coverband 6.1.5 → 6.1.7

data/lib/coverband/configuration.rb

@@ -14,13 +14,14 @@ module Coverband
       :view_tracker, :defer_eager_loading_data,
       :track_routes, :track_redirect_routes, :route_tracker,
       :track_translations, :translations_tracker,
-      :trackers, :csp_policy, :hide_settings
+      :trackers, :csp_policy, :hide_settings,
+      :mcp_enabled
 
     attr_writer :logger, :s3_region, :s3_bucket, :s3_access_key_id,
       :s3_secret_access_key, :password, :api_key, :service_url, :coverband_timeout, :service_dev_mode,
       :service_test_mode, :process_type, :track_views, :redis_url,
       :background_reporting_sleep_seconds, :reporting_wiggle,
-      :send_deferred_eager_loading_data, :paged_reporting
+      :send_deferred_eager_loading_data, :paged_reporting, :mcp_allowed_environments, :mcp_password
 
     attr_reader :track_gems, :ignore
 
@@ -31,19 +32,19 @@ module Coverband
     # * Perhaps detect heroku deployment ENV var opposed to tasks?
     #####
     IGNORE_TASKS = ["coverband:clear",
-                    "coverband:coverage",
-                    "coverband:coverage_server",
-                    "assets:precompile",
-                    "webpacker:compile",
-                    "db:version",
-                    "db:create",
-                    "db:drop",
-                    "db:seed",
-                    "db:setup",
-                    "db:test:prepare",
-                    "db:structure:dump",
-                    "db:structure:load",
-                    "db:version"]
+      "coverband:coverage",
+      "coverband:coverage_server",
+      "assets:precompile",
+      "webpacker:compile",
+      "db:version",
+      "db:create",
+      "db:drop",
+      "db:seed",
+      "db:setup",
+      "db:test:prepare",
+      "db:structure:dump",
+      "db:structure:load",
+      "db:version"]
 
     # Heroku when building assets runs code from a dynamic directory
     # /tmp was added to avoid coverage from /tmp/build directories during
@@ -91,6 +92,11 @@ module Coverband
       @csp_policy = false
       @hide_settings = false
 
+      # MCP (Model Context Protocol) security settings
+      @mcp_enabled = false
+      @mcp_password = nil
+      @mcp_allowed_environments = %w[development test]
+
       # coverband service settings
       @api_key = nil
       @service_url = nil
@@ -144,14 +150,40 @@ module Coverband
       @logger ||= if defined?(Rails.logger) && Rails.logger
         Rails.logger
       else
-        Logger.new(STDOUT)
+        Logger.new($stdout)
       end
     end
 
+    # Alias for backward compatibility - track_key uses :routes_tracker symbol
+    def routes_tracker
+      route_tracker
+    end
+
     def password
       @password || ENV["COVERBAND_PASSWORD"]
     end
 
+    def mcp_enabled?
+      # MCP is disabled by default and explicitly controlled
+      return false unless @mcp_enabled
+
+      # Check if current environment is allowed
+      current_env = (defined?(Rails) && Rails.respond_to?(:env) && Rails.env) ||
+        ENV["RAILS_ENV"] ||
+        ENV["RACK_ENV"] ||
+        "development"
+
+      mcp_allowed_environments.include?(current_env.to_s)
+    end
+
+    def mcp_password
+      @mcp_password || ENV["COVERBAND_MCP_PASSWORD"]
+    end
+
+    def mcp_allowed_environments
+      @mcp_allowed_environments || %w[development test]
+    end
+
     # The adjustments here either protect the redis or service from being overloaded
     # the tradeoff being the delay in when reporting data is available
     # if running your own redis increasing this number reduces load on the redis CPU
@@ -180,7 +212,14 @@ module Coverband
         require "coverband/adapters/web_service_store"
         Coverband::Adapters::WebServiceStore.new(service_url)
       else
-        Coverband::Adapters::RedisStore.new(Redis.new(url: redis_url), redis_store_options)
+        begin
+          Coverband::Adapters::RedisStore.new(Redis.new(url: redis_url), redis_store_options)
+        rescue Redis::CannotConnectError => error
+          logger.info "Redis is not available (#{error}), defaulting to NullStore"
+          logger.info "If this is intended, please explicitly configure your store: config.store = Coverband::Adapters::FileStore.new('log/coverage')"
+          require "coverband/adapters/null_store"
+          Coverband::Adapters::NullStore.new
+        end
       end
     end
 
@@ -242,7 +281,7 @@ module Coverband
       @all_root_patterns ||= all_root_paths.map { |path| /^#{path}/ }.freeze
     end
 
-    SKIPPED_SETTINGS = %w[@s3_secret_access_key @store @api_key @password]
+    SKIPPED_SETTINGS = %w[@s3_secret_access_key @store @api_key @password @mcp_password]
     def to_h
       instance_variables
         .each_with_object({}) do |var, hash|

data/lib/coverband/integrations/resque.rb

@@ -29,8 +29,8 @@ if defined?(Coverband::COVERBAND_ALTERNATE_PATCH)
     ensure
       Coverband.report_coverage
     end
-    alias perform_without_coverband perform
-    alias perform perform_with_coverband
+    alias_method :perform_without_coverband, :perform
+    alias_method :perform, :perform_with_coverband
   end
 else
   Resque::Job.prepend(Coverband::ResqueWorker)

data/lib/coverband/mcp/http_handler.rb

@@ -0,0 +1,118 @@
+# frozen_string_literal: true
+
+module Coverband
+  module MCP
+    # Rack middleware that adds MCP HTTP endpoint support.
+    # Can be used to wrap the existing Coverband::Reporters::Web app
+    # or mounted standalone.
+    #
+    # Usage with existing web UI:
+    #   map "/coverage" do
+    #     run Coverband::MCP::HttpHandler.new(Coverband::Reporters::Web.new)
+    #   end
+    #   # MCP endpoint available at POST /coverage/mcp
+    #
+    # Usage standalone:
+    #   map "/mcp" do
+    #     run Coverband::MCP::HttpHandler.new
+    #   end
+    #
+    class HttpHandler
+      MCP_PATH = "/mcp"
+
+      def initialize(app = nil)
+        @app = app
+        @server = nil
+      end
+
+      def call(env)
+        request = Rack::Request.new(env)
+
+        if mcp_request?(request)
+          handle_mcp_request(request)
+        elsif @app
+          @app.call(env)
+        else
+          not_found_response
+        end
+      end
+
+      private
+
+      def mcp_request?(request)
+        request.post? && request.path_info.end_with?(MCP_PATH)
+      end
+
+      def handle_mcp_request(request)
+        # Check authentication if MCP password is configured
+        unless authenticate_mcp_request(request)
+          return [401, {
+            "Content-Type" => "application/json",
+            "Access-Control-Allow-Origin" => "*",
+            "Access-Control-Allow-Methods" => "POST, OPTIONS",
+            "Access-Control-Allow-Headers" => "Content-Type, Authorization",
+            "WWW-Authenticate" => 'Bearer realm="Coverband MCP"'
+          }, [JSON.generate({
+            "error" => "Authentication required",
+            "message" => "MCP access requires authentication. Provide Bearer token via Authorization header."
+          })]]
+        end
+
+        body = request.body.read
+        json_request = JSON.parse(body)
+        response = mcp_server.handle_json(json_request)
+
+        # response might already be a JSON string, so check before converting
+        response_body = response.is_a?(String) ? response : response.to_json
+
+        [
+          200,
+          {
+            "content-type" => "application/json",
+            "access-control-allow-origin" => "*",
+            "access-control-allow-methods" => "POST, OPTIONS",
+            "access-control-allow-headers" => "Content-Type"
+          },
+          [response_body]
+        ]
+      rescue JSON::ParserError => e
+        error_response(400, "Invalid JSON: #{e.message}")
+      rescue => e
+        error_response(500, "Server error: #{e.message}")
+      end
+
+      def authenticate_mcp_request(request)
+        # If no MCP password is configured, allow access
+        mcp_password = Coverband.configuration.mcp_password
+        return true unless mcp_password
+
+        # Extract Bearer token from Authorization header
+        auth_header = request.get_header("HTTP_AUTHORIZATION")
+        return false unless auth_header
+
+        # Parse Bearer token
+        token = auth_header[/Bearer (.+)/, 1]
+        return false unless token
+
+        # Compare with configured MCP password
+        token == mcp_password
+      end
+
+      def mcp_server
+        @server ||= Server.new
+      end
+
+      def error_response(status, message)
+        [
+          status,
+          {"content-type" => "application/json"},
+          [{error: message}.to_json]
+        ]
+      end
+
+      def not_found_response
+        [404, {"content-type" => "text/plain"}, ["Not Found"]]
+      end
+    end
+  end
+end

data/lib/coverband/mcp/server.rb

@@ -0,0 +1,116 @@
+# frozen_string_literal: true
+
+require_relative "tools/get_coverage_summary"
+require_relative "tools/get_file_coverage"
+require_relative "tools/get_uncovered_files"
+require_relative "tools/get_dead_methods"
+require_relative "tools/get_view_tracker_data"
+require_relative "tools/get_route_tracker_data"
+require_relative "tools/get_translation_tracker_data"
+
+module Coverband
+  module MCP
+    class Server
+      attr_reader :mcp_server
+
+      DEFAULT_HTTP_PORT = 9023
+
+      def initialize
+        # Ensure Coverband is configured
+        Coverband.configure unless Coverband.configured?
+
+        # Security check: Ensure MCP is enabled and environment is allowed
+        unless Coverband.configuration.mcp_enabled?
+          raise SecurityError, "MCP is not enabled. Set config.mcp_enabled = true and ensure the current environment is in mcp_allowed_environments."
+        end
+
+        @mcp_server = ::MCP::Server.new(
+          name: "coverband",
+          version: Coverband::VERSION,
+          instructions: "Coverband production code coverage MCP server. " \
+                        "Query coverage data, find dead code, and analyze view/route/translation usage.",
+          tools: tools
+        )
+      end
+
+      def run_stdio
+        transport = ::MCP::Server::Transports::StdioTransport.new(@mcp_server)
+        transport.open
+      end
+
+      def run_http(port: DEFAULT_HTTP_PORT, host: "localhost")
+        require "rack"
+        require "rackup"
+
+        transport = ::MCP::Server::Transports::StreamableHTTPTransport.new(@mcp_server)
+        @mcp_server.transport = transport
+
+        app = create_rack_app(transport)
+
+        puts <<~MESSAGE
+          === Coverband MCP Server (HTTP) ===
+
+          🔒 SECURITY NOTICE:
+          This server exposes production coverage data.
+          Ensure proper network security (firewall, VPN, etc.)
+          Environment: #{(defined?(Rails) && Rails.respond_to?(:env) && Rails.env) || ENV["RAILS_ENV"] || ENV["RACK_ENV"] || "development"}
+          Authentication: #{Coverband.configuration.mcp_password ? "✓ Enabled" : "⚠️  DISABLED"}
+
+          Server running at http://#{host}:#{port}
+
+          Available tools:
+            - get_coverage_summary
+            - get_file_coverage
+            - get_uncovered_files
+            - get_dead_methods
+            - get_view_tracker_data
+            - get_route_tracker_data
+            - get_translation_tracker_data
+
+          For Claude Desktop, configure with:
+            {
+              "mcpServers": {
+                "coverband": {
+                  "command": "npx",
+                  "args": ["mcp-remote", "http://#{host}:#{port}"]
+                }
+              }
+            }
+
+          Press Ctrl+C to stop the server
+        MESSAGE
+
+        Rackup::Handler.get("puma").run(app, Port: port, Host: host, Silent: true)
+      end
+
+      def handle_json(json_request)
+        @mcp_server.handle_json(json_request)
+      end
+
+      private
+
+      def create_rack_app(transport)
+        Rack::Builder.new do
+          use Rack::CommonLogger
+
+          run lambda { |env|
+            request = Rack::Request.new(env)
+            transport.handle_request(request)
+          }
+        end
+      end
+
+      def tools
+        [
+          Tools::GetCoverageSummary,
+          Tools::GetFileCoverage,
+          Tools::GetUncoveredFiles,
+          Tools::GetDeadMethods,
+          Tools::GetViewTrackerData,
+          Tools::GetRouteTrackerData,
+          Tools::GetTranslationTrackerData
+        ]
+      end
+    end
+  end
+end

data/lib/coverband/mcp/tools/get_coverage_summary.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module Coverband
+  module MCP
+    module Tools
+      class GetCoverageSummary < ::MCP::Tool
+        description "Get overall production code coverage statistics including total files, " \
+                    "lines of code, lines covered, and coverage percentage."
+
+        input_schema(
+          properties: {}
+        )
+
+        def self.call(server_context:, **)
+          store = Coverband.configuration.store
+          report = Coverband::Reporters::JSONReport.new(store)
+          data = JSON.parse(report.report)
+
+          summary = {
+            total_files: data["total_files"],
+            lines_of_code: data["lines_of_code"],
+            lines_covered: data["lines_covered"],
+            lines_missed: data["lines_missed"],
+            covered_percent: data["covered_percent"],
+            covered_strength: data["covered_strength"]
+          }
+
+          ::MCP::Tool::Response.new([{
+            type: "text",
+            text: JSON.pretty_generate(summary)
+          }])
+        rescue => e
+          ::MCP::Tool::Response.new([{
+            type: "text",
+            text: "Error getting coverage summary: #{e.message}"
+          }])
+        end
+      end
+    end
+  end
+end

data/lib/coverband/mcp/tools/get_dead_methods.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module Coverband
+  module MCP
+    module Tools
+      class GetDeadMethods < ::MCP::Tool
+        description "Analyze code coverage to find methods that have never been executed in production. " \
+                    "Requires Ruby 2.6+ with RubyVM::AbstractSyntaxTree support."
+
+        input_schema(
+          properties: {
+            file_pattern: {
+              type: "string",
+              description: "Optional glob pattern to filter files (e.g., 'app/models/**/*.rb')"
+            }
+          }
+        )
+
+        def self.call(server_context:, file_pattern: nil, **)
+          unless defined?(RubyVM::AbstractSyntaxTree)
+            return ::MCP::Tool::Response.new([{
+              type: "text",
+              text: "Dead method detection requires Ruby 2.6+ with RubyVM::AbstractSyntaxTree support."
+            }])
+          end
+
+          dead_methods = Coverband::Utils::DeadMethods.scan_all
+
+          if file_pattern
+            dead_methods = dead_methods.select do |method|
+              File.fnmatch(file_pattern, method[:file_path], File::FNM_PATHNAME)
+            end
+          end
+
+          # Group by file for easier reading
+          grouped = dead_methods.group_by { |m| m[:file_path] }
+
+          result = grouped.map do |file_path, methods|
+            {
+              file: file_path,
+              dead_methods: methods.map do |m|
+                {
+                  class_name: m[:class_name],
+                  method_name: m[:method_name],
+                  line_number: m[:line_number]
+                }
+              end
+            }
+          end
+
+          ::MCP::Tool::Response.new([{
+            type: "text",
+            text: JSON.pretty_generate({
+              total_dead_methods: dead_methods.length,
+              files_with_dead_methods: grouped.keys.length,
+              file_pattern: file_pattern,
+              results: result
+            })
+          }])
+        rescue => e
+          ::MCP::Tool::Response.new([{
+            type: "text",
+            text: "Error analyzing dead methods: #{e.message}"
+          }])
+        end
+      end
+    end
+  end
+end

data/lib/coverband/mcp/tools/get_file_coverage.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+module Coverband
+  module MCP
+    module Tools
+      class GetFileCoverage < ::MCP::Tool
+        description "Get detailed line-by-line coverage data for a specific file. " \
+                    "Returns coverage percentage, lines covered/missed, and per-line hit counts."
+
+        input_schema(
+          properties: {
+            filename: {
+              type: "string",
+              description: "Full or partial path to the file (e.g., 'app/models/user.rb')"
+            }
+          },
+          required: ["filename"]
+        )
+
+        def self.call(filename:, server_context:, **)
+          store = Coverband.configuration.store
+          report = Coverband::Reporters::JSONReport.new(store, {
+            filename: filename,
+            line_coverage: true
+          })
+
+          data = JSON.parse(report.report)
+
+          if data["files"].nil? || data["files"].empty?
+            return ::MCP::Tool::Response.new([{
+              type: "text",
+              text: "No coverage data found for file: #{filename}"
+            }])
+          end
+
+          # Find matching file(s)
+          matching_files = data["files"].select { |path, _| path.include?(filename) }
+
+          if matching_files.empty?
+            return ::MCP::Tool::Response.new([{
+              type: "text",
+              text: "No coverage data found for file matching: #{filename}"
+            }])
+          end
+
+          result = matching_files.transform_values do |file_data|
+            {
+              filename: file_data["filename"],
+              covered_percent: file_data["covered_percent"],
+              lines_of_code: file_data["lines_of_code"],
+              lines_covered: file_data["lines_covered"],
+              lines_missed: file_data["lines_missed"],
+              runtime_percentage: file_data["runtime_percentage"],
+              never_loaded: file_data["never_loaded"],
+              coverage: file_data["coverage"]
+            }
+          end
+
+          ::MCP::Tool::Response.new([{
+            type: "text",
+            text: JSON.pretty_generate(result)
+          }])
+        rescue => e
+          ::MCP::Tool::Response.new([{
+            type: "text",
+            text: "Error getting file coverage: #{e.message}"
+          }])
+        end
+      end
+    end
+  end
+end

data/lib/coverband/mcp/tools/get_route_tracker_data.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module Coverband
+  module MCP
+    module Tools
+      class GetRouteTrackerData < ::MCP::Tool
+        description "Get Rails route usage tracking data. Shows which routes have been hit " \
+                    "in production and which have never been accessed."
+
+        input_schema(
+          properties: {
+            show_unused_only: {
+              type: "boolean",
+              description: "Only return unused routes (default: false)"
+            }
+          }
+        )
+
+        def self.call(server_context:, show_unused_only: false, **)
+          tracker = Coverband.configuration.route_tracker
+
+          unless tracker
+            return ::MCP::Tool::Response.new([{
+              type: "text",
+              text: "Route tracking is not enabled. Enable it with `config.track_routes = true` in your coverband configuration."
+            }])
+          end
+
+          data = JSON.parse(tracker.as_json)
+
+          result = if show_unused_only
+            {
+              tracking_since: tracker.tracking_since,
+              unused_routes: data["unused_keys"] || [],
+              total_unused: data["unused_keys"]&.length || 0
+            }
+          else
+            {
+              tracking_since: tracker.tracking_since,
+              used_routes: data["used_keys"] || [],
+              unused_routes: data["unused_keys"] || [],
+              total_used: data["used_keys"]&.length || 0,
+              total_unused: data["unused_keys"]&.length || 0
+            }
+          end
+
+          ::MCP::Tool::Response.new([{
+            type: "text",
+            text: JSON.pretty_generate(result)
+          }])
+        rescue => e
+          ::MCP::Tool::Response.new([{
+            type: "text",
+            text: "Error getting route tracker data: #{e.message}"
+          }])
+        end
+      end
+    end
+  end
+end

data/lib/coverband/mcp/tools/get_translation_tracker_data.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module Coverband
+  module MCP
+    module Tools
+      class GetTranslationTrackerData < ::MCP::Tool
+        description "Get I18n translation key usage tracking data. Shows which translation " \
+                    "keys have been used in production and which have never been accessed."
+
+        input_schema(
+          properties: {
+            show_unused_only: {
+              type: "boolean",
+              description: "Only return unused translation keys (default: false)"
+            }
+          }
+        )
+
+        def self.call(server_context:, show_unused_only: false, **)
+          tracker = Coverband.configuration.translations_tracker
+
+          unless tracker
+            return ::MCP::Tool::Response.new([{
+              type: "text",
+              text: "Translation tracking is not enabled. Enable it with `config.track_translations = true` in your coverband configuration."
+            }])
+          end
+
+          data = JSON.parse(tracker.as_json)
+
+          result = if show_unused_only
+            {
+              tracking_since: tracker.tracking_since,
+              unused_translations: data["unused_keys"] || [],
+              total_unused: data["unused_keys"]&.length || 0
+            }
+          else
+            {
+              tracking_since: tracker.tracking_since,
+              used_translations: data["used_keys"] || [],
+              unused_translations: data["unused_keys"] || [],
+              total_used: data["used_keys"]&.length || 0,
+              total_unused: data["unused_keys"]&.length || 0
+            }
+          end
+
+          ::MCP::Tool::Response.new([{
+            type: "text",
+            text: JSON.pretty_generate(result)
+          }])
+        rescue => e
+          ::MCP::Tool::Response.new([{
+            type: "text",
+            text: "Error getting translation tracker data: #{e.message}"
+          }])
+        end
+      end
+    end
+  end
+end