actionmcp 0.70.0 → 0.71.1

data/db/migrate/20250708105124_create_action_mcp_oauth_clients.rb

@@ -0,0 +1,42 @@
+class CreateActionMCPOAuthClients < ActiveRecord::Migration[7.2]
+  def change
+    create_table :action_mcp_oauth_clients do |t|
+      t.string :client_id, null: false, index: { unique: true }
+      t.string :client_secret
+      t.string :client_name
+
+      # Store arrays as JSON for database compatibility
+      if connection.adapter_name.downcase.include?('postgresql')
+        t.text :redirect_uris, array: true, default: []
+        t.text :grant_types, array: true, default: [ "authorization_code" ]
+        t.text :response_types, array: true, default: [ "code" ]
+      else
+        # For SQLite and other databases, use JSON
+        t.json :redirect_uris, default: []
+        t.json :grant_types, default: [ "authorization_code" ]
+        t.json :response_types, default: [ "code" ]
+      end
+
+      t.string :token_endpoint_auth_method, default: "client_secret_basic"
+      t.text :scope
+      t.boolean :active, default: true
+
+      # Registration metadata
+      t.integer :client_id_issued_at
+      t.integer :client_secret_expires_at
+      t.string :registration_access_token # OAuth 2.1 Dynamic Client Registration
+
+      # Additional metadata as JSON for database compatibility
+      if connection.adapter_name.downcase.include?('postgresql')
+        t.jsonb :metadata, default: {}
+      else
+        t.json :metadata, default: {}
+      end
+
+      t.timestamps
+    end
+
+    add_index :action_mcp_oauth_clients, :active
+    add_index :action_mcp_oauth_clients, :client_id_issued_at
+  end
+end

data/db/migrate/20250708105226_create_action_mcp_oauth_tokens.rb

@@ -0,0 +1,37 @@
+class CreateActionMCPOAuthTokens < ActiveRecord::Migration[7.2]
+  def change
+    create_table :action_mcp_oauth_tokens do |t|
+      t.string :token, null: false, index: { unique: true }
+      t.string :token_type, null: false # 'access_token', 'refresh_token', 'authorization_code'
+      t.string :client_id, null: false
+      t.string :user_id
+      t.text :scope
+      t.datetime :expires_at
+      t.boolean :revoked, default: false
+
+      # For authorization codes
+      t.string :redirect_uri
+      t.string :code_challenge
+      t.string :code_challenge_method
+
+      # For refresh tokens
+      t.string :access_token # Reference to associated access token
+
+      # Additional data - use JSON for database compatibility
+      if connection.adapter_name.downcase.include?('postgresql')
+        t.jsonb :metadata, default: {}
+      else
+        t.json :metadata, default: {}
+      end
+
+      t.timestamps
+    end
+
+    add_index :action_mcp_oauth_tokens, :token_type
+    add_index :action_mcp_oauth_tokens, :client_id
+    add_index :action_mcp_oauth_tokens, :user_id
+    add_index :action_mcp_oauth_tokens, :expires_at
+    add_index :action_mcp_oauth_tokens, :revoked
+    add_index :action_mcp_oauth_tokens, [ :token_type, :expires_at ]
+  end
+end

data/lib/action_mcp/client/base.rb

@@ -23,11 +23,12 @@ module ActionMCP
 
       delegate :connected?, :ready?, to: :transport
 
-      def initialize(transport:, logger: ActionMCP.logger, **options)
+      def initialize(transport:, logger: ActionMCP.logger, protocol_version: nil, **options)
         @logger = logger
         @transport = transport
         @session = nil  # Session will be created/loaded based on server response
         @session_id = options[:session_id]  # Optional session ID for resumption
+        @protocol_version = protocol_version || ActionMCP::DEFAULT_PROTOCOL_VERSION
         @server_capabilities = nil
         @connection_error = nil
         @initialized = false
@@ -180,7 +181,7 @@ module ActionMCP
         end
 
         params = {
-          protocolVersion: ActionMCP::DEFAULT_PROTOCOL_VERSION,
+          protocolVersion: @protocol_version,
           capabilities: client_capabilities,
           clientInfo: client_info
         }

data/lib/action_mcp/client/collection.rb

@@ -143,14 +143,14 @@ module ActionMCP
       def silence_logs
         return yield unless @silence_sql
 
-        original_log_level = Session.logger&.level
+        original_log_level = ActionMCP::Session.logger&.level
         begin
           # Temporarily increase log level to suppress SQL queries
-          Session.logger.level = Logger::WARN if Session.logger
+          ActionMCP::Session.logger.level = Logger::WARN if ActionMCP::Session.logger
           yield
         ensure
           # Restore original log level
-          Session.logger.level = original_log_level if Session.logger
+          ActionMCP::Session.logger.level = original_log_level if ActionMCP::Session.logger && original_log_level
         end
       end
 

data/lib/action_mcp/client/jwt_client_provider.rb

@@ -0,0 +1,134 @@
+# frozen_string_literal: true
+
+require "json"
+require "base64"
+
+module ActionMCP
+  module Client
+    # JWT client provider for MCP client authentication
+    # Provides clean JWT token management for ActionMCP client connections
+    class JwtClientProvider
+      class AuthenticationError < StandardError; end
+      class TokenExpiredError < StandardError; end
+
+      attr_reader :storage
+
+      def initialize(token: nil, storage: nil, logger: ActionMCP.logger)
+        @storage = storage || MemoryStorage.new
+        @logger = logger
+
+        # If token provided during initialization, store it
+        if token
+          save_token(token)
+        end
+      end
+
+      # Check if client has valid authentication
+      def authenticated?
+        token = current_token
+        return false unless token
+
+        !token_expired?(token)
+      end
+
+      # Get authorization headers for HTTP requests
+      def authorization_headers
+        token = current_token
+        return {} unless token
+
+        if token_expired?(token)
+          log_debug("JWT token expired")
+          clear_tokens!
+          return {}
+        end
+
+        { "Authorization" => "Bearer #{token}" }
+      end
+
+      # Set/update the JWT token
+      def set_token(token)
+        save_token(token)
+        log_debug("JWT token updated")
+      end
+
+      # Clear stored tokens (logout)
+      def clear_tokens!
+        @storage.clear_token
+        log_debug("Cleared JWT token")
+      end
+
+      # Get current valid token
+      def access_token
+        token = current_token
+        return nil unless token
+        return nil if token_expired?(token)
+        token
+      end
+
+      private
+
+      def current_token
+        @storage.load_token
+      end
+
+      def save_token(token)
+        @storage.save_token(token)
+      end
+
+      def token_expired?(token)
+        return false unless token
+
+        begin
+          payload = decode_jwt_payload(token)
+          exp = payload["exp"]
+          return false unless exp
+
+          # Add 30 second buffer for clock skew
+          Time.at(exp) <= Time.now + 30
+        rescue => e
+          log_debug("Error checking token expiration: #{e.message}")
+          true # Treat invalid tokens as expired
+        end
+      end
+
+      def decode_jwt_payload(token)
+        # Split JWT into parts
+        parts = token.split(".")
+        raise AuthenticationError, "Invalid JWT format" unless parts.length == 3
+
+        # Decode payload (second part)
+        payload_base64 = parts[1]
+        # Add padding if needed
+        payload_base64 += "=" * (4 - payload_base64.length % 4) if payload_base64.length % 4 != 0
+
+        payload_json = Base64.urlsafe_decode64(payload_base64)
+        JSON.parse(payload_json)
+      rescue => e
+        raise AuthenticationError, "Failed to decode JWT: #{e.message}"
+      end
+
+      def log_debug(message)
+        @logger.debug("[ActionMCP::JwtClientProvider] #{message}")
+      end
+
+      # Simple memory storage for JWT tokens
+      class MemoryStorage
+        def initialize
+          @token = nil
+        end
+
+        def save_token(token)
+          @token = token
+        end
+
+        def load_token
+          @token
+        end
+
+        def clear_token
+          @token = nil
+        end
+      end
+    end
+  end
+end

data/lib/action_mcp/client/streamable_http_transport.rb

@@ -13,12 +13,15 @@ module ActionMCP
       SSE_TIMEOUT = 10
       ENDPOINT_TIMEOUT = 5
 
-      attr_reader :session_id, :last_event_id
+      attr_reader :session_id, :last_event_id, :protocol_version
 
-      def initialize(url, session_store:, session_id: nil, oauth_provider: nil, **options)
+      def initialize(url, session_store:, session_id: nil, oauth_provider: nil, jwt_provider: nil, protocol_version: nil, **options)
         super(url, session_store: session_store, **options)
         @session_id = session_id
         @oauth_provider = oauth_provider
+        @jwt_provider = jwt_provider
+        @protocol_version = protocol_version || ActionMCP::DEFAULT_PROTOCOL_VERSION
+        @negotiated_protocol_version = nil
         @last_event_id = nil
         @buffer = +""
         @current_event = nil
@@ -38,8 +41,9 @@ module ActionMCP
         # Start SSE stream if server supports it
         start_sse_stream
 
-        set_connected(true)
+        # Set ready first, then connected (so transport is ready when on_connect fires)
         set_ready(true)
+        set_connected(true)
         log_debug("StreamableHTTP connection established")
         true
       rescue StandardError => e
@@ -98,7 +102,15 @@ module ActionMCP
         }
         headers["mcp-session-id"] = @session_id if @session_id
         headers["Last-Event-ID"] = @last_event_id if @last_event_id
+
+        # Add MCP-Protocol-Version header for GET requests when we have a negotiated version
+        if @negotiated_protocol_version
+          headers["MCP-Protocol-Version"] = @negotiated_protocol_version
+        end
+
         headers.merge!(oauth_headers)
+        headers.merge!(jwt_headers)
+        log_debug("Final GET headers: #{headers}")
         headers
       end
 
@@ -108,7 +120,16 @@ module ActionMCP
           "Accept" => "application/json, text/event-stream"
         }
         headers["mcp-session-id"] = @session_id if @session_id
+
+        # Add MCP-Protocol-Version header as per 2025-06-18 spec
+        # Only include when we have a negotiated version from previous handshake
+        if @negotiated_protocol_version
+          headers["MCP-Protocol-Version"] = @negotiated_protocol_version
+        end
+
         headers.merge!(oauth_headers)
+        headers.merge!(jwt_headers)
+        log_debug("Final POST headers: #{headers}")
         headers
       end
 
@@ -218,6 +239,13 @@ module ActionMCP
       def handle_json_response(response)
         begin
           message = MultiJson.load(response.body)
+
+          # Check if this is an initialize response to capture negotiated protocol version
+          if message.is_a?(Hash) && message["result"] && message["result"]["protocolVersion"]
+            @negotiated_protocol_version = message["result"]["protocolVersion"]
+            log_debug("Negotiated protocol version: #{@negotiated_protocol_version}")
+          end
+
           handle_message(message)
         rescue MultiJson::ParseError => e
           log_error("Failed to parse JSON response: #{e}")
@@ -232,7 +260,7 @@ module ActionMCP
       end
 
       def handle_error_response(response)
-        error_msg = "HTTP #{response.status}: #{response.reason_phrase}"
+        error_msg = +"HTTP #{response.status}: #{response.reason_phrase}"
         if response.body && !response.body.empty?
           error_msg << " - #{response.body}"
         end
@@ -280,7 +308,7 @@ module ActionMCP
           id: @session_id,
           last_event_id: @last_event_id,
           session_data: {},
-          protocol_version: PROTOCOL_VERSION
+          protocol_version: @protocol_version
         }
 
         @session_store.save_session(@session_id, session_data)
@@ -290,20 +318,38 @@ module ActionMCP
       def oauth_headers
         return {} unless @oauth_provider&.authenticated?
 
-        @oauth_provider.authorization_headers
+        headers = @oauth_provider.authorization_headers
+        log_debug("OAuth headers: #{headers}") unless headers.empty?
+        headers
       rescue StandardError => e
         log_error("Failed to get OAuth headers: #{e.message}")
         {}
       end
 
-      def handle_authentication_error(response)
-        return unless @oauth_provider
+      def jwt_headers
+        return {} unless @jwt_provider&.authenticated?
 
+        headers = @jwt_provider.authorization_headers
+        log_debug("JWT headers: #{headers}") unless headers.empty?
+        headers
+      rescue StandardError => e
+        log_error("Failed to get JWT headers: #{e.message}")
+        {}
+      end
+
+      def handle_authentication_error(response)
         # Check for OAuth challenge in WWW-Authenticate header
         www_auth = response.headers["www-authenticate"]
         if www_auth&.include?("Bearer")
-          log_debug("Received OAuth challenge, clearing tokens")
-          @oauth_provider.clear_tokens!
+          if @oauth_provider
+            log_debug("Received OAuth challenge, clearing OAuth tokens")
+            @oauth_provider.clear_tokens!
+          end
+
+          if @jwt_provider
+            log_debug("Received Bearer challenge, clearing JWT tokens")
+            @jwt_provider.clear_tokens!
+          end
         end
       end
 

data/lib/action_mcp/client.rb

@@ -4,6 +4,7 @@ require_relative "client/transport"
 require_relative "client/session_store"
 require_relative "client/streamable_http_transport"
 require_relative "client/oauth_client_provider"
+require_relative "client/jwt_client_provider"
 
 module ActionMCP
   # Creates a client appropriate for the given endpoint.
@@ -13,6 +14,8 @@ module ActionMCP
   # @param session_store [Symbol] The session store type (:memory, :active_record)
   # @param session_id [String] Optional session ID for resuming connections
   # @param oauth_provider [ActionMCP::Client::OauthClientProvider] Optional OAuth provider for authentication
+  # @param jwt_provider [ActionMCP::Client::JwtClientProvider] Optional JWT provider for authentication
+  # @param protocol_version [String] The MCP protocol version to use (defaults to ActionMCP::DEFAULT_PROTOCOL_VERSION)
   # @param logger [Logger] The logger to use. Default is Logger.new($stdout).
   # @param options [Hash] Additional options to pass to the client constructor.
   #
@@ -46,7 +49,16 @@ module ActionMCP
   #     "http://127.0.0.1:3001/action_mcp",
   #     oauth_provider: oauth_provider
   #   )
-  def self.create_client(endpoint, transport: :streamable_http, session_store: nil, session_id: nil, oauth_provider: nil, logger: Logger.new($stdout), **options)
+  #
+  # @example With JWT authentication
+  #   jwt_provider = ActionMCP::Client::JwtClientProvider.new(
+  #     token: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..."
+  #   )
+  #   client = ActionMCP.create_client(
+  #     "http://127.0.0.1:3001/action_mcp",
+  #     jwt_provider: jwt_provider
+  #   )
+  def self.create_client(endpoint, transport: :streamable_http, session_store: nil, session_id: nil, oauth_provider: nil, jwt_provider: nil, protocol_version: nil, logger: Logger.new($stdout), **options)
     unless endpoint =~ %r{\Ahttps?://}
       raise ArgumentError, "Only HTTP(S) endpoints are supported. STDIO and other transports are not supported."
     end
@@ -55,11 +67,11 @@ module ActionMCP
     store = Client::SessionStoreFactory.create(session_store, **options)
 
     # Create transport
-    transport_instance = create_transport(transport, endpoint, session_store: store, session_id: session_id, oauth_provider: oauth_provider, logger: logger, **options)
+    transport_instance = create_transport(transport, endpoint, session_store: store, session_id: session_id, oauth_provider: oauth_provider, jwt_provider: jwt_provider, protocol_version: protocol_version, logger: logger, **options)
 
     logger.info("Creating #{transport} client for endpoint: #{endpoint}")
-    # Pass session_id to the client
-    Client::Base.new(transport: transport_instance, logger: logger, session_id: session_id, **options)
+    # Pass session_id and protocol_version to the client
+    Client::Base.new(transport: transport_instance, logger: logger, session_id: session_id, protocol_version: protocol_version, **options)
   end
 
   private_class_method def self.create_transport(type, endpoint, **options)

data/lib/action_mcp/configuration.rb

@@ -26,6 +26,7 @@ module ActionMCP
                   :active_profile,
                   :profiles,
                   :elicitation_enabled,
+                  :verbose_logging,
                   # --- Authentication Options ---
                   :authentication_methods,
                   :oauth_config,
@@ -56,12 +57,13 @@ module ActionMCP
       @logging_level = :info
       @resources_subscribe = false
       @elicitation_enabled = false
+      @verbose_logging = false
       @active_profile = :primary
       @profiles = default_profiles
 
       # Authentication defaults
       @authentication_methods = Rails.env.production? ? [ "jwt" ] : [ "none" ]
-      @oauth_config = {}
+      @oauth_config = HashWithIndifferentAccess.new
 
       @sse_heartbeat_interval = 30
       @post_response_preference = :json
@@ -73,6 +75,7 @@ module ActionMCP
 
       # Gateway - default to ApplicationGateway if it exists, otherwise ActionMCP::Gateway
       @gateway_class = defined?(::ApplicationGateway) ? ::ApplicationGateway : ActionMCP::Gateway
+      @gateway_class_name = nil
 
       # Session Store
       @session_store_type = Rails.env.production? ? :active_record : :volatile
@@ -88,6 +91,15 @@ module ActionMCP
       @version || (has_rails_version ? Rails.application.version.to_s : "0.0.1")
     end
 
+    def gateway_class
+      if @gateway_class_name
+        klass = @gateway_class_name.constantize
+        klass
+      else
+        @gateway_class
+      end
+    end
+
     # Get active profile (considering thread-local override)
     def active_profile
       ActionMCP.thread_profiles.value || @active_profile
@@ -111,7 +123,7 @@ module ActionMCP
 
         # Extract OAuth configuration if present
         if app_config["oauth"]
-          @oauth_config = app_config["oauth"]
+          @oauth_config = HashWithIndifferentAccess.new(app_config["oauth"])
         end
 
         # Extract other top-level configuration settings
@@ -121,9 +133,10 @@ module ActionMCP
         if app_config["profiles"]
           @profiles = app_config["profiles"]
         end
-      rescue StandardError
+      rescue StandardError => e
         # If the config file doesn't exist in the Rails app, just use the defaults
-        Rails.logger.debug "No MCP config found in Rails app, using defaults from gem"
+        Rails.logger.warn "[Configuration] Failed to load MCP config: #{e.class} - #{e.message}"
+        # No MCP config found in Rails app, using defaults from gem
       end
 
       # Apply the active profile
@@ -294,6 +307,16 @@ module ActionMCP
         @connects_to = app_config["connects_to"]
       end
 
+      # Extract verbose logging setting
+      if app_config.key?("verbose_logging")
+        @verbose_logging = app_config["verbose_logging"]
+      end
+
+      # Extract gateway class configuration
+      if app_config["gateway_class"]
+        @gateway_class_name = app_config["gateway_class"]
+      end
+
       # Extract session store configuration
       if app_config["session_store_type"]
         @session_store_type = app_config["session_store_type"].to_sym

data/lib/action_mcp/engine.rb

@@ -61,9 +61,10 @@ module ActionMCP
       end
     end
 
-    # Configure autoloading for the mcp/tools directory
+    # Configure autoloading for the mcp/tools directory and identifiers
     initializer "action_mcp.autoloading", before: :set_autoload_paths do |app|
       mcp_path = app.root.join("app/mcp")
+      identifiers_path = app.root.join("app/identifiers")
 
       if mcp_path.exist?
         # First add the parent mcp directory
@@ -74,6 +75,11 @@ module ActionMCP
           app.autoloaders.main.collapse(dir)
         end
       end
+
+      # Add identifiers directory for gateway identifiers
+      if identifiers_path.exist?
+        app.autoloaders.main.push_dir(identifiers_path, namespace: Object)
+      end
     end
 
     # Initialize the ActionMCP logger.

data/lib/action_mcp/filtered_logger.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module ActionMCP
+  # Custom logger that filters out repetitive MCP requests
+  class FilteredLogger < ActiveSupport::Logger
+    FILTERED_PATHS = [
+      "/oauth/authorize",
+      "/.well-known/oauth-protected-resource",
+      "/.well-known/oauth-authorization-server"
+    ].freeze
+
+    FILTERED_METHODS = [
+      "notifications/initialized",
+      "notifications/ping"
+    ].freeze
+
+    def add(severity, message = nil, progname = nil, &block)
+      # Filter out repetitive OAuth metadata requests
+      if message && message.is_a?(String)
+        return if FILTERED_PATHS.any? { |path| message.include?(path) && message.include?("200 OK") }
+
+        # Filter out repetitive MCP notifications
+        return if FILTERED_METHODS.any? { |method| message.include?(method) }
+
+        # Filter out MCP protocol version debug messages
+        return if message.include?("MCP-Protocol-Version header validation passed")
+      end
+
+      super
+    end
+  end
+end