actionmcp 0.71.1 → 0.80.0

data/lib/action_mcp/client/streamable_http_transport.rb

@@ -15,11 +15,9 @@ module ActionMCP
 
       attr_reader :session_id, :last_event_id, :protocol_version
 
-      def initialize(url, session_store:, session_id: nil, oauth_provider: nil, jwt_provider: nil, protocol_version: nil, **options)
+      def initialize(url, session_store:, session_id: nil, protocol_version: nil, **options)
         super(url, session_store: session_store, **options)
         @session_id = session_id
-        @oauth_provider = oauth_provider
-        @jwt_provider = jwt_provider
         @protocol_version = protocol_version || ActionMCP::DEFAULT_PROTOCOL_VERSION
         @negotiated_protocol_version = nil
         @last_event_id = nil
@@ -66,9 +64,7 @@ module ActionMCP
       end
 
       def send_message(message)
-        unless ready?
-          raise ConnectionError, "Transport not ready"
-        end
+        raise ConnectionError, "Transport not ready" unless ready?
 
         headers = build_post_headers
         json_data = message.is_a?(String) ? message : message.to_json
@@ -104,12 +100,8 @@ module ActionMCP
         headers["Last-Event-ID"] = @last_event_id if @last_event_id
 
         # Add MCP-Protocol-Version header for GET requests when we have a negotiated version
-        if @negotiated_protocol_version
-          headers["MCP-Protocol-Version"] = @negotiated_protocol_version
-        end
+        headers["MCP-Protocol-Version"] = @negotiated_protocol_version if @negotiated_protocol_version
 
-        headers.merge!(oauth_headers)
-        headers.merge!(jwt_headers)
         log_debug("Final GET headers: #{headers}")
         headers
       end
@@ -123,12 +115,8 @@ module ActionMCP
 
         # Add MCP-Protocol-Version header as per 2025-06-18 spec
         # Only include when we have a negotiated version from previous handshake
-        if @negotiated_protocol_version
-          headers["MCP-Protocol-Version"] = @negotiated_protocol_version
-        end
+        headers["MCP-Protocol-Version"] = @negotiated_protocol_version if @negotiated_protocol_version
 
-        headers.merge!(oauth_headers)
-        headers.merge!(jwt_headers)
         log_debug("Final POST headers: #{headers}")
         headers
       end
@@ -154,6 +142,7 @@ module ActionMCP
         @http_client.get(@url, nil, headers) do |req|
           req.options.on_data = proc do |chunk, _bytes|
             break if @stop_requested
+
             process_sse_chunk(chunk)
           end
         end
@@ -182,9 +171,9 @@ module ActionMCP
 
         lines.each do |line|
           if line.start_with?("id:")
-            event_id = line[3..-1].strip
+            event_id = line[3..].strip
           elsif line.start_with?("data:")
-            data_lines << line[5..-1].strip
+            data_lines << line[5..].strip
           end
         end
 
@@ -201,11 +190,9 @@ module ActionMCP
         end
       end
 
-      def handle_post_response(response, original_message)
+      def handle_post_response(response, _original_message)
         # Extract session ID from response headers
-        if response.headers["mcp-session-id"]
-          @session_id = response.headers["mcp-session-id"]
-        end
+        @session_id = response.headers["mcp-session-id"] if response.headers["mcp-session-id"]
 
         case response.status
         when 200
@@ -214,7 +201,6 @@ module ActionMCP
           # Accepted - message received, no immediate response
           log_debug("Message accepted (202)")
         when 401
-          handle_authentication_error(response)
           raise AuthenticationError, "Authentication required"
         when 405
           # Method not allowed - server doesn't support this operation
@@ -237,19 +223,17 @@ module ActionMCP
       end
 
       def handle_json_response(response)
-        begin
-          message = MultiJson.load(response.body)
-
-          # Check if this is an initialize response to capture negotiated protocol version
-          if message.is_a?(Hash) && message["result"] && message["result"]["protocolVersion"]
-            @negotiated_protocol_version = message["result"]["protocolVersion"]
-            log_debug("Negotiated protocol version: #{@negotiated_protocol_version}")
-          end
+        message = MultiJson.load(response.body)
 
-          handle_message(message)
-        rescue MultiJson::ParseError => e
-          log_error("Failed to parse JSON response: #{e}")
+        # Check if this is an initialize response to capture negotiated protocol version
+        if message.is_a?(Hash) && message["result"] && message["result"]["protocolVersion"]
+          @negotiated_protocol_version = message["result"]["protocolVersion"]
+          log_debug("Negotiated protocol version: #{@negotiated_protocol_version}")
         end
+
+        handle_message(message)
+      rescue MultiJson::ParseError => e
+        log_error("Failed to parse JSON response: #{e}")
       end
 
       def handle_sse_response_stream(response)
@@ -261,9 +245,7 @@ module ActionMCP
 
       def handle_error_response(response)
         error_msg = +"HTTP #{response.status}: #{response.reason_phrase}"
-        if response.body && !response.body.empty?
-          error_msg << " - #{response.body}"
-        end
+        error_msg << " - #{response.body}" if response.body && !response.body.empty?
         raise ConnectionError, error_msg
       end
 
@@ -315,43 +297,6 @@ module ActionMCP
         log_debug("Saved session state")
       end
 
-      def oauth_headers
-        return {} unless @oauth_provider&.authenticated?
-
-        headers = @oauth_provider.authorization_headers
-        log_debug("OAuth headers: #{headers}") unless headers.empty?
-        headers
-      rescue StandardError => e
-        log_error("Failed to get OAuth headers: #{e.message}")
-        {}
-      end
-
-      def jwt_headers
-        return {} unless @jwt_provider&.authenticated?
-
-        headers = @jwt_provider.authorization_headers
-        log_debug("JWT headers: #{headers}") unless headers.empty?
-        headers
-      rescue StandardError => e
-        log_error("Failed to get JWT headers: #{e.message}")
-        {}
-      end
-
-      def handle_authentication_error(response)
-        # Check for OAuth challenge in WWW-Authenticate header
-        www_auth = response.headers["www-authenticate"]
-        if www_auth&.include?("Bearer")
-          if @oauth_provider
-            log_debug("Received OAuth challenge, clearing OAuth tokens")
-            @oauth_provider.clear_tokens!
-          end
-
-          if @jwt_provider
-            log_debug("Received Bearer challenge, clearing JWT tokens")
-            @jwt_provider.clear_tokens!
-          end
-        end
-      end
 
       def user_agent
         "ActionMCP-StreamableHTTP/#{ActionMCP.gem_version}"

data/lib/action_mcp/client.rb

@@ -3,8 +3,6 @@
 require_relative "client/transport"
 require_relative "client/session_store"
 require_relative "client/streamable_http_transport"
-require_relative "client/oauth_client_provider"
-require_relative "client/jwt_client_provider"
 
 module ActionMCP
   # Creates a client appropriate for the given endpoint.
@@ -13,8 +11,6 @@ module ActionMCP
   # @param transport [Symbol] The transport type to use (:streamable_http, :sse for legacy)
   # @param session_store [Symbol] The session store type (:memory, :active_record)
   # @param session_id [String] Optional session ID for resuming connections
-  # @param oauth_provider [ActionMCP::Client::OauthClientProvider] Optional OAuth provider for authentication
-  # @param jwt_provider [ActionMCP::Client::JwtClientProvider] Optional JWT provider for authentication
   # @param protocol_version [String] The MCP protocol version to use (defaults to ActionMCP::DEFAULT_PROTOCOL_VERSION)
   # @param logger [Logger] The logger to use. Default is Logger.new($stdout).
   # @param options [Hash] Additional options to pass to the client constructor.
@@ -39,26 +35,8 @@ module ActionMCP
   #     session_store: :memory
   #   )
   #
-  # @example With OAuth authentication
-  #   oauth_provider = ActionMCP::Client::OauthClientProvider.new(
-  #     authorization_server_url: "https://oauth.example.com",
-  #     redirect_url: "http://localhost:3000/callback",
-  #     client_metadata: { client_name: "My App" }
-  #   )
-  #   client = ActionMCP.create_client(
-  #     "http://127.0.0.1:3001/action_mcp",
-  #     oauth_provider: oauth_provider
-  #   )
-  #
-  # @example With JWT authentication
-  #   jwt_provider = ActionMCP::Client::JwtClientProvider.new(
-  #     token: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..."
-  #   )
-  #   client = ActionMCP.create_client(
-  #     "http://127.0.0.1:3001/action_mcp",
-  #     jwt_provider: jwt_provider
-  #   )
-  def self.create_client(endpoint, transport: :streamable_http, session_store: nil, session_id: nil, oauth_provider: nil, jwt_provider: nil, protocol_version: nil, logger: Logger.new($stdout), **options)
+  def self.create_client(endpoint, transport: :streamable_http, session_store: nil, session_id: nil,
+                         protocol_version: nil, logger: Logger.new($stdout), **options)
     unless endpoint =~ %r{\Ahttps?://}
       raise ArgumentError, "Only HTTP(S) endpoints are supported. STDIO and other transports are not supported."
     end
@@ -67,11 +45,13 @@ module ActionMCP
     store = Client::SessionStoreFactory.create(session_store, **options)
 
     # Create transport
-    transport_instance = create_transport(transport, endpoint, session_store: store, session_id: session_id, oauth_provider: oauth_provider, jwt_provider: jwt_provider, protocol_version: protocol_version, logger: logger, **options)
+    transport_instance = create_transport(transport, endpoint, session_store: store, session_id: session_id,
+                                                               protocol_version: protocol_version, logger: logger, **options)
 
     logger.info("Creating #{transport} client for endpoint: #{endpoint}")
     # Pass session_id and protocol_version to the client
-    Client::Base.new(transport: transport_instance, logger: logger, session_id: session_id, protocol_version: protocol_version, **options)
+    Client::Base.new(transport: transport_instance, logger: logger, session_id: session_id,
+                     protocol_version: protocol_version, **options)
   end
 
   private_class_method def self.create_transport(type, endpoint, **options)

data/lib/action_mcp/configuration.rb

@@ -29,7 +29,6 @@ module ActionMCP
                   :verbose_logging,
                   # --- Authentication Options ---
                   :authentication_methods,
-                  :oauth_config,
                   # --- Transport Options ---
                   :sse_heartbeat_interval,
                   :post_response_preference, # :json or :sse
@@ -53,7 +52,7 @@ module ActionMCP
 
     def initialize
       @logging_enabled = true
-      @list_changed = false
+      @list_changed = true
       @logging_level = :info
       @resources_subscribe = false
       @elicitation_enabled = false
@@ -61,13 +60,12 @@ module ActionMCP
       @active_profile = :primary
       @profiles = default_profiles
 
-      # Authentication defaults
-      @authentication_methods = Rails.env.production? ? [ "jwt" ] : [ "none" ]
-      @oauth_config = HashWithIndifferentAccess.new
+      # Authentication defaults - empty means all configured identifiers will be tried
+      @authentication_methods = []
 
       @sse_heartbeat_interval = 30
       @post_response_preference = :json
-      @protocol_version = "2025-03-26"  # Default to legacy for backwards compatibility
+      @protocol_version = "2025-03-26" # Default to legacy for backwards compatibility
 
       # Resumability defaults
       @sse_event_retention_period = 15.minutes
@@ -93,8 +91,8 @@ module ActionMCP
 
     def gateway_class
       if @gateway_class_name
-        klass = @gateway_class_name.constantize
-        klass
+        @gateway_class_name.constantize
+
       else
         @gateway_class
       end
@@ -110,6 +108,9 @@ module ActionMCP
       # First load defaults from the gem
       @profiles = default_profiles
 
+      # Preserve any settings that were already set via Rails config
+      preserved_name = @name
+
       # Try to load from config/mcp.yml in the Rails app using Rails.config_for
       begin
         app_config = Rails.application.config_for(:mcp)
@@ -117,21 +118,27 @@ module ActionMCP
         raise "Invalid MCP config file" unless app_config.is_a?(Hash)
 
         # Extract authentication configuration if present
-        if app_config["authentication"]
-          @authentication_methods = Array(app_config["authentication"])
-        end
-
-        # Extract OAuth configuration if present
-        if app_config["oauth"]
-          @oauth_config = HashWithIndifferentAccess.new(app_config["oauth"])
-        end
+        # Handle both symbol and string keys
+        @authentication_methods = Array(app_config[:authentication] || app_config["authentication"]) if app_config[:authentication] || app_config["authentication"]
 
         # Extract other top-level configuration settings
         extract_top_level_settings(app_config)
 
-        # Extract profiles configuration
-        if app_config["profiles"]
-          @profiles = app_config["profiles"]
+        # Extract profiles configuration - merge with defaults instead of replacing
+        # Rails.config_for returns OrderedOptions which uses symbol keys
+        if app_config[:profiles] || app_config["profiles"]
+          # Get profiles with either symbol or string key
+          app_profiles = app_config[:profiles] || app_config["profiles"]
+
+          # Convert to regular hash and deep symbolize keys
+          if app_profiles.is_a?(ActiveSupport::OrderedOptions)
+            app_profiles = app_profiles.to_h.deep_symbolize_keys
+          elsif app_profiles.respond_to?(:deep_symbolize_keys)
+            app_profiles = app_profiles.deep_symbolize_keys
+          end
+
+          Rails.logger.debug "[Configuration] Merging profiles: #{app_profiles.inspect}"
+          @profiles = @profiles.deep_merge(app_profiles)
         end
       rescue StandardError => e
         # If the config file doesn't exist in the Rails app, just use the defaults
@@ -140,8 +147,13 @@ module ActionMCP
       end
 
       # Apply the active profile
+      Rails.logger.info "[ActionMCP] Loaded profiles: #{@profiles.keys.join(', ')}"
+      Rails.logger.info "[ActionMCP] Using profile: #{@active_profile}"
       use_profile(@active_profile)
 
+      # Restore preserved settings
+      @name = preserved_name if preserved_name
+
       self
     end
 
@@ -190,22 +202,21 @@ module ActionMCP
       capabilities = {}
       profile = @profiles[active_profile]
 
+      Rails.logger.debug "[ActionMCP] Generating capabilities for profile: #{active_profile}"
+      Rails.logger.debug "[ActionMCP] Profile config: #{profile.inspect}"
+
       # Check profile configuration instead of registry contents
       # If profile includes tools (either "all" or specific tools), advertise tools capability
-      if profile && profile[:tools] && profile[:tools].any?
-        capabilities[:tools] = { listChanged: @list_changed }
-      end
+      capabilities[:tools] = { listChanged: @list_changed } if profile && profile[:tools]&.any?
 
       # If profile includes prompts, advertise prompts capability
-      if profile && profile[:prompts] && profile[:prompts].any?
-        capabilities[:prompts] = { listChanged: @list_changed }
-      end
+      capabilities[:prompts] = { listChanged: @list_changed } if profile && profile[:prompts]&.any?
 
       capabilities[:logging] = {} if @logging_enabled
 
       # If profile includes resources, advertise resources capability
-      if profile && profile[:resources] && profile[:resources].any?
-        capabilities[:resources] = { subscribe: @resources_subscribe }
+      if profile && profile[:resources]&.any?
+        capabilities[:resources] = { subscribe: @resources_subscribe, listChanged: @list_changed }
       end
 
       capabilities[:elicitation] = {} if @elicitation_enabled
@@ -240,12 +251,12 @@ module ActionMCP
 
       # Check if any component type includes "all"
       needs_eager_load = profile[:tools]&.include?("all") ||
-                        profile[:prompts]&.include?("all") ||
-                        profile[:resources]&.include?("all")
+                         profile[:prompts]&.include?("all") ||
+                         profile[:resources]&.include?("all")
 
-      if needs_eager_load
-        ensure_mcp_components_loaded
-      end
+      return unless needs_eager_load
+
+      ensure_mcp_components_loaded
     end
 
     private
@@ -278,58 +289,48 @@ module ActionMCP
     end
 
     def extract_top_level_settings(app_config)
+      # Create a wrapper that handles both symbol and string keys
+      config = HashWithIndifferentAccess.new(app_config)
+
       # Extract adapter configuration
-      if app_config["adapter"]
+      if config["adapter"]
         # This will be handled by the pub/sub system, we just store it for now
-        @adapter = app_config["adapter"]
+        @adapter = config["adapter"]
       end
 
       # Extract thread pool settings
-      if app_config["min_threads"]
-        @min_threads = app_config["min_threads"]
-      end
+      @min_threads = config["min_threads"] if config["min_threads"]
 
-      if app_config["max_threads"]
-        @max_threads = app_config["max_threads"]
-      end
+      @max_threads = config["max_threads"] if config["max_threads"]
 
-      if app_config["max_queue"]
-        @max_queue = app_config["max_queue"]
-      end
+      @max_queue = config["max_queue"] if config["max_queue"]
 
       # Extract polling interval for solid_cable
-      if app_config["polling_interval"]
-        @polling_interval = app_config["polling_interval"]
-      end
+      @polling_interval = config["polling_interval"] if config["polling_interval"]
 
       # Extract connects_to setting
-      if app_config["connects_to"]
-        @connects_to = app_config["connects_to"]
-      end
+      @connects_to = config["connects_to"] if config["connects_to"]
 
       # Extract verbose logging setting
-      if app_config.key?("verbose_logging")
-        @verbose_logging = app_config["verbose_logging"]
-      end
+      @verbose_logging = config["verbose_logging"] if app_config.key?("verbose_logging")
 
       # Extract gateway class configuration
-      if app_config["gateway_class"]
-        @gateway_class_name = app_config["gateway_class"]
-      end
+      @gateway_class_name = config["gateway_class"] if config["gateway_class"]
+
+      # Extract active profile setting
+      @active_profile = config["profile"].to_sym if config["profile"]
 
       # Extract session store configuration
-      if app_config["session_store_type"]
-        @session_store_type = app_config["session_store_type"].to_sym
-      end
+      @session_store_type = config["session_store_type"].to_sym if config["session_store_type"]
 
       # Extract client and server session store types
-      if app_config["client_session_store_type"]
-        @client_session_store_type = app_config["client_session_store_type"].to_sym
+      if config["client_session_store_type"]
+        @client_session_store_type = config["client_session_store_type"].to_sym
       end
 
-      if app_config["server_session_store_type"]
-        @server_session_store_type = app_config["server_session_store_type"].to_sym
-      end
+      return unless config["server_session_store_type"]
+
+      @server_session_store_type = config["server_session_store_type"].to_sym
     end
 
     def should_include_all?(type)
@@ -377,6 +378,7 @@ module ActionMCP
         Dir.glob(mcp_path.join("**/*.rb")).sort.each do |file|
           # Skip base classes we already loaded
           next if base_files.any? { |base| file == base.to_s }
+
           require_dependency file
         end
       end

data/lib/action_mcp/engine.rb

@@ -12,7 +12,6 @@ module ActionMCP
     ActiveSupport::Inflector.inflections(:en) do |inflect|
       inflect.acronym "SSE"
       inflect.acronym "MCP"
-      inflect.acronym "OAuth"
     end
 
     # Provide a configuration namespace for ActionMCP
@@ -54,12 +53,6 @@ module ActionMCP
       ActionMCP.configuration.load_profiles
     end
 
-    # Add OAuth middleware if OAuth is configured
-    initializer "action_mcp.oauth_middleware", after: "action_mcp.load_profiles" do
-      if ActionMCP.configuration.authentication_methods&.include?("oauth")
-        config.middleware.use ActionMCP::OAuth::Middleware
-      end
-    end
 
     # Configure autoloading for the mcp/tools directory and identifiers
     initializer "action_mcp.autoloading", before: :set_autoload_paths do |app|
@@ -77,9 +70,7 @@ module ActionMCP
       end
 
       # Add identifiers directory for gateway identifiers
-      if identifiers_path.exist?
-        app.autoloaders.main.push_dir(identifiers_path, namespace: Object)
-      end
+      app.autoloaders.main.push_dir(identifiers_path, namespace: Object) if identifiers_path.exist?
     end
 
     # Initialize the ActionMCP logger.

data/lib/action_mcp/filtered_logger.rb

@@ -3,11 +3,7 @@
 module ActionMCP
   # Custom logger that filters out repetitive MCP requests
   class FilteredLogger < ActiveSupport::Logger
-    FILTERED_PATHS = [
-      "/oauth/authorize",
-      "/.well-known/oauth-protected-resource",
-      "/.well-known/oauth-authorization-server"
-    ].freeze
+    FILTERED_PATHS = [].freeze
 
     FILTERED_METHODS = [
       "notifications/initialized",
@@ -15,8 +11,8 @@ module ActionMCP
     ].freeze
 
     def add(severity, message = nil, progname = nil, &block)
-      # Filter out repetitive OAuth metadata requests
-      if message && message.is_a?(String)
+      # Filter out specific paths
+      if message.is_a?(String)
         return if FILTERED_PATHS.any? { |path| message.include?(path) && message.include?("200 OK") }
 
         # Filter out repetitive MCP notifications

data/lib/action_mcp/gateway.rb

@@ -31,21 +31,17 @@ module ActionMCP
     def authenticate!
       active_identifiers = filter_active_identifiers
 
-      if active_identifiers.empty?
-        raise ActionMCP::UnauthorizedError, "No authentication methods available"
-      end
+      raise ActionMCP::UnauthorizedError, "No authentication methods available" if active_identifiers.empty?
 
       # Try identifiers in order, use the first one that succeeds
       last_error = nil
       active_identifiers.each do |klass|
-        begin
-          result = klass.new(@request).resolve
-          return { klass.identifier_name => result }
-        rescue ActionMCP::GatewayIdentifier::Unauthorized => e
-          last_error = e
-          # Try next identifier
-          next
-        end
+        result = klass.new(@request).resolve
+        return { klass.identifier_name => result }
+      rescue ActionMCP::GatewayIdentifier::Unauthorized => e
+        last_error = e
+        # Try next identifier
+        next
       end
 
       # If we get here, all identifiers failed