otto 1.5.0 → 2.0.0.pre1

data/lib/otto/mcp/rate_limiting.rb

@@ -0,0 +1,155 @@
+# frozen_string_literal: true
+
+# lib/otto/mcp/rate_limiting.rb
+
+require 'json'
+
+require_relative '../security/rate_limiting'
+
+begin
+  require 'rack/attack'
+rescue LoadError
+  # rack-attack is optional - graceful fallback
+end
+
+class Otto
+  module MCP
+    # Rate limiter for MCP protocol endpoints
+    class RateLimiter < Otto::Security::RateLimiting
+      def self.configure_rack_attack!(config = {})
+        return unless defined?(Rack::Attack)
+
+        # Start with base configuration from general rate limiting
+        super
+
+        # Add MCP-specific rules
+        configure_mcp_rules(config)
+        configure_mcp_responses
+        configure_mcp_logging
+      end
+
+      def self.configure_mcp_rules(config)
+        # MCP endpoint requests - 60 per minute by default
+        mcp_requests_limit = config[:mcp_requests_per_minute] || 60
+
+        Rack::Attack.throttle('mcp_requests', limit: mcp_requests_limit, period: 60) do |request|
+          endpoint = request.env['otto.mcp_http_endpoint'] || '/_mcp'
+          request.ip if request.path.start_with?(endpoint)
+        end
+
+        # Tool calls are more expensive - 20 per minute by default
+        tool_calls_limit = config[:tool_calls_per_minute] || 20
+
+        Rack::Attack.throttle('mcp_tool_calls', limit: tool_calls_limit, period: 60) do |request|
+          endpoint = request.env['otto.mcp_http_endpoint'] || '/_mcp'
+          if request.path.start_with?(endpoint) && request.post?
+            begin
+              body = request.body.read
+              data = JSON.parse(body)
+              request.ip if data['method'] == 'tools/call'
+            rescue JSON::ParserError
+              nil
+            ensure
+              request.body.rewind if request.body.respond_to?(:rewind)
+            end
+          end
+        end
+      end
+
+      def self.configure_mcp_responses
+        # Override throttled responder to provide JSON-RPC formatted responses for MCP requests
+        Rack::Attack.throttled_responder = lambda do |request|
+          match_data = request.env['rack.attack.match_data']
+          now        = match_data[:epoch_time]
+
+          headers = {
+            'content-type' => 'application/json',
+            'retry-after' => (match_data[:period] - (now % match_data[:period])).to_s,
+          }
+
+          # Check if this is an MCP request
+          endpoint = request.env['otto.mcp_http_endpoint'] || '/_mcp'
+          if request.path.start_with?(endpoint)
+            # JSON-RPC error response for MCP
+            error_response = {
+              jsonrpc: '2.0',
+              id: nil,
+              error: {
+                code: -32_000,
+                message: 'Rate limit exceeded',
+                data: {
+                  retry_after: headers['retry-after'].to_i,
+                  limit: match_data[:limit],
+                  period: match_data[:period],
+                },
+              },
+            }
+            [429, headers, [JSON.generate(error_response)]]
+          else
+            # Use the general rate limiting response for non-MCP requests
+            accept_header = request.env['HTTP_ACCEPT'].to_s
+            if accept_header.include?('application/json')
+              error_response = {
+                error: 'Rate limit exceeded',
+                message: 'Too many requests',
+                retry_after: headers['retry-after'].to_i,
+                limit: match_data[:limit],
+                period: match_data[:period],
+              }
+              [429, headers, [JSON.generate(error_response)]]
+            else
+              body                    = "Rate limit exceeded. Retry after #{headers['retry-after']} seconds."
+              headers['content-type'] = 'text/plain'
+              [429, headers, [body]]
+            end
+          end
+        end
+      end
+
+      def self.configure_mcp_logging
+        return unless defined?(ActiveSupport::Notifications)
+
+        ActiveSupport::Notifications.subscribe('rack.attack') do |_name, _start, _finish, _request_id, payload|
+          req      = payload[:request]
+          endpoint = req.env['otto.mcp_http_endpoint'] || '/_mcp'
+
+          if req.path.start_with?(endpoint)
+            Otto.logger.warn "[MCP] Rate limit #{payload[:match_type]} for #{req.ip}: #{payload[:matched]}"
+          else
+            Otto.logger.warn "[Otto] Rate limit #{payload[:match_type]} for #{req.ip}: #{payload[:matched]}"
+          end
+        end
+      end
+    end
+
+    # Middleware for applying rate limits to MCP protocol endpoints
+    class RateLimitMiddleware < Otto::Security::RateLimitMiddleware
+      def initialize(app, security_config = nil)
+        @app                    = app
+        @security_config        = security_config
+        @rate_limiter_available = defined?(Rack::Attack)
+
+        if @rate_limiter_available
+          configure_mcp_rate_limiting
+        else
+          Otto.logger.warn '[MCP] rack-attack not available - rate limiting disabled'
+        end
+      end
+
+      private
+
+      def configure_mcp_rate_limiting
+        # Get base configuration from security config
+        base_config = @security_config&.rate_limiting_config || {}
+
+        # Add MCP-specific defaults
+        mcp_config = base_config.merge({
+                                         mcp_requests_per_minute: 60,
+          tool_calls_per_minute: 20,
+                                       })
+
+        RateLimiter.configure_rack_attack!(mcp_config)
+      end
+    end
+  end
+end

data/lib/otto/mcp/registry.rb

@@ -0,0 +1,100 @@
+# frozen_string_literal: true
+
+# lib/otto/mcp/registry.rb
+
+class Otto
+  module MCP
+    # Registry for managing MCP resources and tools
+    class Registry
+      def initialize
+        @resources = {}
+        @tools     = {}
+      end
+
+      def register_resource(uri, name, description, mime_type, handler)
+        @resources[uri] = {
+          uri: uri,
+          name: name,
+          description: description,
+          mimeType: mime_type,
+          handler: handler,
+        }
+      end
+
+      def register_tool(name, description, input_schema, handler)
+        @tools[name] = {
+          name: name,
+          description: description,
+          inputSchema: input_schema,
+          handler: handler,
+        }
+      end
+
+      def list_resources
+        @resources.values.map do |resource|
+          {
+            uri: resource[:uri],
+            name: resource[:name],
+            description: resource[:description],
+            mimeType: resource[:mimeType],
+          }
+        end
+      end
+
+      def list_tools
+        @tools.values.map do |tool|
+          {
+            name: tool[:name],
+            description: tool[:description],
+            inputSchema: tool[:inputSchema],
+          }
+        end
+      end
+
+      def read_resource(uri)
+        resource = @resources[uri]
+        return nil unless resource
+
+        begin
+          content = resource[:handler].call
+          {
+            contents: [{
+              uri: uri,
+              mimeType: resource[:mimeType],
+              text: content.to_s,
+            }],
+          }
+        rescue StandardError => e
+          Otto.logger.error "[MCP] Resource read error for #{uri}: #{e.message}"
+          nil
+        end
+      end
+
+      def call_tool(name, arguments, env)
+        tool = @tools[name]
+        raise "Tool not found: #{name}" unless tool
+
+        handler = tool[:handler]
+        if handler.respond_to?(:call)
+          result = handler.call(arguments, env)
+        elsif handler.is_a?(String) && handler.include?('.')
+          klass_method = handler.split('.')
+          klass_name   = klass_method[0..-2].join('::')
+          method_name  = klass_method.last
+
+          klass  = Object.const_get(klass_name)
+          result = klass.public_send(method_name, arguments, env)
+        else
+          raise "Invalid tool handler: #{handler}"
+        end
+
+        {
+          content: [{
+            type: 'text',
+            text: result.to_s,
+          }],
+        }
+      end
+    end
+  end
+end

data/lib/otto/mcp/route_parser.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+# lib/otto/mcp/route_parser.rb
+
+class Otto
+  module MCP
+    # Parser for MCP route definitions and resource URIs
+    class RouteParser
+      def self.parse_mcp_route(_verb, _path, definition)
+        # MCP route format: MCP resource_uri HandlerClass.method_name
+        # Note: The path parameter is ignored for MCP routes - resource_uri comes from definition
+        parts = definition.split(/\s+/, 3)
+
+        raise ArgumentError, "Expected MCP keyword, got: #{parts[0]}" if parts[0] != 'MCP'
+
+        resource_uri       = parts[1]
+        handler_definition = parts[2]
+
+        raise ArgumentError, "Invalid MCP route format: #{definition}" unless resource_uri && handler_definition
+
+        # Clean up URI - remove leading slash if present since MCP URIs are relative
+        resource_uri = resource_uri.sub(%r{^/}, '')
+
+        {
+          type: :mcp_resource,
+          resource_uri: resource_uri,
+          handler: handler_definition,
+          options: extract_options_from_handler(handler_definition),
+        }
+      end
+
+      def self.parse_tool_route(_verb, _path, definition)
+        # TOOL route format: TOOL tool_name HandlerClass.method_name
+        # Note: The path parameter is ignored for TOOL routes - tool_name comes from definition
+        parts = definition.split(/\s+/, 3)
+
+        raise ArgumentError, "Expected TOOL keyword, got: #{parts[0]}" if parts[0] != 'TOOL'
+
+        tool_name          = parts[1]
+        handler_definition = parts[2]
+
+        raise ArgumentError, "Invalid TOOL route format: #{definition}" unless tool_name && handler_definition
+
+        # Clean up tool name - remove leading slash if present
+        tool_name = tool_name.sub(%r{^/}, '')
+
+        {
+          type: :mcp_tool,
+          tool_name: tool_name,
+          handler: handler_definition,
+          options: extract_options_from_handler(handler_definition),
+        }
+      end
+
+      def self.is_mcp_route?(definition)
+        definition.start_with?('MCP ')
+      end
+
+      def self.is_tool_route?(definition)
+        definition.start_with?('TOOL ')
+      end
+
+      def self.extract_options_from_handler(handler_definition)
+        parts   = handler_definition.split(/\s+/)
+        options = {}
+
+        # First part is the handler class.method
+        parts[1..-1]&.each do |part|
+          key, value = part.split('=', 2)
+          options[key.to_sym] = value if key && value
+        end
+
+        options
+      end
+    end
+  end
+end

data/lib/otto/mcp/server.rb

@@ -0,0 +1,206 @@
+# frozen_string_literal: true
+
+# lib/otto/mcp/server.rb
+
+require_relative 'protocol'
+require_relative 'registry'
+require_relative 'route_parser'
+require_relative 'auth/token'
+require_relative 'validation'
+require_relative 'rate_limiting'
+
+class Otto
+  module MCP
+    # MCP server implementation providing Model Context Protocol endpoints
+    class Server
+      attr_reader :protocol, :otto_instance
+
+      def initialize(otto_instance)
+        @otto_instance = otto_instance
+        @protocol      = Protocol.new(otto_instance)
+        @enabled       = false
+      end
+
+      def enable!(options = {})
+        @enabled              = true
+        @http_endpoint        = options.fetch(:http_endpoint, '/_mcp')
+        @auth_tokens          = options[:auth_tokens] || []
+        @enable_validation    = options.fetch(:enable_validation, true)
+        @enable_rate_limiting = options.fetch(:enable_rate_limiting, true)
+
+        # Configure middleware
+        configure_middleware(options)
+
+        # Add MCP endpoint route to Otto
+        add_mcp_endpoint_route
+
+        Otto.logger.info "[MCP] Server enabled with HTTP endpoint: #{@http_endpoint}" if Otto.debug
+      end
+
+      def enabled?
+        @enabled
+      end
+
+      def register_mcp_route(route_info)
+        case route_info[:type]
+        when :mcp_resource
+          register_resource(route_info)
+        when :mcp_tool
+          register_tool(route_info)
+        end
+      end
+
+      private
+
+      def configure_middleware(_options)
+        # Configure middleware in security-optimal order:
+        # 1. Rate limiting (reject excessive requests early)
+        # 2. Authentication (validate credentials before parsing)
+        # 3. Validation (expensive JSON schema validation last)
+
+        # Configure rate limiting first
+        if @enable_rate_limiting
+          @otto_instance.use Otto::MCP::RateLimitMiddleware, @otto_instance.security_config
+          Otto.logger.debug '[MCP] Rate limiting enabled' if Otto.debug
+        end
+
+        # Configure authentication second
+        if @auth_tokens.any?
+          @auth                                   = Otto::MCP::Auth::TokenAuth.new(@auth_tokens)
+          @otto_instance.security_config.mcp_auth = @auth
+          @otto_instance.use Otto::MCP::Auth::TokenMiddleware
+          Otto.logger.debug '[MCP] Token authentication enabled' if Otto.debug
+        end
+
+        # Configure validation last (most expensive)
+        return unless @enable_validation
+
+        @otto_instance.use Otto::MCP::ValidationMiddleware
+        Otto.logger.debug '[MCP] Request validation enabled' if Otto.debug
+      end
+
+      def add_mcp_endpoint_route
+        InternalHandler.otto_instance = @otto_instance
+
+        mcp_route      = Otto::Route.new('POST', @http_endpoint, 'Otto::MCP::InternalHandler.handle_request')
+        mcp_route.otto = @otto_instance
+
+        @otto_instance.routes[:POST] ||= []
+        @otto_instance.routes[:POST] << mcp_route
+
+        @otto_instance.routes_literal[:POST]               ||= {}
+        @otto_instance.routes_literal[:POST][@http_endpoint] = mcp_route
+
+        # Ensure env carries endpoint for middlewares
+        @otto_instance.use proc { |app|
+          lambda { |env|
+            env['otto.mcp_http_endpoint'] = @http_endpoint
+            app.call(env)
+          }
+        }
+      end
+
+      def register_resource(route_info)
+        uri         = route_info[:resource_uri]
+        handler_def = route_info[:handler]
+
+        # Parse handler definition
+        klass_method = handler_def.split(/\s+/).first.split('.')
+        klass_name   = klass_method[0..-2].join('::')
+        method_name  = klass_method.last
+
+        # Create resource handler
+        handler = lambda do
+          klass = Object.const_get(klass_name)
+          method = klass.method(method_name)
+          if method.arity != 0
+            raise ArgumentError, "Handler #{klass_name}.#{method_name} must be a zero-arity method for resource #{uri}"
+          end
+
+          klass.public_send(method_name)
+        rescue StandardError => e
+          Otto.logger.error "[MCP] Resource handler error for #{uri}: #{e.message}"
+          raise
+        end
+
+        # Register with protocol registry
+        @protocol.registry.register_resource(
+          uri,
+          extract_name_from_uri(uri),
+          "Resource: #{uri}",
+          'text/plain',
+          handler
+        )
+
+        Otto.logger.debug "[MCP] Registered resource: #{uri} -> #{handler_def}" if Otto.debug
+      end
+
+      def register_tool(route_info)
+        name        = route_info[:tool_name]
+        handler_def = route_info[:handler]
+
+        # Parse handler definition
+        klass_method = handler_def.split(/\s+/).first.split('.')
+        klass_name   = klass_method[0..-2].join('::')
+        method_name  = klass_method.last
+
+        # Create input schema - basic for now
+        input_schema = {
+          type: 'object',
+          properties: {},
+          required: [],
+        }
+
+        # Register with protocol registry
+        @protocol.registry.register_tool(
+          name,
+          "Tool: #{name}",
+          input_schema,
+          "#{klass_name}.#{method_name}"
+        )
+
+        Otto.logger.debug "[MCP] Registered tool: #{name} -> #{handler_def}" if Otto.debug
+      end
+
+      def extract_name_from_uri(uri)
+        uri.split('/').last || uri
+      end
+    end
+
+    # Internal handler class for MCP protocol endpoints
+    class InternalHandler
+      @otto_instance = nil
+
+      class << self
+        attr_writer :otto_instance
+      end
+
+      class << self
+        attr_reader :otto_instance
+      end
+
+      def self.handle_request(req, res)
+        otto_instance = @otto_instance
+
+        if otto_instance.nil?
+          return [500, { 'content-type' => 'application/json' },
+                  [JSON.generate({ error: 'Otto instance not available' })]]
+        end
+
+        mcp_server = otto_instance.mcp_server
+
+        unless mcp_server&.enabled?
+          return [404, { 'content-type' => 'application/json' },
+                  [JSON.generate({ error: 'MCP not enabled' })]]
+        end
+
+        status, headers, body = mcp_server.protocol.handle_request(req.env)
+
+        res.status                   = status
+        headers.each { |k, v| res[k] = v }
+        res.body                     = body
+        res.finish
+      end
+    end
+  end
+end

data/lib/otto/mcp/validation.rb

@@ -0,0 +1,123 @@
+# frozen_string_literal: true
+
+# lib/otto/mcp/validation.rb
+
+require 'json'
+
+begin
+  require 'json_schemer'
+rescue LoadError
+  # json_schemer is optional - graceful fallback
+end
+
+class Otto
+  module MCP
+    class ValidationError < StandardError; end
+
+    # JSON Schema validator for MCP protocol requests
+    class Validator
+      def initialize
+        @schemas                = {}
+        @json_schemer_available = defined?(JSONSchemer)
+      end
+
+      def validate_request(data)
+        return true unless @json_schemer_available
+
+        schema            = mcp_request_schema
+        validation_errors = schema.validate(data).to_a
+
+        unless validation_errors.empty?
+          error_messages = validation_errors.map { |error| error['details'] || error['error'] || error.to_s }.join(', ')
+          raise ValidationError, "Invalid MCP request: #{error_messages}"
+        end
+
+        true
+      end
+
+      def validate_tool_arguments(tool_name, arguments, schema)
+        return true unless @json_schemer_available && schema
+
+        schemer           = JSONSchemer.schema(schema)
+        validation_errors = schemer.validate(arguments).to_a
+
+        unless validation_errors.empty?
+          error_messages = validation_errors.map { |error| error['details'] || error['error'] || error.to_s }.join(', ')
+          raise ValidationError, "Invalid arguments for tool #{tool_name}: #{error_messages}"
+        end
+
+        true
+      end
+
+      private
+
+      def mcp_request_schema
+        @schemas[:mcp_request] ||= JSONSchemer.schema({
+                                                        type: 'object',
+          required: %w[jsonrpc method id],
+          properties: {
+            jsonrpc: { const: '2.0' },
+            method: { type: 'string' },
+            id: {},
+            params: { type: 'object' },
+          },
+          additionalProperties: false,
+                                                      })
+      end
+    end
+
+    # Middleware for validating MCP protocol requests using JSON schema
+    class ValidationMiddleware
+      def initialize(app, _security_config = nil)
+        @app       = app
+        @validator = Validator.new
+      end
+
+      def call(env)
+        # Only validate MCP endpoints
+        return @app.call(env) unless mcp_endpoint?(env)
+
+        request = Rack::Request.new(env)
+
+        if request.post? && request.content_type&.include?('application/json')
+          begin
+            body = request.body.read
+            data = JSON.parse(body)
+            @validator.validate_request(data)
+
+            # Reset body for downstream middleware
+            request.body.rewind if request.body.respond_to?(:rewind)
+          rescue JSON::ParserError => e
+            return validation_error_response(nil, "Invalid JSON: #{e.message}")
+          rescue ValidationError => e
+            return validation_error_response(data&.dig('id'), e.message)
+          end
+        end
+
+        @app.call(env)
+      end
+
+      private
+
+      def mcp_endpoint?(env)
+        endpoint = env['otto.mcp_http_endpoint'] || '/_mcp'
+        path     = env['PATH_INFO'].to_s
+        path.start_with?(endpoint)
+      end
+
+      def validation_error_response(id, message)
+        body = JSON.generate({
+                               jsonrpc: '2.0',
+          id: id,
+          error: {
+            code: -32_600,
+            message: 'Invalid Request',
+            data: message,
+          },
+                             })
+
+        [400, { 'content-type' => 'application/json' }, [body]]
+      end
+    end
+  end
+end

data/lib/otto/response_handlers/auto.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+require_relative 'json'
+require_relative 'redirect'
+require_relative 'view'
+require_relative 'default'
+
+class Otto
+  module ResponseHandlers
+    # Auto-detection handler that chooses appropriate handler based on context
+    class AutoHandler < BaseHandler
+      def self.handle(result, response, context = {})
+        # Auto-detect based on result type and request context
+        handler_class = detect_handler_type(result, response, context)
+        handler_class.handle(result, response, context)
+      end
+
+      def self.detect_handler_type(result, response, context)
+        # Check if response type was already set by the handler
+        content_type = response['Content-Type']
+
+        if content_type&.include?('application/json')
+          JSONHandler
+        elsif (context[:logic_instance]&.respond_to?(:redirect_path) && context[:logic_instance].redirect_path) ||
+              (result.is_a?(String) && result.match?(%r{^/}))
+          # Logic instance has redirect path or result is a string path
+          RedirectHandler
+        elsif result.is_a?(Hash)
+          JSONHandler
+        elsif context[:logic_instance]&.respond_to?(:view)
+          ViewHandler
+        else
+          DefaultHandler
+        end
+      end
+    end
+  end
+end