model-context-protocol-rb 0.6.0 → 0.7.0

data/lib/model_context_protocol/server/streamable_http_transport/stream_registry.rb

@@ -43,14 +43,6 @@ module ModelContextProtocol
         @local_streams.key?(session_id)
       end
 
-      def get_stream_server(session_id)
-        @redis.get("#{STREAM_KEY_PREFIX}#{session_id}")
-      end
-
-      def stream_active?(session_id)
-        @redis.exists("#{STREAM_KEY_PREFIX}#{session_id}") == 1
-      end
-
       def refresh_heartbeat(session_id)
         @redis.multi do |multi|
           multi.set("#{HEARTBEAT_KEY_PREFIX}#{session_id}", Time.now.to_f, ex: @ttl)
@@ -88,32 +80,6 @@ module ModelContextProtocol
 
         expired_sessions
       end
-
-      def get_stale_streams(max_age_seconds = 90)
-        current_time = Time.now.to_f
-        stale_streams = []
-
-        # Get all heartbeat keys
-        heartbeat_keys = @redis.keys("#{HEARTBEAT_KEY_PREFIX}*")
-
-        return stale_streams if heartbeat_keys.empty?
-
-        # Get all heartbeat timestamps
-        heartbeat_values = @redis.mget(heartbeat_keys)
-
-        heartbeat_keys.each_with_index do |key, index|
-          next unless heartbeat_values[index]
-
-          session_id = key.sub(HEARTBEAT_KEY_PREFIX, "")
-          last_heartbeat = heartbeat_values[index].to_f
-
-          if current_time - last_heartbeat > max_age_seconds
-            stale_streams << session_id
-          end
-        end
-
-        stale_streams
-      end
     end
   end
 end

data/lib/model_context_protocol/server/streamable_http_transport.rb

@@ -1,5 +1,6 @@
 require "json"
 require "securerandom"
+require "concurrent"
 
 module ModelContextProtocol
   class Server::StreamableHttpTransport
@@ -28,21 +29,20 @@ module ModelContextProtocol
       @redis_pool = ModelContextProtocol::Server::RedisConfig.pool
       @redis = ModelContextProtocol::Server::RedisClientProxy.new(@redis_pool)
 
-      transport_options = @configuration.transport_options
-      @require_sessions = transport_options.fetch(:require_sessions, false)
-      @default_protocol_version = transport_options.fetch(:default_protocol_version, "2025-03-26")
-      @session_protocol_versions = {}
-      @validate_origin = transport_options.fetch(:validate_origin, true)
-      @allowed_origins = transport_options.fetch(:allowed_origins, ["http://localhost", "https://localhost", "http://127.0.0.1", "https://127.0.0.1"])
+      @require_sessions = @configuration.require_sessions
+      # Use Concurrent::Map for thread-safe access from multiple request threads
+      @session_protocol_versions = Concurrent::Map.new
+      @validate_origin = @configuration.validate_origin
+      @allowed_origins = @configuration.allowed_origins
 
-      @session_store = SessionStore.new(@redis, ttl: transport_options[:session_ttl] || 3600)
+      @session_store = SessionStore.new(@redis, ttl: @configuration.session_ttl)
       @server_instance = "#{Socket.gethostname}-#{Process.pid}-#{SecureRandom.hex(4)}"
       @stream_registry = StreamRegistry.new(@redis, @server_instance)
       @notification_queue = NotificationQueue.new(@redis, @server_instance)
       @event_counter = EventCounter.new(@redis, @server_instance)
       @request_store = RequestStore.new(@redis, @server_instance)
       @server_request_store = ServerRequestStore.new(@redis, @server_instance)
-      @ping_timeout = transport_options.fetch(:ping_timeout, 10)
+      @ping_timeout = @configuration.ping_timeout
 
       @message_poller = MessagePoller.new(@redis, @stream_registry, @client_logger) do |stream, message|
         send_to_stream(stream, message)
@@ -55,7 +55,8 @@ module ModelContextProtocol
     end
 
     # Gracefully shut down the transport by stopping background threads and cleaning up resources
-    # Closes all active streams and returns Redis connections to the pool
+    # Closes all active streams. Redis entries are left to expire naturally (they have TTLs).
+    # This method is signal-safe and avoids mutex operations.
     def shutdown
       @server_logger.info("Shutting down StreamableHttpTransport")
 
@@ -67,32 +68,31 @@ module ModelContextProtocol
         @stream_monitor_thread.join(5)
       end
 
-      @stream_registry.get_all_local_streams.each do |session_id, _stream|
-        close_stream(session_id, reason: "shutdown")
-      rescue => e
-        @server_logger.error("Error during stream cleanup for session #{session_id}: #{e.message}")
+      # Close streams directly without Redis cleanup (signal-safe).
+      # Redis entries will expire naturally via TTL.
+      @stream_registry.get_all_local_streams.each do |session_id, stream|
+        begin
+          stream.close
+        rescue IOError, Errno::EPIPE, Errno::ECONNRESET, Errno::ENOTCONN, Errno::EBADF
+          # Stream already closed, ignore
+        end
+        @server_logger.info("← SSE stream [closed] (#{session_id}) [shutdown]")
       end
 
-      @redis_pool.checkin(@redis) if @redis_pool && @redis
-
       @server_logger.info("StreamableHttpTransport shutdown complete")
     end
 
     # Main entry point for handling HTTP requests (POST, GET, DELETE)
     # Routes requests to appropriate handlers and manages the request/response lifecycle
-    def handle
+    # @param env [Hash] Rack environment hash (required)
+    # @param session_context [Hash] Per-request context that will be merged with server context
+    def handle(env:, session_context: {})
       @server_logger.debug("Handling streamable HTTP transport request")
 
-      env = @configuration.transport_options[:env]
-
-      unless env
-        raise ArgumentError, "StreamableHTTP transport requires Rack env hash in transport_options"
-      end
-
       case env["REQUEST_METHOD"]
       when "POST"
         @server_logger.debug("Handling POST request")
-        handle_post_request(env)
+        handle_post_request(env, session_context: session_context)
       when "GET"
         @server_logger.debug("Handling GET request")
         handle_get_request(env)
@@ -165,16 +165,11 @@ module ModelContextProtocol
       end
     end
 
-    # Validate HTTP headers for required content type and CORS origin
-    # Returns error response if headers are invalid, nil if valid
-    def validate_headers(env)
-      if @validate_origin
-        origin = env["HTTP_ORIGIN"]
-        if origin && !@allowed_origins.any? { |allowed| origin.start_with?(allowed) }
-          error_response = ErrorResponse[id: nil, error: {code: -32600, message: "Origin not allowed"}]
-          return {json: error_response.serialized, status: 403}
-        end
-      end
+    # Validate HTTP headers for POST requests: CORS origin, content type, and protocol version.
+    # Returns error response hash if headers are invalid, nil if valid.
+    def validate_headers(env, session_id: nil)
+      origin_error = validate_origin!(env)
+      return origin_error if origin_error
 
       accept_header = env["HTTP_ACCEPT"]
       if accept_header
@@ -184,15 +179,53 @@ module ModelContextProtocol
         end
       end
 
+      validate_protocol_version!(env, session_id: session_id)
+    end
+
+    # Validate CORS Origin header against allowed origins.
+    # The MCP spec requires servers to validate Origin on all incoming connections
+    # to prevent DNS rebinding attacks.
+    def validate_origin!(env)
+      return nil unless @validate_origin
+
+      origin = env["HTTP_ORIGIN"]
+      if origin && !@allowed_origins.any? { |allowed| origin.start_with?(allowed) }
+        error_response = ErrorResponse[id: nil, error: {code: -32600, message: "Origin not allowed"}]
+        return {json: error_response.serialized, status: 403}
+      end
+
+      nil
+    end
+
+    # Validate MCP-Protocol-Version header against negotiated version.
+    # Per the MCP spec, the server MUST respond with 400 Bad Request for invalid
+    # or unsupported protocol versions. When a session_id is provided, validation
+    # is scoped to that session's negotiated version.
+    def validate_protocol_version!(env, session_id: nil)
       protocol_version = env["HTTP_MCP_PROTOCOL_VERSION"]
-      if protocol_version
-        valid_versions = @session_protocol_versions.values.compact.uniq
-        unless valid_versions.empty? || valid_versions.include?(protocol_version)
-          error_response = ErrorResponse[id: nil, error: {code: -32600, message: "Invalid MCP protocol version: #{protocol_version}. Expected one of: #{valid_versions.join(", ")}"}]
-          return {json: error_response.serialized, status: 400}
+      return nil unless protocol_version
+
+      # When a session_id is provided, try session-specific validation first.
+      # If the session has a known negotiated version, validate strictly against it.
+      if session_id
+        expected_version = @session_protocol_versions[session_id]
+        if expected_version
+          if protocol_version != expected_version
+            error_response = ErrorResponse[id: nil, error: {code: -32600, message: "Invalid MCP protocol version: #{protocol_version}. Expected: #{expected_version}"}]
+            return {json: error_response.serialized, status: 400}
+          end
+          return nil
         end
       end
 
+      # Fallback: validate against all known negotiated versions (covers cases
+      # where session_id is nil or has no entry, e.g. sessions not required).
+      valid_versions = @session_protocol_versions.values.compact.uniq
+      unless valid_versions.empty? || valid_versions.include?(protocol_version)
+        error_response = ErrorResponse[id: nil, error: {code: -32600, message: "Invalid MCP protocol version: #{protocol_version}. Expected one of: #{valid_versions.join(", ")}"}]
+        return {json: error_response.serialized, status: 400}
+      end
+
       nil
     end
 
@@ -212,13 +245,15 @@ module ModelContextProtocol
 
     # Handle HTTP POST requests containing JSON-RPC messages
     # Parses request body and routes to initialization or regular request handlers
-    def handle_post_request(env)
-      validation_error = validate_headers(env)
+    # @param env [Hash] Rack environment hash
+    # @param session_context [Hash] Per-request context for initialization
+    def handle_post_request(env, session_context: {})
+      session_id = env["HTTP_MCP_SESSION_ID"]
+      validation_error = validate_headers(env, session_id: session_id)
       return validation_error if validation_error
 
       body_string = env["rack.input"].read
       body = JSON.parse(body_string)
-      session_id = env["HTTP_MCP_SESSION_ID"]
       accept_header = env["HTTP_ACCEPT"] || ""
 
       log_to_server_with_context(request_id: body["id"]) do |logger|
@@ -237,7 +272,7 @@ module ModelContextProtocol
       end
 
       if body["method"] == "initialize"
-        handle_initialization(body, accept_header)
+        handle_initialization(body, accept_header, session_context: session_context)
       else
         handle_regular_request(body, session_id, accept_header)
       end
@@ -276,7 +311,10 @@ module ModelContextProtocol
 
     # Handle MCP initialization requests to establish protocol version and optional sessions
     # Always returns JSON response regardless of Accept header to keep initialization simple
-    def handle_initialization(body, accept_header)
+    # @param body [Hash] Parsed JSON-RPC request body
+    # @param accept_header [String] HTTP Accept header value
+    # @param session_context [Hash] Per-request context to merge with server context
+    def handle_initialization(body, accept_header, session_context: {})
       result = @router.route(body, transport: self)
       response = Response[id: body["id"], result: result.serialized]
       response_headers = {}
@@ -284,12 +322,17 @@ module ModelContextProtocol
 
       if @require_sessions
         session_id = SecureRandom.uuid
+        # Merge server-level defaults with request-level context
+        merged_context = (@configuration.context || {}).merge(session_context)
         @session_store.create_session(session_id, {
           server_instance: @server_instance,
-          context: @configuration.context || {},
+          context: merged_context,
           created_at: Time.now.to_f,
           negotiated_protocol_version: negotiated_protocol_version
         })
+        # Store initial handler names for list_changed detection
+        current_handlers = @configuration.registry.handler_names
+        @session_store.store_registered_handlers(session_id, **current_handlers)
         response_headers["Mcp-Session-Id"] = session_id
         @session_protocol_versions[session_id] = negotiated_protocol_version
         log_to_server_with_context { |logger| logger.info("Session created: #{session_id} (protocol: #{negotiated_protocol_version})") }
@@ -314,9 +357,15 @@ module ModelContextProtocol
     # Handle regular MCP requests (tools, resources, prompts) with streaming/JSON decision logic
     # Defaults to SSE streaming but returns JSON when client explicitly requests JSON only
     def handle_regular_request(body, session_id, accept_header)
+      session_context = {}
+
       if @require_sessions
+        # Per the MCP spec, servers SHOULD respond to requests without a valid
+        # Mcp-Session-Id header (other than initialization) with HTTP 400.
+        # The session ID MUST be present on all subsequent requests after initialization,
+        # including notifications like notifications/initialized.
         unless session_id && @session_store.session_exists?(session_id)
-          if session_id && !@session_store.session_exists?(session_id)
+          if session_id
             error_response = ErrorResponse[id: body["id"], error: {code: -32600, message: "Session terminated"}]
             return {json: error_response.serialized, status: 404}
           else
@@ -324,6 +373,9 @@ module ModelContextProtocol
             return {json: error_response.serialized, status: 400}
           end
         end
+
+        session_context = @session_store.get_session_context(session_id)
+        check_and_notify_handler_changes(session_id)
       end
 
       message_type = determine_message_type(body)
@@ -348,7 +400,7 @@ module ModelContextProtocol
         log_to_server_with_context do |logger|
           logger.info("← Notification [accepted]")
         end
-        {json: {}, status: 202}
+        {status: 202}
 
       when :request
         if accept_header.include?("text/event-stream")
@@ -359,9 +411,9 @@ module ModelContextProtocol
               "Cache-Control" => "no-cache",
               "Connection" => "keep-alive"
             },
-            stream_proc: create_request_response_sse_stream_proc(body, session_id)
+            stream_proc: create_request_response_sse_stream_proc(body, session_id, session_context: session_context)
           }
-        elsif (result = @router.route(body, request_store: @request_store, session_id: session_id, transport: self))
+        elsif (result = @router.route(body, request_store: @request_store, session_id: session_id, transport: self, session_context: session_context))
           response = Response[id: body["id"], result: result.serialized]
 
           log_to_server_with_context(request_id: response.id) do |logger|
@@ -386,6 +438,9 @@ module ModelContextProtocol
     # Handle HTTP GET requests to establish persistent SSE connections for notifications
     # Validates session requirements and Accept headers before opening long-lived streams
     def handle_get_request(env)
+      origin_error = validate_origin!(env)
+      return origin_error if origin_error
+
       accept_header = env["HTTP_ACCEPT"] || ""
       unless accept_header.include?("text/event-stream")
         error_response = ErrorResponse[id: nil, error: {code: -32600, message: "Accept header must include text/event-stream"}]
@@ -393,6 +448,10 @@ module ModelContextProtocol
       end
 
       session_id = env["HTTP_MCP_SESSION_ID"]
+
+      protocol_error = validate_protocol_version!(env, session_id: session_id)
+      return protocol_error if protocol_error
+
       last_event_id = env["HTTP_LAST_EVENT_ID"]
 
       if @require_sessions
@@ -422,10 +481,28 @@ module ModelContextProtocol
     # Handle HTTP DELETE requests to clean up sessions and associated resources
     # Removes session data, closes streams, and cleans up request store entries
     def handle_delete_request(env)
+      origin_error = validate_origin!(env)
+      return origin_error if origin_error
+
       session_id = env["HTTP_MCP_SESSION_ID"]
 
+      protocol_error = validate_protocol_version!(env, session_id: session_id)
+      return protocol_error if protocol_error
+
       @server_logger.info("→ DELETE /mcp [Session cleanup: #{session_id || "unknown"}]")
 
+      if @require_sessions
+        unless session_id
+          error_response = ErrorResponse[id: nil, error: {code: -32600, message: "Invalid or missing session ID"}]
+          return {json: error_response.serialized, status: 400}
+        end
+
+        unless @session_store.session_exists?(session_id)
+          error_response = ErrorResponse[id: nil, error: {code: -32600, message: "Session terminated"}]
+          return {json: error_response.serialized, status: 404}
+        end
+      end
+
       if session_id
         cleanup_session(session_id)
         log_to_server_with_context { |logger| logger.info("Session cleanup: #{session_id}") }
@@ -441,7 +518,10 @@ module ModelContextProtocol
     # Create SSE stream processor for request-response pattern with real-time progress support
     # Opens stream → Executes request → Sends response → Closes stream
     # Enables progress notifications during long-running operations like tool calls
-    def create_request_response_sse_stream_proc(request_body, session_id)
+    # @param request_body [Hash] Parsed JSON-RPC request
+    # @param session_id [String, nil] Session ID for this request
+    # @param session_context [Hash] Context to pass to handlers
+    def create_request_response_sse_stream_proc(request_body, session_id, session_context: {})
       proc do |stream|
         temp_stream_id = "temp-#{SecureRandom.hex(8)}"
         @stream_registry.register_stream(temp_stream_id, stream)
@@ -452,7 +532,7 @@ module ModelContextProtocol
         end
 
         begin
-          if (result = @router.route(request_body, request_store: @request_store, session_id: session_id, transport: self, stream_id: temp_stream_id))
+          if (result = @router.route(request_body, request_store: @request_store, session_id: session_id, transport: self, stream_id: temp_stream_id, session_context: session_context))
             response = Response[id: request_body["id"], result: result.serialized]
             event_id = next_event_id
             send_sse_event(stream, response.serialized, event_id)
@@ -467,6 +547,16 @@ module ModelContextProtocol
         rescue IOError, Errno::EPIPE, Errno::ECONNRESET => e
           @server_logger.debug("Client disconnected during progressive request processing: #{e.class.name}")
           log_to_server_with_context { |logger| logger.info("← SSE stream [closed] (#{temp_stream_id}) [client_disconnected]") }
+        rescue ModelContextProtocol::Server::ParameterValidationError => e
+          @client_logger.error("Validation error", error: e.message)
+          error_response = ErrorResponse[id: request_body["id"], error: {code: -32602, message: e.message}]
+          send_sse_event(stream, error_response.serialized, next_event_id)
+          close_stream(temp_stream_id, reason: "validation_error")
+        rescue => e
+          @client_logger.error("Internal error", error: e.message, backtrace: e.backtrace)
+          error_response = ErrorResponse[id: request_body["id"], error: {code: -32603, message: e.message}]
+          send_sse_event(stream, error_response.serialized, next_event_id)
+          close_stream(temp_stream_id, reason: "internal_error")
         ensure
           @stream_registry.unregister_stream(temp_stream_id)
         end
@@ -525,8 +615,15 @@ module ModelContextProtocol
           flush_notifications_to_stream(stream)
         end
 
+        # Also flush any messages queued in Redis from other server instances
+        poll_and_deliver_redis_messages(stream, session_id) if session_id
+
         loop do
           break unless stream_connected?(stream)
+
+          # Poll for queued messages from Redis (cross-server delivery)
+          poll_and_deliver_redis_messages(stream, session_id) if session_id
+
           sleep 0.1
         end
       ensure
@@ -688,12 +785,6 @@ module ModelContextProtocol
       @server_request_store.cleanup_session_requests(session_id)
     end
 
-    # Check if this transport instance has any active local streams
-    # Used to determine if notifications should be queued or delivered immediately
-    def has_active_streams?
-      @stream_registry.has_any_local_streams?
-    end
-
     # Broadcast notification to all active streams on this transport instance
     # Handles connection errors gracefully and removes disconnected streams
     def deliver_to_active_streams(notification)
@@ -723,6 +814,22 @@ module ModelContextProtocol
       @server_logger.debug("Delivered notifications to #{delivered_count} streams, cleaned up #{disconnected_streams.size} disconnected streams")
     end
 
+    # Poll for messages queued in Redis and deliver to the stream
+    # Handles cross-server message delivery when notifications are queued by other server instances
+    def poll_and_deliver_redis_messages(stream, session_id)
+      return unless session_id
+
+      messages = @session_store.poll_messages_for_session(session_id)
+      return if messages.empty?
+
+      @server_logger.debug("Delivering #{messages.size} queued messages from Redis to stream #{session_id}")
+      messages.each do |message|
+        send_to_stream(stream, message)
+      end
+    rescue => e
+      @server_logger.error("Error polling Redis messages: #{e.message}")
+    end
+
     # Flush any queued notifications to a newly connected stream
     # Ensures clients receive notifications that were queued while disconnected
     def flush_notifications_to_stream(stream)
@@ -783,5 +890,34 @@ module ModelContextProtocol
       end
       nil
     end
+
+    # Check if registered handlers have changed for a session and send notifications
+    # Compares current handlers against previously stored handlers in Redis
+    def check_and_notify_handler_changes(session_id)
+      return unless session_id
+      return unless @session_store.session_exists?(session_id)
+
+      current = @configuration.registry.handler_names
+      previous = @session_store.get_registered_handlers(session_id)
+
+      return if previous.nil? # First request after init
+
+      changed_types = []
+      changed_types << :prompts if current[:prompts].sort != previous[:prompts]&.sort
+      changed_types << :resources if current[:resources].sort != previous[:resources]&.sort
+      changed_types << :tools if current[:tools].sort != previous[:tools]&.sort
+
+      return if changed_types.empty?
+
+      changed_types.each do |type|
+        send_notification("notifications/#{type}/list_changed", {}, session_id: session_id)
+      end
+
+      @session_store.store_registered_handlers(session_id, **current)
+    rescue => e
+      @server_logger.error("Error checking handler changes: #{e.class.name}: #{e.message}")
+      @server_logger.debug("Backtrace: #{e.backtrace.first(5).join("\n")}")
+      # Don't re-raise - handler change detection is optional, allow request to proceed
+    end
   end
 end

data/lib/model_context_protocol/server/tool.rb

@@ -83,7 +83,7 @@ module ModelContextProtocol
     end
 
     class << self
-      attr_reader :name, :description, :title, :input_schema, :output_schema
+      attr_reader :name, :description, :title, :input_schema, :output_schema, :annotations, :security_schemes
 
       def define(&block)
         definition_dsl = DefinitionDSL.new
@@ -94,6 +94,8 @@ module ModelContextProtocol
         @title = definition_dsl.title
         @input_schema = definition_dsl.input_schema
         @output_schema = definition_dsl.output_schema
+        @annotations = definition_dsl.defined_annotations
+        @security_schemes = definition_dsl.security_schemes
       end
 
       def inherited(subclass)
@@ -102,6 +104,8 @@ module ModelContextProtocol
         subclass.instance_variable_set(:@title, @title)
         subclass.instance_variable_set(:@input_schema, @input_schema)
         subclass.instance_variable_set(:@output_schema, @output_schema)
+        subclass.instance_variable_set(:@annotations, @annotations&.dup)
+        subclass.instance_variable_set(:@security_schemes, @security_schemes)
       end
 
       def call(arguments, client_logger, server_logger, context = {})
@@ -120,6 +124,9 @@ module ModelContextProtocol
         result = {name: @name, description: @description, inputSchema: @input_schema}
         result[:title] = @title if @title
         result[:outputSchema] = @output_schema if @output_schema
+        annotations_hash = @annotations&.serialized
+        result[:annotations] = annotations_hash if annotations_hash
+        result[:securitySchemes] = @security_schemes if @security_schemes
         result
       end
     end
@@ -149,6 +156,65 @@ module ModelContextProtocol
         @output_schema = instance_eval(&block) if block_given?
         @output_schema
       end
+
+      attr_reader :defined_annotations
+
+      def annotations(&block)
+        @defined_annotations = AnnotationsDSL.new
+        @defined_annotations.instance_eval(&block)
+        @defined_annotations
+      end
+
+      def security_schemes(&block)
+        @security_schemes = instance_eval(&block) if block_given?
+        @security_schemes
+      end
+    end
+
+    class AnnotationsDSL
+      def initialize
+        @read_only_hint = nil
+        @destructive_hint = nil
+        @idempotent_hint = nil
+        @open_world_hint = nil
+      end
+
+      def read_only_hint(value)
+        validate_boolean!(:read_only_hint, value)
+        @read_only_hint = value
+      end
+
+      def destructive_hint(value)
+        validate_boolean!(:destructive_hint, value)
+        @destructive_hint = value
+      end
+
+      def idempotent_hint(value)
+        validate_boolean!(:idempotent_hint, value)
+        @idempotent_hint = value
+      end
+
+      def open_world_hint(value)
+        validate_boolean!(:open_world_hint, value)
+        @open_world_hint = value
+      end
+
+      def serialized
+        result = {}
+        result[:readOnlyHint] = @read_only_hint unless @read_only_hint.nil?
+        result[:destructiveHint] = @destructive_hint unless @destructive_hint.nil?
+        result[:idempotentHint] = @idempotent_hint unless @idempotent_hint.nil?
+        result[:openWorldHint] = @open_world_hint unless @open_world_hint.nil?
+        result.empty? ? nil : result
+      end
+
+      private
+
+      def validate_boolean!(field, value)
+        unless value.is_a?(TrueClass) || value.is_a?(FalseClass)
+          raise ArgumentError, "#{field} must be a boolean, got: #{value.inspect}"
+        end
+      end
     end
   end
 end