rails-mcp-server 1.0.1 → 1.1.0

data/lib/rails-mcp-server/tools/analyze_controller_views.rb

@@ -0,0 +1,239 @@
+module RailsMcpServer
+  class AnalyzeControllerViews < BaseTool
+    tool_name "analyze_controller_views"
+
+    description "Analyze the relationships between controllers, their actions, and corresponding views to understand the application's UI flow."
+
+    arguments do
+      optional(:controller_name).filled(:string).description("Name of a specific controller to analyze (e.g., 'UsersController' or 'users'). If omitted, all controllers will be analyzed.")
+    end
+
+    def call(controller_name: nil)
+      unless current_project
+        message = "No active project. Please switch to a project first."
+        log(:warn, message)
+
+        return message
+      end
+
+      # Find all controllers
+      controllers_dir = File.join(active_project_path, "app", "controllers")
+      unless File.directory?(controllers_dir)
+        message = "Controllers directory not found at app/controllers."
+        log(:warn, message)
+
+        return message
+      end
+
+      # Get all controller files
+      controller_files = Dir.glob(File.join(controllers_dir, "**", "*_controller.rb"))
+
+      if controller_files.empty?
+        message = "No controllers found in the project."
+        log(:warn, message)
+
+        return message
+      end
+
+      # If a specific controller was requested, filter the files
+      if controller_name
+        # Normalize controller name (allow both 'users' and 'UsersController')
+        controller_name = "#{controller_name.sub(/_?controller$/i, "").downcase}_controller.rb"
+        controller_files = controller_files.select { |f| File.basename(f).downcase == controller_name }
+
+        if controller_files.empty?
+          message = "Controller '#{controller_name}' not found."
+          log(:warn, message)
+
+          return message
+        end
+      end
+
+      # Parse controllers to extract actions
+      controllers_data = {}
+
+      controller_files.each do |file_path|
+        file_content = File.read(file_path)
+        controller_class = File.basename(file_path, ".rb").gsub(/_controller$/i, "").then { |s| camelize(s) } + "Controller"
+
+        # Extract controller actions (methods that are not private/protected)
+        actions = []
+        action_matches = file_content.scan(/def\s+([a-zA-Z0-9_]+)/).flatten
+
+        # Find where private/protected begins
+        private_index = file_content =~ /^\s*(private|protected)/
+
+        if private_index
+          # Get the actions defined before private/protected
+          private_content = file_content[private_index..-1]
+          private_methods = private_content.scan(/def\s+([a-zA-Z0-9_]+)/).flatten
+          actions = action_matches - private_methods
+        else
+          actions = action_matches
+        end
+
+        # Remove Rails controller lifecycle methods
+        lifecycle_methods = %w[initialize action_name controller_name params response]
+        actions -= lifecycle_methods
+
+        # Get routes mapped to this controller
+        routes_output = RailsMcpServer::RunProcess.execute_rails_command(
+          active_project_path,
+          "bin/rails routes -c #{controller_class}"
+        )
+
+        routes = {}
+        if routes_output && !routes_output.empty?
+          routes_output.split("\n").each do |line|
+            next if line.include?("(erb):") || line.include?("Prefix") || line.strip.empty?
+            parts = line.strip.split(/\s+/)
+            if parts.size >= 4
+              # Get action name from the rails routes output
+              action = parts[1].to_s.strip.downcase
+              if actions.include?(action)
+                verb = parts[0].to_s.strip
+                path = parts[2].to_s.strip
+                routes[action] = {verb: verb, path: path}
+              end
+            end
+          end
+        end
+
+        # Find views for each action
+        views_dir = File.join(active_project_path, "app", "views", File.basename(file_path, "_controller.rb"))
+        views = {}
+
+        if File.directory?(views_dir)
+          actions.each do |action|
+            # Look for view templates with various extensions
+            view_files = Dir.glob(File.join(views_dir, "#{action}.*"))
+            if view_files.any?
+              views[action] = {
+                templates: view_files.map { |f| f.sub("#{active_project_path}/", "") },
+                partials: []
+              }
+
+              # Look for partials used in this template
+              view_files.each do |view_file|
+                if File.file?(view_file)
+                  view_content = File.read(view_file)
+                  # Find render calls with partials
+                  partial_matches = view_content.scan(/render\s+(?:partial:|:partial\s+=>\s+|:partial\s*=>|partial:)\s*["']([^"']+)["']/).flatten
+                  views[action][:partials] += partial_matches if partial_matches.any?
+
+                  # Find instance variables used in the view
+                  instance_vars = view_content.scan(/@([a-zA-Z0-9_]+)/).flatten.uniq # rubocop:disable Performance/ChainArrayAllocation
+                  views[action][:instance_variables] = instance_vars if instance_vars.any?
+
+                  # Look for Stimulus controllers
+                  stimulus_controllers = view_content.scan(/data-controller="([^"]+)"/).flatten.uniq # rubocop:disable Performance/ChainArrayAllocation
+                  views[action][:stimulus_controllers] = stimulus_controllers if stimulus_controllers.any?
+                end
+              end
+            end
+          end
+        end
+
+        # Extract instance variables set in the controller action
+        instance_vars_in_controller = {}
+        actions.each do |action|
+          # Find the action method in the controller
+          action_match = file_content.match(/def\s+#{action}\b(.*?)(?:(?:def|private|protected|public)\b|\z)/m)
+          if action_match && action_match[1]
+            action_body = action_match[1]
+            # Find instance variable assignments
+            vars = action_body.scan(/@([a-zA-Z0-9_]+)\s*=/).flatten.uniq # rubocop:disable Performance/ChainArrayAllocation
+            instance_vars_in_controller[action] = vars if vars.any?
+          end
+        end
+
+        controllers_data[controller_class] = {
+          file: file_path.sub("#{active_project_path}/", ""),
+          actions: actions,
+          routes: routes,
+          views: views,
+          instance_variables: instance_vars_in_controller
+        }
+      rescue => e
+        log(:error, "Error parsing controller #{file_path}: #{e.message}")
+      end
+
+      # Format the output
+      output = []
+
+      controllers_data.each do |controller, data|
+        output << "Controller: #{controller}"
+        output << "  File: #{data[:file]}"
+        output << "  Actions: #{data[:actions].size}"
+
+        data[:actions].each do |action|
+          output << "    Action: #{action}"
+
+          # Show route if available
+          if data[:routes] && data[:routes][action]
+            route = data[:routes][action]
+            output << "      Route: [#{route[:verb]}] #{route[:path]}"
+          else
+            output << "      Route: Not mapped to a route"
+          end
+
+          # Show view templates if available
+          if data[:views] && data[:views][action]
+            view_data = data[:views][action]
+
+            output << "      View Templates:"
+            view_data[:templates].each do |template|
+              output << "        - #{template}"
+            end
+
+            # Show partials
+            if view_data[:partials]&.any?
+              output << "      Partials Used:"
+              view_data[:partials].uniq.each do |partial|
+                output << "        - #{partial}"
+              end
+            end
+
+            # Show Stimulus controllers
+            if view_data[:stimulus_controllers]&.any?
+              output << "      Stimulus Controllers:"
+              view_data[:stimulus_controllers].each do |controller|
+                output << "        - #{controller}"
+              end
+            end
+
+            # Show instance variables used in views
+            if view_data[:instance_variables]&.any?
+              output << "      Instance Variables Used in View:"
+              view_data[:instance_variables].sort.each do |var|
+                output << "        - @#{var}"
+              end
+            end
+          else
+            output << "      View: No view template found"
+          end
+
+          # Show instance variables set in controller
+          if data[:instance_variables] && data[:instance_variables][action]
+            output << "      Instance Variables Set in Controller:"
+            data[:instance_variables][action].sort.each do |var|
+              output << "        - @#{var}"
+            end
+          end
+
+          output << ""
+        end
+
+        output << "-------------------------"
+      end
+
+      output.join("\n")
+    end
+
+    private
+
+    def camelize(string)
+      string.split("_").map(&:capitalize).join
+    end
+  end
+end

data/lib/rails-mcp-server/tools/analyze_environment_config.rb

@@ -0,0 +1,427 @@
+module RailsMcpServer
+  class AnalyzeEnvironmentConfig < BaseTool
+    tool_name "analyze_environment_config"
+
+    description "Analyze environment configurations to identify inconsistencies, security issues, and missing variables across environments."
+
+    def call
+      unless current_project
+        message = "No active project. Please switch to a project first."
+        log(:warn, message)
+
+        return message
+      end
+
+      # Check for required directories and files
+      env_dir = File.join(active_project_path, "config", "environments")
+      unless File.directory?(env_dir)
+        message = "Environment configuration directory not found at config/environments."
+        log(:warn, message)
+
+        return message
+      end
+
+      # Initialize data structures
+      env_files = {}
+      env_settings = {}
+
+      # 1. Parse environment files
+      Dir.glob(File.join(env_dir, "*.rb")).each do |file|
+        env_name = File.basename(file, ".rb")
+        env_files[env_name] = file
+        env_content = File.read(file)
+
+        # Extract settings from environment files
+        env_settings[env_name] = extract_env_settings(env_content)
+      end
+
+      # 2. Find ENV variable usage across the codebase
+      env_vars_in_code = find_env_vars_in_codebase(active_project_path)
+
+      # 3. Check for .env files and their variables
+      dotenv_files = {}
+      dotenv_vars = {}
+
+      # Common .env file patterns
+      dotenv_patterns = [
+        ".env",
+        ".env.development",
+        ".env.test",
+        ".env.production",
+        ".env.local",
+        ".env.development.local",
+        ".env.test.local",
+        ".env.production.local"
+      ]
+
+      dotenv_patterns.each do |pattern|
+        file_path = File.join(active_project_path, pattern)
+        if File.exist?(file_path)
+          dotenv_files[pattern] = file_path
+          dotenv_vars[pattern] = parse_dotenv_file(file_path)
+        end
+      end
+
+      # 4. Check credentials files
+      credentials_files = {}
+      credentials_key_file = File.join(active_project_path, "config", "master.key")
+      credentials_file = File.join(active_project_path, "config", "credentials.yml.enc")
+
+      if File.exist?(credentials_file)
+        credentials_files["credentials.yml.enc"] = credentials_file
+      end
+
+      # Environment-specific credentials files
+      Dir.glob(File.join(active_project_path, "config", "credentials", "*.yml.enc")).each do |file|
+        env_name = File.basename(file, ".yml.enc")
+        credentials_files["credentials/#{env_name}.yml.enc"] = file
+      end
+
+      # 5. Check database configuration
+      database_config_file = File.join(active_project_path, "config", "database.yml")
+      database_config = {}
+
+      if File.exist?(database_config_file)
+        database_config = parse_database_config(database_config_file)
+      end
+
+      # 6. Generate findings
+
+      # 6.1. Compare environment settings
+      env_diff = compare_environment_settings(env_settings)
+
+      # 6.2. Find missing ENV variables
+      missing_env_vars = find_missing_env_vars(env_vars_in_code, dotenv_vars)
+
+      # 6.3. Check for potential security issues
+      security_findings = check_security_configuration(env_settings, database_config)
+
+      # Format the output
+      output = []
+
+      # Environment files summary
+      output << "Environment Configuration Analysis"
+      output << "=================================="
+      output << ""
+      output << "Environment Files:"
+      env_files.each do |env, file|
+        output << "  - #{env}: #{file.sub("#{active_project_path}/", "")}"
+      end
+      output << ""
+
+      # Environment variables summary
+      output << "Environment Variables Usage:"
+      output << "  Total unique ENV variables found in codebase: #{env_vars_in_code.keys.size}"
+      output << ""
+
+      # Missing ENV variables
+      if missing_env_vars.any?
+        output << "Missing ENV Variables:"
+        missing_env_vars.each do |env_var, environments|
+          output << "  - #{env_var}: Used in codebase but missing in #{environments.join(", ")}"
+        end
+      else
+        output << "All ENV variables appear to be defined in at least one .env file."
+      end
+      output << ""
+
+      # Environment differences
+      if env_diff[:unique_settings].any?
+        output << "Environment-Specific Settings:"
+        env_diff[:unique_settings].each do |env, settings|
+          output << "  #{env}:"
+          settings.each do |setting|
+            output << "    - #{setting}"
+          end
+        end
+        output << ""
+      end
+
+      if env_diff[:different_values].any?
+        output << "Settings with Different Values Across Environments:"
+        env_diff[:different_values].each do |setting, values|
+          output << "  #{setting}:"
+          values.each do |env, value|
+            output << "    - #{env}: #{value}"
+          end
+        end
+        output << ""
+      end
+
+      # Credentials files
+      output << "Credentials Management:"
+      if credentials_files.any?
+        output << "  Encrypted credentials files found:"
+        credentials_files.each do |name, file|
+          output << "    - #{name}"
+        end
+
+        output << if File.exist?(credentials_key_file)
+          "  Master key file exists (config/master.key)"
+        else
+          "  Warning: No master.key file found. Credentials are likely managed through RAILS_MASTER_KEY environment variable."
+        end
+      else
+        output << "  No encrypted credentials files found. The application may be using ENV variables exclusively."
+      end
+      output << ""
+
+      # Database configuration
+      output << "Database Configuration:"
+      if database_config.any?
+        database_config.each do |env, config|
+          output << "  #{env}:"
+          # Show connection details without exposing passwords
+          if config["adapter"]
+            output << "    - Adapter: #{config["adapter"]}"
+          end
+          if config["host"] && config["host"] != "localhost" && config["host"] != "127.0.0.1"
+            output << "    - Host: #{config["host"]}"
+          end
+          if config["database"]
+            output << "    - Database: #{config["database"]}"
+          end
+
+          # Check for credentials in database.yml
+          if config["username"] && !config["username"].include?("ENV")
+            output << "    - Warning: Database username hardcoded in database.yml"
+          end
+          if config["password"] && !config["password"].include?("ENV")
+            output << "    - Warning: Database password hardcoded in database.yml"
+          end
+        end
+      else
+        output << "  Could not parse database configuration."
+      end
+      output << ""
+
+      # Security findings
+      if security_findings.any?
+        output << "Security Configuration Findings:"
+        security_findings.each do |finding|
+          output << "  - #{finding}"
+        end
+        output << ""
+      end
+
+      output.join("\n")
+    end
+
+    private
+
+    # Helper method to extract settings from environment files
+    def extract_env_settings(content)
+      settings = {}
+
+      # Match configuration settings
+      content.scan(/config\.([a-zA-Z0-9_.]+)\s*=\s*([^#\n]+)/) do |match|
+        key = match[0].strip
+        value = match[1].strip
+
+        # Clean up the value
+        value = value.chomp(";").strip
+
+        settings[key] = value
+      end
+
+      settings
+    end
+
+    # Helper method to find ENV variable usage in the codebase
+    def find_env_vars_in_codebase(project_path)
+      env_vars = {}
+
+      # Define directories to search
+      search_dirs = [
+        File.join(project_path, "app"),
+        File.join(project_path, "config"),
+        File.join(project_path, "lib")
+      ]
+
+      # Define file patterns to search
+      file_patterns = ["*.rb", "*.yml", "*.erb", "*.js"]
+
+      search_dirs.each do |dir|
+        if File.directory?(dir)
+          file_patterns.each do |pattern|
+            Dir.glob(File.join(dir, "**", pattern)).each do |file|
+              content = File.read(file)
+
+              # Extract ENV variables
+              content.scan(/ENV\s*\[\s*['"]([^'"]+)['"]\s*\]/).each do |match|
+                env_var = match[0]
+                env_vars[env_var] ||= []
+                env_vars[env_var] << file.sub("#{project_path}/", "")
+              end
+
+              # Also match ENV['VAR'] pattern
+              content.scan(/ENV\s*\.\s*\[\s*['"]([^'"]+)['"]\s*\]/).each do |match|
+                env_var = match[0]
+                env_vars[env_var] ||= []
+                env_vars[env_var] << file.sub("#{project_path}/", "")
+              end
+
+              # Also match ENV.fetch('VAR') pattern
+              content.scan(/ENV\s*\.\s*fetch\s*\(\s*['"]([^'"]+)['"]\s*/).each do |match|
+                env_var = match[0]
+                env_vars[env_var] ||= []
+                env_vars[env_var] << file.sub("#{project_path}/", "")
+              end
+            rescue => e
+              log(:error, "Error reading file #{file}: #{e.message}")
+            end
+          end
+        end
+      end
+
+      env_vars
+    end
+
+    # Helper method to parse .env files
+    def parse_dotenv_file(file_path)
+      vars = {}
+
+      begin
+        File.readlines(file_path).each do |line| # rubocop:disable Performance/IoReadlines
+          # Skip comments and empty lines
+          next if line.strip.empty? || line.strip.start_with?("#")
+
+          # Parse KEY=value pattern
+          if line =~ /\A([A-Za-z0-9_]+)=(.*)\z/
+            key = $1
+            # Store just the existence of the variable, not its value
+            vars[key] = true
+          end
+        end
+      rescue => e
+        log(:error, "Error parsing .env file #{file_path}: #{e.message}")
+      end
+
+      vars
+    end
+
+    # Helper method to parse database.yml
+    def parse_database_config(file_path)
+      config = {}
+
+      begin
+        # Simple YAML parsing - not handling ERB
+        yaml_content = File.read(file_path)
+        yaml_data = YAML.safe_load(yaml_content) || {}
+
+        # Extract environment configurations
+        %w[development test production staging].each do |env|
+          config[env] = yaml_data[env] if yaml_data[env]
+        end
+      rescue => e
+        log(:error, "Error parsing database.yml: #{e.message}")
+      end
+
+      config
+    end
+
+    # Helper method to compare environment settings
+    def compare_environment_settings(env_settings)
+      result = {
+        unique_settings: {},
+        different_values: {}
+      }
+
+      # Get all settings across all environments
+      all_settings = env_settings.values.map(&:keys).flatten.uniq # rubocop:disable Performance/ChainArrayAllocation
+
+      # Find settings unique to certain environments
+      env_settings.each do |env, settings|
+        unique = settings.keys - (all_settings - settings.keys)
+        result[:unique_settings][env] = unique if unique.any?
+      end
+
+      # Find settings with different values across environments
+      all_settings.each do |setting|
+        values = {}
+
+        env_settings.each do |env, settings|
+          values[env] = settings[setting] if settings[setting]
+        end
+
+        # Only include if there are different values
+        if values.values.uniq.size > 1
+          result[:different_values][setting] = values
+        end
+      end
+
+      result
+    end
+
+    # Helper method to find missing ENV variables
+    def find_missing_env_vars(env_vars_in_code, dotenv_vars)
+      missing_vars = {}
+
+      # Check each ENV variable used in code
+      env_vars_in_code.each do |var, files|
+        # Environments where the variable is missing
+        missing_in = []
+
+        # Check in each .env file
+        if dotenv_vars.empty?
+          missing_in << "all environments (no .env files found)"
+        else
+          dotenv_vars.each do |env_file, vars|
+            env_name = env_file.gsub(/^\.env\.?|\.local$/, "")
+            env_name = "development" if env_name.empty?
+
+            if !vars.key?(var)
+              missing_in << env_name
+            end
+          end
+        end
+
+        missing_vars[var] = missing_in if missing_in.any?
+      end
+
+      missing_vars
+    end
+
+    # Helper method to check for security issues
+    def check_security_configuration(env_settings, database_config)
+      findings = []
+
+      # Check for common security settings
+      env_settings.each do |env, settings|
+        # Check for secure cookies in production
+        if env == "production"
+          if settings["cookies.secure"] == "false"
+            findings << "Production has cookies.secure = false"
+          end
+
+          if settings["session_store.secure"] == "false"
+            findings << "Production has session_store.secure = false"
+          end
+
+          # Force SSL
+          if settings["force_ssl"] == "false"
+            findings << "Production has force_ssl = false"
+          end
+        end
+
+        # Check for CSRF protection
+        if settings["action_controller.default_protect_from_forgery"] == "false"
+          findings << "#{env} has CSRF protection disabled"
+        end
+      end
+
+      # Check for hardcoded credentials in database.yml
+      database_config.each do |env, config|
+        if config["username"] && !config["username"].include?("ENV")
+          findings << "Database username hardcoded in database.yml for #{env}"
+        end
+
+        if config["password"] && !config["password"].include?("ENV")
+          findings << "Database password hardcoded in database.yml for #{env}"
+        end
+      end
+
+      findings
+    end
+  end
+end