vector_mcp 0.3.0 → 0.3.1

data/lib/vector_mcp/security/strategies/jwt_token.rb

@@ -0,0 +1,118 @@
+# frozen_string_literal: true
+
+begin
+  require "jwt"
+rescue LoadError
+  # JWT gem is optional - will raise error when trying to use JWT strategy
+end
+
+module VectorMCP
+  module Security
+    module Strategies
+      # JWT Token authentication strategy
+      # Provides stateless authentication using JSON Web Tokens
+      class JwtToken
+        attr_reader :secret, :algorithm, :options
+
+        # Initialize JWT strategy
+        # @param secret [String] the secret key for JWT verification
+        # @param algorithm [String] the JWT algorithm (default: HS256)
+        # @param options [Hash] additional JWT verification options
+        def initialize(secret:, algorithm: "HS256", **options)
+          raise LoadError, "JWT gem is required for JWT authentication strategy" unless defined?(JWT)
+
+          @secret = secret
+          @algorithm = algorithm
+          @options = {
+            algorithm: @algorithm,
+            verify_expiration: true,
+            verify_iat: true,
+            verify_iss: false,
+            verify_aud: false
+          }.merge(options)
+        end
+
+        # Authenticate a request using JWT token
+        # @param request [Hash] the request object
+        # @return [Hash, false] decoded JWT payload or false if authentication failed
+        def authenticate(request)
+          token = extract_token(request)
+          return false unless token
+
+          begin
+            decoded = JWT.decode(token, @secret, true, @options)
+            payload = decoded[0] # First element is the payload
+            headers = decoded[1] # Second element is the headers
+
+            # Return user info from JWT payload
+            {
+              **payload,
+              strategy: "jwt",
+              authenticated_at: Time.now,
+              jwt_headers: headers
+            }
+          rescue JWT::ExpiredSignature, JWT::InvalidIssuerError,
+                 JWT::DecodeError, StandardError
+            false # Token validation failed
+          end
+        end
+
+        # Generate a JWT token (utility method for testing/development)
+        # @param payload [Hash] the payload to encode
+        # @param expires_in [Integer] expiration time in seconds from now
+        # @return [String] the generated JWT token
+        def generate_token(payload, expires_in: 3600)
+          exp_payload = payload.merge(
+            exp: Time.now.to_i + expires_in,
+            iat: Time.now.to_i
+          )
+          JWT.encode(exp_payload, @secret, @algorithm)
+        end
+
+        # Check if JWT gem is available
+        # @return [Boolean] true if JWT gem is loaded
+        def self.available?
+          defined?(JWT)
+        end
+
+        private
+
+        # Extract JWT token from request
+        # @param request [Hash] the request object
+        # @return [String, nil] the extracted token
+        def extract_token(request)
+          headers = request[:headers] || request["headers"] || {}
+          params = request[:params] || request["params"] || {}
+
+          extract_from_auth_header(headers) ||
+            extract_from_jwt_header(headers) ||
+            extract_from_params(params)
+        end
+
+        # Extract token from Authorization header
+        # @param headers [Hash] request headers
+        # @return [String, nil] the token if found
+        def extract_from_auth_header(headers)
+          auth_header = headers["Authorization"] || headers["authorization"]
+          return nil unless auth_header&.start_with?("Bearer ")
+
+          auth_header[7..] # Remove 'Bearer ' prefix
+        end
+
+        # Extract token from custom JWT header
+        # @param headers [Hash] request headers
+        # @return [String, nil] the token if found
+        def extract_from_jwt_header(headers)
+          headers["X-JWT-Token"] || headers["x-jwt-token"]
+        end
+
+        # Extract token from query parameters
+        # @param params [Hash] request parameters
+        # @return [String, nil] the token if found
+        def extract_from_params(params)
+          params["jwt_token"] || params["token"]
+        end
+      end
+    end
+  end
+end

data/lib/vector_mcp/security.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+# Security namespace for VectorMCP
+# Contains authentication, authorization, and security middleware components
+
+require_relative "security/auth_manager"
+require_relative "security/authorization"
+require_relative "security/middleware"
+require_relative "security/session_context"
+require_relative "security/strategies/api_key"
+require_relative "security/strategies/jwt_token"
+require_relative "security/strategies/custom"
+
+module VectorMCP
+  # Security components for VectorMCP servers
+  # Provides opt-in authentication and authorization
+  module Security
+    # Get default authentication manager
+    # @return [AuthManager] a new authentication manager instance
+    def self.auth_manager
+      AuthManager.new
+    end
+
+    # Get default authorization manager
+    # @return [Authorization] a new authorization manager instance
+    def self.authorization
+      Authorization.new
+    end
+
+    # Create security middleware with default components
+    # @param auth_manager [AuthManager] optional custom auth manager
+    # @param authorization [Authorization] optional custom authorization
+    # @return [Middleware] configured security middleware
+    def self.middleware(auth_manager: nil, authorization: nil)
+      auth_manager ||= self.auth_manager
+      authorization ||= self.authorization
+      Middleware.new(auth_manager, authorization)
+    end
+
+    # Check if JWT support is available
+    # @return [Boolean] true if JWT gem is loaded
+    def self.jwt_available?
+      Strategies::JwtToken.available?
+    end
+  end
+end

data/lib/vector_mcp/server.rb

@@ -12,6 +12,13 @@ require_relative "util" # Needed if not using Handlers::Core
 require_relative "server/registry"
 require_relative "server/capabilities"
 require_relative "server/message_handling"
+require_relative "security/auth_manager"
+require_relative "security/authorization"
+require_relative "security/middleware"
+require_relative "security/session_context"
+require_relative "security/strategies/api_key"
+require_relative "security/strategies/jwt_token"
+require_relative "security/strategies/custom"
 
 module VectorMCP
   # The `Server` class is the central component for an MCP server implementation.
@@ -62,7 +69,8 @@ module VectorMCP
     # The specific version of the Model Context Protocol this server implements.
     PROTOCOL_VERSION = "2024-11-05"
 
-    attr_reader :logger, :name, :version, :protocol_version, :tools, :resources, :prompts, :roots, :in_flight_requests
+    attr_reader :logger, :name, :version, :protocol_version, :tools, :resources, :prompts, :roots, :in_flight_requests,
+                :auth_manager, :authorization, :security_middleware
     attr_accessor :transport
 
     # Initializes a new VectorMCP server.
@@ -108,6 +116,11 @@ module VectorMCP
       # Configure sampling capabilities
       @sampling_config = configure_sampling_capabilities(options[:sampling_config] || {})
 
+      # Initialize security components
+      @auth_manager = Security::AuthManager.new
+      @authorization = Security::Authorization.new
+      @security_middleware = Security::Middleware.new(@auth_manager, @authorization)
+
       setup_default_handlers
 
       @logger.info("Server instance '#{@name}' v#{@version} (MCP Protocol: #{@protocol_version}, Gem: v#{VectorMCP::VERSION}) initialized.")
@@ -148,6 +161,133 @@ module VectorMCP
       self.transport = active_transport
       active_transport.run
     end
+
+    # --- Security Configuration ---
+
+    # Enable authentication with specified strategy and configuration
+    # @param strategy [Symbol] the authentication strategy (:api_key, :jwt, :custom)
+    # @param options [Hash] strategy-specific configuration options
+    # @return [void]
+    def enable_authentication!(strategy: :api_key, **options, &block)
+      # Clear existing strategies when switching to a new configuration
+      clear_auth_strategies unless @auth_manager.strategies.empty?
+
+      @auth_manager.enable!(default_strategy: strategy)
+
+      case strategy
+      when :api_key
+        add_api_key_auth(options[:keys] || [])
+      when :jwt
+        add_jwt_auth(options)
+      when :custom
+        handler = block || options[:handler]
+        raise ArgumentError, "Custom authentication strategy requires a handler block" unless handler
+
+        add_custom_auth(&handler)
+
+      else
+        raise ArgumentError, "Unknown authentication strategy: #{strategy}"
+      end
+
+      @logger.info("Authentication enabled with strategy: #{strategy}")
+    end
+
+    # Disable authentication (return to pass-through mode)
+    # @return [void]
+    def disable_authentication!
+      @auth_manager.disable!
+      @logger.info("Authentication disabled")
+    end
+
+    # Enable authorization with optional policy configuration block
+    # @param block [Proc] optional block for configuring authorization policies
+    # @return [void]
+    def enable_authorization!(&)
+      @authorization.enable!
+      instance_eval(&) if block_given?
+      @logger.info("Authorization enabled")
+    end
+
+    # Disable authorization (return to pass-through mode)
+    # @return [void]
+    def disable_authorization!
+      @authorization.disable!
+      @logger.info("Authorization disabled")
+    end
+
+    # Add authorization policy for tools
+    # @param block [Proc] policy block that receives (user, action, tool)
+    # @return [void]
+    def authorize_tools(&)
+      @authorization.add_policy(:tool, &)
+    end
+
+    # Add authorization policy for resources
+    # @param block [Proc] policy block that receives (user, action, resource)
+    # @return [void]
+    def authorize_resources(&)
+      @authorization.add_policy(:resource, &)
+    end
+
+    # Add authorization policy for prompts
+    # @param block [Proc] policy block that receives (user, action, prompt)
+    # @return [void]
+    def authorize_prompts(&)
+      @authorization.add_policy(:prompt, &)
+    end
+
+    # Add authorization policy for roots
+    # @param block [Proc] policy block that receives (user, action, root)
+    # @return [void]
+    def authorize_roots(&)
+      @authorization.add_policy(:root, &)
+    end
+
+    # Check if security features are enabled
+    # @return [Boolean] true if authentication or authorization is enabled
+    def security_enabled?
+      @security_middleware.security_enabled?
+    end
+
+    # Get current security status for debugging/monitoring
+    # @return [Hash] security configuration status
+    def security_status
+      @security_middleware.security_status
+    end
+
+    private
+
+    # Add API key authentication strategy
+    # @param keys [Array<String>] array of valid API keys
+    # @return [void]
+    def add_api_key_auth(keys)
+      strategy = Security::Strategies::ApiKey.new(keys: keys)
+      @auth_manager.add_strategy(:api_key, strategy)
+    end
+
+    # Add JWT authentication strategy
+    # @param options [Hash] JWT configuration options
+    # @return [void]
+    def add_jwt_auth(options)
+      strategy = Security::Strategies::JwtToken.new(**options)
+      @auth_manager.add_strategy(:jwt, strategy)
+    end
+
+    # Add custom authentication strategy
+    # @param handler [Proc] custom authentication handler block
+    # @return [void]
+    def add_custom_auth(&)
+      strategy = Security::Strategies::Custom.new(&)
+      @auth_manager.add_strategy(:custom, strategy)
+    end
+
+    # Clear all authentication strategies
+    # @return [void]
+    def clear_auth_strategies
+      @auth_manager.strategies.each_key do |strategy_name|
+        @auth_manager.remove_strategy(strategy_name)
+      end
+    end
   end
 
   module Transport

data/lib/vector_mcp/version.rb

@@ -2,5 +2,5 @@
 
 module VectorMCP
   # The current version of the VectorMCP gem.
-  VERSION = "0.3.0"
+  VERSION = "0.3.1"
 end

data/lib/vector_mcp.rb

@@ -12,6 +12,7 @@ require_relative "vector_mcp/image_util"
 require_relative "vector_mcp/handlers/core"
 require_relative "vector_mcp/transport/stdio"
 # require_relative "vector_mcp/transport/sse" # Load on demand to avoid async dependencies
+require_relative "vector_mcp/logging"
 require_relative "vector_mcp/server"
 
 # The VectorMCP module provides a full-featured, opinionated Ruby implementation
@@ -47,10 +48,42 @@ module VectorMCP
   # @return [Logger] the shared logger instance for the library.
   @logger = Logger.new($stderr, level: Logger::INFO, progname: "VectorMCP")
 
+  # @return [VectorMCP::Logging::Core] the new structured logging system
+  @logging_core = nil
+
   class << self
     # @!attribute [r] logger
-    #   @return [Logger] the shared logger instance for the library.
-    attr_reader :logger
+    #   @return [Logger] the shared logger instance for the library (legacy compatibility).
+    def logger
+      if @logging_core
+        @logging_core.legacy_logger
+      else
+        @logger
+      end
+    end
+
+    # Initialize the new structured logging system
+    # @param config [Hash, VectorMCP::Logging::Configuration] logging configuration
+    # @return [VectorMCP::Logging::Core] the logging core instance
+    def setup_logging(config = {})
+      configuration = config.is_a?(Logging::Configuration) ? config : Logging::Configuration.new(config)
+      @logging_core = Logging::Core.new(configuration)
+    end
+
+    # Get a component-specific logger
+    # @param component [String, Symbol] the component name
+    # @return [VectorMCP::Logging::Component] component logger
+    def logger_for(component)
+      setup_logging unless @logging_core
+      @logging_core.logger_for(component)
+    end
+
+    # Configure the logging system
+    # @yield [VectorMCP::Logging::Configuration] configuration block
+    def configure_logging(&)
+      setup_logging unless @logging_core
+      @logging_core.configure(&)
+    end
 
     # Creates a new {VectorMCP::Server} instance. This is a **thin wrapper** around
     # `VectorMCP::Server.new`; it exists purely for syntactic sugar so you can write

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: vector_mcp
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.1
 platform: ruby
 authors:
 - Sergio Bayona
@@ -79,8 +79,38 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '6.4'
-description: Server-side tools for implementing the Model Context Protocol in Ruby
-  applications
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+description: A Ruby gem implementing the Model Context Protocol (MCP) server-side
+  specification. Provides a framework for creating MCP servers that expose tools,
+  resources, prompts, and roots to LLM clients with comprehensive security features,
+  structured logging, and production-ready capabilities.
 email:
 - bayona.sergio@gmail.com
 executables:
@@ -89,6 +119,7 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- CHANGELOG.md
 - LICENSE.txt
 - README.md
 - bin/console
@@ -98,8 +129,29 @@ files:
 - lib/vector_mcp/errors.rb
 - lib/vector_mcp/handlers/core.rb
 - lib/vector_mcp/image_util.rb
+- lib/vector_mcp/logging.rb
+- lib/vector_mcp/logging/component.rb
+- lib/vector_mcp/logging/configuration.rb
+- lib/vector_mcp/logging/constants.rb
+- lib/vector_mcp/logging/core.rb
+- lib/vector_mcp/logging/filters/component.rb
+- lib/vector_mcp/logging/filters/level.rb
+- lib/vector_mcp/logging/formatters/base.rb
+- lib/vector_mcp/logging/formatters/json.rb
+- lib/vector_mcp/logging/formatters/text.rb
+- lib/vector_mcp/logging/outputs/base.rb
+- lib/vector_mcp/logging/outputs/console.rb
+- lib/vector_mcp/logging/outputs/file.rb
 - lib/vector_mcp/sampling/request.rb
 - lib/vector_mcp/sampling/result.rb
+- lib/vector_mcp/security.rb
+- lib/vector_mcp/security/auth_manager.rb
+- lib/vector_mcp/security/authorization.rb
+- lib/vector_mcp/security/middleware.rb
+- lib/vector_mcp/security/session_context.rb
+- lib/vector_mcp/security/strategies/api_key.rb
+- lib/vector_mcp/security/strategies/custom.rb
+- lib/vector_mcp/security/strategies/jwt_token.rb
 - lib/vector_mcp/server.rb
 - lib/vector_mcp/server/capabilities.rb
 - lib/vector_mcp/server/message_handling.rb