actionmcp 0.72.0 → 0.80.1

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: actionmcp
 version: !ruby/object:Gem::Version
-  version: 0.72.0
+  version: 0.80.1
 platform: ruby
 authors:
 - Abdelkader Boudih
@@ -51,20 +51,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.5.3
-- !ruby/object:Gem::Dependency
-  name: jwt
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.10'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.10'
 - !ruby/object:Gem::Dependency
   name: multi_json
   requirement: !ruby/object:Gem::Requirement
@@ -107,34 +93,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.6'
-- !ruby/object:Gem::Dependency
-  name: omniauth
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.1'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.1'
-- !ruby/object:Gem::Dependency
-  name: omniauth-oauth2
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.7'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: ostruct
   requirement: !ruby/object:Gem::Requirement
@@ -149,34 +107,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: faraday
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.7'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.7'
-- !ruby/object:Gem::Dependency
-  name: pkce_challenge
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: json_schemer
   requirement: !ruby/object:Gem::Requirement
@@ -191,8 +121,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
-description: It offers base classes and helpers for creating MCP applications, making
-  it easier to integrate your Ruby/Rails application with the MCP standard
+description: A streamlined, production-focused toolkit for building MCP servers in
+  Rails applications. Provides essential base classes, authentication gateways, and
+  HTTP transport with minimal dependencies.
 email:
 - terminale@gmail.com
 executables:
@@ -204,26 +135,19 @@ files:
 - README.md
 - Rakefile
 - app/controllers/action_mcp/application_controller.rb
-- app/controllers/action_mcp/oauth/endpoints_controller.rb
-- app/controllers/action_mcp/oauth/metadata_controller.rb
-- app/controllers/action_mcp/oauth/registration_controller.rb
 - app/models/action_mcp.rb
 - app/models/action_mcp/application_record.rb
-- app/models/action_mcp/oauth_client.rb
-- app/models/action_mcp/oauth_token.rb
 - app/models/action_mcp/session.rb
 - app/models/action_mcp/session/message.rb
 - app/models/action_mcp/session/resource.rb
 - app/models/action_mcp/session/sse_event.rb
 - app/models/action_mcp/session/subscription.rb
-- app/models/concerns/mcp_console_helpers.rb
-- app/models/concerns/mcp_message_inspect.rb
+- app/models/concerns/action_mcp/mcp_console_helpers.rb
+- app/models/concerns/action_mcp/mcp_message_inspect.rb
 - config/routes.rb
 - db/migrate/20250512154359_consolidated_migration.rb
-- db/migrate/20250608112101_add_oauth_to_sessions.rb
-- db/migrate/20250708105124_create_action_mcp_oauth_clients.rb
-- db/migrate/20250708105226_create_action_mcp_oauth_tokens.rb
 - db/migrate/20250715070713_add_consents_to_action_mcp_sess.rb
+- db/migrate/20250727000001_remove_oauth_support.rb
 - exe/actionmcp_cli
 - lib/action_mcp.rb
 - lib/action_mcp/base_response.rb
@@ -237,11 +161,8 @@ files:
 - lib/action_mcp/client/collection.rb
 - lib/action_mcp/client/elicitation.rb
 - lib/action_mcp/client/json_rpc_handler.rb
-- lib/action_mcp/client/jwt_client_provider.rb
 - lib/action_mcp/client/logging.rb
 - lib/action_mcp/client/messaging.rb
-- lib/action_mcp/client/oauth_client_provider.rb
-- lib/action_mcp/client/oauth_client_provider/memory_storage.rb
 - lib/action_mcp/client/prompt_book.rb
 - lib/action_mcp/client/prompts.rb
 - lib/action_mcp/client/request_timeouts.rb
@@ -272,25 +193,19 @@ files:
 - lib/action_mcp/filtered_logger.rb
 - lib/action_mcp/gateway.rb
 - lib/action_mcp/gateway_identifier.rb
+- lib/action_mcp/gateway_identifiers.rb
+- lib/action_mcp/gateway_identifiers/api_key_identifier.rb
+- lib/action_mcp/gateway_identifiers/devise_identifier.rb
+- lib/action_mcp/gateway_identifiers/request_env_identifier.rb
+- lib/action_mcp/gateway_identifiers/warden_identifier.rb
 - lib/action_mcp/gem_version.rb
 - lib/action_mcp/instrumentation/controller_runtime.rb
 - lib/action_mcp/instrumentation/instrumentation.rb
 - lib/action_mcp/instrumentation/resource_instrumentation.rb
 - lib/action_mcp/integer_array.rb
 - lib/action_mcp/json_rpc_handler_base.rb
-- lib/action_mcp/jwt_decoder.rb
-- lib/action_mcp/jwt_identifier.rb
 - lib/action_mcp/log_subscriber.rb
 - lib/action_mcp/logging.rb
-- lib/action_mcp/none_identifier.rb
-- lib/action_mcp/o_auth_identifier.rb
-- lib/action_mcp/oauth.rb
-- lib/action_mcp/oauth/active_record_storage.rb
-- lib/action_mcp/oauth/error.rb
-- lib/action_mcp/oauth/memory_storage.rb
-- lib/action_mcp/oauth/middleware.rb
-- lib/action_mcp/oauth/provider.rb
-- lib/action_mcp/omniauth/mcp_strategy.rb
 - lib/action_mcp/prompt.rb
 - lib/action_mcp/prompt_response.rb
 - lib/action_mcp/prompts_registry.rb
@@ -346,6 +261,8 @@ files:
 - lib/action_mcp/uri_ambiguity_checker.rb
 - lib/action_mcp/version.rb
 - lib/actionmcp.rb
+- lib/generators/action_mcp/identifier/identifier_generator.rb
+- lib/generators/action_mcp/identifier/templates/identifier.rb.erb
 - lib/generators/action_mcp/install/install_generator.rb
 - lib/generators/action_mcp/install/templates/application_gateway.rb
 - lib/generators/action_mcp/install/templates/application_mcp_prompt.rb
@@ -383,6 +300,5 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 rubygems_version: 3.6.9
 specification_version: 4
-summary: Provides essential tooling for building Model Context Protocol (MCP) capable
-  servers
+summary: Lightweight Model Context Protocol (MCP) server toolkit for Ruby/Rails
 test_files: []

data/app/controllers/action_mcp/oauth/endpoints_controller.rb

@@ -1,265 +0,0 @@
-# frozen_string_literal: true
-
-require "ostruct"
-
-module ActionMCP
-  module OAuth
-    # OAuth 2.1 endpoints controller
-    # Handles authorization, token, introspection, and revocation endpoints
-    class EndpointsController < ActionController::Base
-      protect_from_forgery with: :null_session
-      before_action :check_oauth_enabled
-
-      # GET /oauth/authorize
-      # Authorization endpoint for OAuth 2.1 authorization code flow
-      def authorize
-        # Extract parameters
-        client_id = params[:client_id]
-        redirect_uri = params[:redirect_uri]
-        response_type = params[:response_type]
-        scope = params[:scope]
-        state = params[:state]
-        code_challenge = params[:code_challenge]
-        code_challenge_method = params[:code_challenge_method]
-
-        # Validate required parameters
-        if client_id.blank? || redirect_uri.blank? || response_type.blank?
-          return render_error("invalid_request", "Missing required parameters")
-        end
-
-        # Validate response type
-        unless response_type == "code"
-          return render_error("unsupported_response_type", "Only authorization code flow supported")
-        end
-
-        # Validate PKCE if required
-        if oauth_config["pkce_required"] && code_challenge.blank?
-          return render_error("invalid_request", "PKCE required")
-        end
-
-        # In a real implementation, this would show a consent page
-        # For now, we'll auto-approve for configured clients
-        if auto_approve_client?(client_id)
-          # Generate authorization code
-          user_id = current_user&.id || "anonymous"
-
-          begin
-            code = ActionMCP::OAuth::Provider.generate_authorization_code(
-              client_id: client_id,
-              redirect_uri: redirect_uri,
-              scope: scope || default_scope,
-              code_challenge: code_challenge,
-              code_challenge_method: code_challenge_method,
-              user_id: user_id
-            )
-
-            # Redirect back to client with authorization code
-            redirect_params = { code: code }
-            redirect_params[:state] = state if state
-            redirect_to "#{redirect_uri}?#{redirect_params.to_query}", allow_other_host: true
-          rescue ActionMCP::OAuth::Error => e
-            render_error(e.oauth_error_code, e.message)
-          end
-        else
-          # In production, show consent page
-          render_consent_page(client_id, redirect_uri, scope, state, code_challenge, code_challenge_method)
-        end
-      end
-
-      # POST /oauth/token
-      # Token endpoint for exchanging authorization codes and refreshing tokens
-      def token
-        grant_type = params[:grant_type]
-
-        case grant_type
-        when "authorization_code"
-          handle_authorization_code_grant
-        when "refresh_token"
-          handle_refresh_token_grant
-        when "client_credentials"
-          handle_client_credentials_grant
-        else
-          render_token_error("unsupported_grant_type", "Unsupported grant type")
-        end
-      rescue ActionMCP::OAuth::Error => e
-        render_token_error(e.oauth_error_code, e.message)
-      end
-
-      # POST /oauth/introspect
-      # Token introspection endpoint (RFC 7662)
-      def introspect
-        token = params[:token]
-        return render_introspection_error unless token
-
-        # Authenticate client for introspection
-        client_id, = extract_client_credentials
-        return render_introspection_error unless client_id
-
-        begin
-          token_info = ActionMCP::OAuth::Provider.introspect_token(token)
-          render json: token_info
-        rescue ActionMCP::OAuth::Error
-          render json: { active: false }
-        end
-      end
-
-      # POST /oauth/revoke
-      # Token revocation endpoint (RFC 7009)
-      def revoke
-        token = params[:token]
-        token_type_hint = params[:token_type_hint]
-
-        return head :bad_request unless token
-
-        # Authenticate client
-        client_id, = extract_client_credentials
-        return head :unauthorized unless client_id
-
-        begin
-          ActionMCP::OAuth::Provider.revoke_token(token, token_type_hint: token_type_hint)
-          head :ok
-        rescue ActionMCP::OAuth::Error
-          head :bad_request
-        end
-      end
-
-      private
-
-      def check_oauth_enabled
-        auth_methods = ActionMCP.configuration.authentication_methods
-        return if auth_methods&.include?("oauth")
-
-        head :not_found
-      end
-
-      def oauth_config
-        @oauth_config ||= ActionMCP.configuration.oauth_config || {}
-      end
-
-      def handle_authorization_code_grant
-        code = params[:code]
-        client_id = params[:client_id]
-        client_secret = params[:client_secret]
-        redirect_uri = params[:redirect_uri]
-        code_verifier = params[:code_verifier]
-
-        # Extract client credentials from Authorization header if not in params
-        client_id, client_secret = extract_client_credentials if client_id.blank?
-
-        return render_token_error("invalid_request", "Missing required parameters") if code.blank? || client_id.blank?
-
-        token_response = ActionMCP::OAuth::Provider.exchange_code_for_token(
-          code: code,
-          client_id: client_id,
-          client_secret: client_secret,
-          redirect_uri: redirect_uri,
-          code_verifier: code_verifier
-        )
-
-        render json: token_response
-      end
-
-      def handle_refresh_token_grant
-        refresh_token = params[:refresh_token]
-        scope = params[:scope]
-
-        # Extract client credentials
-        client_id, client_secret = extract_client_credentials
-        client_id ||= params[:client_id]
-        client_secret ||= params[:client_secret]
-
-        if refresh_token.blank? || client_id.blank?
-          return render_token_error("invalid_request",
-                                    "Missing required parameters")
-        end
-
-        token_response = ActionMCP::OAuth::Provider.refresh_access_token(
-          refresh_token: refresh_token,
-          client_id: client_id,
-          client_secret: client_secret,
-          scope: scope
-        )
-
-        render json: token_response
-      end
-
-      def handle_client_credentials_grant
-        scope = params[:scope]
-
-        # Extract client credentials
-        client_id, client_secret = extract_client_credentials
-        client_id ||= params[:client_id]
-        client_secret ||= params[:client_secret]
-
-        return render_token_error("invalid_request", "Missing client credentials") if client_id.blank?
-
-        token_response = ActionMCP::OAuth::Provider.client_credentials_grant(
-          client_id: client_id,
-          client_secret: client_secret,
-          scope: scope
-        )
-
-        render json: token_response
-      end
-
-      def extract_client_credentials
-        auth_header = request.headers["Authorization"]
-        if auth_header&.start_with?("Basic ")
-          encoded = auth_header.split(" ", 2).last
-          decoded = Base64.decode64(encoded)
-          decoded.split(":", 2)
-        else
-          [ nil, nil ]
-        end
-      end
-
-      def auto_approve_client?(client_id)
-        # In development/testing, auto-approve known clients
-        # In production, this should check a proper client registry
-        Rails.env.development? || Rails.env.test? || oauth_config["auto_approve_clients"]&.include?(client_id)
-      end
-
-      def current_user
-        # This should be implemented by the application
-        # For now, return a default user for development
-        if Rails.env.development? || Rails.env.test?
-          OpenStruct.new(id: "dev_user", email: "dev@example.com")
-        else
-          # In production, this should integrate with your authentication system
-          nil
-        end
-      end
-
-      def default_scope
-        oauth_config["default_scope"] || "mcp:tools mcp:resources mcp:prompts"
-      end
-
-      def render_error(error_code, description)
-        render json: {
-          error: error_code,
-          error_description: description
-        }, status: :bad_request
-      end
-
-      def render_token_error(error_code, description)
-        render json: {
-          error: error_code,
-          error_description: description
-        }, status: :bad_request
-      end
-
-      def render_introspection_error
-        render json: { active: false }, status: :bad_request
-      end
-
-      def render_consent_page(_client_id, _redirect_uri, _scope, _state, _code_challenge, _code_challenge_method)
-        # In production, this would render a proper consent page
-        # For now, just auto-deny unknown clients
-        render json: {
-          error: "access_denied",
-          error_description: "User denied authorization"
-        }, status: :forbidden
-      end
-    end
-  end
-end

data/app/controllers/action_mcp/oauth/metadata_controller.rb

@@ -1,125 +0,0 @@
-# frozen_string_literal: true
-
-module ActionMCP
-  module OAuth
-    # Controller for OAuth 2.1 metadata endpoints
-    # Provides server discovery information as per RFC 8414
-    class MetadataController < ActionController::Base
-      before_action :check_oauth_enabled
-
-      # GET /.well-known/oauth-authorization-server
-      # Returns OAuth Authorization Server Metadata as per RFC 8414
-      def authorization_server
-        metadata = {
-          issuer: issuer_url,
-          authorization_endpoint: authorization_endpoint,
-          token_endpoint: token_endpoint,
-          introspection_endpoint: introspection_endpoint,
-          revocation_endpoint: revocation_endpoint,
-          response_types_supported: response_types_supported,
-          grant_types_supported: grant_types_supported,
-          token_endpoint_auth_methods_supported: token_endpoint_auth_methods_supported,
-          scopes_supported: scopes_supported,
-          code_challenge_methods_supported: code_challenge_methods_supported,
-          service_documentation: service_documentation
-        }
-
-        # Add optional fields based on configuration
-        metadata[:registration_endpoint] = registration_endpoint if oauth_config[:enable_dynamic_registration]
-
-        metadata[:jwks_uri] = oauth_config[:jwks_uri] if oauth_config[:jwks_uri]
-
-        render json: metadata
-      end
-
-      # GET /.well-known/oauth-protected-resource
-      # Returns Protected Resource Metadata as per RFC 8705
-      def protected_resource
-        metadata = {
-          resource: issuer_url,
-          authorization_servers: [ issuer_url ],
-          scopes_supported: scopes_supported,
-          bearer_methods_supported: [ "header" ],
-          resource_documentation: resource_documentation
-        }
-
-        render json: metadata
-      end
-
-      private
-
-      def check_oauth_enabled
-        auth_methods = ActionMCP.configuration.authentication_methods
-        return if auth_methods&.include?("oauth")
-
-        head :not_found
-      end
-
-      def oauth_config
-        @oauth_config ||= HashWithIndifferentAccess.new(ActionMCP.configuration.oauth_config || {})
-      end
-
-      def issuer_url
-        @issuer_url ||= oauth_config.fetch(:issuer_url, request.base_url)
-      end
-
-      def authorization_endpoint
-        "#{issuer_url}/oauth/authorize"
-      end
-
-      def token_endpoint
-        "#{issuer_url}/oauth/token"
-      end
-
-      def introspection_endpoint
-        "#{issuer_url}/oauth/introspect"
-      end
-
-      def revocation_endpoint
-        "#{issuer_url}/oauth/revoke"
-      end
-
-      def registration_endpoint
-        "#{issuer_url}/oauth/register"
-      end
-
-      def response_types_supported
-        [ "code" ]
-      end
-
-      def grant_types_supported
-        grants = [ "authorization_code" ]
-        grants << "refresh_token" if oauth_config[:enable_refresh_tokens]
-        grants << "client_credentials" if oauth_config[:enable_client_credentials]
-        grants
-      end
-
-      def token_endpoint_auth_methods_supported
-        methods = %w[client_secret_basic client_secret_post]
-        methods << "none" if oauth_config[:allow_public_clients]
-        methods
-      end
-
-      def scopes_supported
-        oauth_config.fetch(:scopes_supported, [ "mcp:tools", "mcp:resources", "mcp:prompts" ])
-      end
-
-      def code_challenge_methods_supported
-        methods = []
-        if oauth_config[:pkce_required] || oauth_config[:pkce_supported]
-          methods << "S256"
-          methods << "plain" if oauth_config[:allow_plain_pkce]
-        end
-        methods
-      end
-
-      def service_documentation
-        oauth_config.fetch(:service_documentation, "#{request.base_url}/docs")
-      end
-
-      def resource_documentation
-        oauth_config.fetch(:resource_documentation, "#{request.base_url}/docs/api")
-      end
-    end
-  end
-end