (forbidden) to minimize payload
-      if _task_support && _task_support != :forbidden
+      if _task_support && _task_support != :forbidden && task_metadata_supported?(protocol_version)
         result[:execution] = execution_metadata
       end
 
@@ -407,6 +432,11 @@ module ActionMCP
       result
     end
 
+    def self.task_metadata_supported?(protocol_version)
+      protocol_version.nil? || protocol_version == "2025-11-25"
+    end
+    private_class_method :task_metadata_supported?
+
     # --------------------------------------------------------------------------
     # Instance Methods
     # --------------------------------------------------------------------------

data/lib/action_mcp/version.rb

@@ -2,7 +2,7 @@
 
 require_relative "gem_version"
 module ActionMCP
-  VERSION = "0.109.0"
+  VERSION = "0.110.0"
 
   class << self
     alias version gem_version

data/lib/action_mcp.rb

@@ -41,6 +41,8 @@ module ActionMCP
 
   LATEST_VERSION = SUPPORTED_VERSIONS.first.freeze
   DEFAULT_PROTOCOL_VERSION = "2025-06-18" # Default to previous stable version for backwards compatibility
+
+  MIME_TYPE_APP_HTML = Apps::MIME_TYPE # MCP Apps UI resources (ext-apps, draft 2026-01-26)
   class << self
     # Returns a Rack-compatible application for serving MCP requests
     # @return [#call] A Rack application that can be used with `run ActionMCP.server`

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: actionmcp
 version: !ruby/object:Gem::Version
-  version: 0.109.0
+  version: 0.110.0
 platform: ruby
 authors:
 - Abdelkader Boudih
@@ -160,9 +160,9 @@ files:
 - app/models/concerns/action_mcp/mcp_message_inspect.rb
 - config/routes.rb
 - db/migrate/20250512154359_consolidated_migration.rb
-- db/test.sqlite3
 - exe/actionmcp_cli
 - lib/action_mcp.rb
+- lib/action_mcp/apps.rb
 - lib/action_mcp/base_response.rb
 - lib/action_mcp/callbacks.rb
 - lib/action_mcp/capability.rb
@@ -199,6 +199,8 @@ files:
 - lib/action_mcp/logging/mixin.rb
 - lib/action_mcp/logging/null_logger.rb
 - lib/action_mcp/logging/state.rb
+- lib/action_mcp/middleware/origin_validation.rb
+- lib/action_mcp/mime_types.rb
 - lib/action_mcp/output_schema_builder.rb
 - lib/action_mcp/prompt.rb
 - lib/action_mcp/prompt_response.rb