vector_mcp 0.3.0 → 0.3.1

data/lib/vector_mcp/errors.rb

@@ -174,4 +174,28 @@ module VectorMCP
   #     super(message, code: client_code, details: client_details, request_id: request_id)
   #   end
   # end
+
+  # --- Security Specific Errors ---
+
+  # Represents an authentication required error (-32401).
+  # Indicates the request requires authentication.
+  class UnauthorizedError < ProtocolError
+    # @param message [String] The error message.
+    # @param details [Hash, nil] Additional details for the error (optional).
+    # @param request_id [String, Integer, nil] The ID of the originating request.
+    def initialize(message = "Authentication required", details: nil, request_id: nil)
+      super(message, code: -32_401, details: details, request_id: request_id)
+    end
+  end
+
+  # Represents an authorization failed error (-32403).
+  # Indicates the authenticated user does not have permission to perform the requested action.
+  class ForbiddenError < ProtocolError
+    # @param message [String] The error message.
+    # @param details [Hash, nil] Additional details for the error (optional).
+    # @param request_id [String, Integer, nil] The ID of the originating request.
+    def initialize(message = "Access denied", details: nil, request_id: nil)
+      super(message, code: -32_403, details: details, request_id: request_id)
+    end
+  end
 end

data/lib/vector_mcp/handlers/core.rb

@@ -42,24 +42,35 @@ module VectorMCP
       #
       # @param params [Hash] The request parameters.
       #   Expected keys: "name" (String), "arguments" (Hash, optional).
-      # @param _session [VectorMCP::Session] The current session (ignored).
+      # @param session [VectorMCP::Session] The current session.
       # @param server [VectorMCP::Server] The server instance.
       # @return [Hash] A hash containing the tool call result or an error indication.
       #   Example success: `{ isError: false, content: [{ type: "text", ... }] }`
       # @raise [VectorMCP::NotFoundError] if the requested tool is not found.
       # @raise [VectorMCP::InvalidParamsError] if arguments validation fails.
-      def self.call_tool(params, _session, server)
+      # @raise [VectorMCP::UnauthorizedError] if authentication fails.
+      # @raise [VectorMCP::ForbiddenError] if authorization fails.
+      def self.call_tool(params, session, server)
         tool_name = params["name"]
         arguments = params["arguments"] || {}
 
         tool = server.tools[tool_name]
         raise VectorMCP::NotFoundError.new("Not Found", details: "Tool not found: #{tool_name}") unless tool
 
+        # Security check: authenticate and authorize the request
+        security_result = check_tool_security(session, tool, server)
+        handle_security_failure(security_result) unless security_result[:success]
+
         # Validate arguments against the tool's input schema
         validate_input_arguments!(tool_name, tool, arguments)
 
         # Let StandardError propagate to Server#handle_request
-        result = tool.handler.call(arguments)
+        # Pass session_context only if the handler supports it (for backward compatibility)
+        result = if [1, -1].include?(tool.handler.arity)
+                   tool.handler.call(arguments)
+                 else
+                   tool.handler.call(arguments, security_result[:session_context])
+                 end
         {
           isError: false,
           content: VectorMCP::Util.convert_to_mcp_content(result)
@@ -83,18 +94,30 @@ module VectorMCP
       #
       # @param params [Hash] The request parameters.
       #   Expected key: "uri" (String).
-      # @param _session [VectorMCP::Session] The current session (ignored).
+      # @param session [VectorMCP::Session] The current session.
       # @param server [VectorMCP::Server] The server instance.
       # @return [Hash] A hash containing an array of content items from the resource.
       #   Example: `{ contents: [{ type: "text", text: "...", uri: "memory://data" }] }`
       # @raise [VectorMCP::NotFoundError] if the requested resource URI is not found.
-      def self.read_resource(params, _session, server)
+      # @raise [VectorMCP::UnauthorizedError] if authentication fails.
+      # @raise [VectorMCP::ForbiddenError] if authorization fails.
+      def self.read_resource(params, session, server)
         uri_s = params["uri"]
         raise VectorMCP::NotFoundError.new("Not Found", details: "Resource not found: #{uri_s}") unless server.resources[uri_s]
 
         resource = server.resources[uri_s]
+
+        # Security check: authenticate and authorize the request
+        security_result = check_resource_security(session, resource, server)
+        handle_security_failure(security_result) unless security_result[:success]
+
         # Let StandardError propagate to Server#handle_request
-        content_raw = resource.handler.call(params)
+        # Pass session_context only if the handler supports it (for backward compatibility)
+        content_raw = if [1, -1].include?(resource.handler.arity)
+                        resource.handler.call(params)
+                      else
+                        resource.handler.call(params, security_result[:session_context])
+                      end
         contents = VectorMCP::Util.convert_to_mcp_content(content_raw, mime_type: resource.mime_type)
         contents.each do |item|
           # Add URI to each content item if not already present
@@ -344,6 +367,66 @@ module VectorMCP
       end
       private_class_method :validate_input_arguments!
       private_class_method :raise_tool_validation_error
+
+      # Security helper methods
+
+      # Check security for tool access
+      # @api private
+      # @param session [VectorMCP::Session] The current session
+      # @param tool [VectorMCP::Definitions::Tool] The tool being accessed
+      # @param server [VectorMCP::Server] The server instance
+      # @return [Hash] Security check result
+      def self.check_tool_security(session, tool, server)
+        # Extract request context from session for security middleware
+        request = extract_request_from_session(session)
+        server.security_middleware.process_request(request, action: :call, resource: tool)
+      end
+      private_class_method :check_tool_security
+
+      # Check security for resource access
+      # @api private
+      # @param session [VectorMCP::Session] The current session
+      # @param resource [VectorMCP::Definitions::Resource] The resource being accessed
+      # @param server [VectorMCP::Server] The server instance
+      # @return [Hash] Security check result
+      def self.check_resource_security(session, resource, server)
+        request = extract_request_from_session(session)
+        server.security_middleware.process_request(request, action: :read, resource: resource)
+      end
+      private_class_method :check_resource_security
+
+      # Extract request context from session for security processing
+      # @api private
+      # @param session [VectorMCP::Session] The current session
+      # @return [Hash] Request context for security middleware
+      def self.extract_request_from_session(session)
+        # Extract security context from session
+        # This will be enhanced as we integrate with transport layers
+        {
+          headers: session.instance_variable_get(:@request_headers) || {},
+          params: session.instance_variable_get(:@request_params) || {},
+          session_id: session.respond_to?(:id) ? session.id : "test-session"
+        }
+      end
+      private_class_method :extract_request_from_session
+
+      # Handle security failure by raising appropriate error
+      # @api private
+      # @param security_result [Hash] The security check result
+      # @return [void]
+      # @raise [VectorMCP::UnauthorizedError, VectorMCP::ForbiddenError]
+      def self.handle_security_failure(security_result)
+        case security_result[:error_code]
+        when "AUTHENTICATION_REQUIRED"
+          raise VectorMCP::UnauthorizedError, security_result[:error]
+        when "AUTHORIZATION_FAILED"
+          raise VectorMCP::ForbiddenError, security_result[:error]
+        else
+          # Fallback to generic unauthorized error
+          raise VectorMCP::UnauthorizedError, security_result[:error] || "Security check failed"
+        end
+      end
+      private_class_method :handle_security_failure
     end
   end
 end

data/lib/vector_mcp/logging/component.rb

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+
+module VectorMCP
+  module Logging
+    class Component
+      attr_reader :name, :core, :config
+
+      def initialize(name, core, config = {})
+        @name = name.to_s
+        @core = core
+        @config = config
+        @context = {}
+      end
+
+      def with_context(context)
+        old_context = @context
+        @context = @context.merge(context)
+        yield
+      ensure
+        @context = old_context
+      end
+
+      def add_context(context)
+        @context = @context.merge(context)
+      end
+
+      def clear_context
+        @context = {}
+      end
+
+      def trace(message = nil, context: {}, &block)
+        log_with_block(Logging::LEVELS[:TRACE], message, context, &block)
+      end
+
+      def debug(message = nil, context: {}, &block)
+        log_with_block(Logging::LEVELS[:DEBUG], message, context, &block)
+      end
+
+      def info(message = nil, context: {}, &block)
+        log_with_block(Logging::LEVELS[:INFO], message, context, &block)
+      end
+
+      def warn(message = nil, context: {}, &block)
+        log_with_block(Logging::LEVELS[:WARN], message, context, &block)
+      end
+
+      def error(message = nil, context: {}, &block)
+        log_with_block(Logging::LEVELS[:ERROR], message, context, &block)
+      end
+
+      def fatal(message = nil, context: {}, &block)
+        log_with_block(Logging::LEVELS[:FATAL], message, context, &block)
+      end
+
+      def security(message = nil, context: {}, &block)
+        log_with_block(Logging::LEVELS[:SECURITY], message, context, &block)
+      end
+
+      def level
+        @core.configuration.level_for(@name)
+      end
+
+      def level_enabled?(level)
+        level >= self.level
+      end
+
+      def trace?
+        level_enabled?(Logging::LEVELS[:TRACE])
+      end
+
+      def debug?
+        level_enabled?(Logging::LEVELS[:DEBUG])
+      end
+
+      def info?
+        level_enabled?(Logging::LEVELS[:INFO])
+      end
+
+      def warn?
+        level_enabled?(Logging::LEVELS[:WARN])
+      end
+
+      def error?
+        level_enabled?(Logging::LEVELS[:ERROR])
+      end
+
+      def fatal?
+        level_enabled?(Logging::LEVELS[:FATAL])
+      end
+
+      def security?
+        level_enabled?(Logging::LEVELS[:SECURITY])
+      end
+
+      def measure(message, context: {}, level: :info, &block)
+        start_time = Time.now
+        result = nil
+        error = nil
+
+        begin
+          result = block.call
+        rescue StandardError => e
+          error = e
+          raise
+        ensure
+          duration = Time.now - start_time
+          measure_context = context.merge(
+            duration_ms: (duration * 1000).round(2),
+            success: error.nil?
+          )
+          measure_context[:error] = error.class.name if error
+
+          send(level, "#{message} completed", context: measure_context)
+        end
+
+        result
+      end
+
+      private
+
+      def log_with_block(level, message, context, &block)
+        return unless level_enabled?(level)
+
+        message = block.call if block_given?
+
+        full_context = @context.merge(context)
+        @core.log(level, @name, message, full_context)
+      end
+    end
+  end
+end

data/lib/vector_mcp/logging/configuration.rb

@@ -0,0 +1,156 @@
+# frozen_string_literal: true
+
+require "yaml"
+
+module VectorMCP
+  module Logging
+    class Configuration
+      DEFAULT_CONFIG = {
+        level: "INFO",
+        format: "text",
+        output: "console",
+        components: {},
+        console: {
+          colorize: true,
+          include_timestamp: true,
+          include_thread: false
+        },
+        file: {
+          path: nil,
+          rotation: "daily",
+          max_size: "100MB",
+          max_files: 7
+        }
+      }.freeze
+
+      attr_reader :config
+
+      def initialize(config = {})
+        @config = deep_merge(DEFAULT_CONFIG, normalize_config(config))
+        validate_config!
+      end
+
+      def self.from_file(path)
+        config = YAML.load_file(path)
+        new(config["logging"] || config)
+      rescue StandardError => e
+        raise ConfigurationError, "Failed to load configuration from #{path}: #{e.message}"
+      end
+
+      def self.from_env
+        config = {}
+
+        config[:level] = ENV["VECTORMCP_LOG_LEVEL"] if ENV["VECTORMCP_LOG_LEVEL"]
+        config[:format] = ENV["VECTORMCP_LOG_FORMAT"] if ENV["VECTORMCP_LOG_FORMAT"]
+        config[:output] = ENV["VECTORMCP_LOG_OUTPUT"] if ENV["VECTORMCP_LOG_OUTPUT"]
+
+        config[:file] = { path: ENV["VECTORMCP_LOG_FILE_PATH"] } if ENV["VECTORMCP_LOG_FILE_PATH"]
+
+        new(config)
+      end
+
+      def level_for(component)
+        component_level = @config[:components][component.to_s]
+        level_value = component_level || @config[:level]
+        Logging.level_value(level_value)
+      end
+
+      def set_component_level(component, level)
+        @config[:components][component.to_s] = if level.is_a?(Integer)
+                                                 Logging.level_name(level)
+                                               else
+                                                 level.to_s.upcase
+                                               end
+      end
+
+      def component_config(component_name)
+        @config[:components][component_name.to_s] || {}
+      end
+
+      def console_config
+        @config[:console]
+      end
+
+      def file_config
+        @config[:file]
+      end
+
+      def format
+        @config[:format]
+      end
+
+      def output
+        @config[:output]
+      end
+
+      def configure(&)
+        instance_eval(&) if block_given?
+        validate_config!
+      end
+
+      def level(new_level)
+        @config[:level] = new_level.to_s.upcase
+      end
+
+      def component(name, level:)
+        @config[:components][name.to_s] = level.to_s.upcase
+      end
+
+      def console(options = {})
+        @config[:console].merge!(options)
+      end
+
+      def file(options = {})
+        @config[:file].merge!(options)
+      end
+
+      def to_h
+        @config.dup
+      end
+
+      private
+
+      def normalize_config(config)
+        case config
+        when Hash
+          config.transform_keys(&:to_sym)
+        when String
+          { level: config }
+        else
+          {}
+        end
+      end
+
+      def deep_merge(hash1, hash2)
+        result = hash1.dup
+        hash2.each do |key, value|
+          result[key] = if result[key].is_a?(Hash) && value.is_a?(Hash)
+                          deep_merge(result[key], value)
+                        else
+                          value
+                        end
+        end
+        result
+      end
+
+      def validate_config!
+        validate_level!(@config[:level])
+        @config[:components].each_value do |level|
+          validate_level!(level)
+        end
+
+        raise ConfigurationError, "Invalid format: #{@config[:format]}" unless %w[text json].include?(@config[:format])
+
+        return if %w[console file both].include?(@config[:output])
+
+        raise ConfigurationError, "Invalid output: #{@config[:output]}"
+      end
+
+      def validate_level!(level)
+        return if Logging::LEVELS.key?(level.to_s.upcase.to_sym)
+
+        raise ConfigurationError, "Invalid log level: #{level}"
+      end
+    end
+  end
+end

data/lib/vector_mcp/logging/constants.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module VectorMCP
+  module Logging
+    module Constants
+      # JSON serialization limits
+      MAX_SERIALIZATION_DEPTH = 5
+      MAX_ARRAY_SERIALIZATION_DEPTH = 3
+      MAX_ARRAY_ELEMENTS_TO_SERIALIZE = 10
+
+      # Text formatting limits
+      DEFAULT_MAX_MESSAGE_LENGTH = 1000
+      DEFAULT_COMPONENT_WIDTH = 20
+      DEFAULT_LEVEL_WIDTH = 8
+      TRUNCATION_SUFFIX_LENGTH = 4 # for "..."
+
+      # ISO timestamp precision
+      TIMESTAMP_PRECISION = 3 # milliseconds
+    end
+  end
+end

data/lib/vector_mcp/logging/core.rb

@@ -0,0 +1,175 @@
+# frozen_string_literal: true
+
+require "logger"
+
+module VectorMCP
+  module Logging
+    class Core
+      attr_reader :configuration, :components, :outputs
+
+      def initialize(configuration = nil)
+        @configuration = configuration || Configuration.new
+        @components = {}
+        @outputs = []
+        @mutex = Mutex.new
+        @legacy_logger = nil
+
+        setup_default_output
+      end
+
+      def logger_for(component_name)
+        @mutex.synchronize do
+          @components[component_name] ||= Component.new(
+            component_name,
+            self,
+            @configuration.component_config(component_name)
+          )
+        end
+      end
+
+      def legacy_logger
+        @legacy_logger ||= LegacyAdapter.new(self)
+      end
+
+      def log(level, component, message, context = {})
+        return unless should_log?(level, component)
+
+        log_entry = Logging::LogEntry.new({
+                                            timestamp: Time.now,
+                                            level: level,
+                                            component: component,
+                                            message: message,
+                                            context: context,
+                                            thread_id: Thread.current.object_id
+                                          })
+
+        @outputs.each do |output|
+          output.write(log_entry)
+        rescue StandardError => e
+          warn "Failed to write to output #{output.class}: #{e.message}"
+        end
+      end
+
+      def add_output(output)
+        @mutex.synchronize do
+          @outputs << output unless @outputs.include?(output)
+        end
+      end
+
+      def remove_output(output)
+        @mutex.synchronize do
+          @outputs.delete(output)
+        end
+      end
+
+      def configure(&)
+        @configuration.configure(&)
+        reconfigure_outputs
+      end
+
+      def shutdown
+        @outputs.each(&:close)
+        @outputs.clear
+      end
+
+      private
+
+      def should_log?(level, component)
+        min_level = @configuration.level_for(component)
+        level >= min_level
+      end
+
+      def setup_default_output
+        console_output = Outputs::Console.new(@configuration.console_config)
+        add_output(console_output)
+      end
+
+      def reconfigure_outputs
+        @outputs.each(&:reconfigure)
+      end
+    end
+
+    class LegacyAdapter
+      def initialize(core)
+        @core = core
+        @component = "legacy"
+        @progname = "VectorMCP"
+      end
+
+      def debug(message = nil, &)
+        log_with_block(Logging::LEVELS[:DEBUG], message, &)
+      end
+
+      def info(message = nil, &)
+        log_with_block(Logging::LEVELS[:INFO], message, &)
+      end
+
+      def warn(message = nil, &)
+        log_with_block(Logging::LEVELS[:WARN], message, &)
+      end
+
+      def error(message = nil, &)
+        log_with_block(Logging::LEVELS[:ERROR], message, &)
+      end
+
+      def fatal(message = nil, &)
+        log_with_block(Logging::LEVELS[:FATAL], message, &)
+      end
+
+      def level
+        @core.configuration.level_for(@component)
+      end
+
+      def level=(new_level)
+        @core.configuration.set_component_level(@component, new_level)
+      end
+
+      attr_accessor :progname
+
+      def add(severity, message = nil, progname = nil, &block)
+        actual_message = message || block&.call || progname
+        @core.log(severity, @component, actual_message)
+      end
+
+      # For backward compatibility with Logger interface checks
+      def is_a?(klass)
+        return true if klass == Logger
+
+        super
+      end
+
+      def kind_of?(klass)
+        return true if klass == Logger
+
+        super
+      end
+
+      # Simulate Logger's logdev for compatibility
+      def instance_variable_get(var_name)
+        if var_name == :@logdev
+          # Return a mock object that simulates Logger's logdev
+          MockLogdev.new
+        else
+          super
+        end
+      end
+
+      private
+
+      def log_with_block(level, message, &block)
+        if block_given?
+          return unless @core.configuration.level_for(@component) <= level
+
+          message = block.call
+        end
+        @core.log(level, @component, message)
+      end
+    end
+
+    class MockLogdev
+      def dev
+        $stderr
+      end
+    end
+  end
+end