tidewave 0.3.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d140360315f54166fc14e330f33fc5dd62e561c49ba3d6cb5044a8e7b5247e41
-  data.tar.gz: c69a1a0363ce0f50a396599f2b551896a602431929731dd9fbf4fbe283823cf1
+  metadata.gz: 728311a2ea0525028ccf9209d06bc1079f9258e35d534409f4ac867ff5212d32
+  data.tar.gz: 11c1b092dc830897e59cb39f71de745b840acfd6f8845bf058c9010a06258e75
 SHA512:
-  metadata.gz: 6f3203bbce1c31681fcb2b21575ea62a8714a469f61ec30be8d59ccd22028592b7a33317b4f434e0d7a4051caaf1db1aa82247d395a961d4a09f1a1538cc6cd8
-  data.tar.gz: 968742eed4690b5c2a1f8c0ecf233e4742a19bc2ac8a700d4f64eca2878bea8f70d1d2228cffc472019462790eb122601b7acfc608fd7950c100974f3c9053d4
+  metadata.gz: f9b49181b3f571b668de00287f0fec47088256ee335e31036385cedcb3b8c34274529d70a4f21d9c114279d9a1f5e52a56cab75b8465546863e0fd539fd1b390
+  data.tar.gz: 1201a00a28892246592c158bc0e90cb5a6ce5d69a6a3533ef81bb8c853d2124d3544d029e8346613fa4d099010869f83cae49bcad82d890d1e935ee9f54903f4

data/README.md

@@ -29,7 +29,7 @@ If you want to use Docker for development, you either need to enable the configu
 
 ### Content security policy
 
-If you have enabled Content-Security-Policy, Tidewave will automatically enable "unsafe-eval" under `script-src` in order for contextual browser testing to work correctly.
+If you have enabled Content-Security-Policy, Tidewave will automatically enable "unsafe-eval" under `script-src` in order for contextual browser testing to work correctly. It also disables the `frame-ancestors` directive.
 
 ### Web server requirements
 
@@ -55,9 +55,11 @@ The following config is available:
 
   * `allow_remote_access` - Tidewave only allows requests from localhost by default, even if your server listens on other interfaces as well. If you trust your network and need to access Tidewave from a different machine, this configuration can be set to `true`
 
+  * `logger_middleware` - The logger middleware Tidewave should wrap to silence its own logs
+
   * `preferred_orm` - which ORM to use, either `:active_record` (default) or `:sequel`
 
-  * `team` - set your team configuration, such as `config.tidewave.team = { id: "my-company }`
+  * `team` - set your Tidewave Team configuration, such as `config.tidewave.team = { id: "my-company" }`
 
 ## Acknowledgements
 

data/lib/tidewave/configuration.rb

@@ -2,15 +2,16 @@
 
 module Tidewave
   class Configuration
-    attr_accessor :logger, :allow_remote_access, :preferred_orm, :credentials, :client_url, :team
+    attr_accessor :logger, :allow_remote_access, :preferred_orm, :dev, :client_url, :team, :logger_middleware
 
     def initialize
       @logger = nil
       @allow_remote_access = true
       @preferred_orm = :active_record
-      @credentials = {}
+      @dev = false
       @client_url = "https://tidewave.ai"
       @team = {}
+      @logger_middleware = nil
     end
   end
 end

data/lib/tidewave/database_adapter.rb

@@ -26,8 +26,8 @@ module Tidewave
       raise NotImplementedError, "Subclasses must implement execute_query"
     end
 
-    def get_base_class
-      raise NotImplementedError, "Subclasses must implement get_base_class"
+    def get_models
+      raise NotImplementedError, "Subclasses must implement get_models"
     end
   end
 end

data/lib/tidewave/database_adapters/active_record.rb

@@ -25,8 +25,8 @@ module Tidewave
         }
       end
 
-      def get_base_class
-        ::ActiveRecord::Base
+      def get_models
+        ::ActiveRecord::Base.descendants
       end
 
       private

data/lib/tidewave/database_adapters/sequel.rb

@@ -29,8 +29,9 @@ module Tidewave
         }
       end
 
-      def get_base_class
-        ::Sequel::Model
+      def get_models
+        # Filter out anonymous Sequel models that can't be resolved as constants
+        ::Sequel::Model.descendants.reject { |model| model.name&.start_with?("Sequel::_Model(") }
       end
     end
   end

data/lib/tidewave/middleware.rb

@@ -8,13 +8,13 @@ require "active_support/core_ext/class"
 require "active_support/core_ext/object/blank"
 require "json"
 require "erb"
+require_relative "streamable_http_transport"
 
 class Tidewave::Middleware
   TIDEWAVE_ROUTE = "tidewave".freeze
-  EMPTY_ROUTE = "empty".freeze
-  SSE_ROUTE = "mcp".freeze
-  MESSAGES_ROUTE = "mcp/message".freeze
+  MCP_ROUTE = "mcp".freeze
   SHELL_ROUTE = "shell".freeze
+  CONFIG_ROUTE = "config".freeze
 
   INVALID_IP = <<~TEXT.freeze
     For security reasons, Tidewave does not accept remote connections by default.
@@ -31,9 +31,8 @@ class Tidewave::Middleware
     @app = FastMcp.rack_middleware(app,
       name: "tidewave",
       version: Tidewave::VERSION,
-      path_prefix: "/" + TIDEWAVE_ROUTE,
-      messages_route: MESSAGES_ROUTE,
-      sse_route: SSE_ROUTE,
+      path_prefix: "/" + TIDEWAVE_ROUTE + "/" + MCP_ROUTE,
+      transport: Tidewave::StreamableHttpTransport,
       logger: config.logger || Logger.new(Rails.root.join("log", "tidewave.log")),
       # Rails runs the HostAuthorization in dev, so we skip this
       allowed_origins: [],
@@ -63,25 +62,26 @@ class Tidewave::Middleware
       case [ request.request_method, path ]
       when [ "GET", [ TIDEWAVE_ROUTE ] ]
         return home(request)
-      when [ "GET", [ TIDEWAVE_ROUTE, EMPTY_ROUTE ] ]
-        return empty(request)
+      when [ "GET", [ TIDEWAVE_ROUTE, CONFIG_ROUTE ] ]
+        return config_endpoint(request)
       when [ "POST", [ TIDEWAVE_ROUTE, SHELL_ROUTE ] ]
         return shell(request)
       end
     end
 
-    @app.call(env)
+    status, headers, body = @app.call(env)
+
+    # Remove X-Frame-Options headers for non-Tidewave routes to allow embedding.
+    # CSP headers are configured in the CSP application environment.
+    headers.delete("X-Frame-Options")
+
+    [ status, headers, body ]
   end
 
   private
 
   def home(request)
-    config = {
-      "project_name" => @project_name,
-      "framework_type" => "rails",
-      "tidewave_version" => Tidewave::VERSION,
-      "team" => @team
-    }
+    config = config_data
 
     html = <<~HTML
       <html>
@@ -98,9 +98,17 @@ class Tidewave::Middleware
     [ 200, { "Content-Type" => "text/html" }, [ html ] ]
   end
 
-  def empty(request)
-    html = ""
-    [ 200, { "Content-Type" => "text/html" }, [ html ] ]
+  def config_endpoint(request)
+    [ 200, { "Content-Type" => "application/json" }, [ JSON.generate(config_data) ] ]
+  end
+
+  def config_data
+    {
+      "project_name" => @project_name,
+      "framework_type" => "rails",
+      "tidewave_version" => Tidewave::VERSION,
+      "team" => @team
+    }
   end
 
   def forbidden(message)

data/lib/tidewave/railtie.rb

@@ -32,6 +32,8 @@ module Tidewave
           content_security_policy.directives["script-src"].try do |script_src|
             script_src << "'unsafe-eval'" unless script_src.include?("'unsafe-eval'")
           end
+
+          content_security_policy.directives.delete("frame-ancestors")
         end
       end
     end
@@ -39,7 +41,6 @@ module Tidewave
     initializer "tidewave.intercept_exceptions" do |app|
       # We intercept exceptions from DebugExceptions, format the
       # information as text and inject into the exception page html.
-
       ActionDispatch::DebugExceptions.register_interceptor do |request, exception|
         request.set_header("tidewave.exception", exception)
       end
@@ -49,7 +50,8 @@ module Tidewave
 
     initializer "tidewave.logging" do |app|
       # Do not pollute user logs with tidewave requests.
-      app.middleware.insert_before(Rails::Rack::Logger, Tidewave::QuietRequestsMiddleware)
+      logger_middleware = app.config.tidewave.logger_middleware || Rails::Rack::Logger
+      app.middleware.insert_before(logger_middleware, Tidewave::QuietRequestsMiddleware)
     end
   end
 end

data/lib/tidewave/streamable_http_transport.rb

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+
+require "json"
+require "rack"
+require "fast_mcp"
+
+module Tidewave
+  # Streamable HTTP transport for MCP (POST-only, no SSE)
+  # This transport implements a simplified version of the MCP Streamable HTTP protocol
+  # that only supports POST requests for JSON-RPC messages. Unlike the full protocol,
+  # it does not support Server-Sent Events (SSE) for streaming responses.
+  class StreamableHttpTransport < FastMcp::Transports::BaseTransport
+    attr_reader :app, :path
+
+    def initialize(app, server, options = {})
+      super(server, logger: options[:logger])
+      @app = app
+      @path = options[:path_prefix] || "/mcp"
+      @running = false
+    end
+
+    def start
+      @logger.debug("Starting Streamable HTTP transport (POST-only) at path: #{@path}")
+      @running = true
+    end
+
+    def stop
+      @logger.debug("Stopping Streamable HTTP transport")
+      @running = false
+    end
+
+    # Send a message - capture response for synchronous HTTP
+    # Required by FastMCP::Transports::BaseTransport interface
+    def send_message(message)
+      @logger.debug("send_message called, capturing response: #{message.inspect}")
+      @captured_response = message
+    end
+
+    def call(env)
+      request = Rack::Request.new(env)
+
+      if request.path == @path
+        @server.transport = self
+        handle_mcp_request(request, env)
+      else
+        @app.call(env)
+      end
+    end
+
+    private
+
+    def handle_mcp_request(request, env)
+      if request.post?
+        handle_post_request(request)
+      else
+        method_not_allowed_response
+      end
+    end
+
+    def handle_post_request(request)
+      @logger.debug("Received POST request to MCP endpoint")
+
+      begin
+        body = request.body.read
+        message = JSON.parse(body)
+
+        @logger.debug("Processing message: #{message.inspect}")
+
+        unless valid_jsonrpc_message?(message)
+          return json_rpc_error_response(400, -32600, "Invalid Request", nil)
+        end
+
+        # Capture the response that will be sent via send_message
+        @captured_response = nil
+        @server.handle_json_request(message)
+
+        @logger.debug("Sending response: #{@captured_response.inspect}")
+
+        [
+          200,
+          { "Content-Type" => "application/json" },
+          [ JSON.generate(@captured_response) ]
+        ]
+      rescue JSON::ParserError => e
+        @logger.error("Invalid JSON in request: #{e.message}")
+        json_rpc_error_response(400, -32700, "Parse error", nil)
+      rescue => e
+        @logger.error("Error processing message: #{e.message}")
+        @logger.error(e.backtrace.join("\n")) if e.backtrace
+        json_rpc_error_response(500, -32603, "Internal error", nil)
+      end
+    end
+
+    def valid_jsonrpc_message?(message)
+      return false unless message.is_a?(Hash)
+      return false unless message["jsonrpc"] == "2.0"
+
+      message.key?("method") || message.key?("result") || message.key?("error")
+    end
+
+    def method_not_allowed_response
+      [
+        405,
+        { "Content-Type" => "application/json" },
+        [ JSON.generate({
+          jsonrpc: "2.0",
+          error: {
+            code: -32601,
+            message: "Method not allowed. This endpoint only supports POST requests."
+          },
+          id: nil
+        }) ]
+      ]
+    end
+
+    def json_rpc_error_response(http_status, code, message, id)
+      [
+        http_status,
+        { "Content-Type" => "application/json" },
+        [ JSON.generate({
+          jsonrpc: "2.0",
+          error: {
+            code: code,
+            message: message
+          },
+          id: id
+        }) ]
+      ]
+    end
+  end
+end

data/lib/tidewave/tools/execute_sql_query.rb

@@ -22,6 +22,12 @@ class Tidewave::Tools::ExecuteSqlQuery < Tidewave::Tools::Base
     optional(:arguments).value(:array).description("The arguments to pass to the query. The query must contain corresponding parameter placeholders.")
   end
 
+  def @input_schema.json_schema
+    schema = super
+    schema[:properties][:arguments][:items] = {}
+    schema
+  end
+
   RESULT_LIMIT = 50
 
   def call(query:, arguments: [])

data/lib/tidewave/tools/get_logs.rb

@@ -17,13 +17,63 @@ class Tidewave::Tools::GetLogs < Tidewave::Tools::Base
     log_file = Rails.root.join("log", "#{Rails.env}.log")
     return "Log file not found" unless File.exist?(log_file)
 
-    logs = File.readlines(log_file)
+    regex = Regexp.new(grep, Regexp::IGNORECASE) if grep
+    matching_lines = []
 
-    if grep
-      regex = Regexp.new(grep, Regexp::IGNORECASE)
-      logs = logs.select { |line| line.match?(regex) }
+    tail_lines(log_file) do |line|
+      if regex.nil? || line.match?(regex)
+        matching_lines.unshift(line)
+        break if matching_lines.size >= tail
+      end
     end
 
-    logs.last(tail).join
+    matching_lines.join
+  end
+
+  private
+
+  def tail_lines(file_path)
+    File.open(file_path, "rb") do |file|
+      file.seek(0, IO::SEEK_END)
+      file_size = file.pos
+      return if file_size == 0
+
+      buffer_size = [ 4096, file_size ].min
+      pos = file_size
+      buffer = ""
+
+      while pos > 0 && buffer.count("\n") < 10000 # Safety limit
+        # Move back by buffer_size or to beginning of file
+        seek_pos = [ pos - buffer_size, 0 ].max
+        file.seek(seek_pos)
+
+        # Read chunk
+        chunk = file.read(pos - seek_pos)
+        buffer = chunk + buffer
+        pos = seek_pos
+
+        # Extract complete lines from buffer
+        lines = buffer.split("\n")
+
+        # Keep the first partial line (if any) for next iteration
+        if pos > 0 && !buffer.start_with?("\n")
+          buffer = lines.shift || ""
+        else
+          buffer = ""
+        end
+
+        # Yield lines in reverse order (last to first)
+        lines.reverse_each do |line|
+          yield line + "\n" unless line.empty?
+        end
+
+        break if pos == 0
+      end
+
+      # Handle any remaining buffer content
+      unless buffer.empty?
+        yield buffer + "\n"
+      end
+    end
   end
 end

data/lib/tidewave/tools/get_models.rb

@@ -10,8 +10,10 @@ class Tidewave::Tools::GetModels < Tidewave::Tools::Base
     # Ensure all models are loaded
     Rails.application.eager_load!
 
-    base_class = Tidewave::DatabaseAdapter.current.get_base_class
-    base_class.descendants.map do |model|
+    # Use adapter to get models (encapsulates ORM-specific logic)
+    models = Tidewave::DatabaseAdapter.current.get_models
+
+    models.map do |model|
       if location = get_relative_source_location(model.name)
         "* #{model.name} at #{location}"
       else

data/lib/tidewave/tools/project_eval.rb

@@ -23,6 +23,12 @@ class Tidewave::Tools::ProjectEval < Tidewave::Tools::Base
     optional(:json).hidden().filled(:bool).description("Whether to return the result as JSON with structured output containing result, success, stdout, and stderr fields. Defaults to false.")
   end
 
+  def @input_schema.json_schema
+    schema = super
+    schema[:properties][:arguments][:items] = {}
+    schema
+  end
+
   def call(code:, arguments: [], timeout: 30_000, json: false)
     original_stdout = $stdout
     original_stderr = $stderr

data/lib/tidewave/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Tidewave
-  VERSION = "0.3.0"
+  VERSION = "0.4.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: tidewave
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Yorick Jacquin
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-09-08 00:00:00.000000000 Z
+date: 2025-10-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -31,14 +31,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.0
+        version: 1.6.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.0
+        version: 1.6.0
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -72,6 +72,7 @@ files:
 - lib/tidewave/middleware.rb
 - lib/tidewave/quiet_requests_middleware.rb
 - lib/tidewave/railtie.rb
+- lib/tidewave/streamable_http_transport.rb
 - lib/tidewave/tools/base.rb
 - lib/tidewave/tools/execute_sql_query.rb
 - lib/tidewave/tools/get_docs.rb