rails-mcp-server 1.4.0 → 1.5.0

data/lib/rails-mcp-server/resources/kamal_guides_resources.rb

@@ -103,7 +103,7 @@ module RailsMcpServer
       <<~GUIDE
         ### #{title}
         **Guide name:** `#{short_name}`
-        #{description.empty? ? "" : "**Description:** #{description}"}
+        #{"**Description:** #{description}" unless description.empty?}
       GUIDE
     end
   end

data/lib/rails-mcp-server/tools/execute_tool.rb

@@ -13,7 +13,7 @@ module RailsMcpServer
       required(:tool_name).filled(:string).description(
         "Name of the analyzer to execute (e.g., 'get_routes', 'analyze_models', 'get_schema')"
       )
-      optional(:params).description(
+      optional(:params).hash.description(
         "Hash of parameters to pass to the analyzer (e.g., { model_name: 'User', analysis_type: 'full' })"
       )
     end
@@ -54,7 +54,7 @@ module RailsMcpServer
       },
       "load_guide" => {
         class_name: "Analyzers::LoadGuide",
-        params: [:guides, :guide]
+        params: [:library, :guide]
       }
     }.freeze
 
@@ -63,7 +63,13 @@ module RailsMcpServer
 
       unless tool_config
         available = INTERNAL_TOOLS.keys.sort.join(", ")
-        return "Unknown tool '#{tool_name}'. Available: #{available}\n\nUse search_tools to discover tools and their parameters."
+        return <<~ERROR
+          Unknown tool '#{tool_name}'.
+
+          Available tools: #{available}
+
+          Tip: Use search_tools(query: "keyword") to discover tools and their parameters.
+        ERROR
       end
 
       # Get the analyzer class from the Analyzers module

data/lib/rails-mcp-server/tools/get_model.rb

@@ -1,3 +1,5 @@
+require "active_support/core_ext/string/inflections"
+
 module RailsMcpServer
   class GetModels < BaseTool
     tool_name "get_models"
@@ -17,10 +19,16 @@ module RailsMcpServer
       end
 
       if model_name
+        unless PathValidator.valid_identifier?(model_name)
+          message = "Invalid model name: #{model_name}. Use CamelCase (e.g., 'User', 'Admin::User')."
+          log(:warn, message)
+          return message
+        end
+
         log(:info, "Getting info for specific model: #{model_name}")
 
         # Check if the model file exists
-        model_file = File.join(active_project_path, "app", "models", "#{underscore(model_name)}.rb")
+        model_file = File.join(active_project_path, "app", "models", "#{model_name.underscore}.rb")
         unless File.exist?(model_file)
           log(:warn, "Model file not found: #{model_name}")
           message = "Model '#{model_name}' not found."
@@ -38,7 +46,7 @@ module RailsMcpServer
         log(:debug, "Executing Rails runner to get schema information")
         schema_info = execute_rails_command(
           active_project_path,
-          "runner \"puts #{model_name}.column_names\""
+          "puts #{model_name}.column_names"
         )
 
         # Try to get associations
@@ -100,17 +108,14 @@ module RailsMcpServer
 
     private
 
-    def execute_rails_command(project_path, command)
-      full_command = "cd #{project_path} && bin/rails #{command}"
-      `#{full_command}`
-    end
-
-    def underscore(string)
-      string.gsub("::", "/")
-        .gsub(/([A-Z]+)([A-Z][a-z])/, '\1_\2')
-        .gsub(/([a-z\d])([A-Z])/, '\1_\2')
-        .tr("-", "_")
-        .downcase
+    def execute_rails_command(project_path, runner_script)
+      Dir.chdir(project_path) do
+        IO.popen(
+          ["bin/rails", "runner", runner_script],
+          err: [:child, :out],
+          &:read
+        )
+      end
     end
   end
 end

data/lib/rails-mcp-server/tools/search_tools.rb

@@ -104,11 +104,11 @@ module RailsMcpServer
       },
       "load_guide" => {
         category: "guides",
-        keywords: %w[guide documentation rails turbo stimulus kamal docs help],
-        summary: "Load Rails, Turbo, Stimulus, or Kamal documentation guides",
+        keywords: %w[guide documentation rails turbo stimulus kamal docs help custom],
+        summary: "Load Rails, Turbo, Stimulus, Kamal, or custom documentation guides",
         parameters: [
-          {name: "guides", type: "string", required: true, description: "Library: 'rails', 'turbo', 'stimulus', 'kamal', 'custom'"},
-          {name: "guide", type: "string", required: false, description: "Specific guide name to load"}
+          {name: "library", type: "string", required: true, description: "Guide source: 'rails', 'turbo', 'stimulus', 'kamal', or 'custom'"},
+          {name: "guide", type: "string", required: false, description: "Specific guide name to load (omit to list available guides)"}
         ]
       }
     }.freeze

data/lib/rails-mcp-server/tools/switch_project.rb

@@ -2,7 +2,16 @@ module RailsMcpServer
   class SwitchProject < BaseTool
     tool_name "switch_project"
 
-    description "Change the active Rails project to interact with a different codebase. Must be called before using other tools. Available projects are defined in the projects.yml configuration file."
+    description <<~DESC.strip
+      Change the active Rails project to interact with a different codebase.
+      Must be called before using other tools when multiple projects are configured.
+
+      Note: If RAILS_MCP_PROJECT_PATH is set, --single-project flag is used,
+      or the server is started from a Rails directory, the project is auto-detected
+      and switch_project is optional.
+
+      Available projects are defined in the projects.yml configuration file.
+    DESC
 
     arguments do
       required(:project_name).filled(:string).description("Name of the project as defined in the projects.yml file (case-sensitive)")

data/lib/rails-mcp-server/utilities/path_validator.rb

@@ -0,0 +1,100 @@
+require "shellwords"
+
+module RailsMcpServer
+  module PathValidator
+    # Sensitive file patterns - files that should never be read or listed
+    SENSITIVE_PATTERNS = [
+      /\.env(\..*)?$/i,                    # .env, .env.local, .env.production
+      /\.key$/i,                           # *.key files
+      /\.pem$/i,                           # SSL certificates
+      /\.crt$/i,                           # SSL certificates
+      /\.p12$/i,                           # PKCS12 certificates
+      /credentials\.yml(\.enc)?$/i,        # Rails credentials (encrypted or not)
+      /secrets\.yml(\.enc)?$/i,            # Rails secrets
+      /master\.key$/i,                     # Rails master key
+      /config\/credentials/i,              # credentials directory
+      /config\/secrets/i,                  # secrets directory
+      /\.secret$/i,                        # generic secret files
+      /password/i,                         # password files
+      /\.ssh\//i,                          # SSH directory
+      /id_rsa/i,                           # SSH keys
+      /id_ed25519/i,                       # SSH keys
+      /id_ecdsa/i,                         # SSH keys
+      /\.gnupg\//i,                        # GPG directory
+      /\.netrc$/i,                         # netrc credentials
+      /\.pgpass$/i,                        # PostgreSQL passwords
+      /database\.yml$/i,                   # Database configuration
+      /storage\.yml$/i                     # Active Storage config (may contain keys)
+    ].freeze
+
+    # Directories that should be excluded from listing
+    EXCLUDED_DIRECTORIES = %w[
+      .git/
+      .bundle/
+      node_modules/
+      vendor/bundle/
+      vendor/cache/
+      tmp/
+      log/
+      storage/
+      .ruby-lsp/
+    ].freeze
+
+    module_function
+
+    # Check if a path matches sensitive patterns
+    def sensitive_path?(path)
+      normalized = path.to_s.downcase
+      SENSITIVE_PATTERNS.any? { |pattern| normalized.match?(pattern) }
+    end
+
+    # Reject paths that resolve to project_root itself (e.g., ".", "..")
+    def safe_path?(path, project_root)
+      return false if path.nil? || path.empty?
+
+      expanded = File.expand_path(path, project_root)
+      expanded.start_with?(project_root + "/")
+    end
+
+    # Validate and return safe absolute path, or nil if unsafe
+    def validate_path(path, project_root)
+      return nil unless safe_path?(path, project_root)
+
+      expanded = File.expand_path(path, project_root)
+      return nil if sensitive_path?(expanded.sub(project_root + "/", ""))
+
+      expanded
+    end
+
+    # Escape a string for safe shell usage
+    def shell_escape(str)
+      Shellwords.escape(str.to_s)
+    end
+
+    def valid_identifier?(name)
+      return false if name.nil? || name.empty?
+
+      name.match?(/\A[a-zA-Z_][a-zA-Z0-9_]*(::[a-zA-Z_][a-zA-Z0-9_]*)*\z/)
+    end
+
+    # Validate table names (alphanumeric and underscores only)
+    def valid_table_name?(name)
+      return false if name.nil? || name.empty?
+
+      name.match?(/\A[a-zA-Z_][a-zA-Z0-9_]*\z/)
+    end
+
+    # Filter a list of files, removing sensitive ones
+    def filter_sensitive_files(files, project_root)
+      files.reject do |file|
+        relative_path = file.sub("#{project_root}/", "")
+        sensitive_path?(relative_path)
+      end
+    end
+
+    # Check if path is in excluded directory
+    def excluded_directory?(path)
+      EXCLUDED_DIRECTORIES.any? { |dir| path.start_with?(dir) }
+    end
+  end
+end

data/lib/rails-mcp-server/utilities/run_process.rb

@@ -1,27 +1,37 @@
 require "bundler"
+require "shellwords"
 
 module RailsMcpServer
   class RunProcess
     def self.execute_rails_command(project_path, command)
-      subprocess_env = ENV.to_h.merge(Bundler.original_env).merge(
-        "BUNDLE_GEMFILE" => File.join(project_path, "Gemfile")
-      )
-
       RailsMcpServer.log(:debug, "Executing: #{command}")
 
-      # Execute the command and capture stdout, stderr, and status
-      stdout_str, stderr_str, status = Open3.capture3(subprocess_env, command, chdir: project_path)
+      Bundler.with_unbundled_env do
+        subprocess_env = ENV.to_h
+        subprocess_env.delete("BUNDLE_GEMFILE")
+
+        # Set RBENV_VERSION from project's .ruby-version if it exists
+        ruby_version_file = File.join(project_path, ".ruby-version")
+        if File.exist?(ruby_version_file)
+          subprocess_env["RBENV_VERSION"] = File.read(ruby_version_file).strip
+        else
+          subprocess_env.delete("RBENV_VERSION")
+        end
+
+        shell = ENV.fetch("SHELL", "/bin/bash")
+        shell_command = "cd #{Shellwords.escape(project_path)} && #{command}"
+        stdout_str, stderr_str, status = Open3.capture3(subprocess_env, shell, "-l", "-c", shell_command)
 
-      if status.success?
-        RailsMcpServer.log(:debug, "Command succeeded")
-        stdout_str
-      else
-        # Log error details
-        RailsMcpServer.log(:error, "Command failed with status: #{status.exitstatus}")
-        RailsMcpServer.log(:error, "stderr: #{stderr_str}")
+        if status.success?
+          RailsMcpServer.log(:debug, "Command succeeded")
+          stdout_str
+        else
+          RailsMcpServer.log(:error, "Command failed with status: #{status.exitstatus}")
+          RailsMcpServer.log(:error, "stderr: #{stderr_str}")
 
-        # Return error message
-        "Error executing Rails command: #{command}\n\n#{stderr_str}"
+          error_output = stderr_str.empty? ? stdout_str : stderr_str
+          "Error executing Rails command: #{command}\n\n#{error_output}"
+        end
       end
     rescue => e
       RailsMcpServer.log(:error, "Exception executing Rails command: #{e.message}")

data/lib/rails-mcp-server/version.rb

@@ -1,3 +1,3 @@
 module RailsMcpServer
-  VERSION = "1.4.0"
+  VERSION = "1.5.0"
 end

data/lib/rails_mcp_server.rb

@@ -5,6 +5,7 @@ require "open3"
 require_relative "rails-mcp-server/version"
 require_relative "rails-mcp-server/config"
 require_relative "rails-mcp-server/utilities/run_process"
+require_relative "rails-mcp-server/utilities/path_validator"
 
 # MCP Tools (registered with FastMCP)
 require_relative "rails-mcp-server/tools/base_tool"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails-mcp-server
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.5.0
 platform: ruby
 authors:
 - Mario Alberto Chávez Cárdenas
@@ -9,6 +9,20 @@ bindir: exe
 cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
 - !ruby/object:Gem::Dependency
   name: addressable
   requirement: !ruby/object:Gem::Requirement
@@ -79,6 +93,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.7.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: standard
   requirement: !ruby/object:Gem::Requirement
@@ -150,7 +178,8 @@ files:
 - LICENSE.txt
 - README.md
 - config/resources.yml
-- 'docs/AGENT.md '
+- docs/AGENT.md
+- docs/COPILOT_AGENT.md
 - docs/RESOURCES.md
 - exe/rails-mcp-config
 - exe/rails-mcp-server
@@ -193,6 +222,7 @@ files:
 - lib/rails-mcp-server/tools/get_model.rb
 - lib/rails-mcp-server/tools/search_tools.rb
 - lib/rails-mcp-server/tools/switch_project.rb
+- lib/rails-mcp-server/utilities/path_validator.rb
 - lib/rails-mcp-server/utilities/run_process.rb
 - lib/rails-mcp-server/version.rb
 - lib/rails_mcp_server.rb
@@ -211,14 +241,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.5.0
+      version: 3.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.0
+rubygems_version: 4.0.1
 specification_version: 4
 summary: MCP server for Rails projects
 test_files: []