otto 1.5.0 → 1.6.0

data/lib/otto/mcp/protocol.rb

@@ -0,0 +1,167 @@
+require 'json'
+require_relative 'registry'
+
+class Otto
+  module MCP
+    class Protocol
+      attr_reader :registry
+
+      def initialize(otto_instance)
+        @otto     = otto_instance
+        @registry = Registry.new
+      end
+
+      def handle_request(env)
+        request = Rack::Request.new(env)
+
+        unless request.post? && request.content_type&.include?('application/json')
+          return error_response(nil, -32_600, 'Invalid Request', 'Only JSON-RPC POST requests supported')
+        end
+
+        begin
+          body = request.body.read
+          data = JSON.parse(body)
+        rescue JSON::ParserError
+          return error_response(nil, -32_700, 'Parse error', 'Invalid JSON')
+        end
+
+        unless valid_jsonrpc_request?(data)
+          return error_response(data['id'], -32_600, 'Invalid Request', 'Missing jsonrpc, method, or id fields')
+        end
+
+        case data['method']
+        when 'initialize'
+          handle_initialize(data)
+        when 'resources/list'
+          handle_resources_list(data)
+        when 'resources/read'
+          handle_resources_read(data)
+        when 'tools/list'
+          handle_tools_list(data)
+        when 'tools/call'
+          handle_tools_call(data, env)
+        else
+          error_response(data['id'], -32_601, 'Method not found', "Unknown method: #{data['method']}")
+        end
+      end
+
+      private
+
+      def valid_jsonrpc_request?(data)
+        data.is_a?(Hash) &&
+          data['jsonrpc'] == '2.0' &&
+          data['method'].is_a?(String) &&
+          data.key?('id')
+      end
+
+      def handle_initialize(data)
+        capabilities = {
+          resources: {
+            subscribe: false,
+            listChanged: false,
+          },
+          tools: {},
+        }
+
+        success_response(data['id'], {
+          protocolVersion: '2024-11-05',
+          capabilities: capabilities,
+          serverInfo: {
+            name: 'Otto MCP Server',
+            version: Otto::VERSION,
+          },
+        }
+        )
+      end
+
+      def handle_resources_list(data)
+        resources = @registry.list_resources
+        success_response(data['id'], { resources: resources })
+      end
+
+      def handle_resources_read(data)
+        params = data['params'] || {}
+        uri    = params['uri']
+
+        unless uri
+          return error_response(data['id'], -32_602, 'Invalid params', 'Missing uri parameter')
+        end
+
+        resource = @registry.read_resource(uri)
+        if resource
+          success_response(data['id'], resource)
+        else
+          error_response(data['id'], -32_001, 'Resource not found', "Resource not found: #{uri}")
+        end
+      end
+
+      def handle_tools_list(data)
+        tools = @registry.list_tools
+        success_response(data['id'], { tools: tools })
+      end
+
+      def handle_tools_call(data, env)
+        params    = data['params'] || {}
+        name      = params['name']
+        arguments = params['arguments'] || {}
+
+        unless name
+          return error_response(data['id'], -32_602, 'Invalid params', 'Missing name parameter')
+        end
+
+        begin
+          result = @registry.call_tool(name, arguments, env)
+          success_response(data['id'], result)
+        rescue StandardError => ex
+          Otto.logger.error "[MCP] Tool call error: #{ex.message}"
+          error_response(data['id'], -32_603, 'Internal error', ex.message)
+        end
+      end
+
+      def success_response(id, result)
+        body = JSON.generate({
+          jsonrpc: '2.0',
+          id: id,
+          result: result,
+        },
+                            )
+
+        [200, { 'content-type' => 'application/json' }, [body]]
+      end
+
+      def error_response(id, code, message, data = nil)
+        error        = { code: code, message: message }
+        error[:data] = data if data
+
+        body = JSON.generate({
+          jsonrpc: '2.0',
+          id: id,
+          error: error,
+        },
+                            )
+
+        # Map JSON-RPC error codes to appropriate HTTP status codes
+        http_status = case code
+                      when -32700..-32600 # Parse error, Invalid Request, Method not found
+                        400
+                      when -32000         # Server error (generic)
+                        500
+                      when -32001         # Resource not found
+                        404
+                      when -32002         # Tool not found
+                        404
+                      when -32601         # Method not found
+                        404
+                      when -32602         # Invalid params
+                        400
+                      when -32603         # Internal error
+                        500
+                      else
+                        400 # Default to 400 for other client errors
+                      end
+
+        [http_status, { 'content-type' => 'application/json' }, [body]]
+      end
+    end
+  end
+end

data/lib/otto/mcp/rate_limiting.rb

@@ -0,0 +1,150 @@
+require 'json'
+
+require_relative '../security/rate_limiting'
+
+begin
+  require 'rack/attack'
+rescue LoadError
+  # rack-attack is optional - graceful fallback
+end
+
+class Otto
+  module MCP
+    class RateLimiter < Otto::Security::RateLimiting
+      def self.configure_rack_attack!(config = {})
+        return unless defined?(Rack::Attack)
+
+        # Start with base configuration from general rate limiting
+        super
+
+        # Add MCP-specific rules
+        configure_mcp_rules(config)
+        configure_mcp_responses
+        configure_mcp_logging
+      end
+
+      def self.configure_mcp_rules(config)
+        # MCP endpoint requests - 60 per minute by default
+        mcp_requests_limit = config[:mcp_requests_per_minute] || 60
+
+        Rack::Attack.throttle('mcp_requests', limit: mcp_requests_limit, period: 60) do |request|
+          endpoint = request.env['otto.mcp_http_endpoint'] || '/_mcp'
+          request.ip if request.path.start_with?(endpoint)
+        end
+
+        # Tool calls are more expensive - 20 per minute by default
+        tool_calls_limit = config[:tool_calls_per_minute] || 20
+
+        Rack::Attack.throttle('mcp_tool_calls', limit: tool_calls_limit, period: 60) do |request|
+          endpoint = request.env['otto.mcp_http_endpoint'] || '/_mcp'
+          if request.path.start_with?(endpoint) && request.post?
+            begin
+              body = request.body.read
+              data = JSON.parse(body)
+              request.ip if data['method'] == 'tools/call'
+            rescue JSON::ParserError
+              nil
+            ensure
+              request.body.rewind if request.body.respond_to?(:rewind)
+            end
+          end
+        end
+      end
+
+      def self.configure_mcp_responses
+        # Override throttled responder to provide JSON-RPC formatted responses for MCP requests
+        Rack::Attack.throttled_responder = lambda do |request|
+          match_data = request.env['rack.attack.match_data']
+          now        = match_data[:epoch_time]
+
+          headers = {
+            'content-type' => 'application/json',
+            'retry-after' => (match_data[:period] - (now % match_data[:period])).to_s,
+          }
+
+          # Check if this is an MCP request
+          endpoint = request.env['otto.mcp_http_endpoint'] || '/_mcp'
+          if request.path.start_with?(endpoint)
+            # JSON-RPC error response for MCP
+            error_response = {
+              jsonrpc: '2.0',
+              id: nil,
+              error: {
+                code: -32_000,
+                message: 'Rate limit exceeded',
+                data: {
+                  retry_after: headers['retry-after'].to_i,
+                  limit: match_data[:limit],
+                  period: match_data[:period],
+                },
+              },
+            }
+            [429, headers, [JSON.generate(error_response)]]
+          else
+            # Use the general rate limiting response for non-MCP requests
+            accept_header = request.env['HTTP_ACCEPT'].to_s
+            if accept_header.include?('application/json')
+              error_response = {
+                error: 'Rate limit exceeded',
+                message: 'Too many requests',
+                retry_after: headers['retry-after'].to_i,
+                limit: match_data[:limit],
+                period: match_data[:period],
+              }
+              [429, headers, [JSON.generate(error_response)]]
+            else
+              body                    = "Rate limit exceeded. Retry after #{headers['retry-after']} seconds."
+              headers['content-type'] = 'text/plain'
+              [429, headers, [body]]
+            end
+          end
+        end
+      end
+
+      def self.configure_mcp_logging
+        return unless defined?(ActiveSupport::Notifications)
+
+        ActiveSupport::Notifications.subscribe('rack.attack') do |_name, _start, _finish, _request_id, payload|
+          req      = payload[:request]
+          endpoint = req.env['otto.mcp_http_endpoint'] || '/_mcp'
+
+          if req.path.start_with?(endpoint)
+            Otto.logger.warn "[MCP] Rate limit #{payload[:match_type]} for #{req.ip}: #{payload[:matched]}"
+          else
+            Otto.logger.warn "[Otto] Rate limit #{payload[:match_type]} for #{req.ip}: #{payload[:matched]}"
+          end
+        end
+      end
+    end
+
+    class RateLimitMiddleware < Otto::Security::RateLimitMiddleware
+      def initialize(app, security_config = nil)
+        @app                    = app
+        @security_config        = security_config
+        @rate_limiter_available = defined?(Rack::Attack)
+
+        if @rate_limiter_available
+          configure_mcp_rate_limiting
+        else
+          Otto.logger.warn '[MCP] rack-attack not available - rate limiting disabled'
+        end
+      end
+
+      private
+
+      def configure_mcp_rate_limiting
+        # Get base configuration from security config
+        base_config = @security_config&.rate_limiting_config || {}
+
+        # Add MCP-specific defaults
+        mcp_config = base_config.merge({
+          mcp_requests_per_minute: 60,
+          tool_calls_per_minute: 20,
+        },
+                                      )
+
+        RateLimiter.configure_rack_attack!(mcp_config)
+      end
+    end
+  end
+end

data/lib/otto/mcp/registry.rb

@@ -0,0 +1,95 @@
+class Otto
+  module MCP
+    class Registry
+      def initialize
+        @resources = {}
+        @tools     = {}
+      end
+
+      def register_resource(uri, name, description, mime_type, handler)
+        @resources[uri] = {
+          uri: uri,
+          name: name,
+          description: description,
+          mimeType: mime_type,
+          handler: handler,
+        }
+      end
+
+      def register_tool(name, description, input_schema, handler)
+        @tools[name] = {
+          name: name,
+          description: description,
+          inputSchema: input_schema,
+          handler: handler,
+        }
+      end
+
+      def list_resources
+        @resources.values.map do |resource|
+          {
+            uri: resource[:uri],
+            name: resource[:name],
+            description: resource[:description],
+            mimeType: resource[:mimeType],
+          }
+        end
+      end
+
+      def list_tools
+        @tools.values.map do |tool|
+          {
+            name: tool[:name],
+            description: tool[:description],
+            inputSchema: tool[:inputSchema],
+          }
+        end
+      end
+
+      def read_resource(uri)
+        resource = @resources[uri]
+        return nil unless resource
+
+        begin
+          content = resource[:handler].call
+          {
+            contents: [{
+              uri: uri,
+              mimeType: resource[:mimeType],
+              text: content.to_s,
+            }],
+          }
+        rescue StandardError => ex
+          Otto.logger.error "[MCP] Resource read error for #{uri}: #{ex.message}"
+          nil
+        end
+      end
+
+      def call_tool(name, arguments, env)
+        tool = @tools[name]
+        raise "Tool not found: #{name}" unless tool
+
+        handler = tool[:handler]
+        if handler.respond_to?(:call)
+          result = handler.call(arguments, env)
+        elsif handler.is_a?(String) && handler.include?('.')
+          klass_method = handler.split('.')
+          klass_name   = klass_method[0..-2].join('::')
+          method_name  = klass_method.last
+
+          klass  = Object.const_get(klass_name)
+          result = klass.public_send(method_name, arguments, env)
+        else
+          raise "Invalid tool handler: #{handler}"
+        end
+
+        {
+          content: [{
+            type: 'text',
+            text: result.to_s,
+          }],
+        }
+      end
+    end
+  end
+end

data/lib/otto/mcp/route_parser.rb

@@ -0,0 +1,82 @@
+class Otto
+  module MCP
+    class RouteParser
+      def self.parse_mcp_route(_verb, _path, definition)
+        # MCP route format: MCP resource_uri HandlerClass.method_name
+        # Note: The path parameter is ignored for MCP routes - resource_uri comes from definition
+        parts = definition.split(/\s+/, 3)
+
+        if parts[0] != 'MCP'
+          raise ArgumentError, "Expected MCP keyword, got: #{parts[0]}"
+        end
+
+        resource_uri       = parts[1]
+        handler_definition = parts[2]
+
+        unless resource_uri && handler_definition
+          raise ArgumentError, "Invalid MCP route format: #{definition}"
+        end
+
+        # Clean up URI - remove leading slash if present since MCP URIs are relative
+        resource_uri = resource_uri.sub(%r{^/}, '')
+
+        {
+          type: :mcp_resource,
+          resource_uri: resource_uri,
+          handler: handler_definition,
+          options: extract_options_from_handler(handler_definition),
+        }
+      end
+
+      def self.parse_tool_route(_verb, _path, definition)
+        # TOOL route format: TOOL tool_name HandlerClass.method_name
+        # Note: The path parameter is ignored for TOOL routes - tool_name comes from definition
+        parts = definition.split(/\s+/, 3)
+
+        if parts[0] != 'TOOL'
+          raise ArgumentError, "Expected TOOL keyword, got: #{parts[0]}"
+        end
+
+        tool_name          = parts[1]
+        handler_definition = parts[2]
+
+        unless tool_name && handler_definition
+          raise ArgumentError, "Invalid TOOL route format: #{definition}"
+        end
+
+        # Clean up tool name - remove leading slash if present
+        tool_name = tool_name.sub(%r{^/}, '')
+
+        {
+          type: :mcp_tool,
+          tool_name: tool_name,
+          handler: handler_definition,
+          options: extract_options_from_handler(handler_definition),
+        }
+      end
+
+      def self.is_mcp_route?(definition)
+        definition.start_with?('MCP ')
+      end
+
+      def self.is_tool_route?(definition)
+        definition.start_with?('TOOL ')
+      end
+
+      def self.extract_options_from_handler(handler_definition)
+        parts   = handler_definition.split(/\s+/)
+        options = {}
+
+        # First part is the handler class.method
+        parts[1..-1]&.each do |part|
+          key, value = part.split('=', 2)
+          if key && value
+            options[key.to_sym] = value
+          end
+        end
+
+        options
+      end
+    end
+  end
+end

data/lib/otto/mcp/server.rb

@@ -0,0 +1,196 @@
+require_relative 'protocol'
+require_relative 'registry'
+require_relative 'route_parser'
+require_relative 'auth/token'
+require_relative 'validation'
+require_relative 'rate_limiting'
+
+class Otto
+  module MCP
+    class Server
+      attr_reader :protocol, :otto_instance
+
+      def initialize(otto_instance)
+        @otto_instance = otto_instance
+        @protocol      = Protocol.new(otto_instance)
+        @enabled       = false
+      end
+
+      def enable!(options = {})
+        @enabled              = true
+        @http_endpoint        = options.fetch(:http_endpoint, '/_mcp')
+        @auth_tokens          = options[:auth_tokens] || []
+        @enable_validation    = options.fetch(:enable_validation, true)
+        @enable_rate_limiting = options.fetch(:enable_rate_limiting, true)
+
+        # Configure middleware
+        configure_middleware(options)
+
+        # Add MCP endpoint route to Otto
+        add_mcp_endpoint_route
+
+        Otto.logger.info "[MCP] Server enabled with HTTP endpoint: #{@http_endpoint}" if Otto.debug
+      end
+
+      def enabled?
+        @enabled
+      end
+
+      def register_mcp_route(route_info)
+        case route_info[:type]
+        when :mcp_resource
+          register_resource(route_info)
+        when :mcp_tool
+          register_tool(route_info)
+        end
+      end
+
+      private
+
+      def configure_middleware(_options)
+        # Configure middleware in security-optimal order:
+        # 1. Rate limiting (reject excessive requests early)
+        # 2. Authentication (validate credentials before parsing)
+        # 3. Validation (expensive JSON schema validation last)
+
+        # Configure rate limiting first
+        if @enable_rate_limiting
+          @otto_instance.use Otto::MCP::RateLimitMiddleware, @otto_instance.security_config
+          Otto.logger.debug '[MCP] Rate limiting enabled' if Otto.debug
+        end
+
+        # Configure authentication second
+        if @auth_tokens.any?
+          @auth                                   = Otto::MCP::Auth::TokenAuth.new(@auth_tokens)
+          @otto_instance.security_config.mcp_auth = @auth
+          @otto_instance.use Otto::MCP::Auth::TokenMiddleware
+          Otto.logger.debug '[MCP] Token authentication enabled' if Otto.debug
+        end
+
+        # Configure validation last (most expensive)
+        if @enable_validation
+          @otto_instance.use Otto::MCP::ValidationMiddleware
+          Otto.logger.debug '[MCP] Request validation enabled' if Otto.debug
+        end
+      end
+
+      def add_mcp_endpoint_route
+        InternalHandler.otto_instance = @otto_instance
+
+        mcp_route      = Otto::Route.new('POST', @http_endpoint, 'Otto::MCP::InternalHandler.handle_request')
+        mcp_route.otto = @otto_instance
+
+        @otto_instance.routes[:POST] ||= []
+        @otto_instance.routes[:POST] << mcp_route
+
+        @otto_instance.routes_literal[:POST]               ||= {}
+        @otto_instance.routes_literal[:POST][@http_endpoint] = mcp_route
+
+        # Ensure env carries endpoint for middlewares
+        @otto_instance.use proc { |app|
+          lambda { |env|
+            env['otto.mcp_http_endpoint'] = @http_endpoint
+            app.call(env)
+          }
+        }
+      end
+
+      def register_resource(route_info)
+        uri         = route_info[:resource_uri]
+        handler_def = route_info[:handler]
+
+        # Parse handler definition
+        klass_method = handler_def.split(/\s+/).first.split('.')
+        klass_name   = klass_method[0..-2].join('::')
+        method_name  = klass_method.last
+
+        # Create resource handler
+        handler = lambda do
+            klass = Object.const_get(klass_name)
+            klass.public_send(method_name)
+        rescue StandardError => ex
+            Otto.logger.error "[MCP] Resource handler error for #{uri}: #{ex.message}"
+            raise
+        end
+
+        # Register with protocol registry
+        @protocol.registry.register_resource(
+          uri,
+          extract_name_from_uri(uri),
+          "Resource: #{uri}",
+          'text/plain',
+          handler,
+        )
+
+        Otto.logger.debug "[MCP] Registered resource: #{uri} -> #{handler_def}" if Otto.debug
+      end
+
+      def register_tool(route_info)
+        name        = route_info[:tool_name]
+        handler_def = route_info[:handler]
+
+        # Parse handler definition
+        klass_method = handler_def.split(/\s+/).first.split('.')
+        klass_name   = klass_method[0..-2].join('::')
+        method_name  = klass_method.last
+
+        # Create input schema - basic for now
+        input_schema = {
+          type: 'object',
+          properties: {},
+          required: [],
+        }
+
+        # Register with protocol registry
+        @protocol.registry.register_tool(
+          name,
+          "Tool: #{name}",
+          input_schema,
+          "#{klass_name}.#{method_name}",
+        )
+
+        Otto.logger.debug "[MCP] Registered tool: #{name} -> #{handler_def}" if Otto.debug
+      end
+
+      def extract_name_from_uri(uri)
+        uri.split('/').last || uri
+      end
+    end
+
+    # Internal handler class for MCP protocol endpoints
+    class InternalHandler
+      @otto_instance = nil
+
+      class << self
+        attr_writer :otto_instance
+      end
+
+      class << self
+        attr_reader :otto_instance
+      end
+
+      def self.handle_request(req, res)
+        otto_instance = @otto_instance
+
+        if otto_instance.nil?
+          return [500, { 'content-type' => 'application/json' },
+                  [JSON.generate({ error: 'Otto instance not available' })]]
+        end
+
+        mcp_server = otto_instance.mcp_server
+
+        unless mcp_server&.enabled?
+          return [404, { 'content-type' => 'application/json' },
+                  [JSON.generate({ error: 'MCP not enabled' })]]
+        end
+
+        status, headers, body = mcp_server.protocol.handle_request(req.env)
+
+        res.status                   = status
+        headers.each { |k, v| res[k] = v }
+        res.body                     = body
+        res.finish
+      end
+    end
+  end
+end