otto 1.6.0 → 2.0.0.pre2

data/lib/otto/mcp/server.rb

@@ -1,12 +1,17 @@
+# frozen_string_literal: true
+
+# lib/otto/mcp/server.rb
+
 require_relative 'protocol'
 require_relative 'registry'
 require_relative 'route_parser'
 require_relative 'auth/token'
-require_relative 'validation'
+require_relative 'schema_validation'
 require_relative 'rate_limiting'
 
 class Otto
   module MCP
+    # MCP server implementation providing Model Context Protocol endpoints
     class Server
       attr_reader :protocol, :otto_instance
 
@@ -48,30 +53,43 @@ class Otto
       private
 
       def configure_middleware(_options)
-        # Configure middleware in security-optimal order:
-        # 1. Rate limiting (reject excessive requests early)
-        # 2. Authentication (validate credentials before parsing)
-        # 3. Validation (expensive JSON schema validation last)
+        # Configure middleware in security-optimal order using explicit positioning:
+        # 1. Rate limiting (reject excessive requests early) - position: :first
+        # 2. Authentication (validate credentials before parsing) - default append
+        # 3. Validation (expensive JSON schema validation last) - position: :last
 
-        # Configure rate limiting first
+        middleware = @otto_instance.instance_variable_get(:@middleware)
+
+        # Configure rate limiting first (explicit position for clarity)
         if @enable_rate_limiting
-          @otto_instance.use Otto::MCP::RateLimitMiddleware, @otto_instance.security_config
-          Otto.logger.debug '[MCP] Rate limiting enabled' if Otto.debug
+          middleware.add_with_position(
+            Otto::MCP::RateLimitMiddleware,
+            @otto_instance.security_config,
+            position: :first
+          )
+          Otto.logger.debug '[MCP] Rate limiting enabled (position: first)' if Otto.debug
         end
 
-        # Configure authentication second
+        # Configure authentication second (default append order)
         if @auth_tokens.any?
-          @auth                                   = Otto::MCP::Auth::TokenAuth.new(@auth_tokens)
+          @auth = Otto::MCP::Auth::TokenAuth.new(@auth_tokens)
           @otto_instance.security_config.mcp_auth = @auth
           @otto_instance.use Otto::MCP::Auth::TokenMiddleware
           Otto.logger.debug '[MCP] Token authentication enabled' if Otto.debug
         end
 
-        # Configure validation last (most expensive)
-        if @enable_validation
-          @otto_instance.use Otto::MCP::ValidationMiddleware
-          Otto.logger.debug '[MCP] Request validation enabled' if Otto.debug
-        end
+        # Configure validation last (explicit position for clarity)
+        return unless @enable_validation
+
+        middleware.add_with_position(
+          Otto::MCP::SchemaValidationMiddleware,
+          position: :last
+        )
+        Otto.logger.debug '[MCP] Schema validation enabled (position: last)' if Otto.debug
+
+        # Validate middleware order (should pass with explicit positioning)
+        warnings = middleware.validate_mcp_middleware_order
+        warnings.each { |warning| Otto.logger.warn warning }
       end
 
       def add_mcp_endpoint_route
@@ -106,11 +124,16 @@ class Otto
 
         # Create resource handler
         handler = lambda do
-            klass = Object.const_get(klass_name)
-            klass.public_send(method_name)
-        rescue StandardError => ex
-            Otto.logger.error "[MCP] Resource handler error for #{uri}: #{ex.message}"
-            raise
+          klass = Object.const_get(klass_name)
+          method = klass.method(method_name)
+          if method.arity != 0
+            raise ArgumentError, "Handler #{klass_name}.#{method_name} must be a zero-arity method for resource #{uri}"
+          end
+
+          klass.public_send(method_name)
+        rescue StandardError => e
+          Otto.logger.error "[MCP] Resource handler error for #{uri}: #{e.message}"
+          raise
         end
 
         # Register with protocol registry
@@ -119,7 +142,7 @@ class Otto
           extract_name_from_uri(uri),
           "Resource: #{uri}",
           'text/plain',
-          handler,
+          handler
         )
 
         Otto.logger.debug "[MCP] Registered resource: #{uri} -> #{handler_def}" if Otto.debug
@@ -146,7 +169,7 @@ class Otto
           name,
           "Tool: #{name}",
           input_schema,
-          "#{klass_name}.#{method_name}",
+          "#{klass_name}.#{method_name}"
         )
 
         Otto.logger.debug "[MCP] Registered tool: #{name} -> #{handler_def}" if Otto.debug

data/lib/otto/response_handlers/auto.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+require_relative 'json'
+require_relative 'redirect'
+require_relative 'view'
+require_relative 'default'
+
+class Otto
+  module ResponseHandlers
+    # Auto-detection handler that chooses appropriate handler based on context
+    class AutoHandler < BaseHandler
+      def self.handle(result, response, context = {})
+        # Auto-detect based on result type and request context
+        handler_class = detect_handler_type(result, response, context)
+        handler_class.handle(result, response, context)
+      end
+
+      def self.detect_handler_type(result, response, context)
+        # Check if response type was already set by the handler
+        content_type = response['Content-Type']
+
+        if content_type&.include?('application/json')
+          JSONHandler
+        elsif (context[:logic_instance]&.respond_to?(:redirect_path) && context[:logic_instance].redirect_path) ||
+              (result.is_a?(String) && result.match?(%r{^/}))
+          # Logic instance has redirect path or result is a string path
+          RedirectHandler
+        elsif result.is_a?(Hash)
+          JSONHandler
+        elsif context[:logic_instance]&.respond_to?(:view)
+          ViewHandler
+        else
+          DefaultHandler
+        end
+      end
+    end
+  end
+end

data/lib/otto/response_handlers/base.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+class Otto
+  module ResponseHandlers
+    # Base response handler class
+    class BaseHandler
+      def self.handle(result, response, context = {})
+        raise NotImplementedError, 'Subclasses must implement handle method'
+      end
+
+      def self.ensure_status_set(response, default_status = 200)
+        response.status = default_status unless response.status && response.status != 0
+      end
+    end
+  end
+end

data/lib/otto/response_handlers/default.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+class Otto
+  module ResponseHandlers
+    # Default handler that preserves existing Otto behavior
+    class DefaultHandler < BaseHandler
+      def self.handle(_result, response, _context = {})
+        # Otto's default behavior - let the route handler manage the response
+        # This handler does nothing, preserving existing behavior
+        ensure_status_set(response, 200)
+      end
+    end
+  end
+end

data/lib/otto/response_handlers/factory.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require_relative 'json'
+require_relative 'redirect'
+require_relative 'view'
+require_relative 'auto'
+require_relative 'default'
+
+class Otto
+  module ResponseHandlers
+    # Factory for creating response handlers
+    class HandlerFactory
+      # Map of response type names to handler classes
+      HANDLER_MAP = {
+        'json' => JSONHandler,
+        'redirect' => RedirectHandler,
+        'view' => ViewHandler,
+        'auto' => AutoHandler,
+        'default' => DefaultHandler,
+      }.freeze
+
+      def self.create_handler(response_type)
+        handler_class = HANDLER_MAP[response_type.to_s.downcase]
+
+        unless handler_class
+          Otto.logger.warn "Unknown response type: #{response_type}, falling back to default" if Otto.debug
+          handler_class = DefaultHandler
+        end
+
+        handler_class
+      end
+
+      def self.handle_response(result, response, response_type, context = {})
+        handler = create_handler(response_type)
+        handler.handle(result, response, context)
+      end
+    end
+  end
+end

data/lib/otto/response_handlers/json.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+class Otto
+  module ResponseHandlers
+    # Handler for JSON responses
+    class JSONHandler < BaseHandler
+      def self.handle(result, response, context = {})
+        # If a redirect has already been set, don't override with JSON
+        # This allows controllers to conditionally redirect based on Accept header
+        if response.status&.between?(300, 399) && response['Location']
+          return
+        end
+
+        response['Content-Type'] = 'application/json'
+
+        # Determine the data to serialize
+        data = if context[:logic_instance]&.respond_to?(:response_data)
+                 context[:logic_instance].response_data
+               elsif result.is_a?(Hash)
+                 result
+               elsif result.nil?
+                 { success: true }
+               else
+                 { success: true, data: result }
+               end
+
+        response.body = [JSON.generate(data)]
+        ensure_status_set(response, context[:status_code] || 200)
+      end
+    end
+  end
+end

data/lib/otto/response_handlers/redirect.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+class Otto
+  module ResponseHandlers
+    # Handler for redirect responses
+    class RedirectHandler < BaseHandler
+      def self.handle(result, response, context = {})
+        # Determine redirect path
+        path = if context[:redirect_path]
+                 context[:redirect_path]
+               elsif context[:logic_instance]&.respond_to?(:redirect_path)
+                 context[:logic_instance].redirect_path
+               elsif result.is_a?(String)
+                 result
+               else
+                 '/'
+               end
+
+        response.redirect(path)
+      end
+    end
+  end
+end

data/lib/otto/response_handlers/view.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+class Otto
+  module ResponseHandlers
+    # Handler for view/template responses
+    class ViewHandler < BaseHandler
+      def self.handle(result, response, context = {})
+        if context[:logic_instance]&.respond_to?(:view)
+          response.body = [context[:logic_instance].view.render]
+          response['Content-Type'] = 'text/html' unless response['Content-Type']
+        elsif result.respond_to?(:to_s)
+          response.body = [result.to_s]
+          response['Content-Type'] = 'text/html' unless response['Content-Type']
+        else
+          response.body = ['']
+        end
+
+        ensure_status_set(response, context[:status_code] || 200)
+      end
+    end
+  end
+end

data/lib/otto/response_handlers.rb

@@ -1,141 +1,15 @@
+# frozen_string_literal: true
+
 # lib/otto/response_handlers.rb
 
 class Otto
   module ResponseHandlers
-    # Base response handler class
-    class BaseHandler
-      def self.handle(result, response, context = {})
-        raise NotImplementedError, "Subclasses must implement handle method"
-      end
-
-      protected
-
-      def self.ensure_status_set(response, default_status = 200)
-        response.status = default_status unless response.status && response.status != 0
-      end
-    end
-
-    # Handler for JSON responses
-    class JSONHandler < BaseHandler
-      def self.handle(result, response, context = {})
-        response['Content-Type'] = 'application/json'
-
-        # Determine the data to serialize
-        data = if context[:logic_instance]&.respond_to?(:response_data)
-                 context[:logic_instance].response_data
-               elsif result.is_a?(Hash)
-                 result
-               elsif result.nil?
-                 { success: true }
-               else
-                 { success: true, data: result }
-               end
-
-        response.body = [JSON.generate(data)]
-        ensure_status_set(response, context[:status_code] || 200)
-      end
-    end
-
-    # Handler for redirect responses
-    class RedirectHandler < BaseHandler
-      def self.handle(result, response, context = {})
-        # Determine redirect path
-        path = if context[:redirect_path]
-                 context[:redirect_path]
-               elsif context[:logic_instance]&.respond_to?(:redirect_path)
-                 context[:logic_instance].redirect_path
-               elsif result.is_a?(String)
-                 result
-               else
-                 '/'
-               end
-
-        response.redirect(path)
-      end
-    end
-
-    # Handler for view/template responses
-    class ViewHandler < BaseHandler
-      def self.handle(result, response, context = {})
-        if context[:logic_instance]&.respond_to?(:view)
-          response.body = [context[:logic_instance].view.render]
-          response['Content-Type'] = 'text/html' unless response['Content-Type']
-        elsif result.respond_to?(:to_s)
-          response.body = [result.to_s]
-          response['Content-Type'] = 'text/html' unless response['Content-Type']
-        else
-          response.body = ['']
-        end
-
-        ensure_status_set(response, context[:status_code] || 200)
-      end
-    end
-
-    # Default handler that preserves existing Otto behavior
-    class DefaultHandler < BaseHandler
-      def self.handle(result, response, context = {})
-        # Otto's default behavior - let the route handler manage the response
-        # This handler does nothing, preserving existing behavior
-        ensure_status_set(response, 200)
-      end
-    end
-
-    # Auto-detection handler that chooses appropriate handler based on context
-    class AutoHandler < BaseHandler
-      def self.handle(result, response, context = {})
-        # Auto-detect based on result type and request context
-        handler_class = detect_handler_type(result, response, context)
-        handler_class.handle(result, response, context)
-      end
-
-      private
-
-      def self.detect_handler_type(result, response, context)
-        # Check if response type was already set by the handler
-        content_type = response['Content-Type']
-
-        if content_type&.include?('application/json')
-          JSONHandler
-        elsif (context[:logic_instance]&.respond_to?(:redirect_path) && context[:logic_instance]&.redirect_path) ||
-              (result.is_a?(String) && result.match?(%r{^/}))
-          # Logic instance has redirect path or result is a string path
-          RedirectHandler
-        elsif result.is_a?(Hash)
-          JSONHandler
-        elsif context[:logic_instance]&.respond_to?(:view)
-          ViewHandler
-        else
-          DefaultHandler
-        end
-      end
-    end
-
-    # Factory for creating response handlers
-    class HandlerFactory
-      # Map of response type names to handler classes
-      HANDLER_MAP = {
-        'json' => JSONHandler,
-        'redirect' => RedirectHandler,
-        'view' => ViewHandler,
-        'auto' => AutoHandler,
-        'default' => DefaultHandler
-      }.freeze
-
-      def self.create_handler(response_type)
-        handler_class = HANDLER_MAP[response_type.to_s.downcase]
-
-        unless handler_class
-          Otto.logger.warn "Unknown response type: #{response_type}, falling back to default" if Otto.debug
-          handler_class = DefaultHandler
-        end
-
-        handler_class
-      end
-
-      def self.handle_response(result, response, response_type, context = {})
-        handler = create_handler(response_type)
-        handler.handle(result, response, context)
-      end
-    end
+    require_relative 'response_handlers/base'
+    require_relative 'response_handlers/json'
+    require_relative 'response_handlers/redirect'
+    require_relative 'response_handlers/view'
+    require_relative 'response_handlers/default'
+    require_relative 'response_handlers/auto'
+    require_relative 'response_handlers/factory'
   end
 end

data/lib/otto/route.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # lib/otto/route.rb
 
 class Otto
@@ -20,6 +22,7 @@ class Otto
   #
   #
   class Route
+    # Class methods for Route providing Otto instance access
     module ClassMethods
       attr_accessor :otto
     end
@@ -42,10 +45,10 @@ class Otto
     #     "V2::Logic::AuthSession auth=authenticated response=redirect" (enhanced)
     # @raise [ArgumentError] if definition format is invalid or class name is unsafe
     def initialize(verb, path, definition)
-      @pattern, @keys = *compile(path)
+      pattern, keys = *compile(path)
 
       # Create immutable route definition
-      @route_definition = Otto::RouteDefinition.new(verb, path, definition, pattern: @pattern, keys: @keys)
+      @route_definition = Otto::RouteDefinition.new(verb, path, definition, pattern: pattern, keys: keys)
 
       # Resolve the class
       @klass = safe_const_get(@route_definition.klass_name)
@@ -84,53 +87,6 @@ class Otto
       @route_definition.options
     end
 
-    private
-
-
-    # Safely resolve a class name using Object.const_get with security validations
-    # This replaces the previous eval() usage to prevent code injection attacks.
-    #
-    # Security features:
-    # - Validates class name format (must start with capital letter)
-    # - Prevents access to dangerous system classes
-    # - Blocks relative class references (starting with ::)
-    # - Provides clear error messages for debugging
-    #
-    # @param class_name [String] The class name to resolve
-    # @return [Class] The resolved class
-    # @raise [ArgumentError] if class name is invalid, forbidden, or not found
-    def safe_const_get(class_name)
-      # Validate class name format
-      unless class_name.match?(/\A[A-Z][a-zA-Z0-9_]*(?:::[A-Z][a-zA-Z0-9_]*)*\z/)
-        raise ArgumentError, "Invalid class name format: #{class_name}"
-      end
-
-      # Prevent dangerous class names
-      forbidden_classes = %w[
-        Kernel Module Class Object BasicObject
-        File Dir IO Process System
-        Binding Proc Method UnboundMethod
-        Thread ThreadGroup Fiber
-        ObjectSpace GC
-      ]
-
-      if forbidden_classes.include?(class_name) || class_name.start_with?('::')
-        raise ArgumentError, "Forbidden class name: #{class_name}"
-      end
-
-      begin
-        Object.const_get(class_name)
-      rescue NameError => ex
-        raise ArgumentError, "Class not found: #{class_name} - #{ex.message}"
-      end
-    end
-
-    public
-
-    def pattern_regexp
-      Regexp.new(@path.gsub('/*', '/.+'))
-    end
-
     # Execute the route by calling the associated class method
     #
     # This method handles the complete request/response cycle with built-in security:
@@ -148,12 +104,10 @@ class Otto
       res            = Rack::Response.new
       req.extend Otto::RequestHelpers
       res.extend Otto::ResponseHelpers
-      res.request    = req
+      res.request = req
 
       # Make security config available to response helpers
-      if otto.respond_to?(:security_config) && otto.security_config
-        env['otto.security_config'] = otto.security_config
-      end
+      env['otto.security_config'] = otto.security_config if otto.respond_to?(:security_config) && otto.security_config
 
       # NEW: Make route definition and options available to middleware and handlers
       env['otto.route_definition'] = @route_definition
@@ -185,7 +139,7 @@ class Otto
       # This replaces the hardcoded execution pattern with a factory approach
       if otto&.route_handler_factory
         handler = otto.route_handler_factory.create_handler(@route_definition, otto)
-        return handler.call(env, extra_params)
+        handler.call(env, extra_params)
       else
         # Fallback to legacy behavior for backward compatibility
         inst = nil
@@ -205,7 +159,7 @@ class Otto
           context = {
             logic_instance: (kind == :instance ? inst : nil),
             status_code: nil,
-            redirect_path: nil
+            redirect_path: nil,
           }
 
           Otto::ResponseHandlers::HandlerFactory.handle_response(result, res, response_type, context)
@@ -218,6 +172,48 @@ class Otto
 
     private
 
+    # Safely resolve a class name using Object.const_get with security validations
+    # This replaces the previous eval() usage to prevent code injection attacks.
+    #
+    # Security features:
+    # - Validates class name format (must start with capital letter)
+    # - Prevents access to dangerous system classes
+    # - Blocks relative class references (starting with ::)
+    # - Provides clear error messages for debugging
+    #
+    # @param class_name [String] The class name to resolve
+    # @return [Class] The resolved class
+    # @raise [ArgumentError] if class name is invalid, forbidden, or not found
+    def safe_const_get(class_name)
+      # Validate class name format
+      unless class_name.match?(/\A[A-Z][a-zA-Z0-9_]*(?:::[A-Z][a-zA-Z0-9_]*)*\z/)
+        raise ArgumentError, "Invalid class name format: #{class_name}"
+      end
+
+      # Remove any leading :: then add exactly one
+      fq_class_name = "::#{class_name.sub(/^::+/, '')}"
+
+      # Prevent dangerous class names
+      forbidden_classes = %w[
+        Kernel Module Class Object BasicObject
+        File Dir IO Process System
+        Binding Proc Method UnboundMethod
+        Thread ThreadGroup Fiber
+        ObjectSpace GC
+      ]
+
+      if forbidden_classes.include?(class_name) || class_name.start_with?('::')
+        raise ArgumentError, "Forbidden class name: #{class_name}"
+      end
+
+      begin
+        # Always guarantee exactly two leading colons
+        Object.const_get(fq_class_name)
+      rescue NameError => e
+        raise ArgumentError, "Class not found: #{fq_class_name} - #{e.message}"
+      end
+    end
+
     def compile(path)
       keys = []
 

data/lib/otto/route_definition.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # lib/otto/route_definition.rb
 
 class Otto
@@ -161,24 +163,19 @@ class Otto
     # @param target [String] The target definition (e.g., "TestApp.index")
     # @return [Hash] Hash with :klass_name, :method_name, and :kind
     def parse_target(target)
-      if target.include?('.')
-        klass_name, method_name = target.split('.', 2)
-        { klass_name: klass_name, method_name: method_name, kind: :class }
-      elsif target.include?('#')
-        klass_name, method_name = target.split('#', 2)
-        { klass_name: klass_name, method_name: method_name, kind: :instance }
-      elsif target.match?(/\A[A-Z][a-zA-Z0-9_]*(?:::[A-Z][a-zA-Z0-9_]*)*\z/)
-        # Namespaced class with implicit method name (class method with same name as class)
-        # E.g., "V2::Logic::Admin::Panel" -> Panel.Panel (class method)
-        # For single word classes like "Logic", it's truly a logic class
-        method_name = target.split('::').last
-        if target.include?('::')
-          # Namespaced class - treat as class method with implicit method name
-          { klass_name: target, method_name: method_name, kind: :class }
-        else
-          # Single word class - treat as logic class
-          { klass_name: target, method_name: method_name, kind: :logic }
-        end
+      case target
+      when /^(.+)\.(.+)$/
+        # Class.method - call class method directly
+        { klass_name: $1, method_name: $2, kind: :class }
+
+      when /^(.+)#(.+)$/
+        # Class#method - instantiate then call instance method
+        { klass_name: $1, method_name: $2, kind: :instance }
+
+      when /^[A-Z][A-Za-z0-9_]*(?:::[A-Z][A-Za-z0-9_]*)*$/
+        # Bare class name - instantiate the class
+        { klass_name: target, method_name: target.split('::').last, kind: :logic }
+
       else
         raise ArgumentError, "Invalid target format: #{target}"
       end