actionmcp 0.72.0 → 0.80.0

data/lib/action_mcp/server/base_session.rb

@@ -147,7 +147,9 @@ module ActionMCP
 
       def cleanup_old_sse_events(max_age = 15.minutes)
         cutoff_time = Time.current - max_age
+        original_size = @sse_events.size
         @sse_events.delete_if { |e| e[:created_at] < cutoff_time }
+        original_size - @sse_events.size
       end
 
       def max_stored_sse_events

data/lib/action_mcp/version.rb

@@ -2,7 +2,7 @@
 
 require_relative "gem_version"
 module ActionMCP
-  VERSION = "0.72.0"
+  VERSION = "0.80.0"
 
   class << self
     alias version gem_version

data/lib/action_mcp.rb

@@ -13,9 +13,6 @@ require "action_mcp/log_subscriber"
 require "action_mcp/engine"
 require "zeitwerk"
 
-# OAuth 2.1 support via Omniauth
-require "omniauth"
-require "omniauth-oauth2"
 
 lib = File.dirname(__FILE__)
 
@@ -29,8 +26,6 @@ Zeitwerk::Loader.for_gem.tap do |loader|
 
   loader.inflector.inflect("action_mcp" => "ActionMCP")
   loader.inflector.inflect("sse_listener" => "SSEListener")
-  loader.inflector.inflect("oauth" => "OAuth")
-  loader.inflector.inflect("mcp_strategy" => "MCPStrategy")
 end.setup
 
 module ActionMCP
@@ -40,7 +35,7 @@ module ActionMCP
 
   # Protocol version constants
   SUPPORTED_VERSIONS = [
-    "2025-06-18", # Dr. Identity McBouncer - OAuth 2.1, elicitation, structured output, resource links
+    "2025-06-18", # Dr. Identity McBouncer - elicitation, structured output, resource links
     "2025-03-26"  # The Persistent Negotiator - StreamableHTTP, resumability, audio support
   ].freeze
 

data/lib/generators/action_mcp/identifier/identifier_generator.rb

@@ -0,0 +1,189 @@
+# frozen_string_literal: true
+
+module ActionMCP
+  module Generators
+    class IdentifierGenerator < Rails::Generators::Base
+      namespace "action_mcp:identifier"
+      source_root File.expand_path("templates", __dir__)
+      desc "Creates a Gateway Identifier for authentication patterns"
+
+      argument :name, type: :string, required: true, banner: "IdentifierName"
+
+      class_option :auth_method, type: :string, required: true,
+                   desc: "Authentication method name (e.g., 'api_key', 'session', 'custom')"
+      class_option :identity, type: :string, default: "user",
+                   desc: "Identity type this identifier provides (e.g., 'user', 'admin')"
+      class_option :lookup_method, type: :string, default: "database",
+                   desc: "How to resolve identity: 'database', 'middleware', 'headers', 'custom'"
+
+      def create_identifier_file
+        template "identifier.rb.erb", "app/mcp/identifiers/#{file_name}.rb"
+      end
+
+      def show_usage_instructions
+        say "\nIdentifier generated successfully!", :green
+        say "\nNext steps:", :blue
+        say "1. Configure authentication methods in config/mcp.yml:"
+        say "   authentication_methods: [\"#{auth_method}\"]", :yellow
+        say "\n2. Register in ApplicationGateway:"
+        say "   identified_by #{class_name}", :yellow
+        say "\n3. Customize the resolve method in app/mcp/identifiers/#{file_name}.rb"
+
+        if lookup_method == "database"
+          say "\n4. Ensure your #{identity.capitalize} model has the required fields/methods", :cyan
+        elsif lookup_method == "middleware"
+          say "\n4. Ensure your middleware sets the required request.env keys", :cyan
+        end
+      end
+
+      private
+
+      def class_name
+        "#{name.camelize}#{name.camelize.end_with?('Identifier') ? '' : 'Identifier'}"
+      end
+
+      def file_name
+        base = name.underscore
+        base.end_with?("_identifier") ? base : "#{base}_identifier"
+      end
+
+      def auth_method
+        options[:auth_method]
+      end
+
+      def identity
+        options[:identity]
+      end
+
+      def lookup_method
+        options[:lookup_method]
+      end
+
+      def resolve_implementation
+        case lookup_method
+        when "database"
+          database_lookup_implementation
+        when "middleware"
+          middleware_lookup_implementation
+        when "headers"
+          headers_lookup_implementation
+        else
+          custom_lookup_implementation
+        end
+      end
+
+      def database_lookup_implementation
+        case auth_method
+        when /api_key|token/
+          api_key_database_lookup
+        when /session/
+          session_database_lookup
+        else
+          generic_database_lookup
+        end
+      end
+
+      def api_key_database_lookup
+        <<~RUBY.indent(4)
+          # Extract API key from various sources
+          api_key = extract_api_key
+          raise Unauthorized, "Missing API key" unless api_key
+
+          # Look up #{identity} by API key
+          #{identity} = #{identity.capitalize}.find_by(api_key: api_key)
+          raise Unauthorized, "Invalid API key" unless #{identity}
+
+          # Optional: Add additional validation
+          # raise Unauthorized, "#{identity.capitalize} account inactive" unless #{identity}.active?
+
+          #{identity}
+        RUBY
+      end
+
+      def session_database_lookup
+        <<~RUBY.indent(4)
+          # Get #{identity} ID from session
+          #{identity}_id = session&.[]('#{identity}_id')
+          raise Unauthorized, "No #{identity} session" unless #{identity}_id
+
+          # Look up #{identity} in database
+          #{identity} = #{identity.capitalize}.find_by(id: #{identity}_id)
+          raise Unauthorized, "Invalid session" unless #{identity}
+
+          #{identity}
+        RUBY
+      end
+
+      def generic_database_lookup
+        <<~RUBY.indent(4)
+          # TODO: Extract identifier from request (headers, params, etc.)
+          identifier = nil # Implement your extraction logic here
+          raise Unauthorized, "Missing authentication identifier" unless identifier
+
+          # Look up #{identity} in database
+          #{identity} = #{identity.capitalize}.find_by(some_field: identifier)
+          raise Unauthorized, "Authentication failed" unless #{identity}
+
+          #{identity}
+        RUBY
+      end
+
+      def middleware_lookup_implementation
+        <<~RUBY.indent(4)
+          # Get #{identity} from middleware (Warden, Devise, etc.)
+          #{identity} = user_from_middleware
+          raise Unauthorized, "No authenticated #{identity} found" unless #{identity}
+
+          # Optional: Add additional validation
+          # raise Unauthorized, "#{identity.capitalize} access denied" unless #{identity}.can_access_mcp?
+
+          #{identity}
+        RUBY
+      end
+
+      def headers_lookup_implementation
+        <<~RUBY.indent(4)
+          # Extract #{identity} info from request headers
+          #{identity}_id = @request.env['HTTP_X_#{identity.upcase}_ID']
+          raise Unauthorized, "#{identity.capitalize} ID header missing" unless #{identity}_id
+
+          # Optional: Get additional info from headers
+          email = @request.env['HTTP_X_#{identity.upcase}_EMAIL']
+          roles = @request.env['HTTP_X_#{identity.upcase}_ROLES']&.split(',') || []
+
+          # Option 1: Look up in database
+          #{identity} = #{identity.capitalize}.find(#{identity}_id)
+        #{'  '}
+          # Option 2: Create simple object from headers (no DB lookup)
+          # #{identity} = OpenStruct.new(
+          #   id: #{identity}_id,
+          #   email: email,
+          #   roles: roles
+          # )
+
+          #{identity}
+        rescue ActiveRecord::RecordNotFound
+          raise Unauthorized, "Invalid #{identity}"
+        RUBY
+      end
+
+      def custom_lookup_implementation
+        <<~RUBY.indent(4)
+          # TODO: Implement your custom authentication logic here
+
+          # Example patterns:
+          # 1. Extract credentials from request
+          # credentials = extract_credentials_from_request
+
+          # 2. Validate credentials (API call, database lookup, etc.)
+          # #{identity} = validate_credentials(credentials)
+
+          # 3. Return the authenticated #{identity} or raise Unauthorized
+          # raise Unauthorized, "Authentication failed" unless #{identity}
+
+          raise NotImplementedError, "Custom authentication logic not implemented"
+        RUBY
+      end
+    end
+  end
+end

data/lib/generators/action_mcp/identifier/templates/identifier.rb.erb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+# <%= class_name %> - Gateway identifier for <%= auth_method %> authentication
+#
+# This identifier handles authentication using the "<%= auth_method %>" method
+# and provides access to the authenticated <%= identity %> object.
+#
+# Configuration:
+#   # config/mcp.yml
+#   authentication_methods: ["<%= auth_method %>"]
+#
+# Usage in ApplicationGateway:
+#   identified_by <%= class_name %>
+class <%= class_name %> < ActionMCP::GatewayIdentifier
+  identifier :<%= identity %>
+  authenticates :<%= auth_method %>
+
+  def resolve
+<%= resolve_implementation %>
+  end
+
+  private
+
+  # Add any custom helper methods here
+  # 
+  # Example helper methods:
+  # 
+  # def extract_credentials_from_request
+  #   # Custom extraction logic
+  # end
+  # 
+  # def validate_credentials(credentials)
+  #   # Custom validation logic
+  # end
+end

data/lib/generators/action_mcp/install/install_generator.rb

@@ -44,7 +44,7 @@ module ActionMCP
         say ""
         say "Configuration:"
         say "  The mcp.yml file contains authentication, profiles, and adapter settings."
-        say "  You can customize authentication methods, OAuth settings, and PubSub adapters."
+        say "  You can customize authentication methods and PubSub adapters."
         say ""
         say "Available adapters:"
         say "  - simple      : In-memory adapter for development"

data/lib/generators/action_mcp/install/templates/application_gateway.rb

@@ -1,41 +1,90 @@
 # frozen_string_literal: true
 
-class ApplicationGateway < ActionMCP::Gateway
-  # Specify what attributes identify a connection
-  # Multiple identifiers can be used (e.g., user, account, organization)
-  identified_by :user
-
-  protected
+# Application Gateway - configure your authentication identifiers here
+#
+# The Gateway reads from request.env keys set by upstream middleware
+# (like Warden, Devise, or custom auth middleware) through identifier classes.
+#
+# ActionMCP provides ready-to-use identifier examples for common authentication patterns.
+# You can use them directly or customize them for your needs.
 
-  # Override this method to implement your authentication logic
-  # Must return a hash with keys matching the identified_by attributes
-  # or raise ActionMCP::UnauthorizedError
-  def authenticate!
-    # Example using JWT:
-    token = extract_bearer_token
-    raise ActionMCP::UnauthorizedError, "Missing token" unless token
+class ApplicationGateway < ActionMCP::Gateway
+  # Register your identifier classes in order of preference
+  # The first successful identifier will be used
 
-    payload = ActionMCP::JwtDecoder.decode(token)
-    user = resolve_user(payload)
+  # Option 1: Use built-in identifiers (recommended for common patterns)
+  # identified_by ActionMCP::GatewayIdentifiers::WardenIdentifier  # For Warden/Devise
+  # identified_by ActionMCP::GatewayIdentifiers::ApiKeyIdentifier  # For API key auth
+  # identified_by ActionMCP::GatewayIdentifiers::RequestEnvIdentifier  # For custom headers
 
-    raise ActionMCP::UnauthorizedError, "Unauthorized" unless user
+  # Option 2: Use multiple auth methods (tries in order)
+  # identified_by ActionMCP::GatewayIdentifiers::WardenIdentifier,
+  #               ActionMCP::GatewayIdentifiers::ApiKeyIdentifier
 
-    # Return a hash with all identified_by attributes
-    { user: user }
-  rescue ActionMCP::JwtDecoder::DecodeError => e
-    raise ActionMCP::UnauthorizedError, e.message
-  end
+  # Option 3: Create custom identifiers (see examples below)
+  # identified_by CustomUserIdentifier, CustomAdminIdentifier
+end
 
-  private
+# Custom identifier examples - uncomment and customize as needed:
 
-  # Example method to resolve user from JWT payload
-  def resolve_user(payload)
-    return nil unless payload.is_a?(Hash)
+# Example: Custom Warden/Devise identifier
+# class CustomUserIdentifier < ActionMCP::GatewayIdentifier
+#   identifier :user
+#   authenticates :custom_warden
+#
+#   def resolve
+#     user = user_from_middleware
+#     raise Unauthorized, "No authenticated user found" unless user
+#
+#     # Add custom validation
+#     raise Unauthorized, "User account suspended" if user.suspended?
+#
+#     user
+#   end
+# end
 
-    user_id = payload["user_id"] || payload["sub"]
-    return nil unless user_id
+# Example: Custom API Key identifier with rate limiting
+# class CustomApiKeyIdentifier < ActionMCP::GatewayIdentifier
+#   identifier :user
+#   authenticates :custom_api_key
+#
+#   def resolve
+#     api_key = extract_api_key
+#     raise Unauthorized, "Missing API key" unless api_key
+#
+#     user = User.find_by(api_key: api_key)
+#     raise Unauthorized, "Invalid API key" unless user
+#
+#     # Add rate limiting check
+#     if rate_limited?(user)
+#       raise Unauthorized, "Rate limit exceeded"
+#     end
+#
+#     user
+#   end
+#
+#   private
+#
+#   def rate_limited?(user)
+#     # Implement your rate limiting logic
+#     false
+#   end
+# end
 
-    # Replace with your User model lookup
-    User.find_by(id: user_id)
-  end
-end
+# Example: Admin-only identifier
+# class AdminIdentifier < ActionMCP::GatewayIdentifier
+#   identifier :admin
+#   authenticates :admin_token
+#
+#   def resolve
+#     token = extract_bearer_token
+#     raise Unauthorized, "Missing admin token" unless token
+#
+#     admin = Admin.find_by(access_token: token)
+#     raise Unauthorized, "Invalid admin token" unless admin
+#
+#     raise Unauthorized, "Admin access revoked" unless admin.active?
+#
+#     admin
+#   end
+# end

data/lib/generators/action_mcp/install/templates/mcp.yml

@@ -16,14 +16,6 @@ shared:
   # Server-specific session store type (falls back to session_store_type if not specified)
   # server_session_store_type: active_record
 
-  # OAuth configuration (if using OAuth authentication)
-  # oauth:
-  #   provider: "demo_oauth_provider"
-  #   scopes_supported: ["mcp:tools", "mcp:resources", "mcp:prompts"]
-  #   enable_dynamic_registration: true
-  #   enable_token_revocation: true
-  #   pkce_required: true
-  #   issuer_url: https://yourapp.com
 
   # MCP capability profiles
   profiles:
@@ -67,8 +59,8 @@ development:
 
 # Test environment
 test:
-  # JWT authentication for testing environment
-  authentication: ["jwt"]
+  # No authentication for testing environment
+  authentication: ["none"]
 
   # Test adapter for testing
   adapter: test
@@ -78,17 +70,8 @@ test:
 
 # Production environment
 production:
-  # Multiple authentication methods - try OAuth first, fallback to JWT
-  authentication: ["oauth", "jwt"]
-
-  # OAuth configuration for production
-  oauth:
-    provider: "application_oauth_provider"  # Your custom provider class
-    scopes_supported: ["mcp:tools", "mcp:resources", "mcp:prompts"]
-    enable_dynamic_registration: true
-    enable_token_revocation: true
-    pkce_required: true
-    issuer_url: https://yourapp.com
+  # Configure authentication methods for production (customize as needed)
+  authentication: ["none"]
 
   # Additional production profiles for external clients
   profiles:

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: actionmcp
 version: !ruby/object:Gem::Version
-  version: 0.72.0
+  version: 0.80.0
 platform: ruby
 authors:
 - Abdelkader Boudih
@@ -51,20 +51,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.5.3
-- !ruby/object:Gem::Dependency
-  name: jwt
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.10'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.10'
 - !ruby/object:Gem::Dependency
   name: multi_json
   requirement: !ruby/object:Gem::Requirement
@@ -107,34 +93,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.6'
-- !ruby/object:Gem::Dependency
-  name: omniauth
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.1'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.1'
-- !ruby/object:Gem::Dependency
-  name: omniauth-oauth2
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.7'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: ostruct
   requirement: !ruby/object:Gem::Requirement
@@ -149,34 +107,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: faraday
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.7'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.7'
-- !ruby/object:Gem::Dependency
-  name: pkce_challenge
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: json_schemer
   requirement: !ruby/object:Gem::Requirement
@@ -191,8 +121,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
-description: It offers base classes and helpers for creating MCP applications, making
-  it easier to integrate your Ruby/Rails application with the MCP standard
+description: A streamlined, production-focused toolkit for building MCP servers in
+  Rails applications. Provides essential base classes, authentication gateways, and
+  HTTP transport with minimal dependencies.
 email:
 - terminale@gmail.com
 executables:
@@ -204,13 +135,8 @@ files:
 - README.md
 - Rakefile
 - app/controllers/action_mcp/application_controller.rb
-- app/controllers/action_mcp/oauth/endpoints_controller.rb
-- app/controllers/action_mcp/oauth/metadata_controller.rb
-- app/controllers/action_mcp/oauth/registration_controller.rb
 - app/models/action_mcp.rb
 - app/models/action_mcp/application_record.rb
-- app/models/action_mcp/oauth_client.rb
-- app/models/action_mcp/oauth_token.rb
 - app/models/action_mcp/session.rb
 - app/models/action_mcp/session/message.rb
 - app/models/action_mcp/session/resource.rb
@@ -220,10 +146,8 @@ files:
 - app/models/concerns/mcp_message_inspect.rb
 - config/routes.rb
 - db/migrate/20250512154359_consolidated_migration.rb
-- db/migrate/20250608112101_add_oauth_to_sessions.rb
-- db/migrate/20250708105124_create_action_mcp_oauth_clients.rb
-- db/migrate/20250708105226_create_action_mcp_oauth_tokens.rb
 - db/migrate/20250715070713_add_consents_to_action_mcp_sess.rb
+- db/migrate/20250727000001_remove_oauth_support.rb
 - exe/actionmcp_cli
 - lib/action_mcp.rb
 - lib/action_mcp/base_response.rb
@@ -237,11 +161,8 @@ files:
 - lib/action_mcp/client/collection.rb
 - lib/action_mcp/client/elicitation.rb
 - lib/action_mcp/client/json_rpc_handler.rb
-- lib/action_mcp/client/jwt_client_provider.rb
 - lib/action_mcp/client/logging.rb
 - lib/action_mcp/client/messaging.rb
-- lib/action_mcp/client/oauth_client_provider.rb
-- lib/action_mcp/client/oauth_client_provider/memory_storage.rb
 - lib/action_mcp/client/prompt_book.rb
 - lib/action_mcp/client/prompts.rb
 - lib/action_mcp/client/request_timeouts.rb
@@ -272,25 +193,19 @@ files:
 - lib/action_mcp/filtered_logger.rb
 - lib/action_mcp/gateway.rb
 - lib/action_mcp/gateway_identifier.rb
+- lib/action_mcp/gateway_identifiers.rb
+- lib/action_mcp/gateway_identifiers/api_key_identifier.rb
+- lib/action_mcp/gateway_identifiers/devise_identifier.rb
+- lib/action_mcp/gateway_identifiers/request_env_identifier.rb
+- lib/action_mcp/gateway_identifiers/warden_identifier.rb
 - lib/action_mcp/gem_version.rb
 - lib/action_mcp/instrumentation/controller_runtime.rb
 - lib/action_mcp/instrumentation/instrumentation.rb
 - lib/action_mcp/instrumentation/resource_instrumentation.rb
 - lib/action_mcp/integer_array.rb
 - lib/action_mcp/json_rpc_handler_base.rb
-- lib/action_mcp/jwt_decoder.rb
-- lib/action_mcp/jwt_identifier.rb
 - lib/action_mcp/log_subscriber.rb
 - lib/action_mcp/logging.rb
-- lib/action_mcp/none_identifier.rb
-- lib/action_mcp/o_auth_identifier.rb
-- lib/action_mcp/oauth.rb
-- lib/action_mcp/oauth/active_record_storage.rb
-- lib/action_mcp/oauth/error.rb
-- lib/action_mcp/oauth/memory_storage.rb
-- lib/action_mcp/oauth/middleware.rb
-- lib/action_mcp/oauth/provider.rb
-- lib/action_mcp/omniauth/mcp_strategy.rb
 - lib/action_mcp/prompt.rb
 - lib/action_mcp/prompt_response.rb
 - lib/action_mcp/prompts_registry.rb
@@ -346,6 +261,8 @@ files:
 - lib/action_mcp/uri_ambiguity_checker.rb
 - lib/action_mcp/version.rb
 - lib/actionmcp.rb
+- lib/generators/action_mcp/identifier/identifier_generator.rb
+- lib/generators/action_mcp/identifier/templates/identifier.rb.erb
 - lib/generators/action_mcp/install/install_generator.rb
 - lib/generators/action_mcp/install/templates/application_gateway.rb
 - lib/generators/action_mcp/install/templates/application_mcp_prompt.rb
@@ -383,6 +300,5 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 rubygems_version: 3.6.9
 specification_version: 4
-summary: Provides essential tooling for building Model Context Protocol (MCP) capable
-  servers
+summary: Lightweight Model Context Protocol (MCP) server toolkit for Ruby/Rails
 test_files: []