active_mcp 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +37 -1
- data/app/controllers/active_mcp/base_controller.rb +11 -1
- data/lib/active_mcp/tool.rb +4 -0
- data/lib/active_mcp/version.rb +1 -1
- data/lib/generators/active_mcp/tool/templates/tool.rb.erb +17 -0
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f94cddd4a196e9f5d1b0501457cb9d318fe1a32cfb997391f0b428f42b850813
|
|
4
|
+
data.tar.gz: de38f78d65269af6441c9f375ebca7ae2372acbee26c87ac04d68815a844da07
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 17f8847a39433c08b61838f416dfa6f3e0aecce6daf6ef8051dffdb5e71ac58f191c7654080570f18aae88b002219efd06a260d3afd26d7d1724a5758abf8746
|
|
7
|
+
data.tar.gz: afc770724f80df1f92929ab69c88577a6a0e974ad0647acf2dbdf677c7d6dc5b0a01f8792d53ef7eac818a72e11346769f13cd64f6651cc6375ba1bb544c8099
|
data/README.md
CHANGED
|
@@ -136,7 +136,43 @@ http://your-app.example.com/mcp
|
|
|
136
136
|
|
|
137
137
|
Clients will discover the available tools and their input schemas automatically through the MCP protocol.
|
|
138
138
|
|
|
139
|
-
## Authentication
|
|
139
|
+
## Authorization & Authentication
|
|
140
|
+
|
|
141
|
+
ActiveMcp supports both authentication (verifying who a user is) and authorization (controlling what resources they can access).
|
|
142
|
+
|
|
143
|
+
### Authorization for Tools
|
|
144
|
+
|
|
145
|
+
You can control which tools are visible and accessible to different users by overriding the `authorized?` class method:
|
|
146
|
+
|
|
147
|
+
```ruby
|
|
148
|
+
class AdminOnlyTool < ActiveMcp::Tool
|
|
149
|
+
description "This tool is only accessible by admins"
|
|
150
|
+
|
|
151
|
+
property :command, :string, required: true, description: "Admin command to execute"
|
|
152
|
+
|
|
153
|
+
# Define authorization logic - only admin tokens can access this tool
|
|
154
|
+
def self.authorized?(auth_info)
|
|
155
|
+
return false unless auth_info
|
|
156
|
+
return false unless auth_info[:type] == :bearer
|
|
157
|
+
|
|
158
|
+
# Check if the token belongs to an admin
|
|
159
|
+
auth_info[:token] == "admin-token" || User.find_by_token(auth_info[:token])&.admin?
|
|
160
|
+
end
|
|
161
|
+
|
|
162
|
+
def call(command:, auth_info: nil)
|
|
163
|
+
# Tool implementation
|
|
164
|
+
end
|
|
165
|
+
end
|
|
166
|
+
```
|
|
167
|
+
|
|
168
|
+
When a user makes a request to the MCP server:
|
|
169
|
+
1. Only tools that return `true` from their `authorized?` method will be included in the tools list
|
|
170
|
+
2. Users can only call tools that they're authorized to use
|
|
171
|
+
3. Unauthorized access attempts will return a 403 Forbidden response
|
|
172
|
+
|
|
173
|
+
This makes it easy to create role-based access control for your MCP tools.
|
|
174
|
+
|
|
175
|
+
### Authentication Flow
|
|
140
176
|
|
|
141
177
|
ActiveMcp supports receiving authentication credentials from MCP clients and forwarding them to your Rails application. There are two ways to handle authentication:
|
|
142
178
|
|
|
@@ -37,7 +37,11 @@ module ActiveMcp
|
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
def render_tools_list
|
|
40
|
-
|
|
40
|
+
# 認可チェックを含めてツールリストをフィルタリング
|
|
41
|
+
tools = Tool.registered_tools.select do |tool_class|
|
|
42
|
+
# 認可チェック - ツールがauthorized?メソッドでtrueを返すもののみを選択
|
|
43
|
+
tool_class.authorized?(@auth_info)
|
|
44
|
+
end.map do |tool_class|
|
|
41
45
|
{
|
|
42
46
|
name: tool_class.tool_name,
|
|
43
47
|
description: tool_class.desc,
|
|
@@ -65,6 +69,12 @@ module ActiveMcp
|
|
|
65
69
|
render json: {error: "Tool not found: #{tool_name}"}, status: 404
|
|
66
70
|
return
|
|
67
71
|
end
|
|
72
|
+
|
|
73
|
+
# 認可チェック
|
|
74
|
+
unless tool_class.authorized?(@auth_info)
|
|
75
|
+
render json: {error: "Unauthorized: Access to tool '#{tool_name}' denied"}, status: 403
|
|
76
|
+
return
|
|
77
|
+
end
|
|
68
78
|
|
|
69
79
|
tool = tool_class.new
|
|
70
80
|
validation_result = tool.validate_arguments(arguments)
|
data/lib/active_mcp/tool.rb
CHANGED
data/lib/active_mcp/version.rb
CHANGED
|
@@ -5,6 +5,23 @@ class <%= class_name %> < ActiveMcp::Tool
|
|
|
5
5
|
property :param2, :string, required: false, description: "Second parameter description"
|
|
6
6
|
# Add more parameters as needed
|
|
7
7
|
|
|
8
|
+
# Uncomment and modify this method to implement authorization control
|
|
9
|
+
# This controls who can see and use this tool
|
|
10
|
+
# def self.authorized?(auth_info)
|
|
11
|
+
# # Example: require authentication
|
|
12
|
+
# # return false unless auth_info
|
|
13
|
+
#
|
|
14
|
+
# # Example: require a specific authentication type
|
|
15
|
+
# # return false unless auth_info[:type] == :bearer
|
|
16
|
+
#
|
|
17
|
+
# # Example: check for admin permissions
|
|
18
|
+
# # admin_tokens = ["admin-token"]
|
|
19
|
+
# # return admin_tokens.include?(auth_info[:token])
|
|
20
|
+
#
|
|
21
|
+
# # Default: allow all access
|
|
22
|
+
# true
|
|
23
|
+
# end
|
|
24
|
+
|
|
8
25
|
def call(param1:, param2: nil, auth_info: nil, **args)
|
|
9
26
|
# Authentication information can be accessed via _auth_info parameter
|
|
10
27
|
# auth_info = { type: :bearer, token: "xxx", header: "Bearer xxx" }
|