actionmcp 0.82.0 → 0.83.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b0ca96b3275c9dcece973bd75cc7eb4585fea06f6a99d8dec6a7603817c28b69
-  data.tar.gz: a188765f7176684ee0875a9eecf25cf07ff4c2338c93be7fc5fe29954f26bbb0
+  metadata.gz: 34a7a67e4f2e58c82a8a06bb11adf328747ed61a38e4c06598b21657556b8779
+  data.tar.gz: 0a81e9eaec25dc3906a9476fff4c9458da889fd201cb644b46ba1074ea46d5ad
 SHA512:
-  metadata.gz: 678b6231e5c2df59dc9b90c26d5135cfb2ceb2aaa45ed55e774dc9700cf15f634d8a796fa2c9d3e2a78896bf21f41a86d303f2ca97db4445d289f8a24a8892b5
-  data.tar.gz: 2d1458519c3b69045a8f885be8da811544de78e793cc191ca2145d08ebc41a019a209b3f51fc9bcc9138e72b75f6b1fcc11428e01a06b1b6326f7bcc902d7dee
+  metadata.gz: 76e455eefa6f0fb9c055d4a799ba38f09993c7562746733c05e15e8bc256df112e24788989dce2dbe0bfa290b77eedc54f89a480422a6805050bde18fbb51d2f
+  data.tar.gz: 8c2fb33e02738de33451097b92c743acf053bdd759be14380fd62a098153b59a925aa8b7f490908457835d9cdb5de903a07e6d1bfe0b741aebe6f28ce64185b5

data/lib/action_mcp/gateway.rb

@@ -4,6 +4,11 @@ module ActionMCP
   class UnauthorizedError < StandardError; end
 
   class Gateway
+    # Whitelist of allowed identity attribute names to prevent method shadowing
+    # and unauthorized attribute assignment. Extend this list if you use custom
+    # identifier names in your GatewayIdentifier implementations.
+    ALLOWED_IDENTITY_KEYS = %w[user api_key jwt bearer token account session].freeze
+
     class << self
       # pluck in one or many GatewayIdentifier classes
       def identified_by(*klasses)
@@ -69,13 +74,21 @@ module ActionMCP
 
     def assign_identities(identities)
       identities.each do |name, value|
+        name_str = name.to_s
+
+        # Validate identity key against whitelist to prevent method shadowing
+        unless ALLOWED_IDENTITY_KEYS.include?(name_str)
+          raise ArgumentError, "Invalid identity key: '#{name_str}'. " \
+                               "Allowed keys: #{ALLOWED_IDENTITY_KEYS.join(', ')}"
+        end
+
         # define accessor on the fly
         self.class.attr_reader name unless respond_to?(name)
-        instance_variable_set("@#{name}", value)
+        instance_variable_set("@#{name_str}", value)
 
         # also set current context if you have one
-        ActionMCP::Current.public_send("#{name}=", value) if
-          ActionMCP::Current.respond_to?("#{name}=")
+        ActionMCP::Current.public_send("#{name_str}=", value) if
+          ActionMCP::Current.respond_to?("#{name_str}=")
       end
       ActionMCP::Current.gateway = self if
         ActionMCP::Current.respond_to?(:gateway=)

data/lib/action_mcp/resource_template.rb

@@ -48,6 +48,11 @@ module ActionMCP
         @required_parameters ||= []
       end
 
+      # Cache compiled regex patterns for URI matching to avoid recompilation
+      def uri_regex_cache
+        @uri_regex_cache ||= {}
+      end
+
       def parameter(name, description:, required: false, **options)
         @parameters ||= {}
         @parameters[name] = { description: description, required: required, **options }
@@ -139,48 +144,55 @@ module ActionMCP
 
       # Extract parameters from a URI using the template pattern
       def extract_params_from_uri(uri_string)
-        # Convert template parameters to named capture groups
-        regex_parts = []
-        current_pos = 0
-        param_names = []
-
-        # Find all template parameters like {param_name}
-        @uri_template.scan(/\{([^}]+)\}/) do |param_name|
-          param_names << param_name[0]
-
-          # Get the position of this parameter in the template
-          param_start = @uri_template.index("{#{param_name[0]}}", current_pos)
-
-          # Add the text before the parameter (escaped)
-          if param_start > current_pos
-            prefix = Regexp.escape(@uri_template[current_pos...param_start])
-            regex_parts << prefix
-          end
+        # Check cache for compiled regex and param names
+        cache_entry = uri_regex_cache[@uri_template]
 
-          # Add the named capture group
-          regex_parts << "(?<#{param_name[0]}>[^/]+)"
+        unless cache_entry
+          # Convert template parameters to named capture groups
+          regex_parts = []
+          current_pos = 0
+          param_names = []
 
-          # Update current position
-          current_pos = param_start + param_name[0].length + 2 # +2 for { and }
-        end
+          # Find all template parameters like {param_name}
+          @uri_template.scan(/\{([^}]+)\}/) do |param_name|
+            param_names << param_name[0]
 
-        # Add any remaining text after the last parameter
-        if current_pos < @uri_template.length
-          suffix = Regexp.escape(@uri_template[current_pos..])
-          regex_parts << suffix
-        end
+            # Get the position of this parameter in the template
+            param_start = @uri_template.index("{#{param_name[0]}}", current_pos)
+
+            # Add the text before the parameter (escaped)
+            if param_start > current_pos
+              prefix = Regexp.escape(@uri_template[current_pos...param_start])
+              regex_parts << prefix
+            end
 
-        # Build the final regex
-        regex_pattern = regex_parts.join
-        regex = Regexp.new("^#{regex_pattern}$")
+            # Add the named capture group
+            regex_parts << "(?<#{param_name[0]}>[^/]+)"
+
+            # Update current position
+            current_pos = param_start + param_name[0].length + 2 # +2 for { and }
+          end
+
+          # Add any remaining text after the last parameter
+          if current_pos < @uri_template.length
+            suffix = Regexp.escape(@uri_template[current_pos..])
+            regex_parts << suffix
+          end
+
+          # Build the final regex and cache it
+          regex_pattern = regex_parts.join
+          regex = Regexp.new("^#{regex_pattern}$")
+          cache_entry = { regex: regex, param_names: param_names }
+          uri_regex_cache[@uri_template] = cache_entry
+        end
 
-        # Try to match the URI
-        match_data = regex.match(uri_string)
+        # Try to match the URI using cached regex
+        match_data = cache_entry[:regex].match(uri_string)
         return nil unless match_data
 
         # Extract named captures as parameters
         params = {}
-        param_names.each do |name|
+        cache_entry[:param_names].each do |name|
           params[name.to_sym] = match_data[name] if match_data[name]
         end
 

data/lib/action_mcp/tool.rb

@@ -240,9 +240,9 @@ module ActionMCP
       prop_definition.merge!(opts) if opts.any?
 
       self._schema_properties = _schema_properties.merge(prop_name.to_s => prop_definition)
-      self._required_properties = _required_properties.dup.tap do |req|
-        req << prop_name.to_s if required
-      end
+      new_required = _required_properties.dup
+      new_required << prop_name.to_s if required
+      self._required_properties = new_required
 
       # Map the JSON Schema type to an ActiveModel attribute type.
       attribute prop_name, map_json_type_to_active_model_type(type), default: default
@@ -271,9 +271,9 @@ module ActionMCP
       collection_definition[:description] = description if description && !description.empty?
 
       self._schema_properties = _schema_properties.merge(prop_name.to_s => collection_definition)
-      self._required_properties = _required_properties.dup.tap do |req|
-        req << prop_name.to_s if required
-      end
+      new_required = _required_properties.dup
+      new_required << prop_name.to_s if required
+      self._required_properties = new_required
 
       # Map the type - for number arrays, use our custom type instance
       mapped_type = if type == "number"

data/lib/action_mcp/tools_registry.rb

@@ -26,8 +26,13 @@ module ActionMCP
         # Handle parameter validation errors
         error_response(:invalid_params, message: e.message)
       rescue StandardError => e
-        # FIXME, we should maybe not return the error message to the user
-        error_response(:invalid_params, message: "Tool execution failed: #{e.message}")
+        # Hide error details in production to prevent information disclosure
+        message = if Rails.env.production?
+          "Tool execution failed"
+        else
+          "Tool execution failed: #{e.message}"
+        end
+        error_response(:invalid_params, message: message)
       end
 
       def item_klass

data/lib/action_mcp/version.rb

@@ -2,7 +2,7 @@
 
 require_relative "gem_version"
 module ActionMCP
-  VERSION = "0.82.0"
+  VERSION = "0.83.1"
 
   class << self
     alias version gem_version

data/lib/tasks/action_mcp_tasks.rake

@@ -49,6 +49,28 @@ namespace :action_mcp do
     puts "\n"
   end
 
+  # bin/rails action_mcp:list_profiles
+  desc "List all available profiles"
+  task list_profiles: :environment do
+    # Ensure Rails eager loads all classes
+    Rails.application.eager_load!
+
+    puts "\e[35mACTION MCP PROFILES\e[0m"  # Purple
+    puts "\e[35m-------------------\e[0m"   # Purple
+
+    profiles = ActionMCP.configuration.profiles
+
+    if profiles.any?
+      profiles.each_key do |profile_name|
+        puts "\e[35m#{profile_name}\e[0m"
+      end
+    else
+      puts "  No profiles configured"
+    end
+
+    puts "\n"
+  end
+
   # bin/rails action_mcp:show_profile[profile_name]
   desc "Show configuration for a specific profile"
   task :show_profile, [ :profile_name ] => :environment do |_t, args|

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: actionmcp
 version: !ruby/object:Gem::Version
-  version: 0.82.0
+  version: 0.83.1
 platform: ruby
 authors:
 - Abdelkader Boudih
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 8.0.1
+        version: 8.0.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 8.0.1
+        version: 8.0.4
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby
   requirement: !ruby/object:Gem::Requirement
@@ -71,14 +71,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 8.0.1
+        version: 8.0.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 8.0.1
+        version: 8.0.4
 - !ruby/object:Gem::Dependency
   name: zeitwerk
   requirement: !ruby/object:Gem::Requirement
@@ -93,20 +93,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.6'
-- !ruby/object:Gem::Dependency
-  name: ostruct
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: json_schemer
   requirement: !ruby/object:Gem::Requirement