tidewave 0.4.1 → 0.5.0

data/lib/tidewave/middleware.rb

@@ -1,192 +0,0 @@
-# frozen_string_literal: true
-
-require "open3"
-require "ipaddr"
-require "fast_mcp"
-require "rack/request"
-require "active_support/core_ext/class"
-require "active_support/core_ext/object/blank"
-require "json"
-require "erb"
-require_relative "streamable_http_transport"
-
-class Tidewave::Middleware
-  TIDEWAVE_ROUTE = "tidewave".freeze
-  MCP_ROUTE = "mcp".freeze
-  SHELL_ROUTE = "shell".freeze
-  CONFIG_ROUTE = "config".freeze
-
-  INVALID_IP = <<~TEXT.freeze
-    For security reasons, Tidewave does not accept remote connections by default.
-
-    If you really want to allow remote connections, set `config.tidewave.allow_remote_access = true`.
-  TEXT
-
-  def initialize(app, config)
-    @allow_remote_access = config.allow_remote_access
-    @client_url = config.client_url
-    @team = config.team
-    @project_name = Rails.application.class.module_parent.name
-
-    @app = FastMcp.rack_middleware(app,
-      name: "tidewave",
-      version: Tidewave::VERSION,
-      path_prefix: "/" + TIDEWAVE_ROUTE + "/" + MCP_ROUTE,
-      transport: Tidewave::StreamableHttpTransport,
-      logger: config.logger || Logger.new(Rails.root.join("log", "tidewave.log")),
-      # Rails runs the HostAuthorization in dev, so we skip this
-      allowed_origins: [],
-      # We validate this one in Tidewave::Middleware
-      localhost_only: false
-    ) do |server|
-      server.filter_tools do |request, tools|
-        if request.params["include_fs_tools"] != "true"
-          tools.reject { |tool| tool.tags.include?(:file_system_tool) }
-        else
-          tools
-        end
-      end
-
-      server.register_tools(*Tidewave::Tools::Base.descendants)
-    end
-  end
-
-  def call(env)
-    request = Rack::Request.new(env)
-    path = request.path.split("/").reject(&:empty?)
-
-    if path[0] == TIDEWAVE_ROUTE
-      return forbidden(INVALID_IP) unless valid_client_ip?(request)
-
-      # The MCP routes are handled downstream by FastMCP
-      case [ request.request_method, path ]
-      when [ "GET", [ TIDEWAVE_ROUTE ] ]
-        return home(request)
-      when [ "GET", [ TIDEWAVE_ROUTE, CONFIG_ROUTE ] ]
-        return config_endpoint(request)
-      when [ "POST", [ TIDEWAVE_ROUTE, SHELL_ROUTE ] ]
-        return shell(request)
-      end
-    end
-
-    status, headers, body = @app.call(env)
-
-    # Remove X-Frame-Options headers for non-Tidewave routes to allow embedding.
-    # CSP headers are configured in the CSP application environment.
-    headers.delete("X-Frame-Options")
-
-    [ status, headers, body ]
-  end
-
-  private
-
-  def home(request)
-    config = config_data
-
-    html = <<~HTML
-      <html>
-        <head>
-          <meta charset="UTF-8" />
-          <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-          <meta name="tidewave:config" content="#{ERB::Util.html_escape(JSON.generate(config))}" />
-          <script type="module" src="#{@client_url}/tc/tc.js"></script>
-        </head>
-        <body></body>
-      </html>
-    HTML
-
-    [ 200, { "Content-Type" => "text/html" }, [ html ] ]
-  end
-
-  def config_endpoint(request)
-    [ 200, { "Content-Type" => "application/json" }, [ JSON.generate(config_data) ] ]
-  end
-
-  def config_data
-    {
-      "project_name" => @project_name,
-      "framework_type" => "rails",
-      "tidewave_version" => Tidewave::VERSION,
-      "team" => @team
-    }
-  end
-
-  def forbidden(message)
-    Rails.logger.warn(message)
-    [ 403, { "Content-Type" => "text/plain" }, [ message ] ]
-  end
-
-  def shell(request)
-    body = request.body.read
-    return [ 400, { "Content-Type" => "text/plain" }, [ "Command body is required" ] ] if body.blank?
-
-    begin
-      parsed_body = JSON.parse(body)
-      cmd = parsed_body["command"]
-      return [ 400, { "Content-Type" => "text/plain" }, [ "Command field is required" ] ] if cmd.blank?
-    rescue JSON::ParserError
-      return [ 400, { "Content-Type" => "text/plain" }, [ "Invalid JSON in request body" ] ]
-    end
-
-    response = Rack::Response.new
-    response.status = 200
-    response.headers["Content-Type"] = "text/plain"
-
-    response.finish do |res|
-      begin
-        Open3.popen3(*cmd) do |stdin, stdout, stderr, wait_thr|
-          stdin.close
-
-          # Merge stdout and stderr streams
-          ios = [ stdout, stderr ]
-
-          until ios.empty?
-            ready = IO.select(ios, nil, nil, 0.1)
-            next unless ready
-
-            ready[0].each do |io|
-              begin
-                data = io.read_nonblock(4096)
-                if data
-                  # Write binary chunk: type (0 for data) + 4-byte length + data
-                  chunk = [ 0, data.bytesize ].pack("CN") + data
-                  res.write(chunk)
-                end
-              rescue IO::WaitReadable
-                # No data available right now
-              rescue EOFError
-                # Stream ended
-                ios.delete(io)
-              end
-            end
-          end
-
-          # Wait for process to complete and get exit status
-          exit_status = wait_thr.value.exitstatus
-          status_json = JSON.generate({ status: exit_status })
-          # Write binary chunk: type (1 for status) + 4-byte length + JSON data
-          chunk = [ 1, status_json.bytesize ].pack("CN") + status_json
-          res.write(chunk)
-        end
-      rescue => e
-        error_json = JSON.generate({ status: 213 })
-        chunk = [ 1, error_json.bytesize ].pack("CN") + error_json
-        res.write(chunk)
-      end
-    end
-  end
-
-  def valid_client_ip?(request)
-    return true if @allow_remote_access
-
-    ip = request.ip
-    return false unless ip
-
-    addr = IPAddr.new(ip)
-
-    addr.loopback? ||
-    addr == IPAddr.new("127.0.0.1") ||
-    addr == IPAddr.new("::1") ||
-    addr == IPAddr.new("::ffff:127.0.0.1")  # IPv4-mapped IPv6
-  end
-end

data/lib/tidewave/streamable_http_transport.rb

@@ -1,131 +0,0 @@
-# frozen_string_literal: true
-
-require "json"
-require "rack"
-require "fast_mcp"
-
-module Tidewave
-  # Streamable HTTP transport for MCP (POST-only, no SSE)
-  # This transport implements a simplified version of the MCP Streamable HTTP protocol
-  # that only supports POST requests for JSON-RPC messages. Unlike the full protocol,
-  # it does not support Server-Sent Events (SSE) for streaming responses.
-  class StreamableHttpTransport < FastMcp::Transports::BaseTransport
-    attr_reader :app, :path
-
-    def initialize(app, server, options = {})
-      super(server, logger: options[:logger])
-      @app = app
-      @path = options[:path_prefix] || "/mcp"
-      @running = false
-    end
-
-    def start
-      @logger.debug("Starting Streamable HTTP transport (POST-only) at path: #{@path}")
-      @running = true
-    end
-
-    def stop
-      @logger.debug("Stopping Streamable HTTP transport")
-      @running = false
-    end
-
-    # Send a message - capture response for synchronous HTTP
-    # Required by FastMCP::Transports::BaseTransport interface
-    def send_message(message)
-      @logger.debug("send_message called, capturing response: #{message.inspect}")
-      @captured_response = message
-    end
-
-    def call(env)
-      request = Rack::Request.new(env)
-
-      if request.path == @path
-        @server.transport = self
-        handle_mcp_request(request, env)
-      else
-        @app.call(env)
-      end
-    end
-
-    private
-
-    def handle_mcp_request(request, env)
-      if request.post?
-        handle_post_request(request)
-      else
-        method_not_allowed_response
-      end
-    end
-
-    def handle_post_request(request)
-      @logger.debug("Received POST request to MCP endpoint")
-
-      begin
-        body = request.body.read
-        message = JSON.parse(body)
-
-        @logger.debug("Processing message: #{message.inspect}")
-
-        unless valid_jsonrpc_message?(message)
-          return json_rpc_error_response(400, -32600, "Invalid Request", nil)
-        end
-
-        # Capture the response that will be sent via send_message
-        @captured_response = nil
-        @server.handle_json_request(message)
-
-        @logger.debug("Sending response: #{@captured_response.inspect}")
-
-        [
-          200,
-          { "Content-Type" => "application/json" },
-          [ JSON.generate(@captured_response) ]
-        ]
-      rescue JSON::ParserError => e
-        @logger.error("Invalid JSON in request: #{e.message}")
-        json_rpc_error_response(400, -32700, "Parse error", nil)
-      rescue => e
-        @logger.error("Error processing message: #{e.message}")
-        @logger.error(e.backtrace.join("\n")) if e.backtrace
-        json_rpc_error_response(500, -32603, "Internal error", nil)
-      end
-    end
-
-    def valid_jsonrpc_message?(message)
-      return false unless message.is_a?(Hash)
-      return false unless message["jsonrpc"] == "2.0"
-
-      message.key?("method") || message.key?("result") || message.key?("error")
-    end
-
-    def method_not_allowed_response
-      [
-        405,
-        { "Content-Type" => "application/json" },
-        [ JSON.generate({
-          jsonrpc: "2.0",
-          error: {
-            code: -32601,
-            message: "Method not allowed. This endpoint only supports POST requests."
-          },
-          id: nil
-        }) ]
-      ]
-    end
-
-    def json_rpc_error_response(http_status, code, message, id)
-      [
-        http_status,
-        { "Content-Type" => "application/json" },
-        [ JSON.generate({
-          jsonrpc: "2.0",
-          error: {
-            code: code,
-            message: message
-          },
-          id: id
-        }) ]
-      ]
-    end
-  end
-end

data/lib/tidewave/tools/base.rb

@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-module Tidewave
-  module Tools
-    class Base < FastMcp::Tool
-    end
-  end
-end