actionmcp 0.70.0 → 0.71.1

data/lib/action_mcp/oauth/provider.rb

@@ -79,7 +79,7 @@ module ActionMCP
 
           # Generate refresh token if enabled
           refresh_token = nil
-          if oauth_config["enable_refresh_tokens"]
+          if oauth_config[:enable_refresh_tokens]
             refresh_token = generate_refresh_token(
               client_id: client_id,
               scope: code_data[:scope],
@@ -206,13 +206,29 @@ module ActionMCP
           revoked
         end
 
+        # Register a new OAuth client (Dynamic Client Registration)
+        # @param client_info [Hash] Client registration information
+        # @return [Hash] Registered client information
+        def register_client(client_info)
+          # Store client registration
+          storage.store_client_registration(client_info[:client_id], client_info)
+          client_info
+        end
+
+        # Retrieve registered client information
+        # @param client_id [String] OAuth client identifier
+        # @return [Hash, nil] Client information or nil if not found
+        def get_client(client_id)
+          storage.retrieve_client_registration(client_id)
+        end
+
         # Client Credentials Grant (for server-to-server)
         # @param client_id [String] OAuth client identifier
         # @param client_secret [String] OAuth client secret
         # @param scope [String] Requested scope
         # @return [Hash] Token response
         def client_credentials_grant(client_id:, client_secret:, scope: nil)
-          unless oauth_config["enable_client_credentials"]
+          unless oauth_config[:enable_client_credentials]
             raise UnsupportedGrantTypeError, "Client credentials grant not supported"
           end
 
@@ -244,19 +260,37 @@ module ActionMCP
         private
 
         def oauth_config
-          @oauth_config ||= ActionMCP.configuration.oauth_config || {}
+          @oauth_config ||= HashWithIndifferentAccess.new(ActionMCP.configuration.oauth_config || {})
         end
 
         def validate_client(client_id, client_secret, require_secret: false)
-          # This should be implemented by the application
-          # For now, we'll use a simple validation approach
-          provider_class = oauth_config["provider"]
+          # First check if client is registered via dynamic registration
+          client_info = get_client(client_id)
+          if client_info
+            # Validate client secret for confidential clients
+            if client_info[:client_secret]
+              unless client_secret == client_info[:client_secret]
+                raise InvalidClientError, "Invalid client credentials"
+              end
+            elsif require_secret
+              raise InvalidClientError, "Client authentication required"
+            end
+            return true
+          end
+
+          # Fall back to custom provider validation
+          provider_class = oauth_config[:provider]
           if provider_class && provider_class.respond_to?(:validate_client)
             provider_class.validate_client(client_id, client_secret)
           elsif require_secret && client_secret.nil?
             raise InvalidClientError, "Client authentication required"
+          else
+            # In development, allow unregistered clients if configured
+            if Rails.env.development? && oauth_config[:allow_unregistered_clients] != false
+              return true
+            end
+            raise InvalidClientError, "Unknown client"
           end
-          # Default: allow any client for development
         end
 
         def validate_pkce(code_challenge, method, code_verifier)
@@ -271,7 +305,7 @@ module ActionMCP
               raise InvalidGrantError, "Invalid code verifier"
             end
           when "plain"
-            unless oauth_config["allow_plain_pkce"]
+            unless oauth_config[:allow_plain_pkce]
               raise InvalidGrantError, "Plain PKCE not allowed"
             end
             unless code_challenge == code_verifier
@@ -283,7 +317,7 @@ module ActionMCP
         end
 
         def validate_scope(scope)
-          supported_scopes = oauth_config["scopes_supported"] || [ "mcp:tools", "mcp:resources", "mcp:prompts" ]
+          supported_scopes = oauth_config.fetch(:scopes_supported, [ "mcp:tools", "mcp:resources", "mcp:prompts" ])
           requested_scopes = scope.split(" ")
           unsupported = requested_scopes - supported_scopes
           if unsupported.any?
@@ -292,7 +326,7 @@ module ActionMCP
         end
 
         def default_scope
-          oauth_config["default_scope"] || "mcp:tools mcp:resources mcp:prompts"
+          oauth_config.fetch(:default_scope, "mcp:tools mcp:resources mcp:prompts")
         end
 
         def generate_access_token(client_id:, scope:, user_id:)
@@ -325,17 +359,19 @@ module ActionMCP
         end
 
         def token_expires_in
-          oauth_config["access_token_expires_in"] || 3600 # 1 hour
+          oauth_config.fetch(:access_token_expires_in, 3600) # 1 hour
         end
 
         def refresh_token_expires_in
-          oauth_config["refresh_token_expires_in"] || 7.days.to_i # 1 week
+          oauth_config.fetch(:refresh_token_expires_in, 7.days.to_i) # 1 week
         end
 
         # Storage methods - these delegate to a configurable storage backend
         def storage
           @storage ||= begin
-            storage_class = oauth_config["storage"] || "ActionMCP::OAuth::MemoryStorage"
+            # Default to ActiveRecord storage for production, memory for test
+            default_storage = Rails.env.test? ? "ActionMCP::OAuth::MemoryStorage" : "ActionMCP::OAuth::ActiveRecordStorage"
+            storage_class = oauth_config.fetch(:storage, default_storage)
             storage_class = storage_class.constantize if storage_class.is_a?(String)
             storage_class.new
           end

data/lib/action_mcp/oauth.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module ActionMCP
+  module OAuth
+    # Load OAuth components
+    autoload :Error, "action_mcp/oauth/error"
+    autoload :Provider, "action_mcp/oauth/provider"
+    autoload :Middleware, "action_mcp/oauth/middleware"
+    autoload :MemoryStorage, "action_mcp/oauth/memory_storage"
+    autoload :ActiveRecordStorage, "action_mcp/oauth/active_record_storage"
+  end
+end

data/lib/action_mcp/server/capabilities.rb

@@ -40,14 +40,11 @@ module ActionMCP
           if existing_session && existing_session.initialized?
             # Resume existing session - update transport reference
             transport.instance_variable_set(:@session, existing_session)
-            Rails.logger.info("Resuming existing session: #{session_id}")
 
             # Return existing session info
             capabilities_payload = existing_session.server_capabilities_payload
             capabilities_payload[:protocolVersion] = client_protocol_version
             return send_jsonrpc_response(request_id, result: capabilities_payload)
-          else
-            Rails.logger.warn("Session #{session_id} not found or not initialized, creating new session")
           end
         end
 

data/lib/action_mcp/server/resources.rb

@@ -75,7 +75,7 @@ module ActionMCP
       # @example Output:
       #   # Logs: "Registered Resource Templates: ["db://{table}", "file://{path}"]"
       def log_resource_templates
-        Rails.logger.info("Registered Resource Templates: #{ActionMCP::ResourceTemplatesRegistry.resource_templates.keys}")
+        # Resource templates: #{ActionMCP::ResourceTemplatesRegistry.resource_templates.keys}
       end
     end
   end

data/lib/action_mcp/server/tools.rb

@@ -41,35 +41,47 @@ module ActionMCP
         tool_class = session.registered_tools.find { |t| t.tool_name == tool_name }
 
         if tool_class
-          # Create tool and set execution context with request info
-          tool = tool_class.new(arguments)
-          tool.with_context({
-            session: session,
-            request: {
-              params: {
-                name: tool_name,
-                arguments: arguments,
-                _meta: _meta
+          begin
+            # Create tool and set execution context with request info
+            tool = tool_class.new(arguments)
+            tool.with_context({
+              session: session,
+              request: {
+                params: {
+                  name: tool_name,
+                  arguments: arguments,
+                  _meta: _meta
+                }
               }
-            }
-          })
+            })
 
-          # Wrap tool execution with Rails reloader for development
-          result = if Rails.env.development? && defined?(Rails.application.reloader)
-            Rails.application.reloader.wrap do
+            # Wrap tool execution with Rails reloader for development
+            result = if Rails.env.development?
+              # Preserve Current attributes across reloader boundary
+              current_user = ActionMCP::Current.user
+              current_gateway = ActionMCP::Current.gateway
+
+              Rails.application.reloader.wrap do
+                # Restore Current attributes inside reloader
+                ActionMCP::Current.user = current_user
+                ActionMCP::Current.gateway = current_gateway
+                tool.call
+              end
+            else
               tool.call
             end
-          else
-            tool.call
-          end
 
-          if result.is_error
-            # Convert ToolResponse error to proper JSON-RPC error format
-            # Pass the error hash directly - the Response class will handle it
-            error_hash = result.to_h
-            send_jsonrpc_response(request_id, error: error_hash)
-          else
-            send_jsonrpc_response(request_id, result: result)
+            if result.is_error
+              # Convert ToolResponse error to proper JSON-RPC error format
+              # Pass the error hash directly - the Response class will handle it
+              error_hash = result.to_h
+              send_jsonrpc_response(request_id, error: error_hash)
+            else
+              send_jsonrpc_response(request_id, result: result)
+            end
+          rescue ArgumentError => e
+            # Handle parameter validation errors
+            send_jsonrpc_error(request_id, :invalid_params, e.message)
           end
         else
           send_jsonrpc_error(request_id, :method_not_found, "Tool '#{tool_name}' not available in this session")

data/lib/action_mcp/sse_listener.rb

@@ -19,10 +19,7 @@ module ActionMCP
     # @yield [Hash] Yields parsed message received from the pub/sub channel
     # @return [Boolean] True if subscription was successful within timeout, false otherwise.
     def start(&callback)
-      Rails.logger.debug "SSEListener: Starting for channel: #{session_key}"
-
       success_callback = lambda {
-        Rails.logger.info "SSEListener: Successfully subscribed to channel: #{session_key}"
         @subscription_active.make_true
       }
 
@@ -41,7 +38,6 @@ module ActionMCP
       return if @stopped.true?
 
       @stopped.make_true
-      Rails.logger.debug "SSEListener: Stopping listener for channel: #{session_key}"
     end
 
     private
@@ -50,8 +46,6 @@ module ActionMCP
       return if @stopped.true?
 
       begin
-        Rails.logger.debug "SSEListener: Received raw message of type: #{raw_message.class}"
-
         # Check if the message is a valid JSON string or has a message attribute
         if raw_message.is_a?(String) && valid_json_format?(raw_message)
           message = MultiJson.load(raw_message)
@@ -80,7 +74,6 @@ module ActionMCP
       begin
         subscription_future.value(5) || @subscription_active.true?
       rescue Concurrent::TimeoutError
-        Rails.logger.warn "SSEListener: Timed out waiting for subscription for #{session_key}"
         false
       end
     end

data/lib/action_mcp/test_helper.rb

@@ -49,6 +49,11 @@ module ActionMCP
     end
     alias execute_tool execute_mcp_tool
 
+    def execute_mcp_tool_with_error(name, args = {})
+      ActionMCP::ToolsRegistry.tool_call(name, args)
+    end
+    alias execute_tool_with_error execute_mcp_tool_with_error
+
     def execute_mcp_prompt(name, args = {})
       resp = ActionMCP::PromptsRegistry.prompt_call(name, args)
       assert !resp.is_error, "Prompt #{name.inspect} returned error: #{resp.to_h[:message]}"

data/lib/action_mcp/tool.rb

@@ -176,7 +176,7 @@ module ActionMCP
 
       return unless %w[number integer].include?(type)
 
-      validates prop_name, numericality: true, allow_nil: true
+      validates prop_name, numericality: true, allow_nil: !required
     end
 
     # --------------------------------------------------------------------------
@@ -257,6 +257,13 @@ module ActionMCP
     # Instance Methods
     # --------------------------------------------------------------------------
 
+    # Override initialize to validate parameters before ActiveModel conversion
+    def initialize(attributes = {})
+      # Validate parameters before ActiveModel processes them
+      validate_parameter_types(attributes)
+      super
+    end
+
     # Public entry point for executing the tool
     # Returns an array of Content objects collected from render calls
     def call
@@ -273,14 +280,16 @@ module ActionMCP
           @response.mark_as_error!(:internal_error, message: e.message)
         end
       else
-        @response.mark_as_error!(:invalid_request,
+        @response.mark_as_error!(:invalid_params,
                                  message: "Invalid input",
                                  data: errors.full_messages)
       end
 
       # If callbacks halted execution (`performed` still false) and
-      # nothing else marked an error, surface it as invalid_request.
-      @response.mark_as_error!(:invalid_request, message: "Aborted by callback") if !performed && !@response.error?
+      # nothing else marked an error, surface it as invalid_params.
+      if !performed && !@response.error?
+        @response.mark_as_error!(:invalid_params, message: "Tool execution was aborted")
+      end
 
       @response
     end
@@ -362,5 +371,86 @@ module ActionMCP
     end
 
     private_class_method :map_json_type_to_active_model_type
+
+    private
+
+    # Validates parameter types before ActiveModel conversion
+    def validate_parameter_types(attributes)
+      return unless attributes.is_a?(Hash)
+
+      attributes.each do |key, value|
+        key_str = key.to_s
+        property_schema = self.class._schema_properties[key_str]
+
+        next unless property_schema
+
+        expected_type = property_schema[:type]
+
+        # Skip validation if value is nil and property is not required
+        next if value.nil? && !self.class._required_properties.include?(key_str)
+
+        # Validate based on expected JSON Schema type
+        case expected_type
+        when "number"
+          validate_number_parameter(key_str, value)
+        when "integer"
+          validate_integer_parameter(key_str, value)
+        when "string"
+          validate_string_parameter(key_str, value)
+        when "boolean"
+          validate_boolean_parameter(key_str, value)
+        when "array"
+          validate_array_parameter(key_str, value, property_schema)
+        end
+      end
+    end
+
+    def validate_number_parameter(key, value)
+      return if value.is_a?(Numeric)
+
+      if value.is_a?(String)
+        # Check if string can be converted to a valid number
+        begin
+          Float(value)
+        rescue ArgumentError, TypeError
+          raise ArgumentError, "Parameter '#{key}' must be a valid number, got: #{value.inspect}"
+        end
+      else
+        raise ArgumentError, "Parameter '#{key}' must be a number, got: #{value.class}"
+      end
+    end
+
+    def validate_integer_parameter(key, value)
+      return if value.is_a?(Integer)
+
+      if value.is_a?(String)
+        # Check if string can be converted to a valid integer
+        begin
+          Integer(value)
+        rescue ArgumentError, TypeError
+          raise ArgumentError, "Parameter '#{key}' must be a valid integer, got: #{value.inspect}"
+        end
+      else
+        raise ArgumentError, "Parameter '#{key}' must be an integer, got: #{value.class}"
+      end
+    end
+
+    def validate_string_parameter(key, value)
+      return if value.is_a?(String)
+
+      raise ArgumentError, "Parameter '#{key}' must be a string, got: #{value.class}"
+    end
+
+    def validate_boolean_parameter(key, value)
+      return if value.is_a?(TrueClass) || value.is_a?(FalseClass)
+
+      raise ArgumentError, "Parameter '#{key}' must be a boolean, got: #{value.class}"
+    end
+
+    def validate_array_parameter(key, value, property_schema)
+      return if value.is_a?(Array)
+
+      raise ArgumentError, "Parameter '#{key}' must be an array, got: #{value.class}"
+    end
   end
 end

data/lib/action_mcp/tools_registry.rb

@@ -22,6 +22,9 @@ module ActionMCP
         tool.call
       rescue RegistryBase::NotFound
         error_response(:invalid_params, message: "Tool not found: #{tool_name}")
+      rescue ArgumentError => e
+        # Handle parameter validation errors
+        error_response(:invalid_params, message: e.message)
       rescue StandardError => e
         # FIXME, we should maybe not return the error message to the user
         error_response(:invalid_params, message: "Tool execution failed: #{e.message}")

data/lib/action_mcp/version.rb

@@ -2,7 +2,7 @@
 
 require_relative "gem_version"
 module ActionMCP
-  VERSION = "0.70.0"
+  VERSION = "0.71.1"
 
   class << self
     alias version gem_version

data/lib/generators/action_mcp/install/templates/mcp.yml

@@ -5,17 +5,17 @@
 shared:
   # Authentication configuration - array of methods to try in order
   authentication: ["none"]  # No authentication required by default
-  
+
   # Session store configuration
   # Global session store type used by both client and server (default: volatile in dev/test, active_record in production)
   # session_store_type: volatile
-  
+
   # Client-specific session store type (falls back to session_store_type if not specified)
   # client_session_store_type: volatile
-  
+
   # Server-specific session store type (falls back to session_store_type if not specified)
   # server_session_store_type: active_record
-  
+
   # OAuth configuration (if using OAuth authentication)
   # oauth:
   #   provider: "demo_oauth_provider"
@@ -24,7 +24,7 @@ shared:
   #   enable_token_revocation: true
   #   pkce_required: true
   #   issuer_url: https://yourapp.com
-  
+
   # MCP capability profiles
   profiles:
     primary:
@@ -38,7 +38,7 @@ shared:
         list_changed: false
         logging_enabled: true
         resources_subscribe: false
-        
+
     minimal:
       tools: []
       prompts: []
@@ -53,13 +53,13 @@ shared:
 development:
   # Use simple pub/sub adapter for development
   adapter: simple
-  
+
   # Session store examples for development
   # Use volatile client sessions for faster development
   # client_session_store_type: volatile
   # Use persistent server sessions to maintain state across restarts
   # server_session_store_type: active_record
-  
+
   # Thread pool configuration (optional)
   # min_threads: 5     # Minimum number of threads in the pool
   # max_threads: 10    # Maximum number of threads in the pool
@@ -69,10 +69,10 @@ development:
 test:
   # JWT authentication for testing environment
   authentication: ["jwt"]
-  
+
   # Test adapter for testing
   adapter: test
-  
+
   # Use volatile sessions for testing (fast cleanup)
   # session_store_type: volatile
 
@@ -80,7 +80,7 @@ test:
 production:
   # Multiple authentication methods - try OAuth first, fallback to JWT
   authentication: ["oauth", "jwt"]
-  
+
   # OAuth configuration for production
   oauth:
     provider: "application_oauth_provider"  # Your custom provider class
@@ -89,29 +89,29 @@ production:
     enable_token_revocation: true
     pkce_required: true
     issuer_url: https://yourapp.com
-  
+
   # Additional production profiles for external clients
   profiles:
     external_clients:
       tools: ["WeatherForecastTool"]  # Limited tool access for external clients
       prompts: []
       resources: []
-  
+
   # Production session store configuration
   # Use persistent storage for production reliability
   # session_store_type: active_record
   # Or configure separately:
   # client_session_store_type: active_record  # Client connections persist across restarts
   # server_session_store_type: active_record  # Server state persists across deployments
-  
+
   # Choose one of the following adapters:
-  
+
   # 1. Database-backed adapter (recommended)
   adapter: solid_mcp
   polling_interval: 0.5.seconds
   batch_size: 200      # Number of messages to write in a single batch
   flush_interval: 0.05 # Seconds between batch flushes
-  
+
   # Thread pool configuration (optional)
   min_threads: 10     # Minimum number of threads in the pool
   max_threads: 20     # Maximum number of threads in the pool

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: actionmcp
 version: !ruby/object:Gem::Version
-  version: 0.70.0
+  version: 0.71.1
 platform: ruby
 authors:
 - Abdelkader Boudih
@@ -206,8 +206,11 @@ files:
 - app/controllers/action_mcp/application_controller.rb
 - app/controllers/action_mcp/oauth/endpoints_controller.rb
 - app/controllers/action_mcp/oauth/metadata_controller.rb
+- app/controllers/action_mcp/oauth/registration_controller.rb
 - app/models/action_mcp.rb
 - app/models/action_mcp/application_record.rb
+- app/models/action_mcp/oauth_client.rb
+- app/models/action_mcp/oauth_token.rb
 - app/models/action_mcp/session.rb
 - app/models/action_mcp/session/message.rb
 - app/models/action_mcp/session/resource.rb
@@ -218,6 +221,8 @@ files:
 - config/routes.rb
 - db/migrate/20250512154359_consolidated_migration.rb
 - db/migrate/20250608112101_add_oauth_to_sessions.rb
+- db/migrate/20250708105124_create_action_mcp_oauth_clients.rb
+- db/migrate/20250708105226_create_action_mcp_oauth_tokens.rb
 - exe/actionmcp_cli
 - lib/action_mcp.rb
 - lib/action_mcp/base_response.rb
@@ -231,6 +236,7 @@ files:
 - lib/action_mcp/client/collection.rb
 - lib/action_mcp/client/elicitation.rb
 - lib/action_mcp/client/json_rpc_handler.rb
+- lib/action_mcp/client/jwt_client_provider.rb
 - lib/action_mcp/client/logging.rb
 - lib/action_mcp/client/messaging.rb
 - lib/action_mcp/client/oauth_client_provider.rb
@@ -262,7 +268,9 @@ files:
 - lib/action_mcp/current.rb
 - lib/action_mcp/current_helpers.rb
 - lib/action_mcp/engine.rb
+- lib/action_mcp/filtered_logger.rb
 - lib/action_mcp/gateway.rb
+- lib/action_mcp/gateway_identifier.rb
 - lib/action_mcp/gem_version.rb
 - lib/action_mcp/instrumentation/controller_runtime.rb
 - lib/action_mcp/instrumentation/instrumentation.rb
@@ -270,8 +278,13 @@ files:
 - lib/action_mcp/integer_array.rb
 - lib/action_mcp/json_rpc_handler_base.rb
 - lib/action_mcp/jwt_decoder.rb
+- lib/action_mcp/jwt_identifier.rb
 - lib/action_mcp/log_subscriber.rb
 - lib/action_mcp/logging.rb
+- lib/action_mcp/none_identifier.rb
+- lib/action_mcp/o_auth_identifier.rb
+- lib/action_mcp/oauth.rb
+- lib/action_mcp/oauth/active_record_storage.rb
 - lib/action_mcp/oauth/error.rb
 - lib/action_mcp/oauth/memory_storage.rb
 - lib/action_mcp/oauth/middleware.rb