rails-mcp-server 1.2.3 → 1.4.0

data/lib/rails-mcp-server/analyzers/project_info.rb

@@ -0,0 +1,136 @@
+module RailsMcpServer
+  module Analyzers
+    class ProjectInfo < BaseAnalyzer
+      def call(max_depth: 2, include_files: true, detail_level: "full")
+        unless current_project
+          message = "No active project. Please switch to a project first."
+          log(:warn, message)
+          return message
+        end
+
+        max_depth = [[max_depth.to_i, 1].max, 5].min
+        detail_level = "full" unless %w[minimal summary full].include?(detail_level)
+
+        gemfile_path = File.join(active_project_path, "Gemfile")
+        gemfile_content = File.exist?(gemfile_path) ? File.read(gemfile_path) : "Gemfile not found"
+
+        rails_version = gemfile_content.match(/gem ['"]rails['"],\s*['"](.+?)['"]/)&.captures&.first || "Unknown"
+
+        config_application_path = File.join(active_project_path, "config", "application.rb")
+        is_api_only = File.exist?(config_application_path) &&
+          File.read(config_application_path).include?("config.api_only = true")
+
+        log(:info, "Project info: Rails v#{rails_version}, API-only: #{is_api_only}")
+
+        case detail_level
+        when "minimal"
+          <<~INFO
+            Project: #{current_project}
+            Path: #{active_project_path}
+            Rails version: #{rails_version}
+            API only: #{is_api_only ? "Yes" : "No"}
+          INFO
+
+        when "summary"
+          key_dirs = get_key_directories
+          <<~INFO
+            Project: #{current_project}
+            Path: #{active_project_path}
+            Rails version: #{rails_version}
+            API only: #{is_api_only ? "Yes" : "No"}
+
+            Key directories:
+            #{key_dirs}
+          INFO
+
+        when "full"
+          <<~INFO
+            Current project: #{current_project}
+            Path: #{active_project_path}
+            Rails version: #{rails_version}
+            API only: #{is_api_only ? "Yes" : "No"}
+
+            Project structure:
+            #{get_directory_structure(active_project_path, max_depth: max_depth, include_files: include_files)}
+          INFO
+        end
+      end
+
+      private
+
+      def get_key_directories
+        key_paths = %w[
+          app/models
+          app/controllers
+          app/views
+          app/jobs
+          app/services
+          app/graphql
+          config
+          db/migrate
+          spec
+          test
+        ]
+
+        output = []
+        key_paths.each do |path|
+          full_path = File.join(active_project_path, path)
+          if File.directory?(full_path)
+            count = Dir.glob(File.join(full_path, "**", "*.rb")).size
+            output << "  #{path}/ (#{count} Ruby files)"
+          end
+        end
+
+        output.empty? ? "  (no key directories found)" : output.join("\n")
+      end
+
+      def get_directory_structure(path, max_depth:, include_files:, current_depth: 0, prefix: "")
+        return "" if current_depth > max_depth || !File.directory?(path)
+
+        ignored_dirs = [
+          ".git", "node_modules", "tmp", "log",
+          "storage", "coverage", "public/assets",
+          "public/packs", ".bundle", "vendor/bundle",
+          "vendor/cache", ".ruby-lsp"
+        ]
+
+        output = +""  # Mutable string to avoid frozen string literal warning
+        directories = []
+        files = []
+
+        Dir.foreach(path) do |entry|
+          next if entry == "." || entry == ".."
+          next if ignored_dirs.include?(entry)
+
+          full_path = File.join(path, entry)
+
+          if File.directory?(full_path)
+            directories << entry
+          elsif include_files
+            files << entry
+          end
+        end
+
+        directories.sort.each do |dir|
+          output << "#{prefix}└── #{dir}/\n"
+          full_path = File.join(path, dir)
+          output << get_directory_structure(
+            full_path,
+            max_depth: max_depth,
+            include_files: include_files,
+            current_depth: current_depth + 1,
+            prefix: "#{prefix}    "
+          )
+        end
+
+        if include_files
+          files.sort.each do |file|
+            output << "#{prefix}└── #{file}\n"
+          end
+        end
+
+        output
+      end
+    end
+  end
+end

data/lib/rails-mcp-server/tools/base_tool.rb

@@ -1,3 +1,5 @@
+require "fast_mcp"
+
 module RailsMcpServer
   class BaseTool < FastMcp::Tool
     extend Forwardable

data/lib/rails-mcp-server/tools/execute_ruby.rb

@@ -0,0 +1,409 @@
+module RailsMcpServer
+  class ExecuteRuby < BaseTool
+    tool_name "execute_ruby"
+
+    description <<~DESC
+      Execute read-only Ruby code in the context of the Rails project. Use this for:
+      - Complex queries that would require multiple tool calls
+      - Filtering/transforming data before returning
+      - Custom exploration of the codebase
+
+      RESTRICTIONS:
+      - Cannot create, modify, or delete files
+      - Cannot read .env, credentials, key files, or .gitignore'd files
+      - Cannot access files outside the project directory
+      - Cannot execute shell commands or system calls
+
+      HELPER METHODS AVAILABLE:
+      - read_file(path) - safely read a file
+      - file_exists?(path) - check if file exists (false for sensitive files)
+      - list_files(pattern) - glob files safely, e.g., list_files('app/models/**/*.rb')
+      - project_root - returns the project root path
+
+      NOTE: Use `puts` to see output, e.g., puts read_file('Gemfile')
+    DESC
+
+    arguments do
+      required(:code).filled(:string).description("Ruby code to execute (read-only operations only)")
+      optional(:timeout).filled(:integer).description("Timeout in seconds. Default: 30, Max: 60")
+    end
+
+    # Patterns that indicate dangerous operations
+    FORBIDDEN_PATTERNS = [
+      # File/IO writing
+      /File\.(write|open|new)\s*\([^)]*['"][wa+]/i,
+      /File\.(delete|unlink|rename|chmod|chown|truncate)/i,
+      /FileUtils\./i,
+      /IO\.(write|syswrite|popen|pipe)/i,
+      /\.(write|puts|print|syswrite)\s*[(\s]/,
+
+      # Directory modification
+      /Dir\.(mkdir|rmdir|delete|chdir)/i,
+
+      # System/shell execution
+      /system\s*[(\s]/,
+      /exec\s*[(\s]/,
+      /`[^`]+`/,
+      /%x[{(\[]/,
+      /Kernel\.(system|exec|spawn|`)/,
+      /Open3\./i,
+      /IO\.popen/i,
+      /Process\.(spawn|exec|fork)/i,
+      /Shellwords/i,
+
+      # Network access
+      /Net::(HTTP|FTP|SMTP)/i,
+      /URI\.(open|parse)/i,
+      /HTTParty/i,
+      /Faraday/i,
+      /RestClient/i,
+      /open-uri/i,
+      /Socket/i,
+      /TCPSocket/i,
+      /UDPSocket/i,
+
+      # Dangerous Ruby features
+      /eval\s*[(\s]/,
+      /instance_eval/i,
+      /class_eval/i,
+      /module_eval/i,
+      /define_method/i,
+      /send\s*[(\s]+[:'"]*(system|exec|`)/i,
+      /__send__/,
+      /ObjectSpace/i,
+      /Binding/i,
+      /set_trace_func/i,
+
+      # Environment/credentials access
+      /ENV\[/i,
+      /ENV\.fetch/i,
+      /Rails\.application\.credentials/i,
+      /Rails\.application\.secrets/i,
+
+      # Load/require that could execute arbitrary code
+      /load\s*[(\s]+[^)]*\$/i,
+      /require\s+[^'"]/i
+    ].freeze
+
+    # Sensitive file patterns (in addition to .gitignore)
+    SENSITIVE_PATTERNS = [
+      /\.env(\..*)?$/i,
+      /\.key$/i,
+      /\.pem$/i,
+      /\.crt$/i,
+      /\.p12$/i,
+      /credentials\.yml/i,
+      /secrets\.yml/i,
+      /master\.key/i,
+      /config\/credentials/i,
+      /config\/secrets/i,
+      /\.secret$/i,
+      /password/i,
+      /\.ssh\//i,
+      /id_rsa/i,
+      /id_ed25519/i
+    ].freeze
+
+    NO_OUTPUT_MESSAGE = <<~MSG
+      Code executed successfully (no output).
+
+      Hint: Use `puts` to see results, e.g.:
+        puts read_file('config/routes.rb')
+        puts User.count
+        puts Dir.glob('app/models/*.rb')
+    MSG
+
+    def call(code:, timeout: 30)
+      unless current_project
+        return "No active project. Please switch to a project first."
+      end
+
+      timeout = [timeout.to_i, 60].min # Cap at 60 seconds
+      timeout = 10 if timeout < 1
+
+      # Step 1: Static analysis - reject dangerous code
+      validation_error = validate_code_safety(code)
+      return validation_error if validation_error
+
+      # Step 2: Build the sandboxed execution environment
+      sandbox_code = build_sandbox(code)
+
+      # Step 3: Execute with timeout
+      execute_sandboxed(sandbox_code, timeout)
+    end
+
+    private
+
+    def validate_code_safety(code)
+      FORBIDDEN_PATTERNS.each do |pattern|
+        if code.match?(pattern)
+          return "REJECTED: Code contains forbidden pattern (#{pattern.source.split("\\").first}...). " \
+                 "This tool only allows read-only operations."
+        end
+      end
+      nil
+    end
+
+    def build_sandbox(user_code)
+      gitignore_patterns = parse_gitignore
+      all_patterns = SENSITIVE_PATTERNS.map(&:source) + gitignore_patterns
+      sensitive_patterns_ruby = all_patterns.map { |p| "Regexp.new(#{p.inspect}, Regexp::IGNORECASE)" }.join(",\n      ")
+
+      <<~RUBY
+        # Sandbox wrapper for safe execution
+        module McpSandbox
+          PROJECT_ROOT = #{active_project_path.inspect}.freeze
+
+          SENSITIVE_PATTERNS = [
+            #{sensitive_patterns_ruby}
+          ].freeze
+
+          class PathViolation < StandardError; end
+          class SensitiveFileViolation < StandardError; end
+          class WriteViolation < StandardError; end
+
+          module_function
+
+          def validate_path!(path)
+            expanded = File.expand_path(path, PROJECT_ROOT)
+
+            unless expanded.start_with?(PROJECT_ROOT + "/") || expanded == PROJECT_ROOT
+              raise PathViolation, "Access denied: path '\#{path}' is outside project directory"
+            end
+
+            relative_path = expanded.sub(PROJECT_ROOT + "/", "")
+
+            SENSITIVE_PATTERNS.each do |pattern|
+              if relative_path.match?(pattern)
+                raise SensitiveFileViolation, "Access denied: '\#{relative_path}' matches sensitive file pattern"
+              end
+            end
+
+            expanded
+          end
+
+          def safe_read(path)
+            validated_path = validate_path!(path)
+            File.original_read(validated_path)
+          end
+
+          def safe_exist?(path)
+            validated_path = validate_path!(path)
+            File.original_exist?(validated_path)
+          rescue PathViolation, SensitiveFileViolation
+            false
+          end
+
+          def safe_directory?(path)
+            validated_path = validate_path!(path)
+            File.original_directory?(validated_path)
+          rescue PathViolation, SensitiveFileViolation
+            false
+          end
+
+          def safe_file?(path)
+            validated_path = validate_path!(path)
+            File.original_file?(validated_path)
+          rescue PathViolation, SensitiveFileViolation
+            false
+          end
+
+          def safe_glob(pattern, base: PROJECT_ROOT)
+            Dir.original_glob(File.join(base, pattern)).select do |path|
+              validate_path!(path)
+              true
+            rescue PathViolation, SensitiveFileViolation
+              false
+            end
+          end
+
+          def safe_entries(path)
+            validated_path = validate_path!(path)
+            Dir.original_entries(validated_path).reject { |e| e.start_with?(".") }
+          end
+        end
+
+        # Override File class methods
+        class File
+          class << self
+            alias_method :original_read, :read
+            alias_method :original_exist?, :exist?
+            alias_method :original_directory?, :directory?
+            alias_method :original_file?, :file?
+
+            def read(path, *args)
+              McpSandbox.safe_read(path)
+            end
+
+            def exist?(path)
+              McpSandbox.safe_exist?(path)
+            end
+
+            def directory?(path)
+              McpSandbox.safe_directory?(path)
+            end
+
+            def file?(path)
+              McpSandbox.safe_file?(path)
+            end
+
+            # Block all write operations
+            [:write, :delete, :unlink, :rename, :chmod, :chown, :truncate].each do |method|
+              define_method(method) do |*args, &block|
+                raise McpSandbox::WriteViolation, "Write operations are not permitted: File.\#{method}"
+              end
+            end
+
+            # Handle open specially - allow read-only mode
+            def open(path, mode = "r", *args, &block)
+              if mode.to_s =~ /[wa+]/
+                raise McpSandbox::WriteViolation, "Write operations are not permitted: File.open with mode '\#{mode}'"
+              end
+              content = McpSandbox.safe_read(path)
+              if block_given?
+                yield StringIO.new(content)
+              else
+                StringIO.new(content)
+              end
+            end
+          end
+        end
+
+        # Override Dir class methods
+        class Dir
+          class << self
+            alias_method :original_glob, :glob
+            alias_method :original_entries, :entries
+
+            def glob(pattern, *args)
+              McpSandbox.safe_glob(pattern)
+            end
+
+            def entries(path)
+              McpSandbox.safe_entries(path)
+            end
+
+            [:mkdir, :rmdir, :delete, :chdir].each do |method|
+              define_method(method) do |*args|
+                raise McpSandbox::WriteViolation, "Directory modifications are not permitted: Dir.\#{method}"
+              end
+            end
+          end
+        end
+
+        # Block FileUtils entirely
+        if defined?(FileUtils)
+          module FileUtils
+            class << self
+              def method_missing(method, *args)
+                raise McpSandbox::WriteViolation, "FileUtils operations are not permitted"
+              end
+            end
+          end
+        end
+
+        # Block system calls at Kernel level
+        module Kernel
+          def system(*args)
+            raise McpSandbox::WriteViolation, "System calls are not permitted"
+          end
+
+          def exec(*args)
+            raise McpSandbox::WriteViolation, "System calls are not permitted"
+          end
+
+          def spawn(*args)
+            raise McpSandbox::WriteViolation, "System calls are not permitted"
+          end
+
+          def `(cmd)
+            raise McpSandbox::WriteViolation, "Shell execution is not permitted"
+          end
+        end
+
+        # Block backticks at Object level
+        class Object
+          def `(cmd)
+            raise McpSandbox::WriteViolation, "Shell execution is not permitted"
+          end
+        end
+
+        # Provide convenient aliases for sandboxed operations
+        def read_file(path)
+          McpSandbox.safe_read(path)
+        end
+
+        def file_exists?(path)
+          McpSandbox.safe_exist?(path)
+        end
+
+        def list_files(pattern)
+          McpSandbox.safe_glob(pattern)
+        end
+
+        def project_root
+          McpSandbox::PROJECT_ROOT
+        end
+
+        # ============ USER CODE BELOW ============
+        begin
+          #{user_code}
+        rescue McpSandbox::PathViolation => e
+          puts "PATH ERROR: \#{e.message}"
+        rescue McpSandbox::SensitiveFileViolation => e
+          puts "ACCESS DENIED: \#{e.message}"
+        rescue McpSandbox::WriteViolation => e
+          puts "WRITE ERROR: \#{e.message}"
+        rescue => e
+          puts "ERROR: \#{e.class} - \#{e.message}"
+        end
+      RUBY
+    end
+
+    def parse_gitignore
+      gitignore_path = File.join(active_project_path, ".gitignore")
+      return [] unless File.exist?(gitignore_path)
+
+      File.readlines(gitignore_path)
+        .map(&:strip)
+        .reject { |line| line.empty? || line.start_with?("#") } # rubocop:disable Performance/ChainArrayAllocation
+        .map { |pattern| convert_gitignore_to_regex(pattern) } # rubocop:disable Performance/ChainArrayAllocation
+    end
+
+    def convert_gitignore_to_regex(pattern)
+      # Convert gitignore glob pattern to regex
+      regex = Regexp.escape(pattern)
+        .gsub('\*\*', ".*")           # ** matches everything
+        .gsub('\*', "[^/]*")          # * matches within directory
+        .gsub('\?', ".")              # ? matches single char
+        .gsub(/^\//, "^")             # Leading / anchors to root
+
+      # If pattern doesn't start with /, it can match anywhere
+      regex = "(?:^|/)" + regex unless pattern.start_with?("/")
+
+      regex
+    end
+
+    def execute_sandboxed(code, timeout)
+      require "tempfile"
+      require "timeout"
+
+      Tempfile.create(["mcp_sandbox", ".rb"]) do |f|
+        f.write(code)
+        f.flush
+
+        begin
+          Timeout.timeout(timeout) do
+            result = RailsMcpServer::RunProcess.execute_rails_command(
+              active_project_path,
+              "bin/rails runner #{f.path} 2>&1"
+            )
+            result.empty? ? NO_OUTPUT_MESSAGE : result
+          end
+        rescue Timeout::Error
+          "TIMEOUT: Execution exceeded #{timeout} seconds"
+        end
+      end
+    end
+  end
+end

data/lib/rails-mcp-server/tools/execute_tool.rb

@@ -0,0 +1,115 @@
+module RailsMcpServer
+  class ExecuteTool < BaseTool
+    tool_name "execute_tool"
+
+    description <<~DESC
+      Execute a Rails MCP analyzer by name. Use search_tools first to discover available 
+      analyzers and their parameters, then invoke them through this meta-tool.
+
+      This approach reduces context usage by not loading all tool definitions upfront.
+    DESC
+
+    arguments do
+      required(:tool_name).filled(:string).description(
+        "Name of the analyzer to execute (e.g., 'get_routes', 'analyze_models', 'get_schema')"
+      )
+      optional(:params).description(
+        "Hash of parameters to pass to the analyzer (e.g., { model_name: 'User', analysis_type: 'full' })"
+      )
+    end
+
+    # Registry of available internal analyzers with their allowed parameters
+    INTERNAL_TOOLS = {
+      "project_info" => {
+        class_name: "Analyzers::ProjectInfo",
+        params: [:max_depth, :include_files, :detail_level]
+      },
+      "list_files" => {
+        class_name: "Analyzers::ListFiles",
+        params: [:directory, :pattern]
+      },
+      "get_file" => {
+        class_name: "Analyzers::GetFile",
+        params: [:path]
+      },
+      "get_routes" => {
+        class_name: "Analyzers::GetRoutes",
+        params: [:controller, :verb, :path_contains, :named_only, :detail_level]
+      },
+      "analyze_models" => {
+        class_name: "Analyzers::AnalyzeModels",
+        params: [:model_name, :model_names, :detail_level, :analysis_type]
+      },
+      "get_schema" => {
+        class_name: "Analyzers::GetSchema",
+        params: [:table_name, :table_names, :detail_level]
+      },
+      "analyze_controller_views" => {
+        class_name: "Analyzers::AnalyzeControllerViews",
+        params: [:controller_name, :detail_level, :analysis_type]
+      },
+      "analyze_environment_config" => {
+        class_name: "Analyzers::AnalyzeEnvironmentConfig",
+        params: []
+      },
+      "load_guide" => {
+        class_name: "Analyzers::LoadGuide",
+        params: [:guides, :guide]
+      }
+    }.freeze
+
+    def call(tool_name:, params: {})
+      tool_config = INTERNAL_TOOLS[tool_name]
+
+      unless tool_config
+        available = INTERNAL_TOOLS.keys.sort.join(", ")
+        return "Unknown tool '#{tool_name}'. Available: #{available}\n\nUse search_tools to discover tools and their parameters."
+      end
+
+      # Get the analyzer class from the Analyzers module
+      analyzer_class = tool_config[:class_name].split("::").reduce(RailsMcpServer) { |mod, name| mod.const_get(name) }
+
+      # Instantiate the analyzer
+      analyzer_instance = analyzer_class.new
+
+      # Handle params passed as JSON string (from some MCP clients like Inspector)
+      params ||= {}
+      params = JSON.parse(params, symbolize_names: true) if params.is_a?(String)
+      params = params.transform_keys(&:to_sym) if params.is_a?(Hash)
+
+      allowed_params = tool_config[:params]
+      filtered_params = params.slice(*allowed_params)
+
+      # Log any ignored params for debugging
+      ignored_params = params.keys - allowed_params
+      if ignored_params.any?
+        log(:debug, "Ignored unknown params for '#{tool_name}': #{ignored_params.join(", ")}")
+      end
+
+      log(:info, "Executing analyzer '#{tool_name}' with params: #{filtered_params.inspect}")
+
+      begin
+        if filtered_params.empty?
+          analyzer_instance.call
+        else
+          analyzer_instance.call(**filtered_params)
+        end
+      rescue ArgumentError => e
+        "Error calling '#{tool_name}': #{e.message}\n\nUse search_tools(query: '#{tool_name}', detail_level: 'full') to see required parameters."
+      rescue => e
+        log(:error, "Error executing analyzer '#{tool_name}': #{e.message}\n#{e.backtrace.first(5).join("\n")}")
+        "Error executing '#{tool_name}': #{e.message}"
+      end
+    end
+
+    class << self
+      def available_tools
+        INTERNAL_TOOLS.keys.sort
+      end
+
+      def tool_info(name)
+        INTERNAL_TOOLS[name]
+      end
+    end
+  end
+end