actionmcp 0.51.0 → 0.52.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 88b1f1dba04f05f96a9cf1c4ab928412400cb0a796d6635277924e57aa91a3c6
-  data.tar.gz: 163a43c7d4e3e247ba6f1084250e9452e9f36ee0e2ba2ee4a1d6fe67ca95f147
+  metadata.gz: 123d51b56f85e45cb622885fb6bfcf6caf6d310292302a6ad4a9886e84c36af2
+  data.tar.gz: 15eb5bd01e1985a4eac9c6d83b463d0f939c02ccd330f72366fa0d08603c6f2b
 SHA512:
-  metadata.gz: fae52dbb988f73cdcc4fa4678b12d352cdb151f1111c753a1210c37169b0b2d04dc53dbeafc092cd9dea6e6e5e2397672a7a1252982425f726f546427c52c327
-  data.tar.gz: 613a305bd349a425d6f7169566b160eeda391870a20b8f997d01b587e558ef50ca005947a5482d24db5c4846a53e136f00301ad9f648f0b0c5d92c7a58b998f6
+  metadata.gz: 724a4dc93cc887ce3dc735fe6a00b375a36012887f2aa081b01a45b314460a297ebd3b17cfa423a55276462cca5736feea816a8691fcc0b6006bfb7a385b0f9b
+  data.tar.gz: 451af9c7919a5e65d80af1f3cc3b36e666148bc4b1351049a7ae33e01fd26daaad13b5d72b6a32476e9709c8b44a0291c2ad304f25d9607c99082bf59d99db02

data/README.md

@@ -380,6 +380,89 @@ This will create `config/mcp.yml` with example configurations for all environmen
 
 > **Note:** Authentication and authorization are not included. You are responsible for securing the endpoint.
 
+## Authentication with Gateway
+
+ActionMCP provides a Gateway system similar to ActionCable's Connection for handling authentication. The Gateway allows you to authenticate users and make them available throughout your MCP components.
+
+### Creating an ApplicationGateway
+
+When you run the install generator, it creates an `ApplicationGateway` class:
+
+```ruby
+# app/mcp/application_gateway.rb
+class ApplicationGateway < ActionMCP::Gateway
+  # Specify what attributes identify a connection
+  identified_by :user
+
+  protected
+
+  def authenticate!
+    token = extract_bearer_token
+    raise ActionMCP::UnauthorizedError, "Missing token" unless token
+
+    payload = ActionMCP::JwtDecoder.decode(token)
+    user = resolve_user(payload)
+    
+    raise ActionMCP::UnauthorizedError, "Unauthorized" unless user
+
+    # Return a hash with all identified_by attributes
+    { user: user }
+  end
+
+  private
+
+  def resolve_user(payload)
+    user_id = payload["user_id"] || payload["sub"]
+    User.find_by(id: user_id) if user_id
+  end
+end
+```
+
+### Using Multiple Identifiers
+
+You can identify connections by multiple attributes:
+
+```ruby
+class ApplicationGateway < ActionMCP::Gateway
+  identified_by :user, :organization
+  
+  protected
+  
+  def authenticate!
+    # ... authentication logic ...
+    
+    { 
+      user: user,
+      organization: user.organization
+    }
+  end
+end
+```
+
+### Accessing Current User in Components
+
+Once authenticated, the current user (and other identifiers) are available in your tools, prompts, and resource templates:
+
+```ruby
+class MyTool < ApplicationMCPTool
+  def perform
+    # Access the authenticated user
+    if current_user
+      render text: "Hello, #{current_user.name}!"
+    else
+      render text: "Hi Stranger! It's been a while "
+    end
+  end
+end
+```
+
+### Current Attributes
+
+ActionMCP uses Rails' CurrentAttributes to store the authenticated context. The `ActionMCP::Current` class provides:
+- `ActionMCP::Current.user` - The authenticated user
+- `ActionMCP::Current.gateway` - The gateway instance
+- Any other attributes you define with `identified_by`
+
 ### 1. Create `mcp.ru`
 
 ```ruby

data/app/controllers/action_mcp/application_controller.rb

@@ -158,11 +158,11 @@ module ActionMCP
         response.headers[MCP_SESSION_ID_HEADER] = session.id
       end
 
-      transport_handler = Server::TransportHandler.new(session)
+      # Use return mode for the transport handler when we need to capture responses
+      transport_handler = Server::TransportHandler.new(session, messaging_mode: :return)
       json_rpc_handler = Server::JsonRpcHandler.new(transport_handler)
 
       result = json_rpc_handler.call(jsonrpc_params)
-
       process_handler_results(result, session, session_initially_missing, is_initialize_request)
     rescue ActionController::Live::ClientDisconnected, IOError => e
       Rails.logger.debug "Unified SSE (POST): Client disconnected during response: #{e.message}"
@@ -182,7 +182,7 @@ module ActionMCP
       session_id_from_header = extract_session_id
       return render_bad_request("Mcp-Session-Id header is required for DELETE requests.") unless session_id_from_header
 
-      session = Session.find_by(id: session_id_from_header)
+      session = Server.session_store.load_session(session_id_from_header)
       if session.nil?
         return render_not_found("Session not found.")
       elsif session.status == "closed"
@@ -206,7 +206,7 @@ module ActionMCP
     def find_or_initialize_session
       session_id = extract_session_id
       if session_id
-        session = Session.find_by(id: session_id)
+        session = Server.session_store.load_session(session_id)
         if session
           if ActionMCP.configuration.vibed_ignore_version
             if session.protocol_version != self.class::REQUIRED_PROTOCOL_VERSION
@@ -218,7 +218,7 @@ module ActionMCP
         end
         session
       else
-        Session.new(protocol_version: self.class::REQUIRED_PROTOCOL_VERSION)
+        Server.session_store.create_session(nil, protocol_version: self.class::REQUIRED_PROTOCOL_VERSION)
       end
     end
 
@@ -266,7 +266,13 @@ module ActionMCP
       end
 
       # Convert to hash for rendering
-      payload = result.message_json
+      payload = if result.respond_to?(:to_h)
+                  result.to_h
+      elsif result.respond_to?(:to_json)
+                  JSON.parse(result.to_json)
+      else
+                  result
+      end
 
       # Determine response format
       server_preference = ActionMCP.configuration.post_response_preference

data/lib/action_mcp/client/session_store.rb

@@ -31,41 +31,41 @@ module ActionMCP
 
         session_data.merge!(attributes)
         save_session(session_id, session_data)
-        session_data
+        # Return the reloaded session to get the actual saved values
+        load_session(session_id)
       end
     end
 
-    # In-memory session store for development/testing
-    class MemorySessionStore
+    # Volatile session store for development (data lost on restart)
+    class VolatileSessionStore
       include SessionStore
 
       def initialize
-        @sessions = {}
-        @mutex = Mutex.new
+        @sessions = Concurrent::Hash.new
       end
 
       def load_session(session_id)
-        @mutex.synchronize { @sessions[session_id] }
+        @sessions[session_id]
       end
 
       def save_session(session_id, session_data)
-        @mutex.synchronize { @sessions[session_id] = session_data.dup }
+        @sessions[session_id] = session_data.dup
       end
 
       def delete_session(session_id)
-        @mutex.synchronize { @sessions.delete(session_id) }
+        @sessions.delete(session_id)
       end
 
       def session_exists?(session_id)
-        @mutex.synchronize { @sessions.key?(session_id) }
+        @sessions.key?(session_id)
       end
 
       def clear_all
-        @mutex.synchronize { @sessions.clear }
+        @sessions.clear
       end
 
       def session_count
-        @mutex.synchronize { @sessions.size }
+        @sessions.size
       end
     end
 
@@ -84,8 +84,6 @@ module ActionMCP
           client_capabilities: session.client_capabilities,
           server_info: session.server_info,
           server_capabilities: session.server_capabilities,
-          last_event_id: session.last_event_id,
-          session_data: session.session_data || {},
           created_at: session.created_at,
           updated_at: session.updated_at
         }
@@ -94,16 +92,18 @@ module ActionMCP
       def save_session(session_id, session_data)
         session = ActionMCP::Session.find_or_initialize_by(id: session_id)
 
-        session.assign_attributes(
-          protocol_version: session_data[:protocol_version],
-          client_info: session_data[:client_info],
-          client_capabilities: session_data[:client_capabilities],
-          server_info: session_data[:server_info],
-          server_capabilities: session_data[:server_capabilities],
-          last_event_id: session_data[:last_event_id],
-          session_data: session_data[:session_data] || {}
-        )
+        # Only assign attributes that exist in the database
+        attributes = {}
+        attributes[:protocol_version] = session_data[:protocol_version] if session_data.key?(:protocol_version)
+        attributes[:client_info] = session_data[:client_info] if session_data.key?(:client_info)
+        attributes[:client_capabilities] = session_data[:client_capabilities] if session_data.key?(:client_capabilities)
+        attributes[:server_info] = session_data[:server_info] if session_data.key?(:server_info)
+        attributes[:server_capabilities] = session_data[:server_capabilities] if session_data.key?(:server_capabilities)
+
+        # Store any extra data in a jsonb column if available
+        # For now, we'll skip last_event_id and session_data as they don't exist in the DB
 
+        session.assign_attributes(attributes)
         session.save!
         session_data
       end
@@ -121,20 +121,111 @@ module ActionMCP
       end
     end
 
+    # Test session store that tracks all operations for assertions
+    class TestSessionStore < VolatileSessionStore
+      attr_reader :operations, :saved_sessions, :loaded_sessions,
+                  :deleted_sessions, :updated_sessions
+
+      def initialize
+        super
+        @operations = Concurrent::Array.new
+        @saved_sessions = Concurrent::Array.new
+        @loaded_sessions = Concurrent::Array.new
+        @deleted_sessions = Concurrent::Array.new
+        @updated_sessions = Concurrent::Array.new
+      end
+
+      def load_session(session_id)
+        session = super
+        @operations << { type: :load, session_id: session_id, found: !session.nil? }
+        @loaded_sessions << session_id if session
+        session
+      end
+
+      def save_session(session_id, session_data)
+        super
+        @operations << { type: :save, session_id: session_id, data: session_data }
+        @saved_sessions << session_id
+      end
+
+      def delete_session(session_id)
+        result = super
+        @operations << { type: :delete, session_id: session_id }
+        @deleted_sessions << session_id
+        result
+      end
+
+      def update_session(session_id, attributes)
+        result = super
+        @operations << { type: :update, session_id: session_id, attributes: attributes }
+        @updated_sessions << session_id if result
+        result
+      end
+
+      # Test helper methods
+      def session_saved?(session_id)
+        @saved_sessions.include?(session_id)
+      end
+
+      def session_loaded?(session_id)
+        @loaded_sessions.include?(session_id)
+      end
+
+      def session_deleted?(session_id)
+        @deleted_sessions.include?(session_id)
+      end
+
+      def session_updated?(session_id)
+        @updated_sessions.include?(session_id)
+      end
+
+      def operation_count(type = nil)
+        if type
+          @operations.count { |op| op[:type] == type }
+        else
+          @operations.size
+        end
+      end
+
+      def last_saved_data(session_id)
+        @operations.reverse.find { |op| op[:type] == :save && op[:session_id] == session_id }&.dig(:data)
+      end
+
+      def reset_tracking!
+        @operations.clear
+        @saved_sessions.clear
+        @loaded_sessions.clear
+        @deleted_sessions.clear
+        @updated_sessions.clear
+      end
+    end
+
     # Factory for creating session stores
     class SessionStoreFactory
       def self.create(type = nil, **options)
-        type ||= Rails.env.production? ? :active_record : :memory
+        type ||= default_type
 
         case type.to_sym
-        when :memory
-          MemorySessionStore.new
-        when :active_record
+        when :volatile, :memory
+          VolatileSessionStore.new
+        when :active_record, :persistent
           ActiveRecordSessionStore.new
+        when :test
+          TestSessionStore.new
         else
           raise ArgumentError, "Unknown session store type: #{type}"
         end
       end
+
+      def self.default_type
+        if Rails.env.test?
+          :volatile  # Use volatile for tests unless explicitly using :test
+        elsif Rails.env.production?
+          :active_record
+        else
+          :volatile
+        end
+      end
     end
   end
 end

data/lib/action_mcp/configuration.rb

@@ -1,5 +1,8 @@
 # frozen_string_literal: true
 
+require_relative "gateway"
+require "active_support/core_ext/integer/time"
+
 module ActionMCP
   # Configuration class to hold settings for the ActionMCP server.
   class Configuration
@@ -30,7 +33,12 @@ module ActionMCP
                   :vibed_ignore_version,
                   # --- SSE Resumability Options ---
                   :sse_event_retention_period,
-                  :max_stored_sse_events
+                  :max_stored_sse_events,
+                  # --- Gateway Options ---
+                  :gateway_class,
+                  :current_class,
+                  # --- Session Store Options ---
+                  :session_store_type
 
     def initialize
       @logging_enabled = true
@@ -47,6 +55,13 @@ module ActionMCP
       # Resumability defaults
       @sse_event_retention_period = 15.minutes
       @max_stored_sse_events = 100
+
+      # Gateway - default to ApplicationGateway if it exists, otherwise ActionMCP::Gateway
+      @gateway_class = defined?(::ApplicationGateway) ? ::ApplicationGateway : ActionMCP::Gateway
+      @current_class = nil
+
+      # Session Store
+      @session_store_type = Rails.env.production? ? :active_record : :volatile
     end
 
     def name

data/lib/action_mcp/current.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module ActionMCP
+  class Current < ActiveSupport::CurrentAttributes
+    attribute :user
+    attribute :gateway
+
+    def user=(user)
+      super
+      set_user_time_zone if user.respond_to?(:time_zone)
+    end
+
+    private
+
+    def set_user_time_zone
+      Time.zone = user.time_zone
+    end
+  end
+end

data/lib/action_mcp/current_helpers.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module ActionMCP
+  module CurrentHelpers
+    extend ActiveSupport::Concern
+
+    protected
+
+    # Access the current user from ActionMCP::Current
+    def current_user
+      ActionMCP::Current.user
+    end
+
+    # Access the current gateway from ActionMCP::Current
+    def current_gateway
+      ActionMCP::Current.gateway
+    end
+  end
+end

data/lib/action_mcp/gateway.rb

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+module ActionMCP
+  class UnauthorizedError < StandardError; end
+
+  class Gateway
+    class << self
+      def identified_by(*attrs)
+        @identifiers ||= []
+        @identifiers.concat(attrs.map(&:to_sym)).uniq!
+        attr_accessor(*attrs)
+      end
+
+      def identifiers
+        @identifiers ||= []
+      end
+    end
+
+    identified_by :user
+
+    attr_reader :request
+
+    def call(request)
+      @request = request
+      connect
+      self
+    end
+
+    def connect
+      identities = authenticate!
+      reject_unauthorized_connection unless identities.is_a?(Hash)
+
+      # Assign all identities (e.g., :user, :account)
+      self.class.identifiers.each do |id|
+        value = identities[id]
+        reject_unauthorized_connection unless value
+
+        public_send("#{id}=", value)
+
+        # Set to ActionMCP::Current
+        ActionMCP::Current.public_send("#{id}=", value)
+      end
+
+      # Also set the gateway instance itself
+      ActionMCP::Current.gateway = self
+    end
+
+
+    protected
+
+    def authenticate!
+      token = extract_bearer_token
+      raise UnauthorizedError, "Missing token" unless token
+
+      payload = ActionMCP::JwtDecoder.decode(token)
+      resolve_user(payload)
+    rescue ActionMCP::JwtDecoder::DecodeError => e
+      raise UnauthorizedError, e.message
+    end
+
+    def extract_bearer_token
+      header = request.headers["Authorization"] || request.headers["authorization"]
+      return nil unless header&.start_with?("Bearer ")
+      header.split(" ", 2).last
+    end
+
+    def resolve_user(payload)
+      return nil unless payload.is_a?(Hash)
+      user_id = payload["user_id"] || payload["sub"]
+      return nil unless user_id
+      user = User.find_by(id: user_id)
+      return nil unless user
+
+      # Return a hash with all identified_by attributes
+      self.class.identifiers.each_with_object({}) do |identifier, hash|
+        hash[identifier] = user if identifier == :user
+        # Add support for other identifiers as needed
+      end
+    end
+
+    def reject_unauthorized_connection
+      raise UnauthorizedError, "Unauthorized"
+    end
+  end
+end

data/lib/action_mcp/json_rpc_handler_base.rb

@@ -51,13 +51,18 @@ module ActionMCP
     # @param rpc_method [String]
     # @param id [String, Integer]
     # @param params [Hash]
-    # @return [Boolean] true if handled, false otherwise
+    # @return [JSON_RPC::Response, nil] Response if handled, nil otherwise
     def handle_common_methods(rpc_method, id, params)
       case rpc_method
       when Methods::PING
         transport.send_pong(id)
+        # In return mode, get the response that was just created
+        transport.messaging_mode == :return ? transport.get_last_response : true
       when %r{^notifications/}
         process_notifications(rpc_method, params)
+        true
+      else
+        nil
       end
     end
 

data/lib/action_mcp/jwt_decoder.rb

@@ -0,0 +1,26 @@
+require "jwt"
+
+module ActionMCP
+  class JwtDecoder
+    class DecodeError < StandardError; end
+
+    # Configurable defaults
+    class << self
+      attr_accessor :secret, :algorithm
+
+      def decode(token)
+        payload, _header = JWT.decode(token, secret, true, { algorithm: algorithm })
+        payload
+      rescue JWT::ExpiredSignature
+        raise DecodeError, "Token has expired"
+      rescue JWT::DecodeError => e
+        # Simplify the error message for invalid tokens
+        raise DecodeError, "Invalid token"
+      end
+    end
+
+    # Defaults (can be overridden in an initializer)
+    self.secret = ENV.fetch("ACTION_MCP_JWT_SECRET") { "change-me" }
+    self.algorithm = "HS256"
+  end
+end

data/lib/action_mcp/prompt.rb

@@ -4,6 +4,7 @@ module ActionMCP
   # Abstract base class for Prompts
   class Prompt < Capability
     include ActionMCP::Callbacks
+    include ActionMCP::CurrentHelpers
     class_attribute :_argument_definitions, instance_accessor: false, default: []
 
     # ---------------------------------------------------

data/lib/action_mcp/resource_template.rb

@@ -10,6 +10,7 @@ module ActionMCP
     include ResourceCallbacks
     include Logging
     include UriAmbiguityChecker
+    include CurrentHelpers
 
     # Track all registered templates
     @registered_templates = []

data/lib/action_mcp/server/base_messaging.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module ActionMCP
+  module Server
+    # Base messaging functionality
+    module BaseMessaging
+      private
+
+      def write_message(data)
+        session.write(data)
+      end
+    end
+  end
+end

data/lib/action_mcp/server/error_aware.rb

@@ -24,7 +24,14 @@ module ActionMCP
       def with_error_handling(request_id)
         yield
       rescue JSON_RPC::JsonRpcError => e
-        error_response(request_id, e)
+        if transport.messaging_mode == :return
+          response = error_response(request_id, e)
+          transport.write_message(response)
+          response
+        else
+          transport.send_jsonrpc_response(request_id, error: e)
+          nil
+        end
       end
     end
   end

data/lib/action_mcp/server/handlers/tool_handler.rb

@@ -36,7 +36,8 @@ module ActionMCP
         def handle_tools_call(id, params)
           name = validate_required_param(params, "name", "Tool name is required")
           arguments = extract_arguments(params)
-          transport.send_tools_call(id, name, arguments)
+          _meta = params["_meta"] || params[:_meta] || {}
+          transport.send_tools_call(id, name, arguments, _meta)
         end
 
         def extract_arguments(params)

data/lib/action_mcp/server/json_rpc_handler.rb

@@ -31,11 +31,18 @@ module ActionMCP
         rpc_method = request.method
         params = request.params
 
-        with_error_handling(id) do
-          common_method = handle_common_methods(rpc_method, id, params)
-          return common_method if common_method
-          route_to_handler(rpc_method, id, params)
+        result = with_error_handling(id) do
+          common_result = handle_common_methods(rpc_method, id, params)
+          if common_result
+            common_result
+          else
+            route_to_handler(rpc_method, id, params)
+            # In return mode, get the last response that was collected
+            transport.messaging_mode == :return ? transport.get_last_response : nil
+          end
         end
+
+        result
       end
 
       def route_to_handler(rpc_method, id, params)
@@ -64,6 +71,7 @@ module ActionMCP
         params = notification.params || {}
 
         process_notifications(method_name, params)
+        # Notifications don't expect a response
         nil
       end