actionmcp 0.71.1 → 0.80.0

data/lib/action_mcp/server/volatile_session_store.rb

@@ -27,99 +27,7 @@ module ActionMCP
     # documentation, tell them it's just "technical comments for developers."
     # They'll believe anything that sounds boring enough.
     #
-    class VolatileSessionStore
-      include SessionStore
-
-      def initialize
-        @sessions = Concurrent::Hash.new
-      end
-
-      def create_session(session_id = nil, attributes = {})
-        session_id ||= SecureRandom.hex(6)
-
-        session_data = {
-          id: session_id,
-          status: "pre_initialize",
-          initialized: false,
-          role: "server",
-          messages_count: 0,
-          sse_event_counter: 0,
-          created_at: Time.current,
-          updated_at: Time.current
-        }.merge(attributes)
-
-        session = MemorySession.new(session_data, self)
-
-        # Initialize server info and capabilities if server role
-        if session.role == "server"
-          session.server_info = {
-            name: ActionMCP.configuration.name,
-            version: ActionMCP.configuration.version
-          }
-          session.server_capabilities = ActionMCP.configuration.capabilities
-
-          # Initialize registries
-          session.tool_registry = ActionMCP.configuration.filtered_tools.map(&:name)
-          session.prompt_registry = ActionMCP.configuration.filtered_prompts.map(&:name)
-          session.resource_registry = ActionMCP.configuration.filtered_resources.map(&:name)
-        end
-
-        @sessions[session_id] = session
-        session
-      end
-
-      def load_session(session_id)
-        session = @sessions[session_id]
-        if session
-          session.instance_variable_set(:@new_record, false)
-        end
-        session
-      end
-
-      def save_session(session)
-        @sessions[session.id] = session
-      end
-
-      def delete_session(session_id)
-        @sessions.delete(session_id)
-      end
-
-      def session_exists?(session_id)
-        @sessions.key?(session_id)
-      end
-
-      def find_sessions(criteria = {})
-        sessions = @sessions.values
-
-        # Filter by status
-        if criteria[:status]
-          sessions = sessions.select { |s| s.status == criteria[:status] }
-        end
-
-        # Filter by role
-        if criteria[:role]
-          sessions = sessions.select { |s| s.role == criteria[:role] }
-        end
-
-        sessions
-      end
-
-      def cleanup_expired_sessions(older_than: 24.hours.ago)
-        expired_ids = @sessions.select do |_id, session|
-          session.updated_at < older_than
-        end.keys
-
-        expired_ids.each { |id| @sessions.delete(id) }
-        expired_ids.count
-      end
-
-      def clear_all
-        @sessions.clear
-      end
-
-      def session_count
-        @sessions.size
-      end
+    class VolatileSessionStore < BaseSessionStore
     end
   end
 end

data/lib/action_mcp/tagged_stream_logging.rb

@@ -35,9 +35,9 @@ module ActionMCP
     private
 
     # Helper method to handle tagged logging across different logger types
-    def log_with_tags(*tags)
+    def log_with_tags(*tags, &block)
       if ActionMCP.logger.respond_to?(:tagged)
-        ActionMCP.logger.tagged(*tags) { yield }
+        ActionMCP.logger.tagged(*tags, &block)
       else
         # For loggers that don't support tagging (like BroadcastLogger),
         # prepend tags to the message

data/lib/action_mcp/test_helper/progress_notification_assertions.rb

@@ -79,10 +79,10 @@ module ActionMCP
                  "total must be numeric when present"
         end
 
-        if params.key?(:message)
-          assert params[:message].is_a?(String),
-                 "message must be string when present"
-        end
+        return unless params.key?(:message)
+
+        assert params[:message].is_a?(String),
+               "message must be string when present"
       end
 
       # Get the current session store (with helpful error if not using test store)

data/lib/action_mcp/test_helper/session_store_assertions.rb

@@ -114,6 +114,7 @@ module ActionMCP
       def server_session_store
         store = ActionMCP::Server.session_store
         raise "Server session store is not a TestSessionStore" unless store.is_a?(ActionMCP::Server::TestSessionStore)
+
         store
       end
 
@@ -121,8 +122,11 @@ module ActionMCP
         # This would need to be set by the test or could use a thread-local variable
         # For now, we'll assume it's available as an instance variable
         store = @client_session_store || Thread.current[:test_client_session_store]
-        raise "Client session store not set. Set @client_session_store or Thread.current[:test_client_session_store]" unless store
+        unless store
+          raise "Client session store not set. Set @client_session_store or Thread.current[:test_client_session_store]"
+        end
         raise "Client session store is not a TestSessionStore" unless store.is_a?(ActionMCP::Client::TestSessionStore)
+
         store
       end
     end

data/lib/action_mcp/tool.rb

@@ -23,6 +23,7 @@ module ActionMCP
     class_attribute :_annotations, instance_accessor: false, default: {}
     class_attribute :_output_schema, instance_accessor: false, default: nil
     class_attribute :_meta, instance_accessor: false, default: {}
+    class_attribute :_requires_consent, instance_accessor: false, default: false
 
     # --------------------------------------------------------------------------
     # Tool Name and Description DSL
@@ -44,6 +45,7 @@ module ActionMCP
     # @return [String] The default tool name.
     def self.default_tool_name
       return "" if name.nil?
+
       name.demodulize.underscore.sub(/_tool$/, "")
     end
 
@@ -128,20 +130,31 @@ module ActionMCP
       def output_schema(schema = nil)
         if schema
           raise NotImplementedError, "Output schema DSL not yet implemented. Coming soon with structured content DSL!"
-        else
-          _output_schema
         end
+
+        _output_schema
       end
 
       # Sets or retrieves the _meta field
       def meta(data = nil)
         if data
           raise ArgumentError, "_meta must be a hash" unless data.is_a?(Hash)
+
           self._meta = _meta.merge(data)
         else
           _meta
         end
       end
+
+      # Marks this tool as requiring consent before execution
+      def requires_consent!
+        self._requires_consent = true
+      end
+
+      # Returns whether this tool requires consent
+      def requires_consent?
+        _requires_consent
+      end
     end
 
     # --------------------------------------------------------------------------
@@ -203,21 +216,19 @@ module ActionMCP
 
       # Map the type - for number arrays, use our custom type instance
       mapped_type = if type == "number"
-        Types::FloatArrayType.new
+                      Types::FloatArrayType.new
       else
-        map_json_type_to_active_model_type("array_#{type}")
+                      map_json_type_to_active_model_type("array_#{type}")
       end
 
       attribute prop_name, mapped_type, default: default
 
       # For arrays, we need to check if the attribute is nil, not if it's empty
-      if required
-        validates prop_name, presence: true, unless: -> { self.send(prop_name).is_a?(Array) }
-        validate do
-          if self.send(prop_name).nil?
-            errors.add(prop_name, "can't be blank")
-          end
-        end
+      return unless required
+
+      validates prop_name, presence: true, unless: -> { send(prop_name).is_a?(Array) }
+      validate do
+        errors.add(prop_name, "can't be blank") if send(prop_name).nil?
       end
     end
 
@@ -277,7 +288,13 @@ module ActionMCP
             perform
           end
         rescue StandardError => e
-          @response.mark_as_error!(:internal_error, message: e.message)
+          # Show generic error message for HTTP requests, detailed for direct calls
+          error_message = if execution_context[:request].present?
+                            "An unexpected error occurred."
+          else
+                            e.message
+          end
+          @response.mark_as_error!(:internal_error, message: error_message)
         end
       else
         @response.mark_as_error!(:invalid_params,
@@ -345,12 +362,10 @@ module ActionMCP
       return unless @response
 
       # Validate against output schema if defined
-      if self.class._output_schema
-        # TODO: Add JSON Schema validation here
-        # For now, just ensure it's a hash/object
-        unless content.is_a?(Hash)
-          raise ArgumentError, "Structured content must be a hash/object when output_schema is defined"
-        end
+      # TODO: Add JSON Schema validation here
+      # For now, just ensure it's a hash/object
+      if self.class._output_schema && !content.is_a?(Hash)
+        raise ArgumentError, "Structured content must be a hash/object when output_schema is defined"
       end
 
       @response.set_structured_content(content)
@@ -408,30 +423,26 @@ module ActionMCP
     def validate_number_parameter(key, value)
       return if value.is_a?(Numeric)
 
-      if value.is_a?(String)
-        # Check if string can be converted to a valid number
-        begin
-          Float(value)
-        rescue ArgumentError, TypeError
-          raise ArgumentError, "Parameter '#{key}' must be a valid number, got: #{value.inspect}"
-        end
-      else
-        raise ArgumentError, "Parameter '#{key}' must be a number, got: #{value.class}"
+      raise ArgumentError, "Parameter '#{key}' must be a number, got: #{value.class}" unless value.is_a?(String)
+
+      # Check if string can be converted to a valid number
+      begin
+        Float(value)
+      rescue ArgumentError, TypeError
+        raise ArgumentError, "Parameter '#{key}' must be a valid number, got: #{value.inspect}"
       end
     end
 
     def validate_integer_parameter(key, value)
       return if value.is_a?(Integer)
 
-      if value.is_a?(String)
-        # Check if string can be converted to a valid integer
-        begin
-          Integer(value)
-        rescue ArgumentError, TypeError
-          raise ArgumentError, "Parameter '#{key}' must be a valid integer, got: #{value.inspect}"
-        end
-      else
-        raise ArgumentError, "Parameter '#{key}' must be an integer, got: #{value.class}"
+      raise ArgumentError, "Parameter '#{key}' must be an integer, got: #{value.class}" unless value.is_a?(String)
+
+      # Check if string can be converted to a valid integer
+      begin
+        Integer(value)
+      rescue ArgumentError, TypeError
+        raise ArgumentError, "Parameter '#{key}' must be a valid integer, got: #{value.inspect}"
       end
     end
 
@@ -447,7 +458,7 @@ module ActionMCP
       raise ArgumentError, "Parameter '#{key}' must be a boolean, got: #{value.class}"
     end
 
-    def validate_array_parameter(key, value, property_schema)
+    def validate_array_parameter(key, value, _property_schema)
       return if value.is_a?(Array)
 
       raise ArgumentError, "Parameter '#{key}' must be an array, got: #{value.class}"

data/lib/action_mcp/types/float_array_type.rb

@@ -25,10 +25,12 @@ module ActionMCP
             when "nan"
               Float::NAN
             else
-              Float(v) rescue nil
+              begin
+                Float(v)
+              rescue StandardError
+                nil
+              end
             end
-          else
-            nil
           end
         end.compact
       end

data/lib/action_mcp/version.rb

@@ -2,7 +2,7 @@
 
 require_relative "gem_version"
 module ActionMCP
-  VERSION = "0.71.1"
+  VERSION = "0.80.0"
 
   class << self
     alias version gem_version

data/lib/action_mcp.rb

@@ -13,9 +13,6 @@ require "action_mcp/log_subscriber"
 require "action_mcp/engine"
 require "zeitwerk"
 
-# OAuth 2.1 support via Omniauth
-require "omniauth"
-require "omniauth-oauth2"
 
 lib = File.dirname(__FILE__)
 
@@ -29,8 +26,6 @@ Zeitwerk::Loader.for_gem.tap do |loader|
 
   loader.inflector.inflect("action_mcp" => "ActionMCP")
   loader.inflector.inflect("sse_listener" => "SSEListener")
-  loader.inflector.inflect("oauth" => "OAuth")
-  loader.inflector.inflect("mcp_strategy" => "MCPStrategy")
 end.setup
 
 module ActionMCP
@@ -40,12 +35,12 @@ module ActionMCP
 
   # Protocol version constants
   SUPPORTED_VERSIONS = [
-    "2025-06-18", # Dr. Identity McBouncer - OAuth 2.1, elicitation, structured output, resource links
+    "2025-06-18", # Dr. Identity McBouncer - elicitation, structured output, resource links
     "2025-03-26"  # The Persistent Negotiator - StreamableHTTP, resumability, audio support
   ].freeze
 
   LATEST_VERSION = SUPPORTED_VERSIONS.first.freeze
-  DEFAULT_PROTOCOL_VERSION = "2025-03-26".freeze  # Default to initial stable version for backwards compatibility
+  DEFAULT_PROTOCOL_VERSION = "2025-03-26" # Default to initial stable version for backwards compatibility
   class << self
     # Returns a Rack-compatible application for serving MCP requests
     # This makes ActionMCP.server work similar to ActionCable.server

data/lib/generators/action_mcp/identifier/identifier_generator.rb

@@ -0,0 +1,189 @@
+# frozen_string_literal: true
+
+module ActionMCP
+  module Generators
+    class IdentifierGenerator < Rails::Generators::Base
+      namespace "action_mcp:identifier"
+      source_root File.expand_path("templates", __dir__)
+      desc "Creates a Gateway Identifier for authentication patterns"
+
+      argument :name, type: :string, required: true, banner: "IdentifierName"
+
+      class_option :auth_method, type: :string, required: true,
+                   desc: "Authentication method name (e.g., 'api_key', 'session', 'custom')"
+      class_option :identity, type: :string, default: "user",
+                   desc: "Identity type this identifier provides (e.g., 'user', 'admin')"
+      class_option :lookup_method, type: :string, default: "database",
+                   desc: "How to resolve identity: 'database', 'middleware', 'headers', 'custom'"
+
+      def create_identifier_file
+        template "identifier.rb.erb", "app/mcp/identifiers/#{file_name}.rb"
+      end
+
+      def show_usage_instructions
+        say "\nIdentifier generated successfully!", :green
+        say "\nNext steps:", :blue
+        say "1. Configure authentication methods in config/mcp.yml:"
+        say "   authentication_methods: [\"#{auth_method}\"]", :yellow
+        say "\n2. Register in ApplicationGateway:"
+        say "   identified_by #{class_name}", :yellow
+        say "\n3. Customize the resolve method in app/mcp/identifiers/#{file_name}.rb"
+
+        if lookup_method == "database"
+          say "\n4. Ensure your #{identity.capitalize} model has the required fields/methods", :cyan
+        elsif lookup_method == "middleware"
+          say "\n4. Ensure your middleware sets the required request.env keys", :cyan
+        end
+      end
+
+      private
+
+      def class_name
+        "#{name.camelize}#{name.camelize.end_with?('Identifier') ? '' : 'Identifier'}"
+      end
+
+      def file_name
+        base = name.underscore
+        base.end_with?("_identifier") ? base : "#{base}_identifier"
+      end
+
+      def auth_method
+        options[:auth_method]
+      end
+
+      def identity
+        options[:identity]
+      end
+
+      def lookup_method
+        options[:lookup_method]
+      end
+
+      def resolve_implementation
+        case lookup_method
+        when "database"
+          database_lookup_implementation
+        when "middleware"
+          middleware_lookup_implementation
+        when "headers"
+          headers_lookup_implementation
+        else
+          custom_lookup_implementation
+        end
+      end
+
+      def database_lookup_implementation
+        case auth_method
+        when /api_key|token/
+          api_key_database_lookup
+        when /session/
+          session_database_lookup
+        else
+          generic_database_lookup
+        end
+      end
+
+      def api_key_database_lookup
+        <<~RUBY.indent(4)
+          # Extract API key from various sources
+          api_key = extract_api_key
+          raise Unauthorized, "Missing API key" unless api_key
+
+          # Look up #{identity} by API key
+          #{identity} = #{identity.capitalize}.find_by(api_key: api_key)
+          raise Unauthorized, "Invalid API key" unless #{identity}
+
+          # Optional: Add additional validation
+          # raise Unauthorized, "#{identity.capitalize} account inactive" unless #{identity}.active?
+
+          #{identity}
+        RUBY
+      end
+
+      def session_database_lookup
+        <<~RUBY.indent(4)
+          # Get #{identity} ID from session
+          #{identity}_id = session&.[]('#{identity}_id')
+          raise Unauthorized, "No #{identity} session" unless #{identity}_id
+
+          # Look up #{identity} in database
+          #{identity} = #{identity.capitalize}.find_by(id: #{identity}_id)
+          raise Unauthorized, "Invalid session" unless #{identity}
+
+          #{identity}
+        RUBY
+      end
+
+      def generic_database_lookup
+        <<~RUBY.indent(4)
+          # TODO: Extract identifier from request (headers, params, etc.)
+          identifier = nil # Implement your extraction logic here
+          raise Unauthorized, "Missing authentication identifier" unless identifier
+
+          # Look up #{identity} in database
+          #{identity} = #{identity.capitalize}.find_by(some_field: identifier)
+          raise Unauthorized, "Authentication failed" unless #{identity}
+
+          #{identity}
+        RUBY
+      end
+
+      def middleware_lookup_implementation
+        <<~RUBY.indent(4)
+          # Get #{identity} from middleware (Warden, Devise, etc.)
+          #{identity} = user_from_middleware
+          raise Unauthorized, "No authenticated #{identity} found" unless #{identity}
+
+          # Optional: Add additional validation
+          # raise Unauthorized, "#{identity.capitalize} access denied" unless #{identity}.can_access_mcp?
+
+          #{identity}
+        RUBY
+      end
+
+      def headers_lookup_implementation
+        <<~RUBY.indent(4)
+          # Extract #{identity} info from request headers
+          #{identity}_id = @request.env['HTTP_X_#{identity.upcase}_ID']
+          raise Unauthorized, "#{identity.capitalize} ID header missing" unless #{identity}_id
+
+          # Optional: Get additional info from headers
+          email = @request.env['HTTP_X_#{identity.upcase}_EMAIL']
+          roles = @request.env['HTTP_X_#{identity.upcase}_ROLES']&.split(',') || []
+
+          # Option 1: Look up in database
+          #{identity} = #{identity.capitalize}.find(#{identity}_id)
+        #{'  '}
+          # Option 2: Create simple object from headers (no DB lookup)
+          # #{identity} = OpenStruct.new(
+          #   id: #{identity}_id,
+          #   email: email,
+          #   roles: roles
+          # )
+
+          #{identity}
+        rescue ActiveRecord::RecordNotFound
+          raise Unauthorized, "Invalid #{identity}"
+        RUBY
+      end
+
+      def custom_lookup_implementation
+        <<~RUBY.indent(4)
+          # TODO: Implement your custom authentication logic here
+
+          # Example patterns:
+          # 1. Extract credentials from request
+          # credentials = extract_credentials_from_request
+
+          # 2. Validate credentials (API call, database lookup, etc.)
+          # #{identity} = validate_credentials(credentials)
+
+          # 3. Return the authenticated #{identity} or raise Unauthorized
+          # raise Unauthorized, "Authentication failed" unless #{identity}
+
+          raise NotImplementedError, "Custom authentication logic not implemented"
+        RUBY
+      end
+    end
+  end
+end

data/lib/generators/action_mcp/identifier/templates/identifier.rb.erb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+# <%= class_name %> - Gateway identifier for <%= auth_method %> authentication
+#
+# This identifier handles authentication using the "<%= auth_method %>" method
+# and provides access to the authenticated <%= identity %> object.
+#
+# Configuration:
+#   # config/mcp.yml
+#   authentication_methods: ["<%= auth_method %>"]
+#
+# Usage in ApplicationGateway:
+#   identified_by <%= class_name %>
+class <%= class_name %> < ActionMCP::GatewayIdentifier
+  identifier :<%= identity %>
+  authenticates :<%= auth_method %>
+
+  def resolve
+<%= resolve_implementation %>
+  end
+
+  private
+
+  # Add any custom helper methods here
+  # 
+  # Example helper methods:
+  # 
+  # def extract_credentials_from_request
+  #   # Custom extraction logic
+  # end
+  # 
+  # def validate_credentials(credentials)
+  #   # Custom validation logic
+  # end
+end

data/lib/generators/action_mcp/install/install_generator.rb

@@ -44,7 +44,7 @@ module ActionMCP
         say ""
         say "Configuration:"
         say "  The mcp.yml file contains authentication, profiles, and adapter settings."
-        say "  You can customize authentication methods, OAuth settings, and PubSub adapters."
+        say "  You can customize authentication methods and PubSub adapters."
         say ""
         say "Available adapters:"
         say "  - simple      : In-memory adapter for development"