actionmcp 0.71.0 → 0.72.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 83f504b6f7171acf10239a3873a3cf967243ed8fa598603b72ec3e265cf9ba7a
-  data.tar.gz: 4b50494bcf216f93243d2068c2d9f211c25a9fe5166fb01f21518321716a4d54
+  metadata.gz: 2875f1eaab23887a9cafbff393229ab35a733822b4b20487cff5b4556cd602c9
+  data.tar.gz: ac60fbba55e7e06960644c70f790cd0f4f8909d1b6d1137b3f002bdeda29575c
 SHA512:
-  metadata.gz: e2f3c857fdfd8404660d508ff620500676c71f629b5ac0a7ab0e7190248d25ea81d15eef679cbb14cba5f15ff119e882502de28d830f6c67a10c8ee7254a4301
-  data.tar.gz: 3d44ee314a37df260fbc00c5d7488330f0d0e5e637c5b200a784bf62301b2feb7b330796cd2ff0268a96de70f498d946983aa89c745e6e636e915b37f5d81587
+  metadata.gz: 9fe34b128238c04f1dcb8a08af77b17aafcf7c0bf5fd1ce670d0c8bfdd0aefcea6d284d1c223cb3572645e5101aa71021381eb1d0379851114c075102311c156
+  data.tar.gz: 3817b2aa867d773afad8cb9db19fca5e1dc1d1425d1b02912a62cd15fba6cde28b3e7333114a98ccc8fe551c15d481f77d02c6eb549bf3ae971d95a2a2ff013b

data/README.md

@@ -24,7 +24,15 @@ This means an AI (like an LLM) can request information or actions from your appl
 
 ## Protocol Support
 
-ActionMCP supports **MCP 2025-06-18** (current) with backward compatibility for **MCP 2025-03-26**. For a detailed (and entertaining) breakdown of protocol versions, features, and our design decisions, see [The Hitchhiker's Guide to MCP](The_Hitchhikers_Guide_to_MCP.md).
+ActionMCP supports **MCP 2025-06-18** (current) with backward compatibility for **MCP 2025-03-26**. The protocol implementation is fully compliant with the MCP specification, including:
+
+- **JSON-RPC 2.0** transport layer
+- **Capability negotiation** during initialization
+- **Error handling** with proper error codes (-32601 for method not found, -32002 for consent required)
+- **Session management** with resumable sessions
+- **Change notifications** for dynamic capability updates
+
+For a detailed (and entertaining) breakdown of protocol versions, features, and our design decisions, see [The Hitchhiker's Guide to MCP](The_Hitchhikers_Guide_to_MCP.md).
 
 *Don't Panic: The guide contains everything you need to know about surviving MCP protocol versions.*
 
@@ -42,25 +50,27 @@ In short, ActionMCP helps you build an MCP server (the component that exposes ca
 
 To start using ActionMCP, add it to your project:
 
-- **Using Bundler (Rails or Ruby projects):** Add the gem to your Gemfile and run bundle install:
+```bash
+# Add gem to your Gemfile
+$ bundle add actionmcp
 
-  ```bash
-  $ bundle add actionmcp
-  ```
+# Install dependencies
+bundle install
 
-After adding the gem, run the install generator to set up the basic ActionMCP structure:
+# Copy migrations from the engine
+bin/rails action_mcp:install:migrations
 
-```bash
-bundle install
-bin/rails action_mcp:install:migrations  # Copy migrations from the engine
-bin/rails generate action_mcp:install    # Creates base classes and configuration
-bin/rails db:migrate                     # Creates necessary database tables
+# Generate base classes and configuration
+bin/rails generate action_mcp:install
+
+# Create necessary database tables
+bin/rails db:migrate
 ```
 
 The `action_mcp:install` generator will:
 - Create base application classes (ApplicationGateway, ApplicationMCPTool, etc.)
 - Generate the MCP configuration file (`config/mcp.yml`)
-- Set up the basic directory structure for MCP components
+- Set up the basic directory structure for MCP components (`app/mcp/`)
 
 Database migrations are copied separately using `bin/rails action_mcp:install:migrations`.
 
@@ -127,6 +137,7 @@ Key features:
 - Return multiple response types (text, images, errors)
 - Progressive responses with multiple render calls
 - Automatic input validation based on property definitions
+- **Consent management for sensitive operations**
 
 **Example:**
 
@@ -160,6 +171,47 @@ class CalculateSumTool < ApplicationMCPTool
 end
 ```
 
+#### Consent Management
+
+For tools that perform sensitive operations (file system access, database modifications, external API calls), you can require explicit user consent:
+
+```ruby
+class FileSystemTool < ApplicationMCPTool
+  tool_name "read_file"
+  description "Read contents of a file"
+  
+  # Require explicit consent before execution
+  requires_consent!
+
+  property :file_path, type: "string", description: "Path to file", required: true
+
+  def perform
+    # This code only runs after user grants consent
+    content = File.read(file_path)
+    render(text: "File contents: #{content}")
+  end
+end
+```
+
+**Consent Flow:**
+1. When a consent-required tool is called without consent, it returns a JSON-RPC error with code `-32002`
+2. The client must explicitly grant consent for the specific tool
+3. Once granted, the tool can execute normally for that session
+4. Consent is session-scoped and can be revoked at any time
+
+**Managing Consent:**
+
+```ruby
+# Check if consent is granted
+session.consent_granted_for?("read_file")
+
+# Grant consent for a tool
+session.grant_consent("read_file")
+
+# Revoke consent
+session.revoke_consent("read_file")
+```
+
 Tools can be executed by instantiating them and calling the `call` method:
 
 ```ruby
@@ -751,17 +803,97 @@ class ToolTest < ActiveSupport::TestCase
 end
 ```
 
+The TestHelper provides several assertion methods:
+- `assert_tool_findable(name)` - Verifies a tool exists and is registered
+- `assert_prompt_findable(name)` - Verifies a prompt exists and is registered
+- `execute_tool(name, **args)` - Executes a tool with arguments
+- `execute_prompt(name, **args)` - Executes a prompt with arguments
+- `assert_tool_output(result, expected)` - Asserts tool output matches expected text
+- `assert_prompt_output(result)` - Extracts and returns prompt output for assertions
+
 ## Inspecting Your MCP Server
 
 You can use the MCP Inspector to test your server implementation:
 
 ```bash
-npx @modelcontextprotocol/inspector
+# Start your MCP server
+bundle exec rails s -c mcp.ru -p 62770
+
+# In another terminal, run the inspector
+npx @modelcontextprotocol/inspector --url http://localhost:62770
+```
+
+The MCP Inspector provides an interactive interface to:
+- Test tool executions with custom arguments
+- Validate prompt responses
+- Inspect resource templates and their outputs
+- Debug protocol compliance and error handling
+
+## Development Commands
+
+ActionMCP includes several rake tasks for development and debugging:
+
+```bash
+# List all MCP components
+bundle exec rails action_mcp:list
+
+# List specific component types
+bundle exec rails action_mcp:list_tools
+bundle exec rails action_mcp:list_prompts
+bundle exec rails action_mcp:list_resources
+bundle exec rails action_mcp:list_profiles
+
+# Show configuration and statistics
+bundle exec rails action_mcp:info
+bundle exec rails action_mcp:stats
+
+# Show profile configuration
+bundle exec rails action_mcp:show_profile[profile_name]
 ```
 
-The default path will be http://localhost:3000/action_mcp
+## Error Handling and Troubleshooting
+
+ActionMCP provides comprehensive error handling following the JSON-RPC 2.0 specification:
+
+### Error Codes
+
+- **-32601**: Method not found - The requested method doesn't exist
+- **-32002**: Consent required - Tool requires user consent to execute
+- **-32603**: Internal error - Server encountered an unexpected error
+- **-32600**: Invalid request - The request is malformed
+
+### Context-Aware Error Messages
 
-Here's a section you can add to explain the profile system in ActionMCP:
+Tools should return clear error messages to the LLM using the `render` method:
+
+```ruby
+class MyTool < ApplicationMCPTool
+  def perform
+    # Check for error conditions and return clear messages
+    if some_error_condition?
+      render(error: ["Clear error message for the LLM"])
+      return
+    end
+    
+    # Normal processing
+    render(text: "Success message")
+  end
+end
+```
+
+### Common Issues
+
+1. **Session not found**: Ensure sessions are properly created and saved in the session store
+2. **Tool not registered**: Verify tools are properly defined and inherit from ApplicationMCPTool
+3. **Consent required**: Grant consent using `session.grant_consent(tool_name)`
+4. **Middleware conflicts**: Use `mcp_vanilla.ru` to avoid web-specific middleware
+
+### Debugging Tips
+
+- Check server logs for detailed error information
+- Use `bundle exec rails action_mcp:info` to verify configuration
+- Test with MCP Inspector to isolate protocol issues
+- Ensure proper session management in production environments
 
 ## Profiles
 
@@ -875,3 +1007,42 @@ Profiles are particularly useful for:
 5. **Progressive enhancement**: Start with a minimal profile and gradually add capabilities
 
 By leveraging profiles, you can maintain a single ActionMCP codebase while providing tailored MCP capabilities for different contexts.
+
+## Client Usage
+
+ActionMCP includes a client for connecting to remote MCP servers. The client handles session management, protocol negotiation, and provides a simple API for interacting with MCP servers.
+
+For comprehensive client documentation, including examples, session management, transport configuration, and API usage, see [CLIENTUSAGE.md](CLIENTUSAGE.md).
+
+## Production Considerations
+
+### Security
+
+- **Never expose sensitive data** through MCP components
+- **Use authentication** via Gateway for production deployments
+- **Implement proper authorization** in your tools and prompts
+- **Validate all inputs** using property definitions and Rails validations
+- **Use consent management** for sensitive operations
+
+### Performance
+
+- **Configure appropriate thread pools** for high-traffic scenarios
+- **Use Redis or SolidMCP** for production pub/sub
+- **Choose ActiveRecord session store** for session persistence
+- **Monitor session cleanup** to prevent memory leaks
+- **Use profiles** to limit exposed capabilities
+
+### Monitoring
+
+- **Enable logging** and configure appropriate log levels
+- **Monitor session statistics** using `action_mcp:stats`
+- **Track tool usage** and performance metrics
+- **Set up alerts** for error rates and response times
+
+### Deployment
+
+- **Use Falcon** for optimal performance with streaming workloads
+- **Deploy on dedicated ports** or Unix sockets
+- **Use reverse proxies** (Nginx, Apache) for SSL termination
+- **Implement health checks** for your MCP endpoints
+- **Use `mcp_vanilla.ru`** to avoid middleware conflicts

data/app/controllers/action_mcp/application_controller.rb

@@ -12,7 +12,6 @@ module ActionMCP
     include ActionController::Live
     include ActionController::Instrumentation
 
-
     # Provides the ActionMCP::Session for the current request.
     # Handles finding existing sessions via header/param or initializing a new one.
     # Specific controllers/handlers might need to enforce session ID presence based on context.
@@ -52,7 +51,9 @@ module ActionMCP
       return if performed?
 
       last_event_id = request.headers["Last-Event-ID"].presence
-      Rails.logger.info "Unified SSE (GET): Resuming from Last-Event-ID: #{last_event_id}" if last_event_id && ActionMCP.configuration.verbose_logging
+      if last_event_id && ActionMCP.configuration.verbose_logging
+        Rails.logger.info "Unified SSE (GET): Resuming from Last-Event-ID: #{last_event_id}"
+      end
 
       response.headers["Content-Type"] = "text/event-stream"
       response.headers["X-Accel-Buffering"] = "no"
@@ -61,7 +62,9 @@ module ActionMCP
       # Add MCP-Protocol-Version header for established sessions
       response.headers["MCP-Protocol-Version"] = session.protocol_version
 
-      Rails.logger.info "Unified SSE (GET): Starting stream for session: #{session.id}" if ActionMCP.configuration.verbose_logging
+      if ActionMCP.configuration.verbose_logging
+        Rails.logger.info "Unified SSE (GET): Starting stream for session: #{session.id}"
+      end
 
       sse = SSE.new(response.stream)
       listener = SSEListener.new(session)
@@ -85,12 +88,16 @@ module ActionMCP
         begin
           missed_events = session.get_sse_events_after(last_event_id.to_i)
           if missed_events.any?
-            Rails.logger.info "Unified SSE (GET): Sending #{missed_events.size} missed events for session: #{session.id}" if ActionMCP.configuration.verbose_logging
+            if ActionMCP.configuration.verbose_logging
+              Rails.logger.info "Unified SSE (GET): Sending #{missed_events.size} missed events for session: #{session.id}"
+            end
             missed_events.each do |event|
               sse.write(event.to_sse)
             end
-          else
-            Rails.logger.info "Unified SSE (GET): No missed events to send for session: #{session.id}" if ActionMCP.configuration.verbose_logging
+          elsif ActionMCP.configuration.verbose_logging
+            if ActionMCP.configuration.verbose_logging
+              Rails.logger.info "Unified SSE (GET): No missed events to send for session: #{session.id}"
+            end
           end
         rescue StandardError => e
           Rails.logger.error "Unified SSE (GET): Error sending missed events: #{e.message}"
@@ -116,7 +123,9 @@ module ActionMCP
             Rails.logger.warn "Unified SSE (GET): Heartbeat timed out for session: #{session.id}, closing."
             connection_active.make_false
           rescue StandardError => e
-            Rails.logger.debug "Unified SSE (GET): Heartbeat error for session: #{session.id}: #{e.message}" if ActionMCP.configuration.verbose_logging
+            if ActionMCP.configuration.verbose_logging
+              Rails.logger.debug "Unified SSE (GET): Heartbeat error for session: #{session.id}: #{e.message}"
+            end
             connection_active.make_false
           end
         else
@@ -127,11 +136,15 @@ module ActionMCP
       heartbeat_task = Concurrent::ScheduledTask.execute(heartbeat_interval, &heartbeat_sender)
       sleep 0.1 while connection_active.true? && !response.stream.closed?
     rescue ActionController::Live::ClientDisconnected, IOError => e
-      Rails.logger.debug "Unified SSE (GET): Client disconnected for session: #{session&.id}: #{e.message}" if ActionMCP.configuration.verbose_logging
+      if ActionMCP.configuration.verbose_logging
+        Rails.logger.debug "Unified SSE (GET): Client disconnected for session: #{session&.id}: #{e.message}"
+      end
     rescue StandardError => e
       Rails.logger.error "Unified SSE (GET): Unexpected error for session: #{session&.id}: #{e.class} - #{e.message}\n#{e.backtrace.join("\n")}"
     ensure
-      Rails.logger.debug "Unified SSE (GET): Cleaning up connection for session: #{session&.id}" if ActionMCP.configuration.verbose_logging
+      if ActionMCP.configuration.verbose_logging
+        Rails.logger.debug "Unified SSE (GET): Cleaning up connection for session: #{session&.id}"
+      end
       heartbeat_active&.make_false
       heartbeat_task&.cancel
       listener&.stop
@@ -153,9 +166,7 @@ module ActionMCP
       end
 
       # Reject JSON-RPC batch requests as per MCP 2025-06-18 spec
-      if jsonrpc_params_batch?
-        return render_bad_request("JSON-RPC batch requests are not supported", nil)
-      end
+      return render_bad_request("JSON-RPC batch requests are not supported", nil) if jsonrpc_params_batch?
 
       is_initialize_request = check_if_initialize_request(jsonrpc_params)
       session_initially_missing = extract_session_id.nil?
@@ -197,7 +208,9 @@ module ActionMCP
       result = json_rpc_handler.call(jsonrpc_params)
       process_handler_results(result, session, session_initially_missing, is_initialize_request)
     rescue ActionController::Live::ClientDisconnected, IOError => e
-      Rails.logger.debug "Unified SSE (POST): Client disconnected during response: #{e.message}" if ActionMCP.configuration.verbose_logging
+      if ActionMCP.configuration.verbose_logging
+        Rails.logger.debug "Unified SSE (POST): Client disconnected during response: #{e.message}"
+      end
       begin
         response.stream&.close
       rescue StandardError
@@ -205,7 +218,11 @@ module ActionMCP
       end
     rescue StandardError => e
       Rails.logger.error "Unified POST Error: #{e.class} - #{e.message}\n#{e.backtrace.join("\n")}"
-      id = jsonrpc_params.respond_to?(:id) ? jsonrpc_params.id : nil rescue nil
+      id = begin
+        jsonrpc_params.respond_to?(:id) ? jsonrpc_params.id : nil
+      rescue StandardError
+        nil
+      end
       render_internal_server_error("An unexpected error occurred.", id) unless performed?
     end
 
@@ -255,9 +272,7 @@ module ActionMCP
       end
 
       # Handle array values (take the last one as per TypeScript SDK)
-      if header_version.is_a?(Array)
-        header_version = header_version.last
-      end
+      header_version = header_version.last if header_version.is_a?(Array)
 
       # Check if the header version is supported
       unless ActionMCP::SUPPORTED_VERSIONS.include?(header_version)
@@ -268,7 +283,7 @@ module ActionMCP
       end
 
       # If we have an initialized session, check if the header matches the negotiated version
-      if session && session.initialized?
+      if session&.initialized?
         negotiated_version = session.protocol_version
         if header_version != negotiated_version
           ActionMCP.logger.warn "MCP-Protocol-Version mismatch: header=#{header_version}, negotiated=#{negotiated_version}"
@@ -340,9 +355,7 @@ module ActionMCP
     # Processes the results from the JsonRpcHandler.
     def process_handler_results(result, session, session_initially_missing, is_initialize_request)
       # Handle empty result (notifications)
-      if result.nil?
-        return head :accepted
-      end
+      return head :accepted if result.nil?
 
       # Convert to hash for rendering
       payload = if result.respond_to?(:to_h)
@@ -369,9 +382,7 @@ module ActionMCP
     def render_json_response(payload, session, add_session_header)
       response.headers[MCP_SESSION_ID_HEADER] = session.id if add_session_header
       # Add MCP-Protocol-Version header if session has been initialized
-      if session && session.initialized?
-        response.headers["MCP-Protocol-Version"] = session.protocol_version
-      end
+      response.headers["MCP-Protocol-Version"] = session.protocol_version if session&.initialized?
       response.headers["Content-Type"] = "application/json"
       render json: payload, status: :ok
     end
@@ -380,9 +391,7 @@ module ActionMCP
     def render_sse_response(payload, session, add_session_header)
       response.headers[MCP_SESSION_ID_HEADER] = session.id if add_session_header
       # Add MCP-Protocol-Version header if session has been initialized
-      if session && session.initialized?
-        response.headers["MCP-Protocol-Version"] = session.protocol_version
-      end
+      response.headers["MCP-Protocol-Version"] = session.protocol_version if session&.initialized?
       response.headers["Content-Type"] = "text/event-stream"
       response.headers["X-Accel-Buffering"] = "no"
       response.headers["Cache-Control"] = "no-cache"
@@ -425,13 +434,13 @@ module ActionMCP
 
     # Helper to clean up old SSE events for a session
     def cleanup_old_sse_events(session)
-      begin
-        retention_period = session.sse_event_retention_period
-        count = session.cleanup_old_sse_events(retention_period)
-        Rails.logger.debug "Cleaned up #{count} old SSE events for session: #{session.id}" if count.positive? && ActionMCP.configuration.verbose_logging
-      rescue StandardError => e
-        Rails.logger.error "Error cleaning up old SSE events: #{e.message}"
+      retention_period = session.sse_event_retention_period
+      count = session.cleanup_old_sse_events(retention_period)
+      if count.positive? && ActionMCP.configuration.verbose_logging
+        Rails.logger.debug "Cleaned up #{count} old SSE events for session: #{session.id}"
       end
+    rescue StandardError => e
+      Rails.logger.error "Error cleaning up old SSE events: #{e.message}"
     end
 
     def format_tools_list(tools, session)
@@ -505,15 +514,15 @@ module ActionMCP
     # Authenticates the request using the configured gateway
     def authenticate_gateway!
       # Skip authentication for initialization-related requests in POST method
-      if request.post? && defined?(jsonrpc_params) && jsonrpc_params
-        return if initialization_related_request?(jsonrpc_params)
+      if request.post? && defined?(jsonrpc_params) && jsonrpc_params && initialization_related_request?(jsonrpc_params)
+        return
       end
 
       gateway_class = ActionMCP.configuration.gateway_class
       return unless gateway_class # Skip if no gateway configured
 
-      gateway = gateway_class.new
-      gateway.call(request)
+      gateway = gateway_class.new(request)
+      gateway.call
     rescue ActionMCP::UnauthorizedError => e
       render_unauthorized(e.message)
     end
@@ -524,9 +533,7 @@ module ActionMCP
 
       # Add WWW-Authenticate header for OAuth discovery as per spec
       auth_methods = ActionMCP.configuration.authentication_methods || []
-      if auth_methods.include?("oauth")
-        response.headers["WWW-Authenticate"] = 'Bearer realm="MCP API"'
-      end
+      response.headers["WWW-Authenticate"] = 'Bearer realm="MCP API"' if auth_methods.include?("oauth")
 
       render json: { jsonrpc: "2.0", id: id, error: { code: -32_000, message: message } }, status: :unauthorized
     end

data/app/controllers/action_mcp/oauth/endpoints_controller.rb

@@ -92,7 +92,7 @@ module ActionMCP
         return render_introspection_error unless token
 
         # Authenticate client for introspection
-        client_id, client_secret = extract_client_credentials
+        client_id, = extract_client_credentials
         return render_introspection_error unless client_id
 
         begin
@@ -112,7 +112,7 @@ module ActionMCP
         return head :bad_request unless token
 
         # Authenticate client
-        client_id, client_secret = extract_client_credentials
+        client_id, = extract_client_credentials
         return head :unauthorized unless client_id
 
         begin
@@ -127,9 +127,9 @@ module ActionMCP
 
       def check_oauth_enabled
         auth_methods = ActionMCP.configuration.authentication_methods
-        unless auth_methods&.include?("oauth")
-          head :not_found
-        end
+        return if auth_methods&.include?("oauth")
+
+        head :not_found
       end
 
       def oauth_config
@@ -144,9 +144,7 @@ module ActionMCP
         code_verifier = params[:code_verifier]
 
         # Extract client credentials from Authorization header if not in params
-        if client_id.blank?
-          client_id, client_secret = extract_client_credentials
-        end
+        client_id, client_secret = extract_client_credentials if client_id.blank?
 
         return render_token_error("invalid_request", "Missing required parameters") if code.blank? || client_id.blank?
 
@@ -170,7 +168,10 @@ module ActionMCP
         client_id ||= params[:client_id]
         client_secret ||= params[:client_secret]
 
-        return render_token_error("invalid_request", "Missing required parameters") if refresh_token.blank? || client_id.blank?
+        if refresh_token.blank? || client_id.blank?
+          return render_token_error("invalid_request",
+                                    "Missing required parameters")
+        end
 
         token_response = ActionMCP::OAuth::Provider.refresh_access_token(
           refresh_token: refresh_token,
@@ -251,7 +252,7 @@ module ActionMCP
         render json: { active: false }, status: :bad_request
       end
 
-      def render_consent_page(client_id, redirect_uri, scope, state, code_challenge, code_challenge_method)
+      def render_consent_page(_client_id, _redirect_uri, _scope, _state, _code_challenge, _code_challenge_method)
         # In production, this would render a proper consent page
         # For now, just auto-deny unknown clients
         render json: {

data/app/controllers/action_mcp/oauth/metadata_controller.rb

@@ -25,13 +25,9 @@ module ActionMCP
         }
 
         # Add optional fields based on configuration
-        if oauth_config[:enable_dynamic_registration]
-          metadata[:registration_endpoint] = registration_endpoint
-        end
+        metadata[:registration_endpoint] = registration_endpoint if oauth_config[:enable_dynamic_registration]
 
-        if oauth_config[:jwks_uri]
-          metadata[:jwks_uri] = oauth_config[:jwks_uri]
-        end
+        metadata[:jwks_uri] = oauth_config[:jwks_uri] if oauth_config[:jwks_uri]
 
         render json: metadata
       end
@@ -54,9 +50,9 @@ module ActionMCP
 
       def check_oauth_enabled
         auth_methods = ActionMCP.configuration.authentication_methods
-        unless auth_methods&.include?("oauth")
-          head :not_found
-        end
+        return if auth_methods&.include?("oauth")
+
+        head :not_found
       end
 
       def oauth_config
@@ -99,7 +95,7 @@ module ActionMCP
       end
 
       def token_endpoint_auth_methods_supported
-        methods = [ "client_secret_basic", "client_secret_post" ]
+        methods = %w[client_secret_basic client_secret_post]
         methods << "none" if oauth_config[:allow_public_clients]
         methods
       end

data/app/controllers/action_mcp/oauth/registration_controller.rb

@@ -23,9 +23,7 @@ module ActionMCP
         client_secret = nil # Public clients by default
 
         # Generate client secret for confidential clients
-        if client_metadata["token_endpoint_auth_method"] != "none"
-          client_secret = generate_client_secret
-        end
+        client_secret = generate_client_secret if client_metadata["token_endpoint_auth_method"] != "none"
 
         # Store client registration
         client_info = {
@@ -72,15 +70,15 @@ module ActionMCP
 
       def check_oauth_enabled
         auth_methods = ActionMCP.configuration.authentication_methods
-        unless auth_methods&.include?("oauth")
-          head :not_found
-        end
+        return if auth_methods&.include?("oauth")
+
+        head :not_found
       end
 
       def check_registration_enabled
-        unless oauth_config[:enable_dynamic_registration]
-          head :not_found
-        end
+        return if oauth_config[:enable_dynamic_registration]
+
+        head :not_found
       end
 
       def oauth_config
@@ -129,23 +127,20 @@ module ActionMCP
         end
 
         # Validate token endpoint auth method
-        if metadata["token_endpoint_auth_method"]
-          unless supported_auth_methods.include?(metadata["token_endpoint_auth_method"])
-            raise ActionMCP::OAuth::InvalidClientMetadataError, "Unsupported token endpoint auth method"
-          end
-        end
+        return unless metadata["token_endpoint_auth_method"]
+        return if supported_auth_methods.include?(metadata["token_endpoint_auth_method"])
+
+        raise ActionMCP::OAuth::InvalidClientMetadataError, "Unsupported token endpoint auth method"
       end
 
       def validate_redirect_uri(uri)
         parsed = URI.parse(uri)
 
         # Must be absolute URI
-        unless parsed.absolute?
-          raise ActionMCP::OAuth::InvalidClientMetadataError, "Redirect URI must be absolute"
-        end
+        raise ActionMCP::OAuth::InvalidClientMetadataError, "Redirect URI must be absolute" unless parsed.absolute?
 
         # For non-localhost, must use HTTPS
-        unless parsed.host == "localhost" || parsed.host == "127.0.0.1" || parsed.scheme == "https"
+        unless [ "localhost", "127.0.0.1" ].include?(parsed.host) || parsed.scheme == "https"
           raise ActionMCP::OAuth::InvalidClientMetadataError, "Redirect URI must use HTTPS"
         end
       rescue URI::InvalidURIError
@@ -162,7 +157,7 @@ module ActionMCP
         SecureRandom.urlsafe_base64(32)
       end
 
-      def generate_registration_access_token(client_id)
+      def generate_registration_access_token(_client_id)
         # Generate a token for managing this registration
         SecureRandom.urlsafe_base64(32)
       end
@@ -183,7 +178,7 @@ module ActionMCP
       end
 
       def supported_auth_methods
-        methods = [ "client_secret_basic", "client_secret_post" ]
+        methods = %w[client_secret_basic client_secret_post]
         methods << "none" if oauth_config.fetch(:allow_public_clients, true)
         methods
       end