rails-mcp-server 1.4.0 → 1.5.0

data/lib/rails-mcp-server/analyzers/get_schema.rb

@@ -1,6 +1,9 @@
 module RailsMcpServer
   module Analyzers
     class GetSchema < BaseAnalyzer
+      # Tab character for parsing output
+      FIELD_SEPARATOR = "\t"
+
       def call(table_name: nil, table_names: nil, detail_level: "full")
         unless current_project
           message = "No active project. Please switch to a project first."
@@ -10,11 +13,18 @@ module RailsMcpServer
 
         detail_level = "full" unless %w[tables summary full].include?(detail_level)
 
-        if table_names && table_names.is_a?(Array) && table_names.any?
+        if table_names&.is_a?(Array) && table_names.any?
+          invalid_tables = table_names.reject { |t| PathValidator.valid_table_name?(t) }
+          if invalid_tables.any?
+            return "Invalid table names: #{invalid_tables.join(", ")}. Table names must be alphanumeric with underscores."
+          end
           return batch_table_info(table_names)
         end
 
         if table_name
+          unless PathValidator.valid_table_name?(table_name)
+            return "Invalid table name: '#{table_name}'. Table names must be alphanumeric with underscores."
+          end
           log(:info, "Getting schema for table: #{table_name}")
           return single_table_info(table_name)
         end
@@ -56,7 +66,9 @@ module RailsMcpServer
         log(:info, "Getting full schema")
 
         schema_file = File.join(active_project_path, "db", "schema.rb")
-        unless File.exist?(schema_file)
+        structure_file = File.join(active_project_path, "db", "structure.sql")
+
+        unless File.exist?(schema_file) || File.exist?(structure_file)
           log(:info, "Schema file not found, attempting to generate it")
           RailsMcpServer::RunProcess.execute_rails_command(active_project_path, "db:schema:dump")
         end
@@ -76,6 +88,17 @@ module RailsMcpServer
             #{schema_content}
             ```
           SCHEMA
+        elsif File.exist?(structure_file)
+          tables = get_table_names
+
+          <<~SCHEMA
+            Database Schema (#{tables.size} tables)
+
+            Tables:
+            #{tables.join("\n")}
+
+            Note: Project uses structure.sql format. Use get_schema with a specific table_name for details.
+          SCHEMA
         else
           tables = get_table_names
           if tables.empty?
@@ -94,23 +117,24 @@ module RailsMcpServer
       end
 
       def single_table_info(table_name)
-        schema_output = execute_rails_runner(<<~RUBY)
-          require 'active_record'
-          puts ActiveRecord::Base.connection.columns('#{table_name}').map{|c| [c.name, c.type, c.null, c.default].inspect}.join('\\n')
-        RUBY
+        columns = get_columns(table_name)
 
-        if schema_output.strip.empty?
-          message = "Table '#{table_name}' not found or has no columns."
-          log(:warn, message)
-          return message
-        end
+        if columns.empty?
+          log(:warn, "Table '#{table_name}' not found or has no columns.")
+          return <<~ERROR
+            Table '#{table_name}' not found or has no columns.
 
-        columns = schema_output.strip.split("\\n").map do |column_info|
-          eval(column_info) # rubocop:disable Security/Eval
+            Tips:
+            - Use snake_case plural: 'users', 'blog_posts', 'order_items'
+            - Run get_schema with detail_level: "tables" to list all tables
+          ERROR
         end
 
-        formatted_columns = columns.map do |name, type, nullable, default|
-          "  #{name} (#{type})#{nullable ? ", nullable" : ""}#{default ? ", default: #{default}" : ""}"
+        formatted_columns = columns.map do |col|
+          line = "  #{col[:name]} (#{col[:type]})"
+          line += ", nullable" if col[:null]
+          line += ", default: #{col[:default]}" if col[:default]
+          line
         end
 
         output = <<~SCHEMA
@@ -142,38 +166,63 @@ module RailsMcpServer
       end
 
       def get_table_names
-        tables_output = execute_rails_runner(<<~RUBY)
-          require 'active_record'
-          puts ActiveRecord::Base.connection.tables.sort.join('\\n')
+        output = execute_rails_runner(<<~RUBY)
+          puts ActiveRecord::Base.connection.tables.sort.join("\\n")
         RUBY
-        tables_output.strip.split("\n").reject(&:empty?)
+
+        parse_lines(output)
       end
 
       def get_column_count(table_name)
-        count_output = execute_rails_runner(<<~RUBY)
-          require 'active_record'
-          puts ActiveRecord::Base.connection.columns('#{table_name}').size
+        return "?" unless PathValidator.valid_table_name?(table_name)
+
+        output = execute_rails_runner(<<~RUBY)
+          puts ActiveRecord::Base.connection.columns(#{table_name.inspect}).size
         RUBY
-        count_output.strip.to_i
+
+        output.strip.to_i
       rescue
         "?"
       end
 
+      def get_columns(table_name)
+        output = execute_rails_runner(<<~RUBY)
+          ActiveRecord::Base.connection.columns(#{table_name.inspect}).each do |c|
+            puts [c.name, c.type, c.null, c.default].join("\\t")
+          end
+        RUBY
+
+        parse_lines(output).map do |line|
+          parts = line.split(FIELD_SEPARATOR)
+          next if parts.size < 3
+
+          {
+            name: parts[0],
+            type: parts[1],
+            null: parts[2] == "true",
+            default: (parts[3] == "") ? nil : parts[3]
+          }
+        end.compact
+      end
+
       def get_foreign_keys(table_name)
-        fk_output = execute_rails_runner(<<~RUBY)
-          require 'active_record'
-          puts ActiveRecord::Base.connection.foreign_keys('#{table_name}').map{|fk| [fk.from_table, fk.to_table, fk.column, fk.primary_key].inspect}.join('\\n')
+        output = execute_rails_runner(<<~RUBY)
+          ActiveRecord::Base.connection.foreign_keys(#{table_name.inspect}).each do |fk|
+            puts [fk.from_table, fk.to_table, fk.column, fk.primary_key].join("\\t")
+          end
         RUBY
 
-        return nil if fk_output.strip.empty?
+        lines = parse_lines(output)
+        return nil if lines.empty?
 
-        foreign_keys = fk_output.strip.split("\n").map do |fk_info|
-          eval(fk_info) # rubocop:disable Security/Eval
-        end
+        formatted_fks = lines.map do |line|
+          parts = line.split(FIELD_SEPARATOR)
+          next if parts.size < 4
 
-        formatted_fks = foreign_keys.map do |from_table, to_table, column, primary_key|
-          "  #{column} -> #{to_table}.#{primary_key}"
-        end
+          "  #{parts[2]} -> #{parts[1]}.#{parts[3]}"
+        end.compact
+
+        return nil if formatted_fks.empty?
 
         <<~FK
 
@@ -186,21 +235,26 @@ module RailsMcpServer
       end
 
       def get_indexes(table_name)
-        idx_output = execute_rails_runner(<<~RUBY)
-          require 'active_record'
-          puts ActiveRecord::Base.connection.indexes('#{table_name}').map{|i| [i.name, i.columns, i.unique].inspect}.join('\\n')
+        output = execute_rails_runner(<<~RUBY)
+          ActiveRecord::Base.connection.indexes(#{table_name.inspect}).each do |i|
+            cols = i.columns.is_a?(Array) ? i.columns.join(",") : i.columns
+            puts [i.name, cols, i.unique].join("\\t")
+          end
         RUBY
 
-        return nil if idx_output.strip.empty?
+        lines = parse_lines(output)
+        return nil if lines.empty?
 
-        indexes = idx_output.strip.split("\n").map do |idx_info|
-          eval(idx_info) # rubocop:disable Security/Eval
-        end
+        formatted_indexes = lines.map do |line|
+          parts = line.split(FIELD_SEPARATOR)
+          next if parts.size < 3
 
-        formatted_indexes = indexes.map do |name, columns, unique|
-          cols = columns.is_a?(Array) ? columns.join(", ") : columns
-          "  #{name} (#{cols})#{unique ? " UNIQUE" : ""}"
-        end
+          cols = parts[1].tr(",", ", ")
+          unique_marker = (parts[2] == "true") ? " UNIQUE" : ""
+          "  #{parts[0]} (#{cols})#{unique_marker}"
+        end.compact
+
+        return nil if formatted_indexes.empty?
 
         <<~IDX
 
@@ -211,6 +265,10 @@ module RailsMcpServer
         log(:warn, "Error fetching indexes: #{e.message}")
         nil
       end
+
+      def parse_lines(output)
+        output.to_s.lines.map(&:chomp).reject(&:empty?)
+      end
     end
   end
 end

data/lib/rails-mcp-server/analyzers/list_files.rb

@@ -8,35 +8,77 @@ module RailsMcpServer
           return message
         end
 
-        full_path = File.join(active_project_path, directory)
+        if directory.empty?
+          full_path = active_project_path
+        else
+          validated_dir = PathValidator.validate_path(directory, active_project_path)
+          if validated_dir.nil?
+            message = "Access denied: directory '#{directory}' is outside the project or is sensitive."
+            log(:warn, "Directory access blocked: #{directory}")
+            return message
+          end
+          full_path = validated_dir
+        end
+
         unless File.directory?(full_path)
           message = "Directory '#{directory}' not found in the project."
           log(:warn, message)
           return message
         end
 
-        # Check if this is a git repository
-        is_git_repo = system("cd #{active_project_path} && git rev-parse --is-inside-work-tree > /dev/null 2>&1")
+        sanitized_pattern = pattern.gsub(/[^a-zA-Z0-9*?.\/_-]/, "")
+        if sanitized_pattern != pattern
+          log(:warn, "Pattern sanitized from '#{pattern}' to '#{sanitized_pattern}'")
+        end
+
+        files = collect_files(full_path, sanitized_pattern, directory)
+        files = PathValidator.filter_sensitive_files(files, active_project_path)
+
+        log(:debug, "Found #{files.size} files matching pattern (after filtering)")
+
+        "Files in #{directory.empty? ? "project root" : directory} matching '#{sanitized_pattern}':\n\n#{files.join("\n")}"
+      end
+
+      private
+
+      def collect_files(full_path, pattern, directory)
+        is_git_repo = git_repository?
 
         if is_git_repo
           log(:debug, "Project is a git repository, using git ls-files")
+          collect_files_git(directory, pattern)
+        else
+          log(:debug, "Project is not a git repository, using Dir.glob")
+          collect_files_glob(full_path, pattern)
+        end
+      end
 
-          relative_dir = directory.empty? ? "" : "#{directory}/"
-          git_cmd = "cd #{active_project_path} && git ls-files --cached --others --exclude-standard #{relative_dir}#{pattern}"
+      def git_repository?
+        Dir.chdir(active_project_path) do
+          system("git", "rev-parse", "--is-inside-work-tree",
+            out: File::NULL, err: File::NULL)
+        end
+      end
 
-          files = `#{git_cmd}`.split("\n").map(&:strip).sort
-        else
-          log(:debug, "Project is not a git repository or git not available, using Dir.glob")
+      def collect_files_git(directory, pattern)
+        relative_dir = directory.empty? ? "" : "#{directory}/"
+        search_pattern = "#{relative_dir}#{pattern}"
 
-          files = Dir.glob(File.join(full_path, pattern))
-            .map { |f| f.sub("#{active_project_path}/", "") }
-            .reject { |file| file.start_with?(".git/", ".ruby-lsp/", "node_modules/", "storage/", "public/assets/", "public/packs/", ".bundle/", "vendor/bundle/", "vendor/cache/", "tmp/", "log/") }
-            .sort
+        files = Dir.chdir(active_project_path) do
+          IO.popen(
+            ["git", "ls-files", "--cached", "--others", "--exclude-standard", search_pattern],
+            &:read
+          )
         end
 
-        log(:debug, "Found #{files.size} files matching pattern")
+        files.to_s.split("\n").map(&:strip).reject(&:empty?).sort
+      end
 
-        "Files in #{directory.empty? ? "project root" : directory} matching '#{pattern}':\n\n#{files.join("\n")}"
+      def collect_files_glob(full_path, pattern)
+        Dir.glob(File.join(full_path, pattern))
+          .map { |f| f.sub("#{active_project_path}/", "") }
+          .reject { |file| PathValidator.excluded_directory?(file) }
+          .sort
       end
     end
   end

data/lib/rails-mcp-server/analyzers/load_guide.rb

@@ -3,21 +3,29 @@ module RailsMcpServer
     class LoadGuide < BaseAnalyzer
       GUIDE_LIBRARIES = %w[rails turbo stimulus kamal custom].freeze
 
-      def call(guides:, guide: nil)
-        unless GUIDE_LIBRARIES.include?(guides.to_s.downcase)
-          return "Unknown guide library '#{guides}'. Available: #{GUIDE_LIBRARIES.join(", ")}"
+      # Parameters:
+      #   library: The guide source - 'rails', 'turbo', 'stimulus', 'kamal', or 'custom'
+      #   guide: (optional) Specific guide name to load. If omitted, lists all available guides.
+      #
+      # Examples:
+      #   execute_tool("load_guide", { library: "rails" })                          # List all Rails guides
+      #   execute_tool("load_guide", { library: "rails", guide: "active_record" })  # Load ActiveRecord guide
+      #   execute_tool("load_guide", { library: "custom", guide: "tailwind" })      # Load custom Tailwind guide
+      def call(library:, guide: nil)
+        unless GUIDE_LIBRARIES.include?(library.to_s.downcase)
+          return "Unknown guide library '#{library}'. Available: #{GUIDE_LIBRARIES.join(", ")}"
         end
 
-        guides_path = get_guides_path(guides.to_s.downcase)
+        guides_path = get_guides_path(library.to_s.downcase)
 
         unless guides_path && File.directory?(guides_path)
-          return "Guides for '#{guides}' not found. Run: rails-mcp-server-download-resources"
+          return "Guides for '#{library}' not found. Run: rails-mcp-server-download-resources #{library}"
         end
 
         if guide
           load_specific_guide(guides_path, guide)
         else
-          list_available_guides(guides, guides_path)
+          list_available_guides(library, guides_path)
         end
       end
 
@@ -40,11 +48,21 @@ module RailsMcpServer
         output = ["Available #{library.capitalize} Guides (#{guide_files.size}):", ""]
         guide_files.each { |g| output << "  #{g}" }
         output << ""
-        output << "Load a guide with: load_guide(guides: '#{library}', guide: '<guide_name>')"
+        output << "Load a guide with: execute_tool(\"load_guide\", { library: \"#{library}\", guide: \"<guide_name>\" })"
         output.join("\n")
       end
 
       def load_specific_guide(guides_path, guide_name)
+        # Validate guide name format - allow letters, numbers, underscores, hyphens, and forward slashes
+        unless guide_name.to_s.match?(/\A[a-zA-Z0-9_\-\/]+\z/)
+          return "Invalid guide name '#{guide_name}'. Use letters, numbers, underscores, hyphens, or forward slashes only."
+        end
+
+        # Prevent directory traversal
+        if guide_name.to_s.include?("..") || guide_name.to_s.start_with?("/")
+          return "Invalid guide name '#{guide_name}'. Directory traversal is not allowed."
+        end
+
         # Try exact match first
         guide_file = File.join(guides_path, "#{guide_name}.md")
 

data/lib/rails-mcp-server/analyzers/project_info.rb

@@ -8,7 +8,7 @@ module RailsMcpServer
           return message
         end
 
-        max_depth = [[max_depth.to_i, 1].max, 5].min
+        max_depth = [[max_depth.to_i, 1].max, 5].min # rubocop:disable Style/ComparableClamp
         detail_level = "full" unless %w[minimal summary full].include?(detail_level)
 
         gemfile_path = File.join(active_project_path, "Gemfile")

data/lib/rails-mcp-server/config.rb

@@ -29,6 +29,83 @@ module RailsMcpServer
     private
 
     def load_projects
+      # Priority 1: Environment variable (GitHub Copilot Agent mode)
+      return if load_from_env_var
+
+      # Priority 2: Auto-detect Rails project in current directory
+      return if auto_detect_rails_project
+
+      # Priority 3: Load from projects.yml (existing behavior)
+      load_from_projects_file
+    end
+
+    def load_from_env_var
+      return false unless ENV["RAILS_MCP_PROJECT_PATH"]
+
+      path = File.expand_path(ENV["RAILS_MCP_PROJECT_PATH"])
+      project_name = File.basename(path)
+
+      @projects = {project_name => path}
+      @current_project = project_name
+      @active_project_path = path
+      @logger.add(Logger::INFO, "Using RAILS_MCP_PROJECT_PATH: #{project_name} at #{path}")
+      true
+    end
+
+    def auto_detect_rails_project
+      # Check for Rails app (Gemfile with rails gem)
+      if rails_app?
+        set_auto_detected_project("Rails application")
+        return true
+      end
+
+      # Check for Rails engine (gemspec with rails dependency)
+      if rails_engine?
+        set_auto_detected_project("Rails engine")
+        return true
+      end
+
+      false
+    rescue => e
+      @logger.add(Logger::DEBUG, "Auto-detect failed: #{e.message}")
+      false
+    end
+
+    def rails_app?
+      gemfile = File.join(Dir.pwd, "Gemfile")
+      return false unless File.exist?(gemfile)
+
+      content = File.read(gemfile)
+      content.include?("'rails'") || content.include?('"rails"') ||
+        content.match?(/gem\s+['"]rails['"]/)
+    end
+
+    def rails_engine?
+      # Find gemspec files in current directory
+      gemspec_files = Dir.glob(File.join(Dir.pwd, "*.gemspec"))
+      return false if gemspec_files.empty?
+
+      gemspec_files.any? do |gemspec_file|
+        content = File.read(gemspec_file)
+        # Check for rails dependency in gemspec
+        # Common patterns:
+        #   add_dependency "rails", ...
+        #   add_runtime_dependency "rails", ...
+        #   add_dependency "railties", ...
+        #   add_runtime_dependency "actionpack", ...
+        content.match?(/add(?:_runtime)?_dependency\s+['"](?:rails|railties|actionpack|activerecord|activesupport|actionview|actionmailer|activejob|actioncable|activestorage|actionmailbox|actiontext)['"]/)
+      end
+    end
+
+    def set_auto_detected_project(project_type)
+      project_name = File.basename(Dir.pwd)
+      @projects = {project_name => Dir.pwd}
+      @current_project = project_name
+      @active_project_path = Dir.pwd
+      @logger.add(Logger::INFO, "Auto-detected #{project_type}: #{project_name} at #{Dir.pwd}")
+    end
+
+    def load_from_projects_file
       projects_file = File.join(@config_dir, "projects.yml")
       @projects = {}
 
@@ -41,16 +118,24 @@ module RailsMcpServer
         File.write(projects_file, "# Rails MCP Projects\n# Format: project_name: /path/to/project\n")
       end
 
-      @projects = YAML.load_file(projects_file) || {}
+      @projects = YAML.safe_load_file(projects_file, permitted_classes: [Symbol]) || {}
       found_projects_size = @projects.size
       @logger.add(Logger::INFO, "Loaded #{found_projects_size} projects: #{@projects.keys.join(", ")}")
 
       if found_projects_size.zero?
-        message = "No projects found.\nPlease add a project to #{projects_file} and try again."
+        message = "No projects found.\nPlease add a project to #{projects_file} or run from a Rails directory."
         puts message
         @logger.add(Logger::ERROR, message)
         exit 1
       end
+
+      # Auto-switch if only one project configured
+      if @projects.size == 1
+        name, path = @projects.first
+        @current_project = name
+        @active_project_path = File.expand_path(path)
+        @logger.add(Logger::INFO, "Auto-switched to single project: #{name}")
+      end
     end
 
     def configure_logger

data/lib/rails-mcp-server/helpers/resource_base.rb

@@ -27,7 +27,7 @@ module RailsMcpServer
 
     def load_manifest
       @manifest = if File.exist?(@manifest_file)
-        YAML.load_file(@manifest_file)
+        YAML.safe_load_file(@manifest_file, permitted_classes: [Symbol, Time])
       else
         create_manifest
       end
@@ -70,15 +70,17 @@ module RailsMcpServer
     def find_title(content)
       lines = content.lines
 
-      # H1 header
       lines.each do |line|
-        return $1.strip if line.strip =~ /^#\s+(.+)$/
+        stripped = line.strip
+        if stripped.start_with?("# ") && stripped.length > 2
+          return stripped[2..].strip
+        end
       end
 
-      # Underlined title
       lines.each_with_index do |line, index|
         next if index >= lines.length - 1
-        return line.strip if /^=+$/.match?(lines[index + 1].strip)
+        next_line = lines[index + 1].strip
+        return line.strip if !next_line.empty? && next_line.chars.all? { |c| c == "=" }
       end
 
       nil
@@ -87,10 +89,9 @@ module RailsMcpServer
     def find_description(content)
       # Clean content
       clean = content.dup
-      clean = clean.sub(/^---\s*\n.*?\n---\s*\n/m, "") # Remove YAML frontmatter
-      clean = clean.gsub(/^#\s+.*?\n/, "") # Remove H1 headers
-      clean = clean.gsub(/^.+\n=+\s*\n/, "") # Remove underlined titles
-      clean = clean.strip.gsub(/\n+/, " ").gsub(/\s+/, " ")
+      clean = remove_yaml_frontmatter(clean)
+      clean = remove_markdown_headers(clean)
+      clean = clean.strip.tr("\n", " ").gsub(/\s+/, " ")
 
       return "" if clean.empty?
 
@@ -122,6 +123,44 @@ module RailsMcpServer
       title.strip.empty? ? "Untitled Guide" : title
     end
 
+    def remove_yaml_frontmatter(content)
+      lines = content.lines
+      return content unless lines.first&.strip == "---"
+
+      closing_index = lines[1..].index { |l| l.strip == "---" }
+      return content unless closing_index
+
+      lines[(closing_index + 2)..].join
+    end
+
+    def remove_markdown_headers(content)
+      lines = content.lines
+      result = []
+      skip_next = false
+
+      lines.each_with_index do |line, index|
+        if skip_next
+          skip_next = false
+          next
+        end
+
+        stripped = line.strip
+        next if stripped.start_with?("# ") && stripped.length > 2
+
+        if index < lines.length - 1
+          next_stripped = lines[index + 1].strip
+          if !next_stripped.empty? && next_stripped.chars.all? { |c| c == "=" }
+            skip_next = true
+            next
+          end
+        end
+
+        result << line
+      end
+
+      result.join
+    end
+
     def file_hash(file_path)
       Digest::SHA256.file(file_path).hexdigest
     end

data/lib/rails-mcp-server/helpers/resource_downloader.rb

@@ -32,7 +32,7 @@ module RailsMcpServer
       config_file = File.join(File.dirname(__FILE__), "..", "..", "..", "config", "resources.yml")
       return [] unless File.exist?(config_file)
 
-      YAML.load_file(config_file).keys
+      YAML.safe_load_file(config_file, permitted_classes: [Symbol]).keys
     rescue => e
       warn "Failed to load resource configuration: #{e.message}"
       []
@@ -63,7 +63,7 @@ module RailsMcpServer
 
       raise DownloadError, "Resource configuration file not found" unless File.exist?(config_file)
 
-      all_configs = YAML.load_file(config_file)
+      all_configs = YAML.safe_load_file(config_file, permitted_classes: [Symbol])
       @config = all_configs[@resource_name]
 
       raise DownloadError, "Unknown resource: #{@resource_name}" unless @config

data/lib/rails-mcp-server/resources/guide_content_formatter.rb

@@ -40,13 +40,13 @@ module RailsMcpServer
         <<~GUIDE
           ### #{title}
           **Guide name:** `#{short_name}` or `#{full_name}`
-          #{description.empty? ? "" : "**Description:** #{description}"}
+          #{"**Description:** #{description}" unless description.empty?}
         GUIDE
       else
         <<~GUIDE
           ## #{title}
           **Guide name:** `#{short_name}`
-          #{description.empty? ? "" : "**Description:** #{description}"}
+          #{"**Description:** #{description}" unless description.empty?}
         GUIDE
       end
     end
@@ -59,7 +59,7 @@ module RailsMcpServer
       usage += "```\n"
 
       examples.each do |example|
-        usage += "load_guide guides: \"#{framework_name.downcase}\", guide: \"#{example[:guide]}\"#{example[:comment] ? " # " + example[:comment] : ""}\n"
+        usage += "execute_tool(\"load_guide\", { library: \"#{framework_name.downcase}\", guide: \"#{example[:guide]}\" })#{" # " + example[:comment] if example[:comment]}\n"
       end
 
       usage += "```\n"

data/lib/rails-mcp-server/resources/guide_error_handler.rb

@@ -19,10 +19,10 @@ module RailsMcpServer
       if suggestions.any?
         message += "## Did you mean one of these?\n\n"
         suggestions.each { |suggestion| message += "- #{suggestion}\n" }
-        message += "\n**Try:** `load_guide guides: \"#{framework_name.downcase}\", guide: \"#{suggestions.first}\"`\n"
+        message += "\n**Try:** `execute_tool(\"load_guide\", { library: \"#{framework_name.downcase}\", guide: \"#{suggestions.first}\" })`\n"
       else
         message += format_available_guides_section(available_guides)
-        message += "Use `load_guide guides: \"#{framework_name.downcase}\"` to see all available guides with descriptions.\n"
+        message += "Use `execute_tool(\"load_guide\", { library: \"#{framework_name.downcase}\" })` to see all available guides with descriptions.\n"
       end
 
       message

data/lib/rails-mcp-server/resources/guide_loader_template.rb

@@ -78,7 +78,7 @@ module RailsMcpServer
       guides = []
 
       guides << "# Available #{framework_name} Guides\n"
-      guides << "Use the `load_guide` tool with `guides: \"#{framework_name.downcase}\"` and `guide: \"guide_name\"` to load a specific guide.\n"
+      guides << "Use `execute_tool(\"load_guide\", { library: \"#{framework_name.downcase}\", guide: \"guide_name\" })` to load a specific guide.\n"
 
       if supports_sections?
         guides << "You can use either the full path (e.g., `handbook/01_introduction`) or just the filename (e.g., `01_introduction`).\n"

data/lib/rails-mcp-server/resources/guide_manifest_operations.rb

@@ -13,7 +13,7 @@ module RailsMcpServer
         raise StandardError, error_message
       end
 
-      YAML.load_file(manifest_file)
+      YAML.safe_load_file(manifest_file, permitted_classes: [Symbol, Time])
     end
 
     # Extract guide metadata from manifest entry