vector_mcp 0.2.0 → 0.3.1

data/lib/vector_mcp/definitions.rb

@@ -230,6 +230,7 @@ module VectorMCP
       # Validates that the root URI is properly formatted and secure.
       # @return [Boolean] True if the root is valid.
       # @raise [ArgumentError] If the root is invalid.
+      # rubocop:disable Naming/PredicateMethod
       def validate!
         # Validate URI format
         parsed_uri = begin
@@ -248,13 +249,14 @@ module VectorMCP
         raise ArgumentError, "Root path is not a directory: #{path}" unless File.directory?(path)
 
         # Security check: ensure we can read the directory
-        raise ArgumentError, "Root directory is not readable: #{path}" unless File.readable?(path)
 
+        raise ArgumentError, "Root directory is not readable: #{path}" unless File.readable?(path)
         # Validate against path traversal attempts in the URI itself
         raise ArgumentError, "Root path contains unsafe traversal patterns: #{path}" if path.include?("..") || path.include?("./")
 
         true
       end
+      # rubocop:enable Naming/PredicateMethod
 
       # Class method to create a root from a local directory path.
       # @param path [String] Local filesystem path to the directory.

data/lib/vector_mcp/errors.rb

@@ -174,4 +174,28 @@ module VectorMCP
   #     super(message, code: client_code, details: client_details, request_id: request_id)
   #   end
   # end
+
+  # --- Security Specific Errors ---
+
+  # Represents an authentication required error (-32401).
+  # Indicates the request requires authentication.
+  class UnauthorizedError < ProtocolError
+    # @param message [String] The error message.
+    # @param details [Hash, nil] Additional details for the error (optional).
+    # @param request_id [String, Integer, nil] The ID of the originating request.
+    def initialize(message = "Authentication required", details: nil, request_id: nil)
+      super(message, code: -32_401, details: details, request_id: request_id)
+    end
+  end
+
+  # Represents an authorization failed error (-32403).
+  # Indicates the authenticated user does not have permission to perform the requested action.
+  class ForbiddenError < ProtocolError
+    # @param message [String] The error message.
+    # @param details [Hash, nil] Additional details for the error (optional).
+    # @param request_id [String, Integer, nil] The ID of the originating request.
+    def initialize(message = "Access denied", details: nil, request_id: nil)
+      super(message, code: -32_403, details: details, request_id: request_id)
+    end
+  end
 end

data/lib/vector_mcp/handlers/core.rb

@@ -2,6 +2,7 @@
 
 require "json"
 require "uri"
+require "json-schema"
 
 module VectorMCP
   module Handlers
@@ -41,20 +42,35 @@ module VectorMCP
       #
       # @param params [Hash] The request parameters.
       #   Expected keys: "name" (String), "arguments" (Hash, optional).
-      # @param _session [VectorMCP::Session] The current session (ignored).
+      # @param session [VectorMCP::Session] The current session.
       # @param server [VectorMCP::Server] The server instance.
       # @return [Hash] A hash containing the tool call result or an error indication.
       #   Example success: `{ isError: false, content: [{ type: "text", ... }] }`
       # @raise [VectorMCP::NotFoundError] if the requested tool is not found.
-      def self.call_tool(params, _session, server)
+      # @raise [VectorMCP::InvalidParamsError] if arguments validation fails.
+      # @raise [VectorMCP::UnauthorizedError] if authentication fails.
+      # @raise [VectorMCP::ForbiddenError] if authorization fails.
+      def self.call_tool(params, session, server)
         tool_name = params["name"]
         arguments = params["arguments"] || {}
 
         tool = server.tools[tool_name]
         raise VectorMCP::NotFoundError.new("Not Found", details: "Tool not found: #{tool_name}") unless tool
 
+        # Security check: authenticate and authorize the request
+        security_result = check_tool_security(session, tool, server)
+        handle_security_failure(security_result) unless security_result[:success]
+
+        # Validate arguments against the tool's input schema
+        validate_input_arguments!(tool_name, tool, arguments)
+
         # Let StandardError propagate to Server#handle_request
-        result = tool.handler.call(arguments)
+        # Pass session_context only if the handler supports it (for backward compatibility)
+        result = if [1, -1].include?(tool.handler.arity)
+                   tool.handler.call(arguments)
+                 else
+                   tool.handler.call(arguments, security_result[:session_context])
+                 end
         {
           isError: false,
           content: VectorMCP::Util.convert_to_mcp_content(result)
@@ -78,18 +94,30 @@ module VectorMCP
       #
       # @param params [Hash] The request parameters.
       #   Expected key: "uri" (String).
-      # @param _session [VectorMCP::Session] The current session (ignored).
+      # @param session [VectorMCP::Session] The current session.
       # @param server [VectorMCP::Server] The server instance.
       # @return [Hash] A hash containing an array of content items from the resource.
       #   Example: `{ contents: [{ type: "text", text: "...", uri: "memory://data" }] }`
       # @raise [VectorMCP::NotFoundError] if the requested resource URI is not found.
-      def self.read_resource(params, _session, server)
+      # @raise [VectorMCP::UnauthorizedError] if authentication fails.
+      # @raise [VectorMCP::ForbiddenError] if authorization fails.
+      def self.read_resource(params, session, server)
         uri_s = params["uri"]
         raise VectorMCP::NotFoundError.new("Not Found", details: "Resource not found: #{uri_s}") unless server.resources[uri_s]
 
         resource = server.resources[uri_s]
+
+        # Security check: authenticate and authorize the request
+        security_result = check_resource_security(session, resource, server)
+        handle_security_failure(security_result) unless security_result[:success]
+
         # Let StandardError propagate to Server#handle_request
-        content_raw = resource.handler.call(params)
+        # Pass session_context only if the handler supports it (for backward compatibility)
+        content_raw = if [1, -1].include?(resource.handler.arity)
+                        resource.handler.call(params)
+                      else
+                        resource.handler.call(params, security_result[:session_context])
+                      end
         contents = VectorMCP::Util.convert_to_mcp_content(content_raw, mime_type: resource.mime_type)
         contents.each do |item|
           # Add URI to each content item if not already present
@@ -301,6 +329,104 @@ module VectorMCP
         end
       end
       private_class_method :validate_prompt_response!
+
+      # Validates arguments provided for a tool against its input schema using json-schema.
+      # @api private
+      # @param tool_name [String] The name of the tool.
+      # @param tool [VectorMCP::Definitions::Tool] The tool definition.
+      # @param arguments [Hash] The arguments supplied by the client.
+      # @return [void]
+      # @raise [VectorMCP::InvalidParamsError] if arguments fail validation.
+      def self.validate_input_arguments!(tool_name, tool, arguments)
+        return unless tool.input_schema.is_a?(Hash)
+        return if tool.input_schema.empty?
+
+        validation_errors = JSON::Validator.fully_validate(tool.input_schema, arguments)
+        return if validation_errors.empty?
+
+        raise_tool_validation_error(tool_name, validation_errors)
+      rescue JSON::Schema::ValidationError => e
+        raise_tool_validation_error(tool_name, [e.message])
+      end
+
+      # Raises InvalidParamsError with formatted validation details.
+      # @api private
+      # @param tool_name [String] The name of the tool.
+      # @param validation_errors [Array<String>] The validation error messages.
+      # @return [void]
+      # @raise [VectorMCP::InvalidParamsError] Always raises with formatted details.
+      def self.raise_tool_validation_error(tool_name, validation_errors)
+        raise VectorMCP::InvalidParamsError.new(
+          "Invalid arguments for tool '#{tool_name}'",
+          details: {
+            tool: tool_name,
+            validation_errors: validation_errors,
+            message: validation_errors.join("; ")
+          }
+        )
+      end
+      private_class_method :validate_input_arguments!
+      private_class_method :raise_tool_validation_error
+
+      # Security helper methods
+
+      # Check security for tool access
+      # @api private
+      # @param session [VectorMCP::Session] The current session
+      # @param tool [VectorMCP::Definitions::Tool] The tool being accessed
+      # @param server [VectorMCP::Server] The server instance
+      # @return [Hash] Security check result
+      def self.check_tool_security(session, tool, server)
+        # Extract request context from session for security middleware
+        request = extract_request_from_session(session)
+        server.security_middleware.process_request(request, action: :call, resource: tool)
+      end
+      private_class_method :check_tool_security
+
+      # Check security for resource access
+      # @api private
+      # @param session [VectorMCP::Session] The current session
+      # @param resource [VectorMCP::Definitions::Resource] The resource being accessed
+      # @param server [VectorMCP::Server] The server instance
+      # @return [Hash] Security check result
+      def self.check_resource_security(session, resource, server)
+        request = extract_request_from_session(session)
+        server.security_middleware.process_request(request, action: :read, resource: resource)
+      end
+      private_class_method :check_resource_security
+
+      # Extract request context from session for security processing
+      # @api private
+      # @param session [VectorMCP::Session] The current session
+      # @return [Hash] Request context for security middleware
+      def self.extract_request_from_session(session)
+        # Extract security context from session
+        # This will be enhanced as we integrate with transport layers
+        {
+          headers: session.instance_variable_get(:@request_headers) || {},
+          params: session.instance_variable_get(:@request_params) || {},
+          session_id: session.respond_to?(:id) ? session.id : "test-session"
+        }
+      end
+      private_class_method :extract_request_from_session
+
+      # Handle security failure by raising appropriate error
+      # @api private
+      # @param security_result [Hash] The security check result
+      # @return [void]
+      # @raise [VectorMCP::UnauthorizedError, VectorMCP::ForbiddenError]
+      def self.handle_security_failure(security_result)
+        case security_result[:error_code]
+        when "AUTHENTICATION_REQUIRED"
+          raise VectorMCP::UnauthorizedError, security_result[:error]
+        when "AUTHORIZATION_FAILED"
+          raise VectorMCP::ForbiddenError, security_result[:error]
+        else
+          # Fallback to generic unauthorized error
+          raise VectorMCP::UnauthorizedError, security_result[:error] || "Security check failed"
+        end
+      end
+      private_class_method :handle_security_failure
     end
   end
 end

data/lib/vector_mcp/logging/component.rb

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+
+module VectorMCP
+  module Logging
+    class Component
+      attr_reader :name, :core, :config
+
+      def initialize(name, core, config = {})
+        @name = name.to_s
+        @core = core
+        @config = config
+        @context = {}
+      end
+
+      def with_context(context)
+        old_context = @context
+        @context = @context.merge(context)
+        yield
+      ensure
+        @context = old_context
+      end
+
+      def add_context(context)
+        @context = @context.merge(context)
+      end
+
+      def clear_context
+        @context = {}
+      end
+
+      def trace(message = nil, context: {}, &block)
+        log_with_block(Logging::LEVELS[:TRACE], message, context, &block)
+      end
+
+      def debug(message = nil, context: {}, &block)
+        log_with_block(Logging::LEVELS[:DEBUG], message, context, &block)
+      end
+
+      def info(message = nil, context: {}, &block)
+        log_with_block(Logging::LEVELS[:INFO], message, context, &block)
+      end
+
+      def warn(message = nil, context: {}, &block)
+        log_with_block(Logging::LEVELS[:WARN], message, context, &block)
+      end
+
+      def error(message = nil, context: {}, &block)
+        log_with_block(Logging::LEVELS[:ERROR], message, context, &block)
+      end
+
+      def fatal(message = nil, context: {}, &block)
+        log_with_block(Logging::LEVELS[:FATAL], message, context, &block)
+      end
+
+      def security(message = nil, context: {}, &block)
+        log_with_block(Logging::LEVELS[:SECURITY], message, context, &block)
+      end
+
+      def level
+        @core.configuration.level_for(@name)
+      end
+
+      def level_enabled?(level)
+        level >= self.level
+      end
+
+      def trace?
+        level_enabled?(Logging::LEVELS[:TRACE])
+      end
+
+      def debug?
+        level_enabled?(Logging::LEVELS[:DEBUG])
+      end
+
+      def info?
+        level_enabled?(Logging::LEVELS[:INFO])
+      end
+
+      def warn?
+        level_enabled?(Logging::LEVELS[:WARN])
+      end
+
+      def error?
+        level_enabled?(Logging::LEVELS[:ERROR])
+      end
+
+      def fatal?
+        level_enabled?(Logging::LEVELS[:FATAL])
+      end
+
+      def security?
+        level_enabled?(Logging::LEVELS[:SECURITY])
+      end
+
+      def measure(message, context: {}, level: :info, &block)
+        start_time = Time.now
+        result = nil
+        error = nil
+
+        begin
+          result = block.call
+        rescue StandardError => e
+          error = e
+          raise
+        ensure
+          duration = Time.now - start_time
+          measure_context = context.merge(
+            duration_ms: (duration * 1000).round(2),
+            success: error.nil?
+          )
+          measure_context[:error] = error.class.name if error
+
+          send(level, "#{message} completed", context: measure_context)
+        end
+
+        result
+      end
+
+      private
+
+      def log_with_block(level, message, context, &block)
+        return unless level_enabled?(level)
+
+        message = block.call if block_given?
+
+        full_context = @context.merge(context)
+        @core.log(level, @name, message, full_context)
+      end
+    end
+  end
+end

data/lib/vector_mcp/logging/configuration.rb

@@ -0,0 +1,156 @@
+# frozen_string_literal: true
+
+require "yaml"
+
+module VectorMCP
+  module Logging
+    class Configuration
+      DEFAULT_CONFIG = {
+        level: "INFO",
+        format: "text",
+        output: "console",
+        components: {},
+        console: {
+          colorize: true,
+          include_timestamp: true,
+          include_thread: false
+        },
+        file: {
+          path: nil,
+          rotation: "daily",
+          max_size: "100MB",
+          max_files: 7
+        }
+      }.freeze
+
+      attr_reader :config
+
+      def initialize(config = {})
+        @config = deep_merge(DEFAULT_CONFIG, normalize_config(config))
+        validate_config!
+      end
+
+      def self.from_file(path)
+        config = YAML.load_file(path)
+        new(config["logging"] || config)
+      rescue StandardError => e
+        raise ConfigurationError, "Failed to load configuration from #{path}: #{e.message}"
+      end
+
+      def self.from_env
+        config = {}
+
+        config[:level] = ENV["VECTORMCP_LOG_LEVEL"] if ENV["VECTORMCP_LOG_LEVEL"]
+        config[:format] = ENV["VECTORMCP_LOG_FORMAT"] if ENV["VECTORMCP_LOG_FORMAT"]
+        config[:output] = ENV["VECTORMCP_LOG_OUTPUT"] if ENV["VECTORMCP_LOG_OUTPUT"]
+
+        config[:file] = { path: ENV["VECTORMCP_LOG_FILE_PATH"] } if ENV["VECTORMCP_LOG_FILE_PATH"]
+
+        new(config)
+      end
+
+      def level_for(component)
+        component_level = @config[:components][component.to_s]
+        level_value = component_level || @config[:level]
+        Logging.level_value(level_value)
+      end
+
+      def set_component_level(component, level)
+        @config[:components][component.to_s] = if level.is_a?(Integer)
+                                                 Logging.level_name(level)
+                                               else
+                                                 level.to_s.upcase
+                                               end
+      end
+
+      def component_config(component_name)
+        @config[:components][component_name.to_s] || {}
+      end
+
+      def console_config
+        @config[:console]
+      end
+
+      def file_config
+        @config[:file]
+      end
+
+      def format
+        @config[:format]
+      end
+
+      def output
+        @config[:output]
+      end
+
+      def configure(&)
+        instance_eval(&) if block_given?
+        validate_config!
+      end
+
+      def level(new_level)
+        @config[:level] = new_level.to_s.upcase
+      end
+
+      def component(name, level:)
+        @config[:components][name.to_s] = level.to_s.upcase
+      end
+
+      def console(options = {})
+        @config[:console].merge!(options)
+      end
+
+      def file(options = {})
+        @config[:file].merge!(options)
+      end
+
+      def to_h
+        @config.dup
+      end
+
+      private
+
+      def normalize_config(config)
+        case config
+        when Hash
+          config.transform_keys(&:to_sym)
+        when String
+          { level: config }
+        else
+          {}
+        end
+      end
+
+      def deep_merge(hash1, hash2)
+        result = hash1.dup
+        hash2.each do |key, value|
+          result[key] = if result[key].is_a?(Hash) && value.is_a?(Hash)
+                          deep_merge(result[key], value)
+                        else
+                          value
+                        end
+        end
+        result
+      end
+
+      def validate_config!
+        validate_level!(@config[:level])
+        @config[:components].each_value do |level|
+          validate_level!(level)
+        end
+
+        raise ConfigurationError, "Invalid format: #{@config[:format]}" unless %w[text json].include?(@config[:format])
+
+        return if %w[console file both].include?(@config[:output])
+
+        raise ConfigurationError, "Invalid output: #{@config[:output]}"
+      end
+
+      def validate_level!(level)
+        return if Logging::LEVELS.key?(level.to_s.upcase.to_sym)
+
+        raise ConfigurationError, "Invalid log level: #{level}"
+      end
+    end
+  end
+end

data/lib/vector_mcp/logging/constants.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module VectorMCP
+  module Logging
+    module Constants
+      # JSON serialization limits
+      MAX_SERIALIZATION_DEPTH = 5
+      MAX_ARRAY_SERIALIZATION_DEPTH = 3
+      MAX_ARRAY_ELEMENTS_TO_SERIALIZE = 10
+
+      # Text formatting limits
+      DEFAULT_MAX_MESSAGE_LENGTH = 1000
+      DEFAULT_COMPONENT_WIDTH = 20
+      DEFAULT_LEVEL_WIDTH = 8
+      TRUNCATION_SUFFIX_LENGTH = 4 # for "..."
+
+      # ISO timestamp precision
+      TIMESTAMP_PRECISION = 3 # milliseconds
+    end
+  end
+end