vector_mcp 0.2.0 → 0.3.1

data/lib/vector_mcp/logging/outputs/file.rb

@@ -0,0 +1,157 @@
+# frozen_string_literal: true
+
+require "fileutils"
+require "date"
+
+module VectorMCP
+  module Logging
+    module Outputs
+      class File < Base
+        def initialize(config = {})
+          super
+          @path = @config[:path] or raise OutputError, "File path required"
+          @max_size = parse_size(@config[:max_size] || "100MB")
+          @max_files = @config[:max_files] || 7
+          @rotation = @config[:rotation] || "daily"
+          @mutex = Mutex.new
+          @file = nil
+          @current_date = nil
+
+          ensure_directory_exists
+          open_file
+        end
+
+        def close
+          @mutex.synchronize do
+            @file&.close
+            @file = nil
+          end
+          super
+        end
+
+        protected
+
+        def write_formatted(message)
+          @mutex.synchronize do
+            rotate_if_needed
+            @file.write(message)
+            @file.flush
+          end
+        end
+
+        private
+
+        def ensure_directory_exists
+          dir = ::File.dirname(@path)
+          FileUtils.mkdir_p(dir) unless ::File.directory?(dir)
+        rescue StandardError => e
+          raise OutputError, "Cannot create log directory #{dir}: #{e.message}"
+        end
+
+        def open_file
+          @file = ::File.open(current_log_path, "a")
+          @file.sync = true
+          @current_date = Date.today if daily_rotation?
+        rescue StandardError => e
+          raise OutputError, "Cannot open log file #{current_log_path}: #{e.message}"
+        end
+
+        def current_log_path
+          if daily_rotation?
+            base, ext = split_path(@path)
+            "#{base}_#{Date.today.strftime("%Y%m%d")}#{ext}"
+          else
+            @path
+          end
+        end
+
+        def rotate_if_needed
+          return unless should_rotate?
+
+          rotate_file
+          open_file
+        end
+
+        def should_rotate?
+          return false unless @file
+
+          case @rotation
+          when "daily"
+            daily_rotation? && @current_date != Date.today
+          when "size"
+            @file.size >= @max_size
+          else
+            false
+          end
+        end
+
+        def rotate_file
+          @file&.close
+
+          if daily_rotation?
+            cleanup_old_files
+          else
+            rotate_numbered_files
+          end
+        end
+
+        def daily_rotation?
+          @rotation == "daily"
+        end
+
+        def rotate_numbered_files
+          return unless ::File.exist?(@path)
+
+          (@max_files - 1).downto(1) do |i|
+            old_file = "#{@path}.#{i}"
+            new_file = "#{@path}.#{i + 1}"
+
+            ::File.rename(old_file, new_file) if ::File.exist?(old_file)
+          end
+
+          ::File.rename(@path, "#{@path}.1")
+        end
+
+        def cleanup_old_files
+          base, ext = split_path(@path)
+          pattern = "#{base}_*#{ext}"
+
+          old_files = Dir.glob(pattern).reverse
+          files_to_remove = old_files[@max_files..] || []
+
+          files_to_remove.each do |file|
+            ::File.unlink(file)
+          rescue StandardError => e
+            fallback_write("Warning: Could not remove old log file #{file}: #{e.message}\n")
+          end
+        end
+
+        def split_path(path)
+          ext = ::File.extname(path)
+          base = path.chomp(ext)
+          [base, ext]
+        end
+
+        def parse_size(size_str)
+          size_str = size_str.to_s.upcase
+
+          raise OutputError, "Invalid size format: #{size_str}" unless size_str =~ /\A(\d+)(KB|MB|GB)?\z/
+
+          number = ::Regexp.last_match(1).to_i
+          unit = ::Regexp.last_match(2) || "B"
+
+          case unit
+          when "KB"
+            number * 1024
+          when "MB"
+            number * 1024 * 1024
+          when "GB"
+            number * 1024 * 1024 * 1024
+          else
+            number
+          end
+        end
+      end
+    end
+  end
+end

data/lib/vector_mcp/logging.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+require_relative "logging/constants"
+require_relative "logging/core"
+require_relative "logging/configuration"
+require_relative "logging/component"
+require_relative "logging/formatters/base"
+require_relative "logging/formatters/text"
+require_relative "logging/formatters/json"
+require_relative "logging/outputs/base"
+require_relative "logging/outputs/console"
+require_relative "logging/outputs/file"
+require_relative "logging/filters/level"
+require_relative "logging/filters/component"
+
+module VectorMCP
+  module Logging
+    class Error < StandardError; end
+    class ConfigurationError < Error; end
+    class FormatterError < Error; end
+    class OutputError < Error; end
+
+    LEVELS = {
+      TRACE: 0,
+      DEBUG: 1,
+      INFO: 2,
+      WARN: 3,
+      ERROR: 4,
+      FATAL: 5,
+      SECURITY: 6
+    }.freeze
+
+    LEVEL_NAMES = LEVELS.invert.freeze
+
+    def self.level_name(level)
+      (LEVEL_NAMES[level] || "UNKNOWN").to_s
+    end
+
+    def self.level_value(name)
+      LEVELS[name.to_s.upcase.to_sym] || LEVELS[:INFO]
+    end
+
+    class LogEntry
+      attr_reader :timestamp, :level, :component, :message, :context, :thread_id
+
+      def initialize(attributes = {})
+        @timestamp = attributes[:timestamp]
+        @level = attributes[:level]
+        @component = attributes[:component]
+        @message = attributes[:message]
+        @context = attributes[:context] || {}
+        @thread_id = attributes[:thread_id]
+      end
+
+      def level_name
+        Logging.level_name(@level)
+      end
+
+      def to_h
+        {
+          timestamp: @timestamp.iso8601(Constants::TIMESTAMP_PRECISION),
+          level: level_name,
+          component: @component,
+          message: @message,
+          context: @context,
+          thread_id: @thread_id
+        }
+      end
+    end
+  end
+end

data/lib/vector_mcp/security/auth_manager.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+module VectorMCP
+  module Security
+    # Manages authentication strategies for VectorMCP servers
+    # Provides opt-in authentication with zero configuration by default
+    class AuthManager
+      attr_reader :strategies, :enabled, :default_strategy
+
+      def initialize
+        @strategies = {}
+        @enabled = false
+        @default_strategy = nil
+      end
+
+      # Enable authentication with optional default strategy
+      # @param default_strategy [Symbol] the default authentication strategy to use
+      def enable!(default_strategy: :api_key)
+        @enabled = true
+        @default_strategy = default_strategy
+      end
+
+      # Disable authentication (return to pass-through mode)
+      def disable!
+        @enabled = false
+        @default_strategy = nil
+      end
+
+      # Add an authentication strategy
+      # @param name [Symbol] the strategy name
+      # @param strategy [Object] the strategy instance
+      def add_strategy(name, strategy)
+        @strategies[name] = strategy
+      end
+
+      # Remove an authentication strategy
+      # @param name [Symbol] the strategy name to remove
+      def remove_strategy(name)
+        @strategies.delete(name)
+      end
+
+      # Authenticate a request using the specified or default strategy
+      # @param request [Hash] the request object containing headers, params, etc.
+      # @param strategy [Symbol] optional strategy override
+      # @return [Object, false] authentication result or false if failed
+      def authenticate(request, strategy: nil)
+        return { authenticated: true, user: nil } unless @enabled
+
+        strategy_name = strategy || @default_strategy
+        auth_strategy = @strategies[strategy_name]
+
+        return { authenticated: false, error: "Unknown strategy: #{strategy_name}" } unless auth_strategy
+
+        begin
+          result = auth_strategy.authenticate(request)
+          if result
+            { authenticated: true, user: result }
+          else
+            { authenticated: false, error: "Authentication failed" }
+          end
+        rescue StandardError => e
+          { authenticated: false, error: "Authentication error: #{e.message}" }
+        end
+      end
+
+      # Check if authentication is required
+      # @return [Boolean] true if authentication is enabled
+      def required?
+        @enabled
+      end
+
+      # Get list of available strategies
+      # @return [Array<Symbol>] array of strategy names
+      def available_strategies
+        @strategies.keys
+      end
+    end
+  end
+end

data/lib/vector_mcp/security/authorization.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+module VectorMCP
+  module Security
+    # Manages authorization policies for VectorMCP servers
+    # Provides fine-grained access control for tools and resources
+    class Authorization
+      attr_reader :policies, :enabled
+
+      def initialize
+        @policies = {}
+        @enabled = false
+      end
+
+      # Enable authorization system
+      def enable!
+        @enabled = true
+      end
+
+      # Disable authorization (return to pass-through mode)
+      def disable!
+        @enabled = false
+      end
+
+      # Add an authorization policy for a resource type
+      # @param resource_type [Symbol] the type of resource (e.g., :tool, :resource, :prompt)
+      # @param block [Proc] the policy block that receives (user, action, resource)
+      def add_policy(resource_type, &block)
+        @policies[resource_type] = block
+      end
+
+      # Remove an authorization policy
+      # @param resource_type [Symbol] the resource type to remove policy for
+      def remove_policy(resource_type)
+        @policies.delete(resource_type)
+      end
+
+      # Check if a user is authorized to perform an action on a resource
+      # @param user [Object] the authenticated user object
+      # @param action [Symbol] the action being attempted (e.g., :call, :read, :list)
+      # @param resource [Object] the resource being accessed
+      # @return [Boolean] true if authorized, false otherwise
+      def authorize(user, action, resource)
+        return true unless @enabled
+
+        resource_type = determine_resource_type(resource)
+        policy = @policies[resource_type]
+
+        # If no policy is defined, allow access (opt-in authorization)
+        return true unless policy
+
+        begin
+          policy_result = policy.call(user, action, resource)
+          policy_result ? true : false
+        rescue StandardError
+          # Log error but deny access for safety
+          false
+        end
+      end
+
+      # Check if authorization is required
+      # @return [Boolean] true if authorization is enabled
+      def required?
+        @enabled
+      end
+
+      # Get list of resource types with policies
+      # @return [Array<Symbol>] array of resource types
+      def policy_types
+        @policies.keys
+      end
+
+      private
+
+      # Determine the resource type from the resource object
+      # @param resource [Object] the resource object
+      # @return [Symbol] the resource type
+      def determine_resource_type(resource)
+        case resource
+        when VectorMCP::Definitions::Tool
+          :tool
+        when VectorMCP::Definitions::Resource
+          :resource
+        when VectorMCP::Definitions::Prompt
+          :prompt
+        when VectorMCP::Definitions::Root
+          :root
+        else
+          # Try to infer from class name
+          class_name = resource.class.name.split("::").last&.downcase
+          class_name&.to_sym || :unknown
+        end
+      end
+    end
+  end
+end

data/lib/vector_mcp/security/middleware.rb

@@ -0,0 +1,172 @@
+# frozen_string_literal: true
+
+module VectorMCP
+  module Security
+    # Security middleware for request authentication and authorization
+    # Integrates with transport layers to provide security controls
+    class Middleware
+      attr_reader :auth_manager, :authorization
+
+      # Initialize middleware with auth components
+      # @param auth_manager [AuthManager] the authentication manager
+      # @param authorization [Authorization] the authorization manager
+      def initialize(auth_manager, authorization)
+        @auth_manager = auth_manager
+        @authorization = authorization
+      end
+
+      # Authenticate a request and return session context
+      # @param request [Hash] the request object
+      # @param strategy [Symbol] optional authentication strategy override
+      # @return [SessionContext] the session context for the request
+      def authenticate_request(request, strategy: nil)
+        auth_result = @auth_manager.authenticate(request, strategy: strategy)
+        SessionContext.from_auth_result(auth_result)
+      end
+
+      # Check if a session is authorized for an action on a resource
+      # @param session_context [SessionContext] the session context
+      # @param action [Symbol] the action being attempted
+      # @param resource [Object] the resource being accessed
+      # @return [Boolean] true if authorized
+      def authorize_action(session_context, action, resource)
+        # Always allow if authorization is disabled
+        return true unless @authorization.required?
+
+        # Check authorization policy
+        @authorization.authorize(session_context.user, action, resource)
+      end
+
+      # Process a request through the complete security pipeline
+      # @param request [Hash] the request object
+      # @param action [Symbol] the action being attempted
+      # @param resource [Object] the resource being accessed
+      # @return [Hash] result with session_context and authorization status
+      def process_request(request, action: :access, resource: nil)
+        # Step 1: Authenticate the request
+        session_context = authenticate_request(request)
+
+        # Step 2: Check if authentication is required but failed
+        if @auth_manager.required? && !session_context.authenticated?
+          return {
+            success: false,
+            error: "Authentication required",
+            error_code: "AUTHENTICATION_REQUIRED",
+            session_context: session_context
+          }
+        end
+
+        # Step 3: Check authorization if resource is provided
+        if resource && !authorize_action(session_context, action, resource)
+          return {
+            success: false,
+            error: "Access denied",
+            error_code: "AUTHORIZATION_FAILED",
+            session_context: session_context
+          }
+        end
+
+        # Step 4: Success
+        {
+          success: true,
+          session_context: session_context
+        }
+      end
+
+      # Create a request object from different transport formats
+      # @param transport_request [Object] the transport-specific request
+      # @return [Hash] normalized request object
+      def normalize_request(transport_request)
+        case transport_request
+        when Hash
+          # Check if it's a Rack environment (has REQUEST_METHOD key)
+          if transport_request.key?("REQUEST_METHOD")
+            extract_from_rack_env(transport_request)
+          else
+            # Already normalized
+            transport_request
+          end
+        else
+          # Extract from transport-specific request (e.g., custom objects)
+          extract_request_data(transport_request)
+        end
+      end
+
+      # Check if security is enabled
+      # @return [Boolean] true if any security features are enabled
+      def security_enabled?
+        @auth_manager.required? || @authorization.required?
+      end
+
+      # Get security status for debugging/monitoring
+      # @return [Hash] current security configuration status
+      def security_status
+        {
+          authentication: {
+            enabled: @auth_manager.required?,
+            strategies: @auth_manager.available_strategies,
+            default_strategy: @auth_manager.default_strategy
+          },
+          authorization: {
+            enabled: @authorization.required?,
+            policy_types: @authorization.policy_types
+          }
+        }
+      end
+
+      private
+
+      # Extract request data from transport-specific formats
+      # @param transport_request [Object] the transport request
+      # @return [Hash] extracted request data
+      def extract_request_data(transport_request)
+        # Handle Rack environment (for SSE transport)
+        if transport_request.respond_to?(:[]) && transport_request["REQUEST_METHOD"]
+          extract_from_rack_env(transport_request)
+        else
+          # Default fallback
+          { headers: {}, params: {} }
+        end
+      end
+
+      # Extract data from Rack environment
+      # @param env [Hash] the Rack environment
+      # @return [Hash] extracted request data
+      def extract_from_rack_env(env)
+        # Extract headers (HTTP_ prefixed in Rack env)
+        headers = {}
+        env.each do |key, value|
+          next unless key.start_with?("HTTP_")
+
+          # Convert HTTP_X_API_KEY to X-API-Key format
+          header_name = key[5..].split("_").map do |part|
+            case part.upcase
+            when "API" then "API" # Keep API in all caps
+            else part.capitalize
+            end
+          end.join("-")
+          headers[header_name] = value
+        end
+
+        # Add special headers
+        headers["Authorization"] = env["HTTP_AUTHORIZATION"] if env["HTTP_AUTHORIZATION"]
+        headers["Content-Type"] = env["CONTENT_TYPE"] if env["CONTENT_TYPE"]
+
+        # Extract query parameters
+        params = {}
+        if env["QUERY_STRING"]
+          require "uri"
+          params = URI.decode_www_form(env["QUERY_STRING"]).to_h
+        end
+
+        {
+          headers: headers,
+          params: params,
+          method: env["REQUEST_METHOD"],
+          path: env["PATH_INFO"],
+          rack_env: env
+        }
+      end
+    end
+  end
+end