tidewave 0.3.1 → 0.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0f3737d76d054bed63cb68932692d012571e6dc6592e4acb3d38cfc996e136c9
-  data.tar.gz: 826dda40d4b76b7e399f91bf696463a1b8c70554ebc29a96ddea0d3aa43cef4a
+  metadata.gz: d3375b13a00fb5b052a2bea5c6b720056379f16a26cc984ffde2973d2d2fca90
+  data.tar.gz: b5d7c9d2290e2273116712116fcb8336ddbc4009be187ca0413ec3c727b33e6b
 SHA512:
-  metadata.gz: 7f48e43388215ba5d6db70be3e450d7f3358921f82ae4b6c855801ad3ee48aeea3ff1cdd2b7d00acbf072556cf8b4ab5982541f894b470a502dbf149c63a798f
-  data.tar.gz: d4acf2d1625913bbbbae42d74c9816f200dba1ab2e25dff182a83c63aff9f236c21062b8745568beb2dd4378e39cc23073d7c39cde725a31c36a74e0ba2edfd2
+  metadata.gz: 6ad6d175fef2e61d40ab97de1bbf36bfaf3f37137ee7d54d6cc1f7987096e105e37381376e6f8263b70b31795065824b459225512d62e9ae5615c9dc098a8b2d
+  data.tar.gz: 2535c2570a69f70114705b2ec13f708b17bae00aefcaae504c97323c2c07edb3686a142d40f6a85f42a7619754f93fb8cbcd7267edcbb349fc621004f15c3ae2

data/README.md

@@ -1,6 +1,6 @@
 # Tidewave
 
-Tidewave is the coding agent for full-stack web app development, deeply integrated with Rails, from the database to the UI. [See our website](https://tidewave.ai) for more information.
+Tidewave is the coding agent for full-stack web app development. Integrate Claude Code, OpenAI Codex, and other agents with your web app and web framework at every layer, from UI to database. [See our website](https://tidewave.ai) for more information.
 
 This project can also be used as a standalone Model Context Protocol server for your editors.
 
@@ -12,12 +12,24 @@ You can install Tidewave by adding the `tidewave` gem to the development group i
 gem "tidewave", group: :development
 ```
 
-Now access `/tidewave` route of your web application to enjoy Tidewave Web!
+Now make sure [Tidewave is installed](https://hexdocs.pm/tidewave/installation.html) and you are ready to connect Tidewave to your app.
 
 ## Troubleshooting
 
+### Content security policy
+
+If you have enabled Content-Security-Policy, Tidewave will automatically enable "unsafe-eval" under `script-src` in order for contextual browser testing to work correctly. It also disables the `frame-ancestors` directive.
+
+### Production Environment
+
+Tidewave is a powerful tool that can help you develop your web application faster and more efficiently. However, it is important to note that Tidewave is not meant to be used in a production environment.
+
+Tidewave will raise an error if it is used in any environment where code reloading is disabled (which typically includes production).
+
 ### Localhost requirement
 
+> This requirement only matters if you are not using the Tidewave app/CLI.
+
 Tidewave expects your web application to be running on `localhost`. If you are not running on localhost, you may need to set some additional configuration. In particular, you must configure Tidewave to allow `allow_remote_access` and [optionally configure your Rails hosts](https://guides.rubyonrails.org/configuring.html#actiondispatch-hostauthorization). For example, in your `config/environments/development.rb`:
 
 ```ruby
@@ -27,33 +39,19 @@ config.tidewave.allow_remote_access = true
 
 If you want to use Docker for development, you either need to enable the configuration above or automatically redirect the relevant ports, as done by [devcontainers](https://code.visualstudio.com/docs/devcontainers/containers). See our [containers](https://hexdocs.pm/tidewave/containers.html) guide for more information.
 
-### Content security policy
-
-If you have enabled Content-Security-Policy, Tidewave will automatically enable "unsafe-eval" under `script-src` in order for contextual browser testing to work correctly.
-
-### Web server requirements
-
-At the moment, Tidewave requires all requests to be processed by the same process. In case Tidewave cannot connect to your application, consider starting your Rails application as follows:
-
-    RAILS_MAX_THREADS=1 WEB_CONCURRENCY=1 rails server
-
-### Production Environment
-
-Tidewave is a powerful tool that can help you develop your web application faster and more efficiently. However, it is important to note that Tidewave is not meant to be used in a production environment.
-
-Tidewave will raise an error if it is used in any environment where code reloading is disabled (which typically includes production).
-
 ## Configuration
 
 You may configure `tidewave` using the following syntax:
 
 ```ruby
-  config.tidewave.allow_remote_access = true
+  config.tidewave.team = { id: "my-company" }
 ```
 
 The following config is available:
 
-  * `allow_remote_access` - Tidewave only allows requests from localhost by default, even if your server listens on other interfaces as well. If you trust your network and need to access Tidewave from a different machine, this configuration can be set to `true`
+  * `allow_remote_access` - Tidewave only allows requests from localhost by default, even if your server listens on other interfaces. If you trust your network and need to access Tidewave from a different machine, this configuration can be set to `true`
+
+  * `logger_middleware` - The logger middleware Tidewave should wrap to silence its own logs
 
   * `preferred_orm` - which ORM to use, either `:active_record` (default) or `:sequel`
 

data/lib/tidewave/configuration.rb

@@ -2,7 +2,7 @@
 
 module Tidewave
   class Configuration
-    attr_accessor :logger, :allow_remote_access, :preferred_orm, :dev, :client_url, :team
+    attr_accessor :logger, :allow_remote_access, :preferred_orm, :dev, :client_url, :team, :logger_middleware
 
     def initialize
       @logger = nil
@@ -11,6 +11,7 @@ module Tidewave
       @dev = false
       @client_url = "https://tidewave.ai"
       @team = {}
+      @logger_middleware = nil
     end
   end
 end

data/lib/tidewave/middleware.rb

@@ -8,12 +8,13 @@ require "active_support/core_ext/class"
 require "active_support/core_ext/object/blank"
 require "json"
 require "erb"
+require_relative "streamable_http_transport"
 
 class Tidewave::Middleware
   TIDEWAVE_ROUTE = "tidewave".freeze
-  SSE_ROUTE = "mcp".freeze
-  MESSAGES_ROUTE = "mcp/message".freeze
+  MCP_ROUTE = "mcp".freeze
   SHELL_ROUTE = "shell".freeze
+  CONFIG_ROUTE = "config".freeze
 
   INVALID_IP = <<~TEXT.freeze
     For security reasons, Tidewave does not accept remote connections by default.
@@ -30,9 +31,8 @@ class Tidewave::Middleware
     @app = FastMcp.rack_middleware(app,
       name: "tidewave",
       version: Tidewave::VERSION,
-      path_prefix: "/" + TIDEWAVE_ROUTE,
-      messages_route: MESSAGES_ROUTE,
-      sse_route: SSE_ROUTE,
+      path_prefix: "/" + TIDEWAVE_ROUTE + "/" + MCP_ROUTE,
+      transport: Tidewave::StreamableHttpTransport,
       logger: config.logger || Logger.new(Rails.root.join("log", "tidewave.log")),
       # Rails runs the HostAuthorization in dev, so we skip this
       allowed_origins: [],
@@ -62,23 +62,26 @@ class Tidewave::Middleware
       case [ request.request_method, path ]
       when [ "GET", [ TIDEWAVE_ROUTE ] ]
         return home(request)
+      when [ "GET", [ TIDEWAVE_ROUTE, CONFIG_ROUTE ] ]
+        return config_endpoint(request)
       when [ "POST", [ TIDEWAVE_ROUTE, SHELL_ROUTE ] ]
         return shell(request)
       end
     end
 
-    @app.call(env)
+    status, headers, body = @app.call(env)
+
+    # Remove X-Frame-Options headers for non-Tidewave routes to allow embedding.
+    # CSP headers are configured in the CSP application environment.
+    headers.delete("X-Frame-Options")
+
+    [ status, headers, body ]
   end
 
   private
 
   def home(request)
-    config = {
-      "project_name" => @project_name,
-      "framework_type" => "rails",
-      "tidewave_version" => Tidewave::VERSION,
-      "team" => @team
-    }
+    config = config_data
 
     html = <<~HTML
       <html>
@@ -95,6 +98,19 @@ class Tidewave::Middleware
     [ 200, { "Content-Type" => "text/html" }, [ html ] ]
   end
 
+  def config_endpoint(request)
+    [ 200, { "Content-Type" => "application/json" }, [ JSON.generate(config_data) ] ]
+  end
+
+  def config_data
+    {
+      "project_name" => @project_name,
+      "framework_type" => "rails",
+      "tidewave_version" => Tidewave::VERSION,
+      "team" => @team
+    }
+  end
+
   def forbidden(message)
     Rails.logger.warn(message)
     [ 403, { "Content-Type" => "text/plain" }, [ message ] ]

data/lib/tidewave/railtie.rb

@@ -10,6 +10,27 @@ require "tidewave/quiet_requests_middleware"
 gem_tools_path = File.expand_path("tools/**/*.rb", __dir__)
 Dir[gem_tools_path].each { |f| require f }
 
+# Temporary monkey patching to address regression in FastMCP
+if Dry::Schema::Macros::Hash.method_defined?(:original_call)
+  Dry::Schema::Macros::Hash.class_eval do
+    def call(*args, &block)
+      if block
+        # Use current context to track nested context if available
+        context = MetadataContext.current
+        if context
+          context.with_nested(name) do
+            original_call(*args, &block)
+          end
+        else
+          original_call(*args, &block)
+        end
+      else
+        original_call(*args)
+      end
+    end
+  end
+end
+
 module Tidewave
   class Railtie < Rails::Railtie
     config.tidewave = Tidewave::Configuration.new()
@@ -32,6 +53,8 @@ module Tidewave
           content_security_policy.directives["script-src"].try do |script_src|
             script_src << "'unsafe-eval'" unless script_src.include?("'unsafe-eval'")
           end
+
+          content_security_policy.directives.delete("frame-ancestors")
         end
       end
     end
@@ -39,7 +62,6 @@ module Tidewave
     initializer "tidewave.intercept_exceptions" do |app|
       # We intercept exceptions from DebugExceptions, format the
       # information as text and inject into the exception page html.
-
       ActionDispatch::DebugExceptions.register_interceptor do |request, exception|
         request.set_header("tidewave.exception", exception)
       end
@@ -49,7 +71,8 @@ module Tidewave
 
     initializer "tidewave.logging" do |app|
       # Do not pollute user logs with tidewave requests.
-      app.middleware.insert_before(Rails::Rack::Logger, Tidewave::QuietRequestsMiddleware)
+      logger_middleware = app.config.tidewave.logger_middleware || Rails::Rack::Logger
+      app.middleware.insert_before(logger_middleware, Tidewave::QuietRequestsMiddleware)
     end
   end
 end

data/lib/tidewave/streamable_http_transport.rb

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+
+require "json"
+require "rack"
+require "fast_mcp"
+
+module Tidewave
+  # Streamable HTTP transport for MCP (POST-only, no SSE)
+  # This transport implements a simplified version of the MCP Streamable HTTP protocol
+  # that only supports POST requests for JSON-RPC messages. Unlike the full protocol,
+  # it does not support Server-Sent Events (SSE) for streaming responses.
+  class StreamableHttpTransport < FastMcp::Transports::BaseTransport
+    attr_reader :app, :path
+
+    def initialize(app, server, options = {})
+      super(server, logger: options[:logger])
+      @app = app
+      @path = options[:path_prefix] || "/mcp"
+      @running = false
+    end
+
+    def start
+      @logger.debug("Starting Streamable HTTP transport (POST-only) at path: #{@path}")
+      @running = true
+    end
+
+    def stop
+      @logger.debug("Stopping Streamable HTTP transport")
+      @running = false
+    end
+
+    # Send a message - capture response for synchronous HTTP
+    # Required by FastMCP::Transports::BaseTransport interface
+    def send_message(message)
+      @logger.debug("send_message called, capturing response: #{message.inspect}")
+      @captured_response = message
+    end
+
+    def call(env)
+      request = Rack::Request.new(env)
+
+      if request.path == @path
+        @server.transport = self
+        handle_mcp_request(request, env)
+      else
+        @app.call(env)
+      end
+    end
+
+    private
+
+    def handle_mcp_request(request, env)
+      if request.post?
+        handle_post_request(request)
+      else
+        method_not_allowed_response
+      end
+    end
+
+    def handle_post_request(request)
+      @logger.debug("Received POST request to MCP endpoint")
+
+      begin
+        body = request.body.read
+        message = JSON.parse(body)
+
+        @logger.debug("Processing message: #{message.inspect}")
+
+        unless valid_jsonrpc_message?(message)
+          return json_rpc_error_response(400, -32600, "Invalid Request", nil)
+        end
+
+        # Capture the response that will be sent via send_message
+        @captured_response = nil
+        @server.handle_json_request(message)
+
+        @logger.debug("Sending response: #{@captured_response.inspect}")
+
+        [
+          200,
+          { "Content-Type" => "application/json" },
+          [ JSON.generate(@captured_response) ]
+        ]
+      rescue JSON::ParserError => e
+        @logger.error("Invalid JSON in request: #{e.message}")
+        json_rpc_error_response(400, -32700, "Parse error", nil)
+      rescue => e
+        @logger.error("Error processing message: #{e.message}")
+        @logger.error(e.backtrace.join("\n")) if e.backtrace
+        json_rpc_error_response(500, -32603, "Internal error", nil)
+      end
+    end
+
+    def valid_jsonrpc_message?(message)
+      return false unless message.is_a?(Hash)
+      return false unless message["jsonrpc"] == "2.0"
+
+      message.key?("method") || message.key?("result") || message.key?("error")
+    end
+
+    def method_not_allowed_response
+      [
+        405,
+        { "Content-Type" => "application/json" },
+        [ JSON.generate({
+          jsonrpc: "2.0",
+          error: {
+            code: -32601,
+            message: "Method not allowed. This endpoint only supports POST requests."
+          },
+          id: nil
+        }) ]
+      ]
+    end
+
+    def json_rpc_error_response(http_status, code, message, id)
+      [
+        http_status,
+        { "Content-Type" => "application/json" },
+        [ JSON.generate({
+          jsonrpc: "2.0",
+          error: {
+            code: code,
+            message: message
+          },
+          id: id
+        }) ]
+      ]
+    end
+  end
+end

data/lib/tidewave/tools/execute_sql_query.rb

@@ -22,6 +22,12 @@ class Tidewave::Tools::ExecuteSqlQuery < Tidewave::Tools::Base
     optional(:arguments).value(:array).description("The arguments to pass to the query. The query must contain corresponding parameter placeholders.")
   end
 
+  def @input_schema.json_schema
+    schema = super
+    schema[:properties][:arguments][:items] = {}
+    schema
+  end
+
   RESULT_LIMIT = 50
 
   def call(query:, arguments: [])

data/lib/tidewave/tools/project_eval.rb

@@ -23,6 +23,12 @@ class Tidewave::Tools::ProjectEval < Tidewave::Tools::Base
     optional(:json).hidden().filled(:bool).description("Whether to return the result as JSON with structured output containing result, success, stdout, and stderr fields. Defaults to false.")
   end
 
+  def @input_schema.json_schema
+    schema = super
+    schema[:properties][:arguments][:items] = {}
+    schema
+  end
+
   def call(code:, arguments: [], timeout: 30_000, json: false)
     original_stdout = $stdout
     original_stderr = $stderr

data/lib/tidewave/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Tidewave
-  VERSION = "0.3.1"
+  VERSION = "0.4.1"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: tidewave
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.4.1
 platform: ruby
 authors:
 - Yorick Jacquin
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-09-16 00:00:00.000000000 Z
+date: 2025-11-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -31,14 +31,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.0
+        version: 1.6.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.0
+        version: 1.6.0
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -72,6 +72,7 @@ files:
 - lib/tidewave/middleware.rb
 - lib/tidewave/quiet_requests_middleware.rb
 - lib/tidewave/railtie.rb
+- lib/tidewave/streamable_http_transport.rb
 - lib/tidewave/tools/base.rb
 - lib/tidewave/tools/execute_sql_query.rb
 - lib/tidewave/tools/get_docs.rb