tidewave 0.4.2 → 0.5.1

data/lib/tidewave/tools/get_source_location.rb

@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
-class Tidewave::Tools::GetSourceLocation < Tidewave::Tools::Base
-  tool_name "get_source_location"
+require "pathname"
 
-  description <<~DESCRIPTION
+class Tidewave::Tools::GetSourceLocation < Tidewave::Tool
+  DESCRIPTION = <<~DESCRIPTION.freeze
     Returns the source location for the given reference.
 
     The reference may be a constant, most commonly classes and modules
@@ -17,55 +17,50 @@ class Tidewave::Tools::GetSourceLocation < Tidewave::Tools::Base
     You may also get the root location of a gem, you can use "dep:PACKAGE_NAME".
   DESCRIPTION
 
-  arguments do
-    required(:reference).filled(:string).description("The constant/method to lookup, such String, String#gsub or File.executable?")
+  def initialize(options = {})
+    @root = options[:root] ? Pathname.new(options[:root].to_s) : Pathname.pwd
   end
 
-  def call(reference:)
-    # Check if this is a package location request
-    if reference.start_with?("dep:")
-      package_name = reference.gsub("dep:", "")
-      return get_package_location(package_name)
-    end
-
-    file_path, line_number = self.class.get_source_location(reference)
-
-    if file_path
-      begin
-        relative_path = Pathname.new(file_path).relative_path_from(Rails.root)
-        "#{relative_path}:#{line_number}"
-      rescue ArgumentError
-        # If the path cannot be made relative, return the absolute path
-        "#{file_path}:#{line_number}"
-      end
-    else
-      raise NameError, "could not find source location for #{reference}"
-    end
+  def definition
+    {
+      "name" => "get_source_location",
+      "description" => DESCRIPTION,
+      "inputSchema" => {
+        "type" => "object",
+        "properties" => {
+          "reference" => {
+            "type" => "string",
+            "description" => "The constant/method to lookup, such String, String#gsub or File.executable?",
+            "minLength" => 1
+          }
+        },
+        "required" => [ "reference" ]
+      }
+    }
   end
 
-  def get_package_location(package)
-    raise "dep: prefix only works with projects using Bundler" unless defined?(Bundler)
-    specs = Bundler.load.specs
+  def call(arguments)
+    reference = arguments.fetch("reference")
 
-    spec = specs.find { |s| s.name == package }
-    if spec
-      spec.full_gem_path
+    if reference.start_with?("dep:")
+      get_package_location(reference.delete_prefix("dep:"))
     else
-      raise "Package #{package} not found. Check your Gemfile for available packages."
+      file_path, line_number = self.class.get_source_location(reference)
+      raise NameError, "could not find source location for #{reference}" unless file_path
+
+      format_source_location(file_path, line_number)
     end
   end
 
   def self.get_source_location(reference)
     constant_path, selector, method_name = reference.rpartition(/\.|#/)
-
-    # There are no selectors, so the method_name is a constant path
     return Object.const_source_location(method_name) if selector.empty?
 
     begin
       mod = Object.const_get(constant_path)
-    rescue NameError => e
-      raise e
-    rescue
+    rescue NameError => error
+      raise error
+    rescue StandardError
       raise "wrong or invalid reference #{reference}"
     end
 
@@ -77,4 +72,22 @@ class Tidewave::Tools::GetSourceLocation < Tidewave::Tools::Base
       mod.method(method_name).source_location
     end
   end
+
+  private
+
+  def format_source_location(file_path, line_number)
+    relative_path = Pathname.new(file_path).relative_path_from(@root)
+    "#{relative_path}:#{line_number}"
+  rescue ArgumentError
+    "#{file_path}:#{line_number}"
+  end
+
+  def get_package_location(package)
+    raise "dep: prefix only works with projects using Bundler" unless defined?(Bundler)
+
+    spec = Bundler.load.specs.find { |loaded_spec| loaded_spec.name == package }
+    return spec.full_gem_path if spec
+
+    raise "Package #{package} not found. Check your Gemfile for available packages."
+  end
 end

data/lib/tidewave/tools/project_eval.rb

@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
-require "timeout"
 require "json"
+require "stringio"
+require "timeout"
 
-class Tidewave::Tools::ProjectEval < Tidewave::Tools::Base
-  tool_name "project_eval"
-  description <<~DESCRIPTION
+class Tidewave::Tools::ProjectEval < Tidewave::Tool
+  DESCRIPTION = <<~DESCRIPTION.freeze
     Evaluates Ruby code in the context of the project.
 
     The current Ruby version is: #{RUBY_VERSION}
@@ -16,20 +16,44 @@ class Tidewave::Tools::ProjectEval < Tidewave::Tools::Base
     output. DO NOT use shell tools to evaluate Ruby code.
   DESCRIPTION
 
-  arguments do
-    required(:code).filled(:string).description("The Ruby code to evaluate")
-    optional(:arguments).value(:array).description("The arguments to pass to evaluation. They are available inside the evaluated code as `arguments`.")
-    optional(:timeout).filled(:integer).description("The timeout in milliseconds. If the evaluation takes longer than this, it will be terminated. Defaults to 30000 (30 seconds).")
-    optional(:json).hidden().filled(:bool).description("Whether to return the result as JSON with structured output containing result, success, stdout, and stderr fields. Defaults to false.")
+  DEFAULT_TIMEOUT = 30_000
+
+  def definition
+    {
+      "name" => "project_eval",
+      "description" => DESCRIPTION,
+      "inputSchema" => {
+        "type" => "object",
+        "properties" => {
+          "arguments" => {
+            "description" => "The arguments to pass to evaluation. They are available inside the evaluated code as `arguments`.",
+            "items" => {},
+            "type" => "array"
+          },
+          "code" => {
+            "description" => "The Ruby code to evaluate",
+            "type" => "string",
+            "minLength" => 1
+          },
+          "timeout" => {
+            "description" => "The timeout in milliseconds. If the evaluation takes longer than this, it will be terminated. Defaults to 30000 (30 seconds).",
+            "type" => "integer",
+            "not" => {
+              "type" => "null"
+            }
+          }
+        },
+        "required" => [ "code" ]
+      }
+    }
   end
 
-  def @input_schema.json_schema
-    schema = super
-    schema[:properties][:arguments][:items] = {}
-    schema
-  end
+  def call(arguments_hash)
+    code = arguments_hash.fetch("code")
+    arguments = arguments_hash.fetch("arguments", [])
+    timeout = arguments_hash.fetch("timeout", DEFAULT_TIMEOUT)
+    json = arguments_hash.fetch("json", false)
 
-  def call(code:, arguments: [], timeout: 30_000, json: false)
     original_stdout = $stdout
     original_stderr = $stderr
 
@@ -56,14 +80,12 @@ class Tidewave::Tools::ProjectEval < Tidewave::Tools::Base
 
       if json
         JSON.generate({
-          result: result,
-          success: success,
-          stdout: stdout,
-          stderr: stderr
+          "result" => result,
+          "success" => success,
+          "stdout" => stdout,
+          "stderr" => stderr
         })
       elsif stdout.empty? && stderr.empty?
-        # We explicitly call to_s so the result is not accidentally
-        # parsed as a JSON response by FastMCP.
         result.to_s
       else
         <<~OUTPUT

data/lib/tidewave/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
-module Tidewave
-  VERSION = "0.4.2"
+class Tidewave
+  VERSION = "0.5.1"
 end

data/lib/tidewave.rb

@@ -1,13 +1,335 @@
 # frozen_string_literal: true
 
+require "ipaddr"
+require "json"
+require "rack/request"
 require "tidewave/version"
-require "tidewave/railtie"
+require "tidewave/tool"
 require "tidewave/database_adapter"
+require "tidewave/railtie" if defined?(Rails::Railtie)
 
-# Ensure DatabaseAdapters module is available
-module Tidewave
+class Tidewave
   module DatabaseAdapters
-    # This module is defined here to ensure it's available for autoloading
-    # Individual adapters are loaded on-demand in database_adapter.rb
+    # This module is defined here to ensure it's available for autoloading.
+    # Individual adapters are loaded on-demand in database_adapter.rb.
+  end
+
+  module Tools
+    # This module is defined here to ensure it's available for autoloading.
+  end
+end
+
+gem_tools_path = File.expand_path("tidewave/tools/**/*.rb", __dir__)
+Dir[gem_tools_path].sort.each do |file|
+  require file
+end
+
+class Tidewave
+  TIDEWAVE_ROUTE = "tidewave".freeze
+  MCP_ROUTE = "mcp".freeze
+  CONFIG_ROUTE = "config".freeze
+  PROTOCOL_VERSION = "2025-03-26".freeze
+
+  INVALID_IP = <<~TEXT.freeze
+    For security reasons, Tidewave does not accept remote connections by default.
+
+    If you really want to allow remote connections, configure Tidewave with the `allow_remote_access: true` option
+  TEXT
+
+  INVALID_ORIGIN = "For security reasons, Tidewave does not accept requests with an origin header for this endpoint.".freeze
+
+  DEFAULT_OPTIONS = {
+    allow_remote_access: false,
+    client_url: "https://tidewave.ai",
+    framework_type: "rack",
+    team: {}
+  }.freeze
+
+  def initialize(app, options = {})
+    @app = app
+    @options = DEFAULT_OPTIONS.merge(options || {})
+    raise ArgumentError, "project_name is required" if @options[:project_name].to_s.empty?
+
+    @logger = @options[:logger]
+    @tools = build_tool_registry
+  end
+
+  def call(env)
+    request = Rack::Request.new(env)
+    path = request.path.split("/").reject(&:empty?)
+
+    if path[0] == TIDEWAVE_ROUTE
+      return forbidden(INVALID_IP) unless valid_client_ip?(request)
+      if request.get_header("HTTP_ORIGIN") && !origin_allowed_path?(path)
+        return forbidden(INVALID_ORIGIN)
+      end
+
+      case [ request.request_method, path ]
+      when [ "GET", [ TIDEWAVE_ROUTE ] ]
+        home_endpoint(request)
+      when [ "GET", [ TIDEWAVE_ROUTE, CONFIG_ROUTE ] ]
+        config_endpoint(request)
+      when [ "POST", [ TIDEWAVE_ROUTE, MCP_ROUTE ] ]
+        mcp_endpoint(request)
+      else
+        not_found
+      end
+    else
+      strip_x_frame_options(@app.call(env))
+    end
+  end
+
+  private
+
+  def strip_x_frame_options(response)
+    status, headers, body = response
+    headers.delete("X-Frame-Options")
+    [ status, headers, body ]
+  end
+
+  def home_endpoint(_request)
+    client_url = @options[:client_url].to_s.sub(%r{/\z}, "")
+    body = <<~HTML
+      <!DOCTYPE html>
+      <html>
+        <head>
+          <meta charset="UTF-8" />
+          <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+          <script type="module" src="#{client_url}/tc/tc.js"></script>
+        </head>
+        <body></body>
+      </html>
+    HTML
+
+    [ 200, response_headers("text/html", body), [ body ] ]
+  end
+
+  def config_endpoint(request)
+    json_response(config_data(request), headers: { "Access-Control-Allow-Origin" => "*" })
+  end
+
+  def mcp_endpoint(request)
+    body = request.body.read
+
+    message = JSON.parse(body)
+    validation_error = validate_jsonrpc_message(message)
+    return jsonrpc_error_response(nil, -32600, validation_error) if validation_error
+
+    response = handle_mcp_message(message)
+    return json_response({ "status" => "ok" }, status: 202) if response.nil?
+
+    json_response(response)
+  rescue JSON::ParserError
+    jsonrpc_error_response(nil, -32700, "Parse error")
+  rescue StandardError => error
+    @logger&.error("Error handling MCP request: #{error.message}")
+    jsonrpc_error_response(nil, -32603, "Internal error")
+  end
+
+  def config_data(request)
+    {
+      "project_name" => @options[:project_name],
+      "framework_type" => @options[:framework_type],
+      "orm_adapter" => @options[:orm_adapter],
+      "team" => @options[:team] || {},
+      "tidewave_version" => VERSION,
+      "local_port" => local_port(request)
+    }
+  end
+
+  def json_response(payload, status: 200, headers: {})
+    body = JSON.generate(payload)
+    [ status, response_headers("application/json", body).merge(headers), [ body ] ]
+  end
+
+  def forbidden(message)
+    @logger&.warn(message)
+    text_response(403, message)
+  end
+
+  def not_found
+    text_response(404, "Not Found")
+  end
+
+  def text_response(status, message)
+    [ status, response_headers("text/plain; charset=utf-8", message), [ message ] ]
+  end
+
+  def response_headers(content_type, body)
+    {
+      "Content-Type" => content_type,
+      "Content-Length" => body.bytesize.to_s
+    }
+  end
+
+  def origin_allowed_path?(path)
+    path == [ TIDEWAVE_ROUTE ] || path == [ TIDEWAVE_ROUTE, CONFIG_ROUTE ]
+  end
+
+  def local_port(request)
+    sock = request.env["puma.socket"]
+    return unless sock
+
+    addr = sock.respond_to?(:local_address) ? sock.local_address : sock.to_io.local_address
+    addr.ip? ? addr.ip_port : nil
+  end
+
+  def valid_client_ip?(request)
+    return true if @options[:allow_remote_access]
+
+    ip = request.get_header("REMOTE_ADDR")
+    return false if ip.nil? || ip.empty?
+
+    address = IPAddr.new(ip)
+    address.loopback? || address == IPAddr.new("::ffff:127.0.0.1")
+  rescue IPAddr::InvalidAddressError
+    false
+  end
+
+  def validate_jsonrpc_message(message)
+    return "Message must be a JSON object" unless message.is_a?(Hash)
+    return "Invalid JSON-RPC version" unless message["jsonrpc"] == "2.0"
+
+    has_id = message.key?("id")
+    has_method = message.key?("method")
+    has_result = message.key?("result")
+
+    return nil if has_method
+    return nil if has_id && has_result
+
+    "Invalid JSON-RPC message structure"
+  end
+
+  def handle_mcp_message(message)
+    method = message["method"]
+    request_id = message["id"]
+    params = message["params"].is_a?(Hash) ? message["params"] : {}
+
+    case method
+    when "notifications/initialized", "notifications/cancelled"
+      nil
+    when "ping"
+      jsonrpc_success_response_body(request_id, {})
+    when "initialize"
+      handle_initialize(request_id, params)
+    when "tools/list"
+      jsonrpc_success_response_body(request_id, { "tools" => tool_definitions })
+    when "tools/call"
+      handle_tool_call(request_id, params)
+    else
+      {
+        "jsonrpc" => "2.0",
+        "id" => request_id,
+        "error" => {
+          "code" => -32601,
+          "message" => "Method not found",
+          "data" => { "name" => method }
+        }
+      }
+    end
+  end
+
+  def handle_initialize(request_id, params)
+    client_version = params["protocolVersion"]
+    return jsonrpc_error_response_body(request_id, -32602, "Protocol version is required") if client_version.nil? || client_version.empty?
+
+    if client_version < PROTOCOL_VERSION
+      return jsonrpc_error_response_body(
+        request_id,
+        -32602,
+        "Unsupported protocol version. Server supports #{PROTOCOL_VERSION} or later"
+      )
+    end
+
+    jsonrpc_success_response_body(request_id, {
+      "protocolVersion" => PROTOCOL_VERSION,
+      "capabilities" => { "tools" => { "listChanged" => false } },
+      "serverInfo" => {
+        "name" => "tidewave",
+        "version" => VERSION
+      },
+      "tools" => tool_definitions
+    })
+  end
+
+  def handle_tool_call(request_id, params)
+    tool_name = params["name"]
+    arguments = params["arguments"].is_a?(Hash) ? params["arguments"] : {}
+
+    return jsonrpc_error_response_body(request_id, -32602, "Tool name is required") if tool_name.nil? || tool_name.empty?
+
+    tool = @tools[tool_name]
+    return jsonrpc_error_response_body(request_id, -32601, "Tool '#{tool_name}' not found") if tool.nil?
+
+    result = tool.validate_and_call(arguments)
+    jsonrpc_success_response_body(request_id, tool_result(result))
+  rescue StandardError => error
+    @logger&.error("Tool execution error: #{error.message}")
+    jsonrpc_success_response_body(request_id, tool_error_result("Tool execution failed: #{error.message}"))
+  end
+
+  def jsonrpc_success_response_body(request_id, result)
+    {
+      "jsonrpc" => "2.0",
+      "id" => request_id,
+      "result" => result
+    }
+  end
+
+  def jsonrpc_error_response(request_id, code, message)
+    json_response(jsonrpc_error_response_body(request_id, code, message))
+  end
+
+  def jsonrpc_error_response_body(request_id, code, message)
+    {
+      "jsonrpc" => "2.0",
+      "id" => request_id,
+      "error" => {
+        "code" => code,
+        "message" => message
+      }
+    }
+  end
+
+  def tool_definitions
+    @tools.values.map(&:definition)
+  end
+
+  def tool_error_result(message)
+    {
+      "content" => [ text_content(message) ],
+      "isError" => true
+    }
+  end
+
+  def tool_result(result)
+    if result.is_a?(Hash)
+      {
+        "content" => [ text_content(JSON.generate(result)) ],
+        "structuredContent" => result
+      }
+    else
+      {
+        "content" => [ text_content(result.to_s) ]
+      }
+    end
+  end
+
+  def text_content(text)
+    {
+      "type" => "text",
+      "text" => text
+    }
+  end
+
+  def build_tool_registry
+    Tidewave::Tool.descendants.each_with_object({}) do |tool_class, registry|
+      tool = tool_class.new(@options)
+      definition = tool.definition
+      next if definition.nil?
+
+      name = definition["name"]
+      registry[name] = tool if name
+    end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: tidewave
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 0.5.1
 platform: ruby
 authors:
 - Yorick Jacquin
@@ -9,36 +9,8 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-02-05 00:00:00.000000000 Z
+date: 2026-06-14 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: rails
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 7.1.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 7.1.0
-- !ruby/object:Gem::Dependency
-  name: fast-mcp
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.6.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.6.0
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -69,11 +41,9 @@ files:
 - lib/tidewave/database_adapters/active_record.rb
 - lib/tidewave/database_adapters/sequel.rb
 - lib/tidewave/exceptions_middleware.rb
-- lib/tidewave/middleware.rb
 - lib/tidewave/quiet_requests_middleware.rb
 - lib/tidewave/railtie.rb
-- lib/tidewave/streamable_http_transport.rb
-- lib/tidewave/tools/base.rb
+- lib/tidewave/tool.rb
 - lib/tidewave/tools/execute_sql_query.rb
 - lib/tidewave/tools/get_docs.rb
 - lib/tidewave/tools/get_logs.rb