tidewave 0.1.3 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6d4f421f00436367f21d189e0fe49ea8a1ce4f611457b720f62027b4b8f080dc
-  data.tar.gz: 6bb95b976f34b5520b54fb8a0789d1adf18c591cef285bcd5500f591b2c4d1a3
+  metadata.gz: d140360315f54166fc14e330f33fc5dd62e561c49ba3d6cb5044a8e7b5247e41
+  data.tar.gz: c69a1a0363ce0f50a396599f2b551896a602431929731dd9fbf4fbe283823cf1
 SHA512:
-  metadata.gz: 851460abeef4e3d29d0d475a83f1e962bb0a6279708e25cc25ed2b8620782e48f837f8db279fac1da822af3c1d5472208be2340ca691ef5a226ab7bd7f4292f9
-  data.tar.gz: 48f5e731497bf822329c2de6865361c0d31bfe5fa64afed0c213d75d8de4db08ed4f44aa7ef76e889803330c70ba202712f724d569650d2707dccd3debb74d11
+  metadata.gz: 6f3203bbce1c31681fcb2b21575ea62a8714a469f61ec30be8d59ccd22028592b7a33317b4f434e0d7a4051caaf1db1aa82247d395a961d4a09f1a1538cc6cd8
+  data.tar.gz: 968742eed4690b5c2a1f8c0ecf233e4742a19bc2ac8a700d4f64eca2878bea8f70d1d2228cffc472019462790eb122601b7acfc608fd7950c100974f3c9053d4

data/README.md

@@ -1,21 +1,8 @@
 # Tidewave
 
-Tidewave speeds up development with an AI assistant that understands your web application,
-how it runs, and what it delivers. Our current release connects your editor's
-assistant to your web framework runtime via [MCP](https://modelcontextprotocol.io/).
+Tidewave is the coding agent for full-stack web app development, deeply integrated with Rails, from the database to the UI. [See our website](https://tidewave.ai) for more information.
 
-[See our website](https://tidewave.ai) for more information.
-
-## Key Features
-
-Tidewave provides tools that allow your LLM of choice to:
-
-- inspect your application logs to help debugging errors
-- execute SQL queries and inspect your database
-- evaluate custom Ruby code in the context of your project
-- find Rubygems packages and source code locations
-
-and more.
+This project can also be used as a standalone Model Context Protocol server for your editors.
 
 ## Installation
 
@@ -25,40 +12,52 @@ You can install Tidewave by adding the `tidewave` gem to the development group i
 gem "tidewave", group: :development
 ```
 
-Tidewave will now run on the same port as your regular Rails application.
-In particular, the MCP is located by default at http://localhost:3000/tidewave/mcp.
-[You must configure your editor and AI assistants accordingly](https://hexdocs.pm/tidewave/mcp.html).
+Now access `/tidewave` route of your web application to enjoy Tidewave Web!
 
-## Configuration
+## Troubleshooting
+
+### Localhost requirement
 
-You may configure the `tidewave` using the following syntax:
+Tidewave expects your web application to be running on `localhost`. If you are not running on localhost, you may need to set some additional configuration. In particular, you must configure Tidewave to allow `allow_remote_access` and [optionally configure your Rails hosts](https://guides.rubyonrails.org/configuring.html#actiondispatch-hostauthorization). For example, in your `config/environments/development.rb`:
 
 ```ruby
-  config.tidewave.allowed_ips = [IPAddr.new("192.168.97.1")]
+config.hosts << "company.local"
+config.tidewave.allow_remote_access = true
 ```
 
-The following options are available:
+If you want to use Docker for development, you either need to enable the configuration above or automatically redirect the relevant ports, as done by [devcontainers](https://code.visualstudio.com/docs/devcontainers/containers). See our [containers](https://hexdocs.pm/tidewave/containers.html) guide for more information.
 
-  * `:allowed_origins`
+### Content security policy
 
-  * `:localhost_only`
+If you have enabled Content-Security-Policy, Tidewave will automatically enable "unsafe-eval" under `script-src` in order for contextual browser testing to work correctly.
 
-  * `:allowed_ips`
+### Web server requirements
 
-You can read more about this options in [FastMCP](https://github.com/yjacquin/fast_mcp) README.
+At the moment, Tidewave requires all requests to be processed by the same process. In case Tidewave cannot connect to your application, consider starting your Rails application as follows:
 
-## Considerations
+    RAILS_MAX_THREADS=1 WEB_CONCURRENCY=1 rails server
 
 ### Production Environment
 
-Tidewave is a powerful tool that can help you develop your web application faster and more efficiently.
-However, it is important to note that Tidewave is not meant to be used in a production environment.
+Tidewave is a powerful tool that can help you develop your web application faster and more efficiently. However, it is important to note that Tidewave is not meant to be used in a production environment.
 
-Tidewave will raise an error if it is used in a production environment.
+Tidewave will raise an error if it is used in any environment where code reloading is disabled (which typically includes production).
 
-### Web server requirements
+## Configuration
+
+You may configure `tidewave` using the following syntax:
+
+```ruby
+  config.tidewave.allow_remote_access = true
+```
+
+The following config is available:
+
+  * `allow_remote_access` - Tidewave only allows requests from localhost by default, even if your server listens on other interfaces as well. If you trust your network and need to access Tidewave from a different machine, this configuration can be set to `true`
+
+  * `preferred_orm` - which ORM to use, either `:active_record` (default) or `:sequel`
 
-Tidewave currently requires a threaded web server like Puma.
+  * `team` - set your team configuration, such as `config.tidewave.team = { id: "my-company }`
 
 ## Acknowledgements
 

data/lib/tidewave/configuration.rb

@@ -2,13 +2,15 @@
 
 module Tidewave
   class Configuration
-    attr_accessor :logger, :allowed_origins, :localhost_only, :allowed_ips
+    attr_accessor :logger, :allow_remote_access, :preferred_orm, :credentials, :client_url, :team
 
     def initialize
-      @logger = Logger.new(STDOUT)
-      @allowed_origins = nil
-      @localhost_only = true
-      @allowed_ips = nil
+      @logger = nil
+      @allow_remote_access = true
+      @preferred_orm = :active_record
+      @credentials = {}
+      @client_url = "https://tidewave.ai"
+      @team = {}
     end
   end
 end

data/lib/tidewave/database_adapter.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Tidewave
+  class DatabaseAdapter
+    class << self
+      def current
+        @current ||= create_adapter
+      end
+
+      def create_adapter
+        orm_type = Rails.application.config.tidewave.preferred_orm
+        case orm_type
+        when :active_record
+          require_relative "database_adapters/active_record"
+          DatabaseAdapters::ActiveRecord.new
+        when :sequel
+          require_relative "database_adapters/sequel"
+          DatabaseAdapters::Sequel.new
+        else
+          raise "Unknown preferred ORM: #{orm_type}"
+        end
+      end
+    end
+
+    def execute_query(query, arguments = [])
+      raise NotImplementedError, "Subclasses must implement execute_query"
+    end
+
+    def get_base_class
+      raise NotImplementedError, "Subclasses must implement get_base_class"
+    end
+  end
+end

data/lib/tidewave/database_adapters/active_record.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Tidewave
+  module DatabaseAdapters
+    class ActiveRecord < DatabaseAdapter
+      RESULT_LIMIT = 50
+
+      def execute_query(query, arguments = [])
+        conn = ::ActiveRecord::Base.connection
+
+        # Execute the query with prepared statement and arguments
+        if arguments.any?
+          result = conn.exec_query(query, "SQL", arguments)
+        else
+          result = conn.exec_query(query)
+        end
+
+        # Format the result
+        {
+          columns: result.columns,
+          rows: result.rows.first(RESULT_LIMIT),
+          row_count: result.rows.length,
+          adapter: conn.adapter_name,
+          database: database_name
+        }
+      end
+
+      def get_base_class
+        ::ActiveRecord::Base
+      end
+
+      private
+
+      def database_name
+        Rails.configuration.database_configuration.dig(Rails.env, "database")
+      end
+    end
+  end
+end

data/lib/tidewave/database_adapters/sequel.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Tidewave
+  module DatabaseAdapters
+    class Sequel < DatabaseAdapter
+      RESULT_LIMIT = 50
+
+      def execute_query(query, arguments = [])
+        db = ::Sequel::Model.db
+
+        # Execute the query with arguments
+        result = if arguments.any?
+          db.fetch(query, *arguments)
+        else
+          db.fetch(query)
+        end
+
+        # Convert to array of hashes and extract metadata
+        rows = result.all
+        columns = rows.first&.keys || []
+
+        # Format the result similar to ActiveRecord
+        {
+          columns: columns.map(&:to_s),
+          rows: rows.first(RESULT_LIMIT).map(&:values),
+          row_count: rows.length,
+          adapter: db.adapter_scheme.to_s.upcase,
+          database: db.opts[:database]
+        }
+      end
+
+      def get_base_class
+        ::Sequel::Model
+      end
+    end
+  end
+end

data/lib/tidewave/exceptions_middleware.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+class Tidewave::ExceptionsMiddleware
+  def initialize(app)
+    @app = app
+  end
+
+  def call(env)
+    request = ActionDispatch::Request.new(env)
+    status, headers, body = @app.call(env)
+
+    exception = request.get_header("tidewave.exception")
+
+    if exception
+      formatted = format_exception_html(exception, request)
+      body, headers = append_body(body, headers, formatted)
+    end
+
+    [ status, headers, body ]
+  rescue => error
+    Rails.logger.error("Failure in Tidewave::ExceptionsMiddleware, message: #{error.message}")
+    raise error
+  end
+
+  private
+
+  def format_exception_html(exception, request)
+    backtrace = Rails.backtrace_cleaner.clean(exception.backtrace)
+
+    parameters = request_parameters(request)
+
+    text = exception.class.name.dup
+
+    if parameters["controller"]
+      text << " in #{parameters["controller"].camelize}Controller"
+
+      if parameters["action"]
+        text << "##{parameters["action"]}"
+      end
+    end
+
+    text << "\n\n## Message\n\n#{exception.message}"
+
+    if backtrace.any?
+      text << "\n\n## Backtrace\n\n#{backtrace.join("\n")}"
+    end
+
+    text << "\n\n"
+
+    text << <<~TEXT.chomp
+      ## Request info
+
+        * URI: #{request.base_url + request.path}
+        * Query string: #{request.query_string}
+
+      ## Session
+
+          #{request.session.to_hash.inspect}
+    TEXT
+
+    %Q(<textarea style="display: none;" data-tidewave-exception-info>#{ERB::Util.html_escape(text)}</textarea>)
+  end
+
+  def request_parameters(request)
+    request.parameters
+  rescue ActionController::BadRequest
+    {}
+  end
+
+  def append_body(body, headers, content)
+    new_body = "".dup
+
+    body.each { |part| new_body << part }
+    body.close if body.respond_to?(:close)
+
+    if position = new_body.rindex("</body>")
+      new_body.insert(position, content)
+    else
+      new_body << content
+    end
+
+    if headers[Rack::CONTENT_LENGTH]
+      headers[Rack::CONTENT_LENGTH] = new_body.bytesize.to_s
+    end
+
+    [ [ new_body ], headers ]
+  end
+end

data/lib/tidewave/middleware.rb

@@ -0,0 +1,184 @@
+# frozen_string_literal: true
+
+require "open3"
+require "ipaddr"
+require "fast_mcp"
+require "rack/request"
+require "active_support/core_ext/class"
+require "active_support/core_ext/object/blank"
+require "json"
+require "erb"
+
+class Tidewave::Middleware
+  TIDEWAVE_ROUTE = "tidewave".freeze
+  EMPTY_ROUTE = "empty".freeze
+  SSE_ROUTE = "mcp".freeze
+  MESSAGES_ROUTE = "mcp/message".freeze
+  SHELL_ROUTE = "shell".freeze
+
+  INVALID_IP = <<~TEXT.freeze
+    For security reasons, Tidewave does not accept remote connections by default.
+
+    If you really want to allow remote connections, set `config.tidewave.allow_remote_access = true`.
+  TEXT
+
+  def initialize(app, config)
+    @allow_remote_access = config.allow_remote_access
+    @client_url = config.client_url
+    @team = config.team
+    @project_name = Rails.application.class.module_parent.name
+
+    @app = FastMcp.rack_middleware(app,
+      name: "tidewave",
+      version: Tidewave::VERSION,
+      path_prefix: "/" + TIDEWAVE_ROUTE,
+      messages_route: MESSAGES_ROUTE,
+      sse_route: SSE_ROUTE,
+      logger: config.logger || Logger.new(Rails.root.join("log", "tidewave.log")),
+      # Rails runs the HostAuthorization in dev, so we skip this
+      allowed_origins: [],
+      # We validate this one in Tidewave::Middleware
+      localhost_only: false
+    ) do |server|
+      server.filter_tools do |request, tools|
+        if request.params["include_fs_tools"] != "true"
+          tools.reject { |tool| tool.tags.include?(:file_system_tool) }
+        else
+          tools
+        end
+      end
+
+      server.register_tools(*Tidewave::Tools::Base.descendants)
+    end
+  end
+
+  def call(env)
+    request = Rack::Request.new(env)
+    path = request.path.split("/").reject(&:empty?)
+
+    if path[0] == TIDEWAVE_ROUTE
+      return forbidden(INVALID_IP) unless valid_client_ip?(request)
+
+      # The MCP routes are handled downstream by FastMCP
+      case [ request.request_method, path ]
+      when [ "GET", [ TIDEWAVE_ROUTE ] ]
+        return home(request)
+      when [ "GET", [ TIDEWAVE_ROUTE, EMPTY_ROUTE ] ]
+        return empty(request)
+      when [ "POST", [ TIDEWAVE_ROUTE, SHELL_ROUTE ] ]
+        return shell(request)
+      end
+    end
+
+    @app.call(env)
+  end
+
+  private
+
+  def home(request)
+    config = {
+      "project_name" => @project_name,
+      "framework_type" => "rails",
+      "tidewave_version" => Tidewave::VERSION,
+      "team" => @team
+    }
+
+    html = <<~HTML
+      <html>
+        <head>
+          <meta charset="UTF-8" />
+          <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+          <meta name="tidewave:config" content="#{ERB::Util.html_escape(JSON.generate(config))}" />
+          <script type="module" src="#{@client_url}/tc/tc.js"></script>
+        </head>
+        <body></body>
+      </html>
+    HTML
+
+    [ 200, { "Content-Type" => "text/html" }, [ html ] ]
+  end
+
+  def empty(request)
+    html = ""
+    [ 200, { "Content-Type" => "text/html" }, [ html ] ]
+  end
+
+  def forbidden(message)
+    Rails.logger.warn(message)
+    [ 403, { "Content-Type" => "text/plain" }, [ message ] ]
+  end
+
+  def shell(request)
+    body = request.body.read
+    return [ 400, { "Content-Type" => "text/plain" }, [ "Command body is required" ] ] if body.blank?
+
+    begin
+      parsed_body = JSON.parse(body)
+      cmd = parsed_body["command"]
+      return [ 400, { "Content-Type" => "text/plain" }, [ "Command field is required" ] ] if cmd.blank?
+    rescue JSON::ParserError
+      return [ 400, { "Content-Type" => "text/plain" }, [ "Invalid JSON in request body" ] ]
+    end
+
+    response = Rack::Response.new
+    response.status = 200
+    response.headers["Content-Type"] = "text/plain"
+
+    response.finish do |res|
+      begin
+        Open3.popen3(*cmd) do |stdin, stdout, stderr, wait_thr|
+          stdin.close
+
+          # Merge stdout and stderr streams
+          ios = [ stdout, stderr ]
+
+          until ios.empty?
+            ready = IO.select(ios, nil, nil, 0.1)
+            next unless ready
+
+            ready[0].each do |io|
+              begin
+                data = io.read_nonblock(4096)
+                if data
+                  # Write binary chunk: type (0 for data) + 4-byte length + data
+                  chunk = [ 0, data.bytesize ].pack("CN") + data
+                  res.write(chunk)
+                end
+              rescue IO::WaitReadable
+                # No data available right now
+              rescue EOFError
+                # Stream ended
+                ios.delete(io)
+              end
+            end
+          end
+
+          # Wait for process to complete and get exit status
+          exit_status = wait_thr.value.exitstatus
+          status_json = JSON.generate({ status: exit_status })
+          # Write binary chunk: type (1 for status) + 4-byte length + JSON data
+          chunk = [ 1, status_json.bytesize ].pack("CN") + status_json
+          res.write(chunk)
+        end
+      rescue => e
+        error_json = JSON.generate({ status: 213 })
+        chunk = [ 1, error_json.bytesize ].pack("CN") + error_json
+        res.write(chunk)
+      end
+    end
+  end
+
+  def valid_client_ip?(request)
+    return true if @allow_remote_access
+
+    ip = request.ip
+    return false unless ip
+
+    addr = IPAddr.new(ip)
+
+    addr.loopback? ||
+    addr == IPAddr.new("127.0.0.1") ||
+    addr == IPAddr.new("::1") ||
+    addr == IPAddr.new("::ffff:127.0.0.1")  # IPv4-mapped IPv6
+  end
+end

data/lib/tidewave/quiet_requests_middleware.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class Tidewave::QuietRequestsMiddleware
+  def initialize(app)
+    @app = app
+  end
+
+  def call(env)
+    if env["PATH_INFO"].start_with?("/tidewave")
+      Rails.logger.silence { @app.call(env) }
+    else
+      @app.call(env)
+    end
+  end
+end

data/lib/tidewave/railtie.rb

@@ -1,49 +1,55 @@
 # frozen_string_literal: true
 
-require "fast_mcp"
 require "logger"
 require "fileutils"
 require "tidewave/configuration"
-require "active_support/core_ext/class"
+require "tidewave/middleware"
+require "tidewave/exceptions_middleware"
+require "tidewave/quiet_requests_middleware"
 
 gem_tools_path = File.expand_path("tools/**/*.rb", __dir__)
 Dir[gem_tools_path].each { |f| require f }
 
 module Tidewave
   class Railtie < Rails::Railtie
-    config.tidewave = Tidewave::Configuration.new
-
-    initializer "tidewave.setup_mcp" do |app|
-      # Prevent MCP server from being mounted if Rails is not running in development mode
-      raise "For security reasons, Tidewave is only supported in development mode" unless Rails.env.development?
-
-      config = app.config.tidewave
-
-      # Set up MCP server with the host application
-      FastMcp.mount_in_rails(
-        app,
-        name: "tidewave",
-        version: Tidewave::VERSION,
-        path_prefix: Tidewave::PATH_PREFIX,
-        messages_route: Tidewave::MESSAGES_ROUTE,
-        sse_route: Tidewave::SSE_ROUTE,
-        logger: config.logger,
-        allowed_origins: config.allowed_origins,
-        localhost_only: config.localhost_only,
-        allowed_ips: config.allowed_ips
-      ) do |server|
-        app.config.before_initialize do
-          server.filter_tools do |request, tools|
-            if request.params["include_fs_tools"] != "true"
-              tools.reject { |tool| tool.tags.include?(:file_system_tool) }
-            else
-              tools
-            end
-          end
+    config.tidewave = Tidewave::Configuration.new()
+
+    initializer "tidewave.setup" do |app|
+      unless app.config.enable_reloading
+        raise "For security reasons, Tidewave is only supported in environments where config.enable_reloading is true (typically development)"
+      end
 
-          server.register_tools(*Tidewave::Tools::Base.descendants)
+      app.config.middleware.insert_after(
+        ActionDispatch::Callbacks,
+        Tidewave::Middleware,
+        app.config.tidewave
+      )
+
+      app.config.after_initialize do
+        # If the user configured CSP, we need to alter it in dev
+        # to allow TC to run browser_eval.
+        app.config.content_security_policy.try do |content_security_policy|
+          content_security_policy.directives["script-src"].try do |script_src|
+            script_src << "'unsafe-eval'" unless script_src.include?("'unsafe-eval'")
+          end
         end
       end
     end
+
+    initializer "tidewave.intercept_exceptions" do |app|
+      # We intercept exceptions from DebugExceptions, format the
+      # information as text and inject into the exception page html.
+
+      ActionDispatch::DebugExceptions.register_interceptor do |request, exception|
+        request.set_header("tidewave.exception", exception)
+      end
+
+      app.middleware.insert_before(ActionDispatch::DebugExceptions, Tidewave::ExceptionsMiddleware)
+    end
+
+    initializer "tidewave.logging" do |app|
+      # Do not pollute user logs with tidewave requests.
+      app.middleware.insert_before(Rails::Rack::Logger, Tidewave::QuietRequestsMiddleware)
+    end
   end
 end

data/lib/tidewave/tools/execute_sql_query.rb

@@ -3,7 +3,7 @@
 class Tidewave::Tools::ExecuteSqlQuery < Tidewave::Tools::Base
   tool_name "execute_sql_query"
   description <<~DESCRIPTION
-    Executes the given SQL query against the ActiveRecord database connection.
+    Executes the given SQL query against the database connection.
     Returns the result as a Ruby data structure.
 
     Note that the output is limited to 50 rows at a time. If you need to see more, perform additional calls
@@ -25,24 +25,6 @@ class Tidewave::Tools::ExecuteSqlQuery < Tidewave::Tools::Base
   RESULT_LIMIT = 50
 
   def call(query:, arguments: [])
-    # Get the ActiveRecord connection
-    conn = ActiveRecord::Base.connection
-
-    # Execute the query with prepared statement and arguments
-    if arguments.any?
-      result = conn.exec_query(query, "SQL", arguments)
-    else
-      result = conn.exec_query(query)
-    end
-
-
-    # Format the result
-    {
-      columns: result.columns,
-      rows: result.rows.first(RESULT_LIMIT),
-      row_count: result.rows.length,
-      adapter: conn.adapter_name,
-      database: Rails.configuration.database_configuration.dig(Rails.env, "database")
-    }
+    Tidewave::DatabaseAdapter.current.execute_query(query, arguments)
   end
 end