activerecord-mcp 0.1.0

data/test/unit/tools/count_records_test.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+class CountRecordsToolTest < ActiveSupport::TestCase
+  setup do
+    User.create!(name: "Alice", email: "alice@example.com", active: true)
+    User.create!(name: "Bob",   email: "bob@example.com",   active: false)
+  end
+
+  test "counts all records" do
+    response = call(model: "User")
+    result   = JSON.parse(response.content.first[:text])
+    assert_equal 2, result["count"]
+  end
+
+  test "counts with conditions" do
+    response = call(model: "User", conditions: { "active" => true })
+    result   = JSON.parse(response.content.first[:text])
+    assert_equal 1, result["count"]
+  end
+
+  test "raises on unknown condition column" do
+    assert_raises(RailsMcp::Database::QueryBuilder::Error) do
+      call(model: "User", conditions: { "nonexistent" => 1 })
+    end
+  end
+
+  test "raises on denied column in conditions" do
+    RailsMcp.configuration.denied_columns = ["email"]
+    err = assert_raises(RailsMcp::Database::QueryBuilder::Error) do
+      call(model: "User", conditions: { "email" => "alice@example.com" })
+    end
+    assert_match "Unknown column(s)", err.message
+  end
+
+  test "raises on hash condition value" do
+    err = assert_raises(RailsMcp::Database::QueryBuilder::Error) do
+      call(model: "User", conditions: { "name" => { "starts_with" => "Al" } })
+    end
+    assert_match "Invalid condition value(s)", err.message
+  end
+
+  test "count oracle blocked for denied column" do
+    RailsMcp.configuration.denied_columns = [/password/i]
+    err = assert_raises(RailsMcp::Database::QueryBuilder::Error) do
+      call(model: "User", conditions: { "password_digest" => "$2a$12$abc" })
+    end
+    assert_match "Unknown column(s)", err.message
+  end
+
+  private
+
+  def call(**args)
+    RailsMcp::Tools::CountRecords.call(server_context: {}, **args)
+  end
+end

data/test/unit/tools/describe_model_test.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+class DescribeModelToolTest < ActiveSupport::TestCase
+  test "returns schema info for a model" do
+    response = call(model: "User")
+    result   = JSON.parse(response.content.first[:text])
+
+    assert_equal "User",  result["model"]
+    assert_equal "users", result["table"]
+    assert_equal "id",    result["primary_key"]
+
+    col_names = result["columns"].map { |c| c["name"] }
+    assert_includes col_names, "name"
+    assert_includes col_names, "email"
+    assert_includes col_names, "age"
+  end
+
+  test "includes associations" do
+    response     = call(model: "User")
+    result       = JSON.parse(response.content.first[:text])
+    assoc_names  = result["associations"].map { |a| a["name"] }
+    assert_includes assoc_names, "posts"
+  end
+
+  test "raises on unknown model" do
+    assert_raises(RailsMcp::Database::ModelResolver::UnknownModel) do
+      call(model: "Ghost")
+    end
+  end
+
+  private
+
+  def call(**args)
+    RailsMcp::Tools::DescribeModel.call(server_context: {}, **args)
+  end
+end

data/test/unit/tools/find_record_test.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+class FindRecordToolTest < ActiveSupport::TestCase
+  setup do
+    @user = User.create!(name: "Alice", email: "alice@example.com")
+  end
+
+  test "finds record by id with default fields" do
+    response = call(model: "User", id: @user.id)
+    result   = JSON.parse(response.content.first[:text])
+    assert_equal @user.id, result["id"]
+    refute result.key?("name")
+  end
+
+  test "finds record with requested fields" do
+    response = call(model: "User", id: @user.id, fields: %w[name email])
+    result   = JSON.parse(response.content.first[:text])
+    assert_equal "Alice",               result["name"]
+    assert_equal "alice@example.com",   result["email"]
+  end
+
+  test "raises when record not found" do
+    assert_raises(RailsMcp::Database::ModelResolver::UnknownModel) do
+      call(model: "User", id: 999_999)
+    end
+  end
+
+  test "raises on unknown field" do
+    assert_raises(RailsMcp::Database::QueryBuilder::Error) do
+      call(model: "User", id: @user.id, fields: ["nonexistent"])
+    end
+  end
+
+  private
+
+  def call(**args)
+    RailsMcp::Tools::FindRecord.call(server_context: {}, **args)
+  end
+end

data/test/unit/tools/list_models_test.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+class ListModelsToolTest < ActiveSupport::TestCase
+  test "returns sorted accessible model names" do
+    response = RailsMcp::Tools::ListModels.call(server_context: {})
+    models   = JSON.parse(response.content.first[:text])
+    assert_includes models, "User"
+    assert_includes models, "Post"
+    assert_equal models.sort, models
+  end
+
+  test "respects denied_models config" do
+    RailsMcp.configuration.denied_models = ["Post"]
+    response = RailsMcp::Tools::ListModels.call(server_context: {})
+    models   = JSON.parse(response.content.first[:text])
+    refute_includes models, "Post"
+    assert_includes models, "User"
+  end
+end

data/test/unit/tools/query_records_test.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+class QueryRecordsToolTest < ActiveSupport::TestCase
+  setup do
+    @user = User.create!(name: "Alice", email: "alice@example.com", age: 30, active: true)
+    User.create!(name: "Bob", email: "bob@example.com", age: 25, active: false)
+  end
+
+  test "returns default fields" do
+    response = call(model: "User")
+    records  = JSON.parse(response.content.first[:text])
+    assert records.first.key?("id")
+    assert records.first.key?("created_at")
+    refute records.first.key?("name")
+  end
+
+  test "returns specified fields" do
+    response = call(model: "User", fields: %w[name email])
+    records  = JSON.parse(response.content.first[:text])
+    assert records.first.key?("name")
+    assert records.first.key?("email")
+    refute records.first.key?("id")
+  end
+
+  test "filters by conditions" do
+    response = call(model: "User", conditions: { "active" => true }, fields: ["name"])
+    records  = JSON.parse(response.content.first[:text])
+    assert_equal 1, records.length
+    assert_equal "Alice", records.first["name"]
+  end
+
+  test "raises on unknown model" do
+    assert_raises(RailsMcp::Database::ModelResolver::UnknownModel) do
+      call(model: "Ghost")
+    end
+  end
+
+  test "raises on SQL injection in order" do
+    assert_raises(RailsMcp::Database::QueryBuilder::Error) do
+      call(model: "User", order: "1=1; DROP TABLE users")
+    end
+  end
+
+  private
+
+  def call(**args)
+    RailsMcp::Tools::QueryRecords.call(server_context: {}, **args)
+  end
+end

metadata

@@ -0,0 +1,146 @@
+--- !ruby/object:Gem::Specification
+name: activerecord-mcp
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Paulo Ancheta
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2026-05-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: doorkeeper
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.6'
+- !ruby/object:Gem::Dependency
+  name: mcp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.17'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.17'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
+description: A Rails Engine that implements a Model Context Protocol (MCP) server
+  using HTTP-only Streamable HTTP transport. Provides built-in ActiveRecord query
+  tools with configurable database roles, field filtering, and OAuth 2.1 + PKCE auth
+  via Doorkeeper.
+email:
+- paulo.ancheta@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rubocop.yml"
+- CHANGELOG.md
+- LICENSE
+- README.md
+- Rakefile
+- config/routes.rb
+- docs/advanced.md
+- docs/authentication.md
+- docs/configuration.md
+- docs/querying.md
+- lib/generators/rails_mcp/install/install_generator.rb
+- lib/generators/rails_mcp/install/templates/initializer.rb
+- lib/rails_mcp.rb
+- lib/rails_mcp/auth/token_validator.rb
+- lib/rails_mcp/configuration.rb
+- lib/rails_mcp/controllers/well_known_controller.rb
+- lib/rails_mcp/database/column_policy.rb
+- lib/rails_mcp/database/model_resolver.rb
+- lib/rails_mcp/database/query_builder.rb
+- lib/rails_mcp/database/role_proxy.rb
+- lib/rails_mcp/engine.rb
+- lib/rails_mcp/schema_config.rb
+- lib/rails_mcp/server.rb
+- lib/rails_mcp/tool_dsl.rb
+- lib/rails_mcp/tools/count_records.rb
+- lib/rails_mcp/tools/describe_model.rb
+- lib/rails_mcp/tools/find_record.rb
+- lib/rails_mcp/tools/list_models.rb
+- lib/rails_mcp/tools/query_records.rb
+- lib/rails_mcp/version.rb
+- rails-mcp.gemspec
+- test/dummy/app/models/post.rb
+- test/dummy/app/models/user.rb
+- test/dummy/config/application.rb
+- test/dummy/config/database.yml
+- test/dummy/config/environment.rb
+- test/dummy/config/initializers/doorkeeper.rb
+- test/dummy/config/routes.rb
+- test/dummy/db/schema.rb
+- test/fixtures/rails_mcp.yml
+- test/test_helper.rb
+- test/tmp/generator_output/config/initializers/rails_mcp.rb
+- test/unit/auth/token_validator_test.rb
+- test/unit/database/denied_columns_test.rb
+- test/unit/database/model_resolver_test.rb
+- test/unit/database/query_builder_test.rb
+- test/unit/generators/install_generator_test.rb
+- test/unit/schema_config_test.rb
+- test/unit/tools/count_records_test.rb
+- test/unit/tools/describe_model_test.rb
+- test/unit/tools/find_record_test.rb
+- test/unit/tools/list_models_test.rb
+- test/unit/tools/query_records_test.rb
+homepage: https://github.com/pauloancheta/rails-mcp
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/pauloancheta/rails-mcp
+  source_code_uri: https://github.com/pauloancheta/rails-mcp
+  changelog_uri: https://github.com/pauloancheta/rails-mcp/blob/main/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.20
+signing_key:
+specification_version: 4
+summary: MCP server for Rails apps — safe, role-aware database query tools over Streamable
+  HTTP
+test_files: []