actionmcp 0.71.1 → 0.72.0

data/lib/action_mcp/configuration.rb

@@ -53,7 +53,7 @@ module ActionMCP
 
     def initialize
       @logging_enabled = true
-      @list_changed = false
+      @list_changed = true
       @logging_level = :info
       @resources_subscribe = false
       @elicitation_enabled = false
@@ -67,7 +67,7 @@ module ActionMCP
 
       @sse_heartbeat_interval = 30
       @post_response_preference = :json
-      @protocol_version = "2025-03-26"  # Default to legacy for backwards compatibility
+      @protocol_version = "2025-03-26" # Default to legacy for backwards compatibility
 
       # Resumability defaults
       @sse_event_retention_period = 15.minutes
@@ -93,8 +93,8 @@ module ActionMCP
 
     def gateway_class
       if @gateway_class_name
-        klass = @gateway_class_name.constantize
-        klass
+        @gateway_class_name.constantize
+
       else
         @gateway_class
       end
@@ -117,22 +117,16 @@ module ActionMCP
         raise "Invalid MCP config file" unless app_config.is_a?(Hash)
 
         # Extract authentication configuration if present
-        if app_config["authentication"]
-          @authentication_methods = Array(app_config["authentication"])
-        end
+        @authentication_methods = Array(app_config["authentication"]) if app_config["authentication"]
 
         # Extract OAuth configuration if present
-        if app_config["oauth"]
-          @oauth_config = HashWithIndifferentAccess.new(app_config["oauth"])
-        end
+        @oauth_config = HashWithIndifferentAccess.new(app_config["oauth"]) if app_config["oauth"]
 
         # Extract other top-level configuration settings
         extract_top_level_settings(app_config)
 
         # Extract profiles configuration
-        if app_config["profiles"]
-          @profiles = app_config["profiles"]
-        end
+        @profiles = app_config["profiles"] if app_config["profiles"]
       rescue StandardError => e
         # If the config file doesn't exist in the Rails app, just use the defaults
         Rails.logger.warn "[Configuration] Failed to load MCP config: #{e.class} - #{e.message}"
@@ -192,20 +186,16 @@ module ActionMCP
 
       # Check profile configuration instead of registry contents
       # If profile includes tools (either "all" or specific tools), advertise tools capability
-      if profile && profile[:tools] && profile[:tools].any?
-        capabilities[:tools] = { listChanged: @list_changed }
-      end
+      capabilities[:tools] = { listChanged: @list_changed } if profile && profile[:tools]&.any?
 
       # If profile includes prompts, advertise prompts capability
-      if profile && profile[:prompts] && profile[:prompts].any?
-        capabilities[:prompts] = { listChanged: @list_changed }
-      end
+      capabilities[:prompts] = { listChanged: @list_changed } if profile && profile[:prompts]&.any?
 
       capabilities[:logging] = {} if @logging_enabled
 
       # If profile includes resources, advertise resources capability
-      if profile && profile[:resources] && profile[:resources].any?
-        capabilities[:resources] = { subscribe: @resources_subscribe }
+      if profile && profile[:resources]&.any?
+        capabilities[:resources] = { subscribe: @resources_subscribe, listChanged: @list_changed }
       end
 
       capabilities[:elicitation] = {} if @elicitation_enabled
@@ -240,12 +230,12 @@ module ActionMCP
 
       # Check if any component type includes "all"
       needs_eager_load = profile[:tools]&.include?("all") ||
-                        profile[:prompts]&.include?("all") ||
-                        profile[:resources]&.include?("all")
+                         profile[:prompts]&.include?("all") ||
+                         profile[:resources]&.include?("all")
 
-      if needs_eager_load
-        ensure_mcp_components_loaded
-      end
+      return unless needs_eager_load
+
+      ensure_mcp_components_loaded
     end
 
     private
@@ -285,51 +275,35 @@ module ActionMCP
       end
 
       # Extract thread pool settings
-      if app_config["min_threads"]
-        @min_threads = app_config["min_threads"]
-      end
+      @min_threads = app_config["min_threads"] if app_config["min_threads"]
 
-      if app_config["max_threads"]
-        @max_threads = app_config["max_threads"]
-      end
+      @max_threads = app_config["max_threads"] if app_config["max_threads"]
 
-      if app_config["max_queue"]
-        @max_queue = app_config["max_queue"]
-      end
+      @max_queue = app_config["max_queue"] if app_config["max_queue"]
 
       # Extract polling interval for solid_cable
-      if app_config["polling_interval"]
-        @polling_interval = app_config["polling_interval"]
-      end
+      @polling_interval = app_config["polling_interval"] if app_config["polling_interval"]
 
       # Extract connects_to setting
-      if app_config["connects_to"]
-        @connects_to = app_config["connects_to"]
-      end
+      @connects_to = app_config["connects_to"] if app_config["connects_to"]
 
       # Extract verbose logging setting
-      if app_config.key?("verbose_logging")
-        @verbose_logging = app_config["verbose_logging"]
-      end
+      @verbose_logging = app_config["verbose_logging"] if app_config.key?("verbose_logging")
 
       # Extract gateway class configuration
-      if app_config["gateway_class"]
-        @gateway_class_name = app_config["gateway_class"]
-      end
+      @gateway_class_name = app_config["gateway_class"] if app_config["gateway_class"]
 
       # Extract session store configuration
-      if app_config["session_store_type"]
-        @session_store_type = app_config["session_store_type"].to_sym
-      end
+      @session_store_type = app_config["session_store_type"].to_sym if app_config["session_store_type"]
 
       # Extract client and server session store types
       if app_config["client_session_store_type"]
         @client_session_store_type = app_config["client_session_store_type"].to_sym
       end
 
-      if app_config["server_session_store_type"]
-        @server_session_store_type = app_config["server_session_store_type"].to_sym
-      end
+      return unless app_config["server_session_store_type"]
+
+      @server_session_store_type = app_config["server_session_store_type"].to_sym
     end
 
     def should_include_all?(type)
@@ -377,6 +351,7 @@ module ActionMCP
         Dir.glob(mcp_path.join("**/*.rb")).sort.each do |file|
           # Skip base classes we already loaded
           next if base_files.any? { |base| file == base.to_s }
+
           require_dependency file
         end
       end

data/lib/action_mcp/engine.rb

@@ -77,9 +77,7 @@ module ActionMCP
       end
 
       # Add identifiers directory for gateway identifiers
-      if identifiers_path.exist?
-        app.autoloaders.main.push_dir(identifiers_path, namespace: Object)
-      end
+      app.autoloaders.main.push_dir(identifiers_path, namespace: Object) if identifiers_path.exist?
     end
 
     # Initialize the ActionMCP logger.

data/lib/action_mcp/filtered_logger.rb

@@ -16,7 +16,7 @@ module ActionMCP
 
     def add(severity, message = nil, progname = nil, &block)
       # Filter out repetitive OAuth metadata requests
-      if message && message.is_a?(String)
+      if message.is_a?(String)
         return if FILTERED_PATHS.any? { |path| message.include?(path) && message.include?("200 OK") }
 
         # Filter out repetitive MCP notifications

data/lib/action_mcp/gateway.rb

@@ -31,21 +31,17 @@ module ActionMCP
     def authenticate!
       active_identifiers = filter_active_identifiers
 
-      if active_identifiers.empty?
-        raise ActionMCP::UnauthorizedError, "No authentication methods available"
-      end
+      raise ActionMCP::UnauthorizedError, "No authentication methods available" if active_identifiers.empty?
 
       # Try identifiers in order, use the first one that succeeds
       last_error = nil
       active_identifiers.each do |klass|
-        begin
-          result = klass.new(@request).resolve
-          return { klass.identifier_name => result }
-        rescue ActionMCP::GatewayIdentifier::Unauthorized => e
-          last_error = e
-          # Try next identifier
-          next
-        end
+        result = klass.new(@request).resolve
+        return { klass.identifier_name => result }
+      rescue ActionMCP::GatewayIdentifier::Unauthorized => e
+        last_error = e
+        # Try next identifier
+        next
       end
 
       # If we get here, all identifiers failed

data/lib/action_mcp/json_rpc_handler_base.rb

@@ -64,8 +64,6 @@ module ActionMCP
       when %r{^notifications/}
         process_notifications(rpc_method, params)
         true
-      else
-        nil
       end
     end
 

data/lib/action_mcp/jwt_decoder.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "jwt"
 
 module ActionMCP
@@ -13,14 +15,14 @@ module ActionMCP
         payload
       rescue JWT::ExpiredSignature
         raise DecodeError, "Token has expired"
-      rescue JWT::DecodeError => e
+      rescue JWT::DecodeError
         # Simplify the error message for invalid tokens
         raise DecodeError, "Invalid token"
       end
     end
 
     # Defaults (can be overridden in an initializer)
-    self.secret = ENV.fetch("ACTION_MCP_JWT_SECRET") { "change-me" }
+    self.secret = ENV.fetch("ACTION_MCP_JWT_SECRET", "change-me")
     self.algorithm = "HS256"
   end
 end

data/lib/action_mcp/oauth/active_record_storage.rb

@@ -18,7 +18,7 @@ module ActionMCP
           code_challenge_method: data[:code_challenge_method],
           expires_at: data[:expires_at],
           metadata: data.except(:client_id, :user_id, :redirect_uri, :scope,
-                               :code_challenge, :code_challenge_method, :expires_at)
+                                :code_challenge, :code_challenge_method, :expires_at)
         )
       end
 

data/lib/action_mcp/oauth/memory_storage.rb

@@ -66,9 +66,7 @@ module ActionMCP
 
       def update_refresh_token(token, new_access_token)
         @mutex.synchronize do
-          if @refresh_tokens[token]
-            @refresh_tokens[token][:access_token] = new_access_token
-          end
+          @refresh_tokens[token][:access_token] = new_access_token if @refresh_tokens[token]
         end
       end
 

data/lib/action_mcp/oauth/middleware.rb

@@ -18,17 +18,13 @@ module ActionMCP
         return @app.call(env) unless should_process_oauth?(request)
 
         # Skip OAuth processing for metadata endpoints
-        if request.path.start_with?("/.well-known/") || request.path.start_with?("/oauth/")
-          return @app.call(env)
-        end
+        return @app.call(env) if request.path.start_with?("/.well-known/") || request.path.start_with?("/oauth/")
 
         # Skip OAuth processing for initialization-related requests
-        if initialization_related_request?(request)
-          return @app.call(env)
-        end
+        return @app.call(env) if initialization_related_request?(request)
 
         # Validate Bearer token for API requests
-        if bearer_token = extract_bearer_token(request)
+        if (bearer_token = extract_bearer_token(request))
           validate_oauth_token(request, bearer_token)
         end
 
@@ -39,7 +35,7 @@ module ActionMCP
 
       private
 
-      def should_process_oauth?(request)
+      def should_process_oauth?(_request)
         # Check if OAuth is enabled in configuration
         auth_methods = ActionMCP.configuration.authentication_methods
         return false unless auth_methods&.include?("oauth")
@@ -55,7 +51,7 @@ module ActionMCP
 
         # Check if this is an MCP endpoint (ends with / or is the root)
         path = request.path
-        return false unless path == "/" || path.match?(/\/action_mcp\/?$/)
+        return false unless path == "/" || path.match?(%r{/action_mcp/?$})
 
         # Read and parse the request body
         body = request.body.read
@@ -70,7 +66,6 @@ module ActionMCP
         false
       end
 
-
       def extract_bearer_token(request)
         auth_header = request.headers["Authorization"] || request.headers["authorization"]
         return nil unless auth_header&.start_with?("Bearer ")
@@ -82,23 +77,23 @@ module ActionMCP
         # Use the OAuth provider for token introspection
         token_info = ActionMCP::OAuth::Provider.introspect_token(token)
 
-        if token_info && token_info[:active]
-          # Store OAuth token info in request environment for Gateway
-          request.env["action_mcp.oauth_token_info"] = token_info
-          request.env["action_mcp.oauth_token"] = token
-        else
+        unless token_info && token_info[:active]
           raise ActionMCP::OAuth::InvalidTokenError, "Invalid or expired OAuth token"
         end
+
+        # Store OAuth token info in request environment for Gateway
+        request.env["action_mcp.oauth_token_info"] = token_info
+        request.env["action_mcp.oauth_token"] = token
       end
 
       def oauth_error_response(error)
         status = case error
         when ActionMCP::OAuth::InvalidTokenError
-                  401
+                   401
         when ActionMCP::OAuth::InsufficientScopeError
-                  403
+                   403
         else
-                  400
+                   400
         end
 
         headers = {

data/lib/action_mcp/oauth/provider.rb

@@ -18,7 +18,8 @@ module ActionMCP
         # @param code_challenge_method [String] PKCE challenge method (S256, plain)
         # @param user_id [String] User identifier
         # @return [String] Authorization code
-        def generate_authorization_code(client_id:, redirect_uri:, scope:, code_challenge: nil, code_challenge_method: nil, user_id:)
+        def generate_authorization_code(client_id:, redirect_uri:, scope:, user_id:, code_challenge: nil,
+                                        code_challenge_method: nil)
           # Validate scope
           validate_scope(scope) if scope
 
@@ -26,15 +27,15 @@ module ActionMCP
 
           # Store authorization code with metadata
           store_authorization_code(code, {
-            client_id: client_id,
-            redirect_uri: redirect_uri,
-            scope: scope,
-            code_challenge: code_challenge,
-            code_challenge_method: code_challenge_method,
-            user_id: user_id,
-            created_at: Time.current,
-            expires_at: 10.minutes.from_now
-          })
+                                     client_id: client_id,
+                                     redirect_uri: redirect_uri,
+                                     scope: scope,
+                                     code_challenge: code_challenge,
+                                     code_challenge_method: code_challenge_method,
+                                     user_id: user_id,
+                                     created_at: Time.current,
+                                     expires_at: 10.minutes.from_now
+                                   })
 
           code
         end
@@ -46,7 +47,7 @@ module ActionMCP
         # @param redirect_uri [String] Client redirect URI
         # @param code_verifier [String] PKCE code verifier
         # @return [Hash] Token response with access_token, token_type, expires_in, scope
-        def exchange_code_for_token(code:, client_id:, client_secret: nil, redirect_uri:, code_verifier: nil)
+        def exchange_code_for_token(code:, client_id:, redirect_uri:, client_secret: nil, code_verifier: nil)
           # Retrieve and validate authorization code
           code_data = retrieve_authorization_code(code)
           raise InvalidGrantError, "Invalid authorization code" unless code_data
@@ -56,14 +57,10 @@ module ActionMCP
           validate_client(client_id, client_secret)
 
           # Validate redirect URI matches
-          unless code_data[:redirect_uri] == redirect_uri
-            raise InvalidGrantError, "Redirect URI mismatch"
-          end
+          raise InvalidGrantError, "Redirect URI mismatch" unless code_data[:redirect_uri] == redirect_uri
 
           # Validate client ID matches
-          unless code_data[:client_id] == client_id
-            raise InvalidGrantError, "Client ID mismatch"
-          end
+          raise InvalidGrantError, "Client ID mismatch" unless code_data[:client_id] == client_id
 
           # Validate PKCE if challenge was provided during authorization
           if code_data[:code_challenge]
@@ -118,9 +115,7 @@ module ActionMCP
           validate_client(client_id, client_secret)
 
           # Validate client ID matches
-          unless token_data[:client_id] == client_id
-            raise InvalidGrantError, "Client ID mismatch"
-          end
+          raise InvalidGrantError, "Client ID mismatch" unless token_data[:client_id] == client_id
 
           # Validate scope if provided
           if scope
@@ -160,9 +155,7 @@ module ActionMCP
         def introspect_token(access_token)
           token_data = retrieve_access_token(access_token)
 
-          unless token_data
-            return { active: false }
-          end
+          return { active: false } unless token_data
 
           if token_data[:expires_at] < Time.current
             remove_access_token(access_token)
@@ -188,19 +181,15 @@ module ActionMCP
           revoked = false
 
           # Try access token first if hint suggests it or no hint provided
-          if token_type_hint == "access_token" || token_type_hint.nil?
-            if retrieve_access_token(token)
-              revoke_access_token(token)
-              revoked = true
-            end
+          if (token_type_hint == "access_token" || token_type_hint.nil?) && retrieve_access_token(token)
+            revoke_access_token(token)
+            revoked = true
           end
 
           # Try refresh token if not revoked yet
-          if !revoked && (token_type_hint == "refresh_token" || token_type_hint.nil?)
-            if retrieve_refresh_token(token)
-              revoke_refresh_token(token)
-              revoked = true
-            end
+          if !revoked && (token_type_hint == "refresh_token" || token_type_hint.nil?) && retrieve_refresh_token(token)
+            revoke_refresh_token(token)
+            revoked = true
           end
 
           revoked
@@ -269,9 +258,7 @@ module ActionMCP
           if client_info
             # Validate client secret for confidential clients
             if client_info[:client_secret]
-              unless client_secret == client_info[:client_secret]
-                raise InvalidClientError, "Invalid client credentials"
-              end
+              raise InvalidClientError, "Invalid client credentials" unless client_secret == client_info[:client_secret]
             elsif require_secret
               raise InvalidClientError, "Client authentication required"
             end
@@ -280,15 +267,14 @@ module ActionMCP
 
           # Fall back to custom provider validation
           provider_class = oauth_config[:provider]
-          if provider_class && provider_class.respond_to?(:validate_client)
+          if provider_class.respond_to?(:validate_client)
             provider_class.validate_client(client_id, client_secret)
           elsif require_secret && client_secret.nil?
             raise InvalidClientError, "Client authentication required"
           else
             # In development, allow unregistered clients if configured
-            if Rails.env.development? && oauth_config[:allow_unregistered_clients] != false
-              return true
-            end
+            return true if Rails.env.development? && oauth_config[:allow_unregistered_clients] != false
+
             raise InvalidClientError, "Unknown client"
           end
         end
@@ -301,16 +287,10 @@ module ActionMCP
             expected_challenge = Base64.urlsafe_encode64(
               Digest::SHA256.digest(code_verifier), padding: false
             )
-            unless code_challenge == expected_challenge
-              raise InvalidGrantError, "Invalid code verifier"
-            end
+            raise InvalidGrantError, "Invalid code verifier" unless code_challenge == expected_challenge
           when "plain"
-            unless oauth_config[:allow_plain_pkce]
-              raise InvalidGrantError, "Plain PKCE not allowed"
-            end
-            unless code_challenge == code_verifier
-              raise InvalidGrantError, "Invalid code verifier"
-            end
+            raise InvalidGrantError, "Plain PKCE not allowed" unless oauth_config[:allow_plain_pkce]
+            raise InvalidGrantError, "Invalid code verifier" unless code_challenge == code_verifier
           else
             raise InvalidGrantError, "Unsupported code challenge method"
           end
@@ -320,9 +300,9 @@ module ActionMCP
           supported_scopes = oauth_config.fetch(:scopes_supported, [ "mcp:tools", "mcp:resources", "mcp:prompts" ])
           requested_scopes = scope.split(" ")
           unsupported = requested_scopes - supported_scopes
-          if unsupported.any?
-            raise InvalidScopeError, "Unsupported scopes: #{unsupported.join(', ')}"
-          end
+          return unless unsupported.any?
+
+          raise InvalidScopeError, "Unsupported scopes: #{unsupported.join(', ')}"
         end
 
         def default_scope
@@ -333,12 +313,12 @@ module ActionMCP
           token = SecureRandom.urlsafe_base64(32)
 
           store_access_token(token, {
-            client_id: client_id,
-            scope: scope,
-            user_id: user_id,
-            created_at: Time.current,
-            expires_at: token_expires_in.seconds.from_now
-          })
+                               client_id: client_id,
+                               scope: scope,
+                               user_id: user_id,
+                               created_at: Time.current,
+                               expires_at: token_expires_in.seconds.from_now
+                             })
 
           token
         end
@@ -347,13 +327,13 @@ module ActionMCP
           token = SecureRandom.urlsafe_base64(32)
 
           store_refresh_token(token, {
-            client_id: client_id,
-            scope: scope,
-            user_id: user_id,
-            access_token: access_token,
-            created_at: Time.current,
-            expires_at: refresh_token_expires_in.seconds.from_now
-          })
+                                client_id: client_id,
+                                scope: scope,
+                                user_id: user_id,
+                                access_token: access_token,
+                                created_at: Time.current,
+                                expires_at: refresh_token_expires_in.seconds.from_now
+                              })
 
           token
         end

data/lib/action_mcp/omniauth/mcp_strategy.rb

@@ -38,17 +38,15 @@ module ActionMCP
 
       # User info from OAuth token response or userinfo endpoint
       def raw_info
-        @raw_info ||= begin
-          if options.userinfo_url
-            access_token.get(options.userinfo_url).parsed
-          else
-            # Extract user info from token response or use minimal info
-            token_response = access_token.token
-            {
-              "sub" => access_token.params["user_id"] || access_token.token,
-              "scope" => access_token.params["scope"] || options.scope
-            }
-          end
+        @raw_info ||= if options.userinfo_url
+                        access_token.get(options.userinfo_url).parsed
+        else
+                        # Extract user info from token response or use minimal info
+                        access_token.token
+                        {
+                          "sub" => access_token.params["user_id"] || access_token.token,
+                          "scope" => access_token.params["scope"] || options.scope
+                        }
         end
       rescue ::OAuth2::Error => e
         log(:error, "Failed to fetch user info: #{e.message}")
@@ -93,11 +91,11 @@ module ActionMCP
       # Override client to use discovered endpoints if available
       def client
         @client ||= begin
-          if discovery_info.any?
+          if discovery_info.any? && discovery_info["authorization_endpoint"] && discovery_info["token_endpoint"]
             options.client_options.merge!(
               authorize_url: discovery_info["authorization_endpoint"],
               token_url: discovery_info["token_endpoint"]
-            ) if discovery_info["authorization_endpoint"] && discovery_info["token_endpoint"]
+            )
           end
           super
         end
@@ -115,9 +113,9 @@ module ActionMCP
 
         begin
           response = client.request(:post, options.introspection_url || "/oauth/introspect", {
-            body: { token: token },
-            headers: { "Content-Type" => "application/x-www-form-urlencoded" }
-          })
+                                      body: { token: token },
+                                      headers: { "Content-Type" => "application/x-www-form-urlencoded" }
+                                    })
 
           token_info = JSON.parse(response.body)
           return nil unless token_info["active"]
@@ -137,36 +135,24 @@ module ActionMCP
         return unless oauth_config.is_a?(Hash)
 
         # Set client options from MCP config
-        if oauth_config["issuer_url"]
-          options.client_options[:site] = oauth_config["issuer_url"]
-        end
+        options.client_options[:site] = oauth_config["issuer_url"] if oauth_config["issuer_url"]
 
-        if oauth_config["client_id"]
-          options.client_id = oauth_config["client_id"]
-        end
+        options.client_id = oauth_config["client_id"] if oauth_config["client_id"]
 
-        if oauth_config["client_secret"]
-          options.client_secret = oauth_config["client_secret"]
-        end
+        options.client_secret = oauth_config["client_secret"] if oauth_config["client_secret"]
 
-        if oauth_config["scopes_supported"]
-          options.scope = Array(oauth_config["scopes_supported"]).join(" ")
-        end
+        options.scope = Array(oauth_config["scopes_supported"]).join(" ") if oauth_config["scopes_supported"]
 
         # Enable PKCE if required (OAuth 2.1 compliance)
-        if oauth_config["pkce_required"]
-          options.pkce = true
-        end
+        options.pkce = true if oauth_config["pkce_required"]
 
         # Set userinfo endpoint if provided
-        if oauth_config["userinfo_endpoint"]
-          options.userinfo_url = oauth_config["userinfo_endpoint"]
-        end
+        options.userinfo_url = oauth_config["userinfo_endpoint"] if oauth_config["userinfo_endpoint"]
 
         # Set token introspection endpoint
-        if oauth_config["introspection_endpoint"]
-          options.introspection_url = oauth_config["introspection_endpoint"]
-        end
+        return unless oauth_config["introspection_endpoint"]
+
+        options.introspection_url = oauth_config["introspection_endpoint"]
       end
     end
   end