actionmcp 0.60.2 → 0.71.0

data/app/models/action_mcp/session.rb

@@ -4,28 +4,28 @@
 #
 # Table name: action_mcp_sessions
 #
-#  id                                                  :string           not null, primary key
-#  authentication_method                               :string           default("none")
-#  client_capabilities(The capabilities of the client) :json
-#  client_info(The information about the client)       :json
-#  ended_at(The time the session ended)                :datetime
-#  initialized                                         :boolean          default(FALSE), not null
-#  messages_count                                      :integer          default(0), not null
-#  oauth_access_token                                  :string
-#  oauth_refresh_token                                 :string
-#  oauth_token_expires_at                              :datetime
-#  oauth_user_context                                  :json
-#  prompt_registry                                     :json
-#  protocol_version                                    :string
-#  resource_registry                                   :json
-#  role(The role of the session)                       :string           default("server"), not null
-#  server_capabilities(The capabilities of the server) :json
-#  server_info(The information about the server)       :json
-#  sse_event_counter                                   :integer          default(0), not null
-#  status                                              :string           default("pre_initialize"), not null
-#  tool_registry                                       :json
-#  created_at                                          :datetime         not null
-#  updated_at                                          :datetime         not null
+#  id                     :string           not null, primary key
+#  authentication_method  :string           default("none")
+#  client_capabilities    :json
+#  client_info            :json
+#  ended_at               :datetime
+#  initialized            :boolean          default(FALSE), not null
+#  messages_count         :integer          default(0), not null
+#  oauth_access_token     :string
+#  oauth_refresh_token    :string
+#  oauth_token_expires_at :datetime
+#  oauth_user_context     :json
+#  prompt_registry        :json
+#  protocol_version       :string
+#  resource_registry      :json
+#  role                   :string           default("server"), not null
+#  server_capabilities    :json
+#  server_info            :json
+#  sse_event_counter      :integer          default(0), not null
+#  status                 :string           default("pre_initialize"), not null
+#  tool_registry          :json
+#  created_at             :datetime         not null
+#  updated_at             :datetime         not null
 #
 # Indexes
 #
@@ -75,9 +75,7 @@ module ActionMCP
     before_create :set_server_info, if: -> { role == "server" }
     before_create :set_server_capabilities, if: -> { role == "server" }
 
-    validates :protocol_version, inclusion: { in: ActionMCP::SUPPORTED_VERSIONS }, allow_nil: true, unless: lambda {
-      ActionMCP.configuration.vibed_ignore_version
-    }
+    validates :protocol_version, inclusion: { in: ActionMCP::SUPPORTED_VERSIONS }, allow_nil: true
 
     def close!
       dummy_callback = ->(*) { } # this callback seem broken
@@ -115,8 +113,6 @@ module ActionMCP
     end
 
     def set_protocol_version(version)
-      # If vibed_ignore_version is true, always use the latest supported version
-      version = PROTOCOL_VERSION if ActionMCP.configuration.vibed_ignore_version
       update(protocol_version: version)
     end
 
@@ -311,29 +307,58 @@ module ActionMCP
 
     # Get registered items for this session
     def registered_tools
-      (self.tool_registry || []).filter_map do |tool_name|
-        ActionMCP::ToolsRegistry.find(tool_name)
-      rescue StandardError
-        nil
+      # Special case: ['*'] means use all available tools dynamically
+      if tool_registry == [ "*" ]
+        # filtered_tools returns a RegistryScope with Item objects, need to extract the klass
+        ActionMCP.configuration.filtered_tools.map(&:klass)
+      else
+        (self.tool_registry || []).filter_map do |tool_name|
+          ActionMCP::ToolsRegistry.find(tool_name)
+        rescue StandardError
+          nil
+        end
       end
     end
 
     def registered_prompts
-      (self.prompt_registry || []).filter_map do |prompt_name|
-        ActionMCP::PromptsRegistry.find(prompt_name)
-      rescue StandardError
-        nil
+      if prompt_registry == [ "*" ]
+        # filtered_prompts returns a RegistryScope with Item objects, need to extract the klass
+        ActionMCP.configuration.filtered_prompts.map(&:klass)
+      else
+        (self.prompt_registry || []).filter_map do |prompt_name|
+          ActionMCP::PromptsRegistry.find(prompt_name)
+        rescue StandardError
+          nil
+        end
       end
     end
 
     def registered_resource_templates
-      (self.resource_registry || []).filter_map do |template_name|
-        ActionMCP::ResourceTemplatesRegistry.find(template_name)
-      rescue StandardError
-        nil
+      if resource_registry == [ "*" ]
+        # filtered_resources returns a RegistryScope with Item objects, need to extract the klass
+        ActionMCP.configuration.filtered_resources.map(&:klass)
+      else
+        (self.resource_registry || []).filter_map do |template_name|
+          ActionMCP::ResourceTemplatesRegistry.find(template_name)
+        rescue StandardError
+          nil
+        end
       end
     end
 
+    # Helper methods to check if using all capabilities
+    def uses_all_tools?
+      tool_registry == [ "*" ]
+    end
+
+    def uses_all_prompts?
+      prompt_registry == [ "*" ]
+    end
+
+    def uses_all_resources?
+      resource_registry == [ "*" ]
+    end
+
     # OAuth Session Management
     # Required by MCP 2025-03-26 specification for session binding
 
@@ -443,10 +468,10 @@ module ActionMCP
     end
 
     def initialize_registries
-      # Start with default registries from configuration
-      self.tool_registry = ActionMCP.configuration.filtered_tools.map(&:name)
-      self.prompt_registry = ActionMCP.configuration.filtered_prompts.map(&:name)
-      self.resource_registry = ActionMCP.configuration.filtered_resources.map(&:name)
+      # Default to using all available capabilities with '*'
+      self.tool_registry = [ "*" ]
+      self.prompt_registry = [ "*" ]
+      self.resource_registry = [ "*" ]
     end
 
     def normalize_name(class_or_name, type)

data/config/routes.rb

@@ -12,6 +12,7 @@ ActionMCP::Engine.routes.draw do
   post "/oauth/token", to: "oauth/endpoints#token", as: :oauth_token
   post "/oauth/introspect", to: "oauth/endpoints#introspect", as: :oauth_introspect
   post "/oauth/revoke", to: "oauth/endpoints#revoke", as: :oauth_revoke
+  post "/oauth/register", to: "oauth/registration#create", as: :oauth_register
 
   # MCP 2025-03-26 Spec routes
   get "/", to: "application#show", as: :mcp_get

data/db/migrate/20250708105124_create_action_mcp_oauth_clients.rb

@@ -0,0 +1,42 @@
+class CreateActionMCPOAuthClients < ActiveRecord::Migration[7.2]
+  def change
+    create_table :action_mcp_oauth_clients do |t|
+      t.string :client_id, null: false, index: { unique: true }
+      t.string :client_secret
+      t.string :client_name
+
+      # Store arrays as JSON for database compatibility
+      if connection.adapter_name.downcase.include?('postgresql')
+        t.text :redirect_uris, array: true, default: []
+        t.text :grant_types, array: true, default: [ "authorization_code" ]
+        t.text :response_types, array: true, default: [ "code" ]
+      else
+        # For SQLite and other databases, use JSON
+        t.json :redirect_uris, default: []
+        t.json :grant_types, default: [ "authorization_code" ]
+        t.json :response_types, default: [ "code" ]
+      end
+
+      t.string :token_endpoint_auth_method, default: "client_secret_basic"
+      t.text :scope
+      t.boolean :active, default: true
+
+      # Registration metadata
+      t.integer :client_id_issued_at
+      t.integer :client_secret_expires_at
+      t.string :registration_access_token # OAuth 2.1 Dynamic Client Registration
+
+      # Additional metadata as JSON for database compatibility
+      if connection.adapter_name.downcase.include?('postgresql')
+        t.jsonb :metadata, default: {}
+      else
+        t.json :metadata, default: {}
+      end
+
+      t.timestamps
+    end
+
+    add_index :action_mcp_oauth_clients, :active
+    add_index :action_mcp_oauth_clients, :client_id_issued_at
+  end
+end

data/db/migrate/20250708105226_create_action_mcp_oauth_tokens.rb

@@ -0,0 +1,37 @@
+class CreateActionMCPOAuthTokens < ActiveRecord::Migration[7.2]
+  def change
+    create_table :action_mcp_oauth_tokens do |t|
+      t.string :token, null: false, index: { unique: true }
+      t.string :token_type, null: false # 'access_token', 'refresh_token', 'authorization_code'
+      t.string :client_id, null: false
+      t.string :user_id
+      t.text :scope
+      t.datetime :expires_at
+      t.boolean :revoked, default: false
+
+      # For authorization codes
+      t.string :redirect_uri
+      t.string :code_challenge
+      t.string :code_challenge_method
+
+      # For refresh tokens
+      t.string :access_token # Reference to associated access token
+
+      # Additional data - use JSON for database compatibility
+      if connection.adapter_name.downcase.include?('postgresql')
+        t.jsonb :metadata, default: {}
+      else
+        t.json :metadata, default: {}
+      end
+
+      t.timestamps
+    end
+
+    add_index :action_mcp_oauth_tokens, :token_type
+    add_index :action_mcp_oauth_tokens, :client_id
+    add_index :action_mcp_oauth_tokens, :user_id
+    add_index :action_mcp_oauth_tokens, :expires_at
+    add_index :action_mcp_oauth_tokens, :revoked
+    add_index :action_mcp_oauth_tokens, [ :token_type, :expires_at ]
+  end
+end

data/lib/action_mcp/capability.rb

@@ -49,6 +49,8 @@ module ActionMCP
     # @return [void]
     def self.abstract!
       self.abstract_capability = true
+      # Unregister from the appropriate registry if already registered
+      unregister_from_registry
     end
 
     # Returns whether this tool is abstract.

data/lib/action_mcp/client/json_rpc_handler.rb

@@ -35,12 +35,12 @@ module ActionMCP
 
       def handle_notification(notification)
         # Handle server notifications to client
-        puts "\e[33mReceived notification: #{notification.method}\e[0m"
+        client.log_debug("Received notification: #{notification.method}")
       end
 
       def handle_response(response)
         # Handle server responses to client requests
-        puts "\e[32mReceived response: #{response.id} - #{response.result ? 'success' : 'error'}\e[0m"
+        client.log_debug("Received response: #{response.id} - #{response.result ? 'success' : 'error'}")
       end
 
       protected
@@ -60,7 +60,7 @@ module ActionMCP
         else
           common_result = handle_common_methods(rpc_method, id, params)
           if common_result.nil?
-            puts "\e[31mUnknown server method: #{rpc_method} #{id} #{params}\e[0m"
+            client.log_warn("Unknown server method: #{rpc_method} #{id} #{params}")
           end
         end
       end
@@ -94,19 +94,19 @@ module ActionMCP
       def process_notifications(rpc_method, params)
         case rpc_method
         when "notifications/resources/updated" # Resource update notification
-          puts "\e[31m Resource #{params['uri']} was updated\e[0m"
+          client.log_debug("Resource #{params['uri']} was updated")
           # Handle resource update notification
           # TODO: fetch updated resource or mark it as stale
         when "notifications/tools/list_changed" # Tool list change notification
-          puts "\e[31m Tool list has changed\e[0m"
+          client.log_debug("Tool list has changed")
           # Handle tool list change notification
           # TODO: fetch new tools or mark them as stale
         when "notifications/prompts/list_changed" # Prompt list change notification
-          puts "\e[31m Prompt list has changed\e[0m"
+          client.log_debug("Prompt list has changed")
           # Handle prompt list change notification
           # TODO: fetch new prompts or mark them as stale
         when "notifications/resources/list_changed" # Resource list change notification
-          puts "\e[31m Resource list has changed\e[0m"
+          client.log_debug("Resource list has changed")
           # Handle resource list change notification
           # TODO: fetch new resources or mark them as stale
         else
@@ -153,12 +153,12 @@ module ActionMCP
           return true
         end
 
-        puts "\e[31mUnknown response: #{id} #{result}\e[0m"
+        client.log_warn("Unknown response: #{id} #{result}")
       end
 
       def process_error(id, error)
         # Do something ?
-        puts "\e[31mUnknown error: #{id} #{error}\e[0m"
+        client.log_error("Unknown error: #{id} #{error}")
       end
 
       def handle_initialize_response(request_id, result)

data/lib/action_mcp/client/jwt_client_provider.rb

@@ -0,0 +1,134 @@
+# frozen_string_literal: true
+
+require "json"
+require "base64"
+
+module ActionMCP
+  module Client
+    # JWT client provider for MCP client authentication
+    # Provides clean JWT token management for ActionMCP client connections
+    class JwtClientProvider
+      class AuthenticationError < StandardError; end
+      class TokenExpiredError < StandardError; end
+
+      attr_reader :storage
+
+      def initialize(token: nil, storage: nil, logger: ActionMCP.logger)
+        @storage = storage || MemoryStorage.new
+        @logger = logger
+
+        # If token provided during initialization, store it
+        if token
+          save_token(token)
+        end
+      end
+
+      # Check if client has valid authentication
+      def authenticated?
+        token = current_token
+        return false unless token
+
+        !token_expired?(token)
+      end
+
+      # Get authorization headers for HTTP requests
+      def authorization_headers
+        token = current_token
+        return {} unless token
+
+        if token_expired?(token)
+          log_debug("JWT token expired")
+          clear_tokens!
+          return {}
+        end
+
+        { "Authorization" => "Bearer #{token}" }
+      end
+
+      # Set/update the JWT token
+      def set_token(token)
+        save_token(token)
+        log_debug("JWT token updated")
+      end
+
+      # Clear stored tokens (logout)
+      def clear_tokens!
+        @storage.clear_token
+        log_debug("Cleared JWT token")
+      end
+
+      # Get current valid token
+      def access_token
+        token = current_token
+        return nil unless token
+        return nil if token_expired?(token)
+        token
+      end
+
+      private
+
+      def current_token
+        @storage.load_token
+      end
+
+      def save_token(token)
+        @storage.save_token(token)
+      end
+
+      def token_expired?(token)
+        return false unless token
+
+        begin
+          payload = decode_jwt_payload(token)
+          exp = payload["exp"]
+          return false unless exp
+
+          # Add 30 second buffer for clock skew
+          Time.at(exp) <= Time.now + 30
+        rescue => e
+          log_debug("Error checking token expiration: #{e.message}")
+          true # Treat invalid tokens as expired
+        end
+      end
+
+      def decode_jwt_payload(token)
+        # Split JWT into parts
+        parts = token.split(".")
+        raise AuthenticationError, "Invalid JWT format" unless parts.length == 3
+
+        # Decode payload (second part)
+        payload_base64 = parts[1]
+        # Add padding if needed
+        payload_base64 += "=" * (4 - payload_base64.length % 4) if payload_base64.length % 4 != 0
+
+        payload_json = Base64.urlsafe_decode64(payload_base64)
+        JSON.parse(payload_json)
+      rescue => e
+        raise AuthenticationError, "Failed to decode JWT: #{e.message}"
+      end
+
+      def log_debug(message)
+        @logger.debug("[ActionMCP::JwtClientProvider] #{message}")
+      end
+
+      # Simple memory storage for JWT tokens
+      class MemoryStorage
+        def initialize
+          @token = nil
+        end
+
+        def save_token(token)
+          @token = token
+        end
+
+        def load_token
+          @token
+        end
+
+        def clear_token
+          @token = nil
+        end
+      end
+    end
+  end
+end

data/lib/action_mcp/configuration.rb

@@ -26,6 +26,7 @@ module ActionMCP
                   :active_profile,
                   :profiles,
                   :elicitation_enabled,
+                  :verbose_logging,
                   # --- Authentication Options ---
                   :authentication_methods,
                   :oauth_config,
@@ -33,8 +34,6 @@ module ActionMCP
                   :sse_heartbeat_interval,
                   :post_response_preference, # :json or :sse
                   :protocol_version,
-                  # --- VibedIgnoreVersion Option ---
-                  :vibed_ignore_version,
                   # --- SSE Resumability Options ---
                   :sse_event_retention_period,
                   :max_stored_sse_events,
@@ -58,17 +57,17 @@ module ActionMCP
       @logging_level = :info
       @resources_subscribe = false
       @elicitation_enabled = false
+      @verbose_logging = false
       @active_profile = :primary
       @profiles = default_profiles
 
       # Authentication defaults
       @authentication_methods = Rails.env.production? ? [ "jwt" ] : [ "none" ]
-      @oauth_config = {}
+      @oauth_config = HashWithIndifferentAccess.new
 
       @sse_heartbeat_interval = 30
       @post_response_preference = :json
       @protocol_version = "2025-03-26"  # Default to legacy for backwards compatibility
-      @vibed_ignore_version = false
 
       # Resumability defaults
       @sse_event_retention_period = 15.minutes
@@ -76,6 +75,7 @@ module ActionMCP
 
       # Gateway - default to ApplicationGateway if it exists, otherwise ActionMCP::Gateway
       @gateway_class = defined?(::ApplicationGateway) ? ::ApplicationGateway : ActionMCP::Gateway
+      @gateway_class_name = nil
 
       # Session Store
       @session_store_type = Rails.env.production? ? :active_record : :volatile
@@ -91,6 +91,15 @@ module ActionMCP
       @version || (has_rails_version ? Rails.application.version.to_s : "0.0.1")
     end
 
+    def gateway_class
+      if @gateway_class_name
+        klass = @gateway_class_name.constantize
+        klass
+      else
+        @gateway_class
+      end
+    end
+
     # Get active profile (considering thread-local override)
     def active_profile
       ActionMCP.thread_profiles.value || @active_profile
@@ -114,7 +123,7 @@ module ActionMCP
 
         # Extract OAuth configuration if present
         if app_config["oauth"]
-          @oauth_config = app_config["oauth"]
+          @oauth_config = HashWithIndifferentAccess.new(app_config["oauth"])
         end
 
         # Extract other top-level configuration settings
@@ -124,9 +133,10 @@ module ActionMCP
         if app_config["profiles"]
           @profiles = app_config["profiles"]
         end
-      rescue StandardError
+      rescue StandardError => e
         # If the config file doesn't exist in the Rails app, just use the defaults
-        Rails.logger.debug "No MCP config found in Rails app, using defaults from gem"
+        Rails.logger.warn "[Configuration] Failed to load MCP config: #{e.class} - #{e.message}"
+        # No MCP config found in Rails app, using defaults from gem
       end
 
       # Apply the active profile
@@ -178,15 +188,25 @@ module ActionMCP
     # Returns capabilities based on active profile
     def capabilities
       capabilities = {}
+      profile = @profiles[active_profile]
 
-      # Only include capabilities if the corresponding filtered registry is non-empty
-      capabilities[:tools] = { listChanged: @list_changed } if filtered_tools.any?
+      # Check profile configuration instead of registry contents
+      # If profile includes tools (either "all" or specific tools), advertise tools capability
+      if profile && profile[:tools] && profile[:tools].any?
+        capabilities[:tools] = { listChanged: @list_changed }
+      end
 
-      capabilities[:prompts] = { listChanged: @list_changed } if filtered_prompts.any?
+      # If profile includes prompts, advertise prompts capability
+      if profile && profile[:prompts] && profile[:prompts].any?
+        capabilities[:prompts] = { listChanged: @list_changed }
+      end
 
       capabilities[:logging] = {} if @logging_enabled
 
-      capabilities[:resources] = { subscribe: @resources_subscribe } if filtered_resources.any?
+      # If profile includes resources, advertise resources capability
+      if profile && profile[:resources] && profile[:resources].any?
+        capabilities[:resources] = { subscribe: @resources_subscribe }
+      end
 
       capabilities[:elicitation] = {} if @elicitation_enabled
 
@@ -214,6 +234,20 @@ module ActionMCP
       @resources_subscribe = options[:resources_subscribe] unless options[:resources_subscribe].nil?
     end
 
+    def eager_load_if_needed
+      profile = @profiles[active_profile]
+      return unless profile
+
+      # Check if any component type includes "all"
+      needs_eager_load = profile[:tools]&.include?("all") ||
+                        profile[:prompts]&.include?("all") ||
+                        profile[:resources]&.include?("all")
+
+      if needs_eager_load
+        ensure_mcp_components_loaded
+      end
+    end
+
     private
 
     def default_profiles
@@ -273,6 +307,16 @@ module ActionMCP
         @connects_to = app_config["connects_to"]
       end
 
+      # Extract verbose logging setting
+      if app_config.key?("verbose_logging")
+        @verbose_logging = app_config["verbose_logging"]
+      end
+
+      # Extract gateway class configuration
+      if app_config["gateway_class"]
+        @gateway_class_name = app_config["gateway_class"]
+      end
+
       # Extract session store configuration
       if app_config["session_store_type"]
         @session_store_type = app_config["session_store_type"].to_sym
@@ -303,6 +347,41 @@ module ActionMCP
     rescue LoadError
       false
     end
+
+    def ensure_mcp_components_loaded
+      # Only load if we haven't loaded yet - but in development, always reload
+      return if @mcp_components_loaded && !Rails.env.development?
+
+      # Use Zeitwerk eager loading if available (in to_prepare phase)
+      mcp_path = Rails.root.join("app/mcp")
+      if mcp_path.exist? && Rails.autoloaders.main.respond_to?(:eager_load_dir)
+        # This will trigger all inherited hooks properly
+        Rails.autoloaders.main.eager_load_dir(mcp_path)
+      elsif mcp_path.exist?
+        # Fallback for initialization phase - use require_dependency
+        # Load base classes first in specific order
+        base_files = [
+          mcp_path.join("application_gateway.rb"),
+          mcp_path.join("tools/application_mcp_tool.rb"),
+          mcp_path.join("prompts/application_mcp_prompt.rb"),
+          mcp_path.join("resource_templates/application_mcp_res_template.rb"),
+          # Load ArithmeticTool before other tools that inherit from it
+          mcp_path.join("tools/arithmetic_tool.rb")
+        ]
+
+        base_files.each do |file|
+          require_dependency file.to_s if file.exist?
+        end
+
+        # Then load all other files
+        Dir.glob(mcp_path.join("**/*.rb")).sort.each do |file|
+          # Skip base classes we already loaded
+          next if base_files.any? { |base| file == base.to_s }
+          require_dependency file
+        end
+      end
+      @mcp_components_loaded = true unless Rails.env.development?
+    end
   end
 
   class << self

data/lib/action_mcp/engine.rb

@@ -18,8 +18,33 @@ module ActionMCP
     # Provide a configuration namespace for ActionMCP
     config.action_mcp = ActionMCP.configuration
 
+    # Create the ActiveSupport load hooks
+    ActiveSupport.on_load(:action_mcp_tool) do
+      # Register the tool when it's loaded
+      ActionMCP::ToolsRegistry.register(self) unless abstract?
+    end
+
+    ActiveSupport.on_load(:action_mcp_prompt) do
+      # Register the prompt when it's loaded
+      ActionMCP::PromptsRegistry.register(self) unless abstract?
+    end
+
+    ActiveSupport.on_load(:action_mcp_resource_template) do
+      # Register the resource template when it's loaded
+      ActionMCP::ResourceTemplatesRegistry.register(self) unless abstract?
+    end
+
     config.to_prepare do
-      ActionMCP::ResourceTemplate.registered_templates.clear
+      # Only clear registries if we're in development mode
+      if Rails.env.development?
+        ActionMCP::ResourceTemplate.registered_templates.clear
+        ActionMCP::ToolsRegistry.clear!
+        ActionMCP::PromptsRegistry.clear!
+      end
+
+      # Eager load MCP components if profile includes "all"
+      # This runs after Zeitwerk is fully set up
+      ActionMCP.configuration.eager_load_if_needed
     end
 
     config.middleware.use JSONRPC_Rails::Middleware::Validator, [ "/" ]