actionmcp 0.71.0 → 0.72.0

data/app/models/action_mcp/oauth_client.rb

@@ -41,14 +41,17 @@ module ActionMCP
 
     # Scopes
     scope :active, -> { where(active: true) }
-    scope :expired, -> { where("client_secret_expires_at < ?", Time.current.to_i).where.not(client_secret_expires_at: [ nil, 0 ]) }
+    scope :expired, lambda {
+      where("client_secret_expires_at < ?", Time.current.to_i).where.not(client_secret_expires_at: [ nil, 0 ])
+    }
 
     # Callbacks
     before_create :set_issued_at
 
     # Check if client secret is expired
     def secret_expired?
-      return false if client_secret_expires_at.nil? || client_secret_expires_at == 0
+      return false if client_secret_expires_at.nil? || client_secret_expires_at.zero?
+
       Time.current.to_i > client_secret_expires_at
     end
 
@@ -65,6 +68,7 @@ module ActionMCP
     # Validate redirect URI against registered URIs
     def valid_redirect_uri?(uri)
       return false if redirect_uris.blank?
+
       redirect_uris.include?(uri)
     end
 
@@ -133,9 +137,7 @@ module ActionMCP
       end
 
       # Generate client secret for confidential clients
-      if client.confidential_client?
-        client.client_secret = SecureRandom.urlsafe_base64(32)
-      end
+      client.client_secret = SecureRandom.urlsafe_base64(32) if client.confidential_client?
 
       # Store any additional metadata
       known_fields = %w[

data/app/models/action_mcp/oauth_token.rb

@@ -90,7 +90,8 @@ module ActionMCP
     end
 
     # Create authorization code
-    def self.create_authorization_code(client_id:, user_id:, redirect_uri:, scope:, code_challenge: nil, code_challenge_method: nil)
+    def self.create_authorization_code(client_id:, user_id:, redirect_uri:, scope:, code_challenge: nil,
+                                       code_challenge_method: nil)
       create!(
         token: SecureRandom.urlsafe_base64(32),
         token_type: AUTHORIZATION_CODE,

data/app/models/action_mcp/session.rb

@@ -8,6 +8,7 @@
 #  authentication_method  :string           default("none")
 #  client_capabilities    :json
 #  client_info            :json
+#  consents               :json             not null
 #  ended_at               :datetime
 #  initialized            :boolean          default(FALSE), not null
 #  messages_count         :integer          default(0), not null
@@ -40,6 +41,10 @@ module ActionMCP
   # such as client and server capabilities, protocol version, and session status.
   # It also manages the association with messages and subscriptions related to the session.
   class Session < ApplicationRecord
+    after_initialize do
+      self.consents = {} if consents == "{}" || consents.nil?
+    end
+
     include MCPConsoleHelpers
     attribute :id, :string, default: -> { SecureRandom.hex(6) }
     has_many :messages,
@@ -180,9 +185,7 @@ module ActionMCP
       # Maintain cache limit by removing oldest events if needed
       count = sse_events.count
       excess = count - max_events
-      if excess.positive?
-        sse_events.order(event_id: :asc).limit(excess).delete_all
-      end
+      sse_events.order(event_id: :asc).limit(excess).delete_all if excess.positive?
 
       event
     end
@@ -363,7 +366,7 @@ module ActionMCP
     # Required by MCP 2025-03-26 specification for session binding
 
     # Store OAuth token and user context in session
-    def store_oauth_token(access_token:, refresh_token: nil, expires_at:, user_context: {})
+    def store_oauth_token(access_token:, expires_at:, refresh_token: nil, user_context: {})
       update!(
         oauth_access_token: access_token,
         oauth_refresh_token: refresh_token,
@@ -406,7 +409,7 @@ module ActionMCP
     end
 
     # Update OAuth token (for refresh flow)
-    def update_oauth_token(access_token:, refresh_token: nil, expires_at:)
+    def update_oauth_token(access_token:, expires_at:, refresh_token: nil)
       update!(
         oauth_access_token: access_token,
         oauth_refresh_token: refresh_token,
@@ -447,6 +450,38 @@ module ActionMCP
       )
     end
 
+    # Consent management methods as per MCP specification
+    # These methods manage user consents for tools and resources
+
+    # Checks if consent has been granted for a specific key
+    # @param key [String] The consent key (e.g., tool name or resource URI)
+    # @return [Boolean] true if consent is granted, false otherwise
+    def consent_granted_for?(key)
+      consents_hash = consents.is_a?(String) ? JSON.parse(consents) : consents
+      consents_hash&.key?(key) && consents_hash[key] == true
+    end
+
+    # Grants consent for a specific key
+    # @param key [String] The consent key to grant
+    # @return [Boolean] true if saved successfully
+    def grant_consent(key)
+      self.consents = JSON.parse(consents) if consents.is_a?(String)
+      self.consents ||= {}
+      self.consents[key] = true
+      save!
+    end
+
+    # Revokes consent for a specific key
+    # @param key [String] The consent key to revoke
+    # @return [void]
+    def revoke_consent(key)
+      self.consents = JSON.parse(self.consents) if self.consents.is_a?(String)
+      return unless consents&.key?(key)
+
+      consents.delete(key)
+      save!
+    end
+
     private
 
     # if this session is from a server, the writer is the client

data/config/routes.rb

@@ -4,8 +4,10 @@ ActionMCP::Engine.routes.draw do
   get "/up", to: "/rails/health#show", as: :action_mcp_health_check
 
   # OAuth 2.1 metadata endpoints
-  get "/.well-known/oauth-authorization-server", to: "oauth/metadata#authorization_server", as: :oauth_authorization_server_metadata
-  get "/.well-known/oauth-protected-resource", to: "oauth/metadata#protected_resource", as: :oauth_protected_resource_metadata
+  get "/.well-known/oauth-authorization-server", to: "oauth/metadata#authorization_server",
+                                                 as: :oauth_authorization_server_metadata
+  get "/.well-known/oauth-protected-resource", to: "oauth/metadata#protected_resource",
+                                               as: :oauth_protected_resource_metadata
 
   # OAuth 2.1 endpoints
   get "/oauth/authorize", to: "oauth/endpoints#authorize", as: :oauth_authorize

data/db/migrate/20250512154359_consolidated_migration.rb

@@ -133,9 +133,9 @@ class ConsolidatedMigration < ActiveRecord::Migration[8.0]
     return unless column_exists?(:action_mcp_session_messages, :direction)
 
     # SQLite3 doesn't support changing column comments
-    if connection.adapter_name.downcase != 'sqlite'
-      change_column_comment :action_mcp_session_messages, :direction, 'The message recipient'
-    end
+    return unless connection.adapter_name.downcase != 'sqlite'
+
+    change_column_comment :action_mcp_session_messages, :direction, 'The message recipient'
   end
 
   private

data/db/migrate/20250608112101_add_oauth_to_sessions.rb

@@ -5,15 +5,24 @@ class AddOAuthToSessions < ActiveRecord::Migration[8.0]
     # Use json for all databases (PostgreSQL, SQLite3, MySQL) for consistency
     json_type = :json
 
-    add_column :action_mcp_sessions, :oauth_access_token, :string unless column_exists?(:action_mcp_sessions, :oauth_access_token)
-    add_column :action_mcp_sessions, :oauth_refresh_token, :string unless column_exists?(:action_mcp_sessions, :oauth_refresh_token)
-    add_column :action_mcp_sessions, :oauth_token_expires_at, :datetime unless column_exists?(:action_mcp_sessions, :oauth_token_expires_at)
-    add_column :action_mcp_sessions, :oauth_user_context, json_type unless column_exists?(:action_mcp_sessions, :oauth_user_context)
-    add_column :action_mcp_sessions, :authentication_method, :string, default: "none" unless column_exists?(:action_mcp_sessions, :authentication_method)
+    add_column :action_mcp_sessions, :oauth_access_token, :string unless column_exists?(:action_mcp_sessions,
+                                                                                        :oauth_access_token)
+    add_column :action_mcp_sessions, :oauth_refresh_token, :string unless column_exists?(:action_mcp_sessions,
+                                                                                         :oauth_refresh_token)
+    add_column :action_mcp_sessions, :oauth_token_expires_at, :datetime unless column_exists?(:action_mcp_sessions,
+                                                                                              :oauth_token_expires_at)
+    add_column :action_mcp_sessions, :oauth_user_context, json_type unless column_exists?(:action_mcp_sessions,
+                                                                                          :oauth_user_context)
+    add_column :action_mcp_sessions, :authentication_method, :string, default: 'none' unless column_exists?(
+      :action_mcp_sessions, :authentication_method
+    )
 
     # Add indexes for performance
-    add_index :action_mcp_sessions, :oauth_access_token, unique: true unless index_exists?(:action_mcp_sessions, :oauth_access_token)
-    add_index :action_mcp_sessions, :oauth_token_expires_at unless index_exists?(:action_mcp_sessions, :oauth_token_expires_at)
-    add_index :action_mcp_sessions, :authentication_method unless index_exists?(:action_mcp_sessions, :authentication_method)
+    add_index :action_mcp_sessions, :oauth_access_token, unique: true unless index_exists?(:action_mcp_sessions,
+                                                                                           :oauth_access_token)
+    add_index :action_mcp_sessions, :oauth_token_expires_at unless index_exists?(:action_mcp_sessions,
+                                                                                 :oauth_token_expires_at)
+    add_index :action_mcp_sessions, :authentication_method unless index_exists?(:action_mcp_sessions,
+                                                                                :authentication_method)
   end
 end

data/db/migrate/20250708105124_create_action_mcp_oauth_clients.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class CreateActionMCPOAuthClients < ActiveRecord::Migration[7.2]
   def change
     create_table :action_mcp_oauth_clients do |t|
@@ -8,16 +10,16 @@ class CreateActionMCPOAuthClients < ActiveRecord::Migration[7.2]
       # Store arrays as JSON for database compatibility
       if connection.adapter_name.downcase.include?('postgresql')
         t.text :redirect_uris, array: true, default: []
-        t.text :grant_types, array: true, default: [ "authorization_code" ]
-        t.text :response_types, array: true, default: [ "code" ]
+        t.text :grant_types, array: true, default: [ 'authorization_code' ]
+        t.text :response_types, array: true, default: [ 'code' ]
       else
         # For SQLite and other databases, use JSON
         t.json :redirect_uris, default: []
-        t.json :grant_types, default: [ "authorization_code" ]
-        t.json :response_types, default: [ "code" ]
+        t.json :grant_types, default: [ 'authorization_code' ]
+        t.json :response_types, default: [ 'code' ]
       end
 
-      t.string :token_endpoint_auth_method, default: "client_secret_basic"
+      t.string :token_endpoint_auth_method, default: 'client_secret_basic'
       t.text :scope
       t.boolean :active, default: true
 

data/db/migrate/20250708105226_create_action_mcp_oauth_tokens.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class CreateActionMCPOAuthTokens < ActiveRecord::Migration[7.2]
   def change
     create_table :action_mcp_oauth_tokens do |t|
@@ -32,6 +34,6 @@ class CreateActionMCPOAuthTokens < ActiveRecord::Migration[7.2]
     add_index :action_mcp_oauth_tokens, :user_id
     add_index :action_mcp_oauth_tokens, :expires_at
     add_index :action_mcp_oauth_tokens, :revoked
-    add_index :action_mcp_oauth_tokens, [ :token_type, :expires_at ]
+    add_index :action_mcp_oauth_tokens, %i[token_type expires_at]
   end
 end

data/db/migrate/20250715070713_add_consents_to_action_mcp_sess.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class AddConsentsToActionMCPSess < ActiveRecord::Migration[8.0]
+  def change
+    add_column :action_mcp_sessions, :consents, :json, default: {}, null: false
+  end
+end

data/lib/action_mcp/base_response.rb

@@ -19,7 +19,7 @@ module ActionMCP
     end
 
     # Convert to hash format expected by MCP protocol
-    def to_h(options = nil)
+    def to_h(_options = nil)
       if @is_error
         JSON_RPC::JsonRpcError.new(@symbol, message: @error_message, data: @error_data).to_h
       else

data/lib/action_mcp/client/base.rb

@@ -23,11 +23,12 @@ module ActionMCP
 
       delegate :connected?, :ready?, to: :transport
 
-      def initialize(transport:, logger: ActionMCP.logger, **options)
+      def initialize(transport:, logger: ActionMCP.logger, protocol_version: nil, **options)
         @logger = logger
         @transport = transport
-        @session = nil  # Session will be created/loaded based on server response
-        @session_id = options[:session_id]  # Optional session ID for resumption
+        @session = nil # Session will be created/loaded based on server response
+        @session_id = options[:session_id] # Optional session ID for resumption
+        @protocol_version = protocol_version || ActionMCP::DEFAULT_PROTOCOL_VERSION
         @server_capabilities = nil
         @connection_error = nil
         @initialized = false
@@ -90,7 +91,7 @@ module ActionMCP
 
         begin
           # Only write to session if it exists (after initialization)
-          session.write(payload) if session
+          session&.write(payload)
           data = payload.to_json unless payload.is_a?(String)
           @transport.send_message(data)
           true
@@ -108,11 +109,11 @@ module ActionMCP
         end
 
         # Only update session if it exists
-        if @session
-          @session.server_capabilities = server.capabilities
-          @session.server_info = server.server_info
-          @session.save
-        end
+        return unless @session
+
+        @session.server_capabilities = server.capabilities
+        @session.server_info = server.server_info
+        @session.save
       end
 
       def initialized?
@@ -175,12 +176,10 @@ module ActionMCP
         log_debug("Sending client capabilities")
 
         # If we have a session_id, we're trying to resume
-        if @session_id
-          log_debug("Attempting to resume session: #{@session_id}")
-        end
+        log_debug("Attempting to resume session: #{@session_id}") if @session_id
 
         params = {
-          protocolVersion: ActionMCP::DEFAULT_PROTOCOL_VERSION,
+          protocolVersion: @protocol_version,
           capabilities: client_capabilities,
           clientInfo: client_info
         }

data/lib/action_mcp/client/collection.rb

@@ -143,14 +143,14 @@ module ActionMCP
       def silence_logs
         return yield unless @silence_sql
 
-        original_log_level = Session.logger&.level
+        original_log_level = ActionMCP::Session.logger&.level
         begin
           # Temporarily increase log level to suppress SQL queries
-          Session.logger.level = Logger::WARN if Session.logger
+          ActionMCP::Session.logger.level = Logger::WARN if ActionMCP::Session.logger
           yield
         ensure
           # Restore original log level
-          Session.logger.level = original_log_level if Session.logger
+          ActionMCP::Session.logger.level = original_log_level if ActionMCP::Session.logger && original_log_level
         end
       end
 

data/lib/action_mcp/client/elicitation.rb

@@ -8,15 +8,15 @@ module ActionMCP
       # @param id [String, Integer] The request ID
       # @param params [Hash] The elicitation parameters
       def process_elicitation_request(id, params)
-        message = params["message"]
-        requested_schema = params["requestedSchema"]
+        params["message"]
+        params["requestedSchema"]
 
         # In a real implementation, this would prompt the user
         # For now, we'll just return a decline response
         # Actual implementations should override this method
         send_jsonrpc_response(id, result: {
-          action: "decline"
-        })
+                                action: "decline"
+                              })
       end
 
       # Send elicitation response

data/lib/action_mcp/client/json_rpc_handler.rb

@@ -53,15 +53,13 @@ module ActionMCP
         case rpc_method
         when Methods::ELICITATION_CREATE
           client.process_elicitation_request(id, params)
-        when /^roots\//
+        when %r{^roots/}
           process_roots(rpc_method, id)
-        when /^sampling\//
+        when %r{^sampling/}
           process_sampling(rpc_method, id, params)
         else
           common_result = handle_common_methods(rpc_method, id, params)
-          if common_result.nil?
-            client.log_warn("Unknown server method: #{rpc_method} #{id} #{params}")
-          end
+          client.log_warn("Unknown server method: #{rpc_method} #{id} #{params}") if common_result.nil?
         end
       end
 
@@ -161,7 +159,7 @@ module ActionMCP
         client.log_error("Unknown error: #{id} #{error}")
       end
 
-      def handle_initialize_response(request_id, result)
+      def handle_initialize_response(_request_id, result)
         # Session ID comes from HTTP headers, not the response body
         # The transport should have already extracted it
         session_id = transport.instance_variable_get(:@session_id)
@@ -179,13 +177,13 @@ module ActionMCP
         else
           # Create a new session with the server-provided ID
           client.instance_variable_set(:@session, ActionMCP::Session.from_client.new(
-            id: session_id,
-            protocol_version: result["protocolVersion"] || ActionMCP::DEFAULT_PROTOCOL_VERSION,
-            client_info: client.client_info,
-            client_capabilities: client.client_capabilities,
-            server_info: result["serverInfo"],
-            server_capabilities: result["capabilities"]
-          ))
+                                                    id: session_id,
+                                                    protocol_version: result["protocolVersion"] || ActionMCP::DEFAULT_PROTOCOL_VERSION,
+                                                    client_info: client.client_info,
+                                                    client_capabilities: client.client_capabilities,
+                                                    server_info: result["serverInfo"],
+                                                    server_capabilities: result["capabilities"]
+                                                  ))
           client.session.save
           client.log_info("Created new session: #{session_id}")
         end

data/lib/action_mcp/client/jwt_client_provider.rb

@@ -18,9 +18,9 @@ module ActionMCP
         @logger = logger
 
         # If token provided during initialization, store it
-        if token
-          save_token(token)
-        end
+        return unless token
+
+        save_token(token)
       end
 
       # Check if client has valid authentication
@@ -62,6 +62,7 @@ module ActionMCP
         token = current_token
         return nil unless token
         return nil if token_expired?(token)
+
         token
       end
 
@@ -85,7 +86,7 @@ module ActionMCP
 
           # Add 30 second buffer for clock skew
           Time.at(exp) <= Time.now + 30
-        rescue => e
+        rescue StandardError => e
           log_debug("Error checking token expiration: #{e.message}")
           true # Treat invalid tokens as expired
         end
@@ -103,7 +104,7 @@ module ActionMCP
 
         payload_json = Base64.urlsafe_decode64(payload_base64)
         JSON.parse(payload_json)
-      rescue => e
+      rescue StandardError => e
         raise AuthenticationError, "Failed to decode JWT: #{e.message}"
       end
 

data/lib/action_mcp/client/oauth_client_provider.rb

@@ -173,16 +173,18 @@ module ActionMCP
         well_known_url.path = "/.well-known/oauth-authorization-server"
 
         response = @http_client.get(well_known_url)
-        unless response.success?
-          raise AuthenticationError, "Failed to fetch server metadata: #{response.status}"
-        end
+        raise AuthenticationError, "Failed to fetch server metadata: #{response.status}" unless response.success?
 
         JSON.parse(response.body, symbolize_names: true)
       end
 
       def handle_token_response(response)
         unless response.success?
-          error_body = JSON.parse(response.body) rescue {}
+          error_body = begin
+            JSON.parse(response.body)
+          rescue StandardError
+            {}
+          end
           error_msg = error_body["error_description"] || error_body["error"] || "Token request failed"
           raise AuthenticationError, "#{error_msg} (#{response.status})"
         end
@@ -190,9 +192,7 @@ module ActionMCP
         token_data = JSON.parse(response.body, symbolize_names: true)
 
         # Calculate token expiration
-        if token_data[:expires_in]
-          token_data[:expires_at] = Time.now.to_i + token_data[:expires_in].to_i
-        end
+        token_data[:expires_at] = Time.now.to_i + token_data[:expires_in].to_i if token_data[:expires_in]
 
         save_tokens(token_data)
         log_debug("OAuth tokens obtained successfully")
@@ -219,7 +219,7 @@ module ActionMCP
           client_name: "ActionMCP Client",
           client_uri: "https://github.com/anthropics/action_mcp",
           redirect_uris: [ @redirect_url.to_s ],
-          grant_types: [ "authorization_code", "refresh_token" ],
+          grant_types: %w[authorization_code refresh_token],
           response_types: [ "code" ],
           token_endpoint_auth_method: "none", # Public client
           code_challenge_methods_supported: [ "S256" ]