actionmcp 0.52.1 → 0.53.0

data/lib/action_mcp/server/session_store_factory.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module ActionMCP
+  module Server
+    class SessionStoreFactory
+      def self.create(type = nil, **options)
+        type ||= default_type
+
+        case type.to_sym
+        when :volatile, :memory
+          VolatileSessionStore.new
+        when :active_record, :persistent
+          ActiveRecordSessionStore.new
+        when :test
+          TestSessionStore.new
+        else
+          raise ArgumentError, "Unknown session store type: #{type}"
+        end
+      end
+
+      def self.default_type
+        if Rails.env.test?
+          :volatile # Use volatile for tests unless explicitly using :test
+        elsif Rails.env.production?
+          :active_record
+        else
+          :volatile
+        end
+      end
+    end
+  end
+end

data/lib/action_mcp/server/test_session_store.rb

@@ -0,0 +1,141 @@
+# frozen_string_literal: true
+
+module ActionMCP
+  module Server
+    # Test session store that tracks all operations for assertions
+    class TestSessionStore < VolatileSessionStore
+      attr_reader :operations, :created_sessions, :loaded_sessions,
+                  :saved_sessions, :deleted_sessions, :notifications_sent
+
+      def initialize
+        super
+        @operations = Concurrent::Array.new
+        @created_sessions = Concurrent::Array.new
+        @loaded_sessions = Concurrent::Array.new
+        @saved_sessions = Concurrent::Array.new
+        @deleted_sessions = Concurrent::Array.new
+        @notifications_sent = Concurrent::Array.new
+        @notification_callbacks = Concurrent::Array.new
+      end
+
+      def create_session(session_id = nil, attributes = {})
+        session = super
+        @operations << { type: :create, session_id: session.id, attributes: attributes }
+        @created_sessions << session.id
+
+        # Hook into the session's write method to capture notifications
+        intercept_session_write(session)
+
+        session
+      end
+
+      def load_session(session_id)
+        session = super
+        @operations << { type: :load, session_id: session_id, found: !session.nil? }
+        @loaded_sessions << session_id if session
+
+        # Hook into the session's write method to capture notifications
+        intercept_session_write(session) if session
+
+        session
+      end
+
+      def save_session(session)
+        super
+        @operations << { type: :save, session_id: session.id }
+        @saved_sessions << session.id
+      end
+
+      def delete_session(session_id)
+        result = super
+        @operations << { type: :delete, session_id: session_id }
+        @deleted_sessions << session_id
+        result
+      end
+
+      def cleanup_expired_sessions(older_than: 24.hours.ago)
+        count = super
+        @operations << { type: :cleanup, older_than: older_than, count: count }
+        count
+      end
+
+      # Test helper methods
+      def session_created?(session_id)
+        @created_sessions.include?(session_id)
+      end
+
+      def session_loaded?(session_id)
+        @loaded_sessions.include?(session_id)
+      end
+
+      def session_saved?(session_id)
+        @saved_sessions.include?(session_id)
+      end
+
+      def session_deleted?(session_id)
+        @deleted_sessions.include?(session_id)
+      end
+
+      def operation_count(type = nil)
+        if type
+          @operations.count { |op| op[:type] == type }
+        else
+          @operations.size
+        end
+      end
+
+      # Notification tracking methods
+      def track_notification(notification)
+        @notifications_sent << notification
+        @notification_callbacks.each { |cb| cb.call(notification) }
+      end
+
+      def on_notification(&block)
+        @notification_callbacks << block
+      end
+
+      def notifications_for_token(token)
+        @notifications_sent.select do |n|
+          n.params[:progressToken] == token
+        end
+      end
+
+      def clear_notifications
+        @notifications_sent.clear
+      end
+
+      def reset_tracking!
+        @operations.clear
+        @created_sessions.clear
+        @loaded_sessions.clear
+        @saved_sessions.clear
+        @deleted_sessions.clear
+        @notifications_sent.clear
+        @notification_callbacks.clear
+      end
+
+      private
+
+      def intercept_session_write(session)
+        return unless session
+
+        # Skip if already intercepted
+        return if session.singleton_methods.include?(:write)
+
+        test_store = self
+
+        # Intercept write method to capture all notifications
+        original_write = session.method(:write)
+
+        session.define_singleton_method(:write) do |data|
+          # Track progress notifications before calling original write
+          if data.is_a?(JSON_RPC::Notification) && data.method == "notifications/progress"
+            test_store.track_notification(data)
+          end
+
+          original_write.call(data)
+        end
+      end
+    end
+  end
+end

data/lib/action_mcp/server/volatile_session_store.rb

@@ -0,0 +1,101 @@
+# frozen_string_literal: true
+
+module ActionMCP
+  module Server
+    # Volatile session store for development (data lost on restart)
+    class VolatileSessionStore
+      include SessionStore
+
+      def initialize
+        @sessions = Concurrent::Hash.new
+      end
+
+      def create_session(session_id = nil, attributes = {})
+        session_id ||= SecureRandom.hex(6)
+
+        session_data = {
+          id: session_id,
+          status: "pre_initialize",
+          initialized: false,
+          role: "server",
+          messages_count: 0,
+          sse_event_counter: 0,
+          created_at: Time.current,
+          updated_at: Time.current
+        }.merge(attributes)
+
+        session = MemorySession.new(session_data, self)
+
+        # Initialize server info and capabilities if server role
+        if session.role == "server"
+          session.server_info = {
+            name: ActionMCP.configuration.name,
+            version: ActionMCP.configuration.version
+          }
+          session.server_capabilities = ActionMCP.configuration.capabilities
+
+          # Initialize registries
+          session.tool_registry = ActionMCP.configuration.filtered_tools.map(&:name)
+          session.prompt_registry = ActionMCP.configuration.filtered_prompts.map(&:name)
+          session.resource_registry = ActionMCP.configuration.filtered_resources.map(&:name)
+        end
+
+        @sessions[session_id] = session
+        session
+      end
+
+      def load_session(session_id)
+        session = @sessions[session_id]
+        if session
+          session.instance_variable_set(:@new_record, false)
+        end
+        session
+      end
+
+      def save_session(session)
+        @sessions[session.id] = session
+      end
+
+      def delete_session(session_id)
+        @sessions.delete(session_id)
+      end
+
+      def session_exists?(session_id)
+        @sessions.key?(session_id)
+      end
+
+      def find_sessions(criteria = {})
+        sessions = @sessions.values
+
+        # Filter by status
+        if criteria[:status]
+          sessions = sessions.select { |s| s.status == criteria[:status] }
+        end
+
+        # Filter by role
+        if criteria[:role]
+          sessions = sessions.select { |s| s.role == criteria[:role] }
+        end
+
+        sessions
+      end
+
+      def cleanup_expired_sessions(older_than: 24.hours.ago)
+        expired_ids = @sessions.select do |_id, session|
+          session.updated_at < older_than
+        end.keys
+
+        expired_ids.each { |id| @sessions.delete(id) }
+        expired_ids.count
+      end
+
+      def clear_all
+        @sessions.clear
+      end
+
+      def session_count
+        @sessions.size
+      end
+    end
+  end
+end

data/lib/action_mcp/version.rb

@@ -2,7 +2,7 @@
 
 require_relative "gem_version"
 module ActionMCP
-  VERSION = "0.52.1"
+  VERSION = "0.53.0"
 
   class << self
     alias version gem_version

data/lib/action_mcp.rb

@@ -13,6 +13,10 @@ require "action_mcp/log_subscriber"
 require "action_mcp/engine"
 require "zeitwerk"
 
+# OAuth 2.1 support via Omniauth
+require "omniauth"
+require "omniauth-oauth2"
+
 lib = File.dirname(__FILE__)
 
 Zeitwerk::Loader.for_gem.tap do |loader|
@@ -25,8 +29,9 @@ Zeitwerk::Loader.for_gem.tap do |loader|
 
   loader.inflector.inflect("action_mcp" => "ActionMCP")
   loader.inflector.inflect("sse_client" => "SSEClient")
-  loader.inflector.inflect("sse_server" => "SSEServer")
   loader.inflector.inflect("sse_listener" => "SSEListener")
+  loader.inflector.inflect("oauth" => "OAuth")
+  loader.inflector.inflect("mcp_strategy" => "MCPStrategy")
 end.setup
 
 module ActionMCP

data/lib/generators/action_mcp/config/templates/mcp.yml

@@ -1,9 +1,41 @@
 # ActionMCP Configuration
-# This file contains configuration for the ActionMCP pub/sub system.
-# Different environments can use different adapters.
+# This file contains configuration for the ActionMCP server including
+# authentication, profiles, and pub/sub system settings.
 
 development:
-  # In-memory adapter for development
+  # Authentication configuration - array of methods to try in order
+  authentication: ["none"]  # No authentication required for development
+  
+  # OAuth configuration (if using OAuth authentication)
+  # oauth:
+  #   provider: "demo_oauth_provider"
+  #   scopes_supported: ["mcp:tools", "mcp:resources", "mcp:prompts"]
+  #   enable_dynamic_registration: true
+  #   enable_token_revocation: true
+  #   pkce_required: true
+  
+  # MCP capability profiles
+  profiles:
+    primary:
+      tools: ["all"]
+      prompts: ["all"] 
+      resources: ["all"]
+      options:
+        list_changed: false
+        logging_enabled: true
+        resources_subscribe: false
+        
+    minimal:
+      tools: []
+      prompts: []
+      resources: []
+      options:
+        list_changed: false
+        logging_enabled: false
+        logging_level: :warn
+        resources_subscribe: false
+
+  # Pub/sub adapter configuration
   adapter: simple
   # Thread pool configuration (optional)
   # min_threads: 5     # Minimum number of threads in the pool
@@ -11,10 +43,46 @@ development:
   # max_queue: 100     # Maximum number of tasks that can be queued
 
 test:
+  # JWT authentication for testing
+  authentication: ["jwt"]
+  
+  profiles:
+    primary:
+      tools: ["all"]
+      prompts: ["all"]
+      resources: ["all"]
+      
   # Test adapter for testing
   adapter: test
 
 production:
+  # Multiple authentication methods - try OAuth first, fallback to JWT
+  authentication: ["oauth", "jwt"]
+  
+  # OAuth configuration for production
+  oauth:
+    provider: "application_oauth_provider"  # Your custom provider class
+    scopes_supported: ["mcp:tools", "mcp:resources", "mcp:prompts"]
+    enable_dynamic_registration: true
+    enable_token_revocation: true
+    pkce_required: true
+    # issuer_url: <%= ENV.fetch("OAUTH_ISSUER_URL") { "https://yourapp.com" } %>
+  
+  profiles:
+    primary:
+      tools: ["all"]
+      prompts: ["all"]
+      resources: ["all"]
+      options:
+        list_changed: false
+        logging_enabled: true
+        resources_subscribe: false
+        
+    external_clients:
+      tools: ["WeatherForecastTool"]  # Limited tool access for external clients
+      prompts: []
+      resources: []
+  
   # Choose one of the following adapters:
   
   # 1. Database-backed adapter (recommended)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: actionmcp
 version: !ruby/object:Gem::Version
-  version: 0.52.1
+  version: 0.53.0
 platform: ruby
 authors:
 - Abdelkader Boudih
@@ -107,6 +107,76 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.10'
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: ostruct
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+- !ruby/object:Gem::Dependency
+  name: pkce_challenge
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 description: It offers base classes and helpers for creating MCP applications, making
   it easier to integrate your Ruby/Rails application with the MCP standard
 email:
@@ -120,6 +190,8 @@ files:
 - README.md
 - Rakefile
 - app/controllers/action_mcp/application_controller.rb
+- app/controllers/action_mcp/oauth/endpoints_controller.rb
+- app/controllers/action_mcp/oauth/metadata_controller.rb
 - app/models/action_mcp.rb
 - app/models/action_mcp/application_record.rb
 - app/models/action_mcp/session.rb
@@ -131,6 +203,7 @@ files:
 - app/models/concerns/mcp_message_inspect.rb
 - config/routes.rb
 - db/migrate/20250512154359_consolidated_migration.rb
+- db/migrate/20250608112101_add_oauth_to_sessions.rb
 - exe/actionmcp_cli
 - lib/action_mcp.rb
 - lib/action_mcp/base_response.rb
@@ -145,6 +218,8 @@ files:
 - lib/action_mcp/client/json_rpc_handler.rb
 - lib/action_mcp/client/logging.rb
 - lib/action_mcp/client/messaging.rb
+- lib/action_mcp/client/oauth_client_provider.rb
+- lib/action_mcp/client/oauth_client_provider/memory_storage.rb
 - lib/action_mcp/client/prompt_book.rb
 - lib/action_mcp/client/prompts.rb
 - lib/action_mcp/client/request_timeouts.rb
@@ -181,6 +256,11 @@ files:
 - lib/action_mcp/jwt_decoder.rb
 - lib/action_mcp/log_subscriber.rb
 - lib/action_mcp/logging.rb
+- lib/action_mcp/oauth/error.rb
+- lib/action_mcp/oauth/memory_storage.rb
+- lib/action_mcp/oauth/middleware.rb
+- lib/action_mcp/oauth/provider.rb
+- lib/action_mcp/omniauth/mcp_strategy.rb
 - lib/action_mcp/prompt.rb
 - lib/action_mcp/prompt_response.rb
 - lib/action_mcp/prompts_registry.rb
@@ -191,6 +271,7 @@ files:
 - lib/action_mcp/resource_template.rb
 - lib/action_mcp/resource_templates_registry.rb
 - lib/action_mcp/server.rb
+- lib/action_mcp/server/active_record_session_store.rb
 - lib/action_mcp/server/base_messaging.rb
 - lib/action_mcp/server/capabilities.rb
 - lib/action_mcp/server/configuration.rb
@@ -200,6 +281,7 @@ files:
 - lib/action_mcp/server/handlers/resource_handler.rb
 - lib/action_mcp/server/handlers/tool_handler.rb
 - lib/action_mcp/server/json_rpc_handler.rb
+- lib/action_mcp/server/memory_session.rb
 - lib/action_mcp/server/messaging.rb
 - lib/action_mcp/server/notifications.rb
 - lib/action_mcp/server/prompts.rb
@@ -210,10 +292,13 @@ files:
 - lib/action_mcp/server/sampling.rb
 - lib/action_mcp/server/sampling_request.rb
 - lib/action_mcp/server/session_store.rb
+- lib/action_mcp/server/session_store_factory.rb
 - lib/action_mcp/server/simple_pub_sub.rb
 - lib/action_mcp/server/solid_cable_adapter.rb
+- lib/action_mcp/server/test_session_store.rb
 - lib/action_mcp/server/tools.rb
 - lib/action_mcp/server/transport_handler.rb
+- lib/action_mcp/server/volatile_session_store.rb
 - lib/action_mcp/sse_listener.rb
 - lib/action_mcp/string_array.rb
 - lib/action_mcp/tagged_stream_logging.rb