vector_mcp 0.3.2 → 0.3.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: edd8f7804cea74064b13b6432daa19149d4b2d6c34efbd7ccfbae393870b648a
-  data.tar.gz: bd04d07372ef947498c39021adfba055d8030b94bf76b567fc8b5cb73aae994b
+  metadata.gz: 64b4dac9a0a1e9c782d3b5d693e7582803621ac81555f992031f9edbdd3f5b6b
+  data.tar.gz: 571e540ac540859b1fefaadc5e2b3cda39a1415c3496af38cee46cb839316c85
 SHA512:
-  metadata.gz: 3a47a3ad028e39de9bd8d4973779040fd0c571067e4c3588ad406d26dd138cdfad06921d497a3922d1eb2406df3ede02379df7f24620539cb1170ac6fdb1bed5
-  data.tar.gz: ad1d3d147c3b4ef8624651aeabb0809f689bbfb5c4ae702dcc0c5fa458cc500ff7ffd54e46a4ea02ae995d908af0122f5a88b7ab895eeaab8c1d780e6eec8043
+  metadata.gz: cc7c13562e31070ce7aef3d0d20801e4a7368a44b22ea58d01ec872f7f9191e7b70d96e72c3cdcd42b9ecc40dc9b7ea30e63ce12b5b54987734a933402269b71
+  data.tar.gz: 6f989302cbd97c00aa5f2dfe28950cffb5c2c53c204c3ab10eb886a9dc680e0db6a704fef54229488910c837ebe3857c7e493ae5aa8729d8d6677fe048c223e1

data/CHANGELOG.md

@@ -1,3 +1,57 @@
+## [0.3.3] – 2025-07-29
+
+### Fixed
+
+* **Critical Security Fix - SSE Transport Session Isolation**: Fixed default behavior where SSE transport shared session state across all clients
+  - **BREAKING CHANGE**: SSE transport now defaults to secure session isolation mode
+  - Session manager is now enabled by default to prevent race conditions and data leakage
+  - Legacy shared session mode available via `disable_session_manager: true` option (deprecated with warning)
+  - Enhanced security tests to prevent regression of this critical vulnerability
+
+* **Critical Security Fix - Path Traversal Vulnerability**: Replaced naive path traversal validation with robust canonicalization
+  - **Path Validation Enhancement**: Now uses `File.expand_path` for proper path canonicalization
+  - **Attack Prevention**: Eliminates false positives from simple string-based `.` checks
+  - **Security Monitoring**: Added warnings for potential path traversal attempts
+  - **Bypass Protection**: Prevents sophisticated path traversal attacks through encoding or complex patterns
+
+* **Session Compatibility**: Fixed session object type detection across different transports
+  - **Transport Compatibility**: Added automatic detection between `BaseSessionManager::Session` and `VectorMCP::Session` types
+  - **Method Resolution**: Fixed `undefined method 'initialized?'` and `'initialize!'` errors
+  - **Transport Layer**: Enhanced stdio, SSE, and HTTP stream transports for consistent session handling
+
+* **Race Condition Fix**: Resolved concurrent session creation test failures in SSE transport
+  - **Thread Safety**: Implemented `Concurrent::Array` for thread-safe session tracking
+  - **Test Stability**: Enhanced test reliability for concurrent operations
+
+* **Code Quality**: Fixed RuboCop style and linting violations
+  - **Naming Conventions**: Updated method names to follow Ruby conventions (removed `get_` prefixes)
+  - **Style Compliance**: Fixed line length violations and predicate method naming
+  - **Consistency**: Applied consistent coding standards across the codebase
+
+### Security
+
+* **Defense in Depth**: Major security improvements addressing critical vulnerabilities
+  - **Multi-Client Security**: Eliminated shared state vulnerabilities in SSE transport
+  - **Path Security**: Comprehensive path traversal protection using canonical path resolution
+  - **Session Isolation**: Proper session boundary enforcement across all transport types
+
+* **Backward Compatibility**: Security fixes maintain API compatibility while improving defaults
+  - **Opt-in Legacy Mode**: Deprecated insecure modes available for gradual migration
+  - **Migration Path**: Clear deprecation warnings guide users to secure configurations
+
+### Testing
+
+* **Enhanced Security Test Coverage**: Comprehensive test suites for critical security fixes
+  - **Path Traversal Tests**: 20+ test cases covering legitimate paths, attack vectors, and edge cases
+  - **SSE Security Tests**: Verification of default secure behavior and session isolation
+  - **Integration Tests**: Cross-transport compatibility and session handling validation
+
+### Technical Details
+
+* **Session Architecture**: Improved session management layer for better transport compatibility
+* **Security Monitoring**: Enhanced logging and warning systems for security events
+* **Error Handling**: Better error messages and debugging information for session-related issues
+
 ## [0.3.2] – 2025-07-02
 
 ### Added

data/lib/vector_mcp/definitions.rb

@@ -242,17 +242,33 @@ module VectorMCP
         # Currently, only file:// scheme is supported per MCP spec
         raise ArgumentError, "Only file:// URIs are supported for roots, got: #{parsed_uri.scheme}://" unless parsed_uri.scheme == "file"
 
-        # Validate path exists and is a directory
-        path = parsed_uri.path
-        raise ArgumentError, "Root directory does not exist: #{path}" unless File.exist?(path)
-
-        raise ArgumentError, "Root path is not a directory: #{path}" unless File.directory?(path)
+        # Validate and canonicalize path for security
+        raw_path = parsed_uri.path
+
+        # Canonicalize the path to resolve any relative components (., .., etc.)
+        # This prevents path traversal attacks and normalizes the path
+        begin
+          canonical_path = File.expand_path(raw_path)
+        rescue ArgumentError => e
+          raise ArgumentError, "Invalid path format: #{raw_path} (#{e.message})"
+        end
 
-        # Security check: ensure we can read the directory
+        # Security check: Verify the canonical path exists and is a directory
+        raise ArgumentError, "Root directory does not exist: #{canonical_path}" unless File.exist?(canonical_path)
+        raise ArgumentError, "Root path is not a directory: #{canonical_path}" unless File.directory?(canonical_path)
+        raise ArgumentError, "Root directory is not readable: #{canonical_path}" unless File.readable?(canonical_path)
+
+        # Additional security: Check if the canonical path differs significantly from raw path
+        # This can indicate potential path traversal attempts
+        if raw_path != canonical_path && raw_path.include?("..")
+          # Log the canonicalization for security monitoring
+          # Note: This is informational - the canonical path is what we'll actually use
+          warn "[SECURITY] Path canonicalized from '#{raw_path}' to '#{canonical_path}'. " \
+               "This may indicate a path traversal attempt."
+        end
 
-        raise ArgumentError, "Root directory is not readable: #{path}" unless File.readable?(path)
-        # Validate against path traversal attempts in the URI itself
-        raise ArgumentError, "Root path contains unsafe traversal patterns: #{path}" if path.include?("..") || path.include?("./")
+        # Update the URI to use the canonical path for consistency
+        self.uri = "file://#{canonical_path}"
 
         true
       end

data/lib/vector_mcp/errors.rb

@@ -28,8 +28,6 @@ module VectorMCP
     # @param details [Hash, nil] Additional details for the error (optional).
     # @param request_id [String, Integer, nil] The ID of the originating request.
     def initialize(message, code: -32_600, details: nil, request_id: nil)
-      logger = VectorMCP.logger_for("errors")
-      logger.debug("Initializing ProtocolError with code: #{code}")
       @code = code
       @message = message
       @details = details # NOTE: `data` in JSON-RPC is often used for this purpose.
@@ -105,8 +103,7 @@ module VectorMCP
     # @param details [Hash, nil] Additional details for the error (optional).
     # @param request_id [String, Integer, nil] The ID of the originating request.
     def initialize(message = "Server error", code: -32_000, details: nil, request_id: nil)
-      logger = VectorMCP.logger_for("errors")
-      logger.debug("Initializing ServerError with code: #{code}")
+      # ServerError initialization
       unless (-32_099..-32_000).cover?(code)
         warn "Server error code #{code} is outside of the reserved range (-32099 to -32000). Using -32000 instead."
         code = -32_000
@@ -133,8 +130,7 @@ module VectorMCP
     # @param details [Hash, nil] Additional details for the error (optional).
     # @param request_id [String, Integer, nil] The ID of the originating request.
     def initialize(message = "Not Found", details: nil, request_id: nil)
-      logger = VectorMCP.logger_for("errors")
-      logger.debug("Initializing NotFoundError with code: -32001")
+      # NotFoundError initialization
       super(message, code: -32_001, details: details, request_id: request_id)
     end
   end

data/lib/vector_mcp/handlers/core.rb

@@ -22,8 +22,6 @@ module VectorMCP
       # @param _server [VectorMCP::Server] The server instance (ignored).
       # @return [Hash] An empty hash, as per MCP spec for ping.
       def self.ping(_params, _session, _server)
-        logger = VectorMCP.logger_for("handlers.core")
-        logger.debug("Handling ping request")
         {}
       end
 
@@ -65,7 +63,7 @@ module VectorMCP
           security_result = validate_tool_security!(session, tool, server)
           validate_input_arguments!(tool_name, tool, arguments)
 
-          result = execute_tool_handler(tool, arguments, security_result)
+          result = execute_tool_handler(tool, arguments, security_result, session)
           context.result = build_tool_result(result)
 
           context = server.middleware_manager.execute_hooks(:after_tool_call, context)
@@ -426,12 +424,16 @@ module VectorMCP
       # @param session [VectorMCP::Session] The current session
       # @return [Hash] Request context for security middleware
       def self.extract_request_from_session(session)
-        # Extract security context from session
-        # This will be enhanced as we integrate with transport layers
+        # All sessions should have a request_context - this is enforced by Session initialization
+        unless session.respond_to?(:request_context) && session.request_context
+          raise VectorMCP::InternalError,
+                "Session missing request_context - transport layer integration error. Session ID: #{session.id}"
+        end
+
         {
-          headers: session.instance_variable_get(:@request_headers) || {},
-          params: session.instance_variable_get(:@request_params) || {},
-          session_id: session.respond_to?(:id) ? session.id : "test-session"
+          headers: session.request_context.headers,
+          params: session.request_context.params,
+          session_id: session.id
         }
       end
       private_class_method :extract_request_from_session
@@ -497,11 +499,11 @@ module VectorMCP
       end
 
       # Execute tool handler with proper arity handling
-      def self.execute_tool_handler(tool, arguments, security_result)
+      def self.execute_tool_handler(tool, arguments, _security_result, session)
         if [1, -1].include?(tool.handler.arity)
           tool.handler.call(arguments)
         else
-          tool.handler.call(arguments, security_result[:session_context])
+          tool.handler.call(arguments, session)
         end
       end
 

data/lib/vector_mcp/middleware/base.rb

@@ -16,13 +16,7 @@ module VectorMCP
       # @param hook_type [String] Type of hook being executed
       # @param context [VectorMCP::Middleware::Context] Execution context
       def call(hook_type, context)
-        @logger.debug("Executing middleware hook") do
-          {
-            middleware: self.class.name,
-            hook_type: hook_type,
-            operation: context.operation_name
-          }
-        end
+        # Generic middleware hook execution
       end
 
       # Tool operation hooks

data/lib/vector_mcp/middleware/manager.rb

@@ -113,16 +113,10 @@ module VectorMCP
         @hooks[hook_type].to_a
       end
 
-      def initialize_execution_state(hook_type_str, hooks, context)
+      def initialize_execution_state(hook_type_str, hooks, _context)
         start_time = Time.now
 
-        @logger.debug("Executing middleware hooks") do
-          {
-            hook_type: hook_type_str,
-            hook_count: hooks.size,
-            operation: context.operation_name
-          }
-        end
+        # Executing middleware hooks
 
         {
           hook_type: hook_type_str,
@@ -157,13 +151,7 @@ module VectorMCP
                                hooks_total: execution_state[:total_hooks]
                              })
 
-        @logger.debug("Completed middleware execution") do
-          {
-            hook_type: execution_state[:hook_type],
-            execution_time: execution_time,
-            hooks_executed: execution_state[:executed_count]
-          }
-        end
+        # Completed middleware execution
       end
 
       def handle_critical_error(error, hook_type, context)

data/lib/vector_mcp/request_context.rb

@@ -0,0 +1,182 @@
+# frozen_string_literal: true
+
+module VectorMCP
+  # Encapsulates request-specific data for MCP sessions.
+  # This provides a formal interface for transports to populate request context
+  # and for handlers to access request data without coupling to session internals.
+  #
+  # @attr_reader headers [Hash] HTTP headers from the request
+  # @attr_reader params [Hash] Query parameters from the request
+  # @attr_reader method [String, nil] HTTP method (GET, POST, etc.) or transport-specific method
+  # @attr_reader path [String, nil] Request path or transport-specific path
+  # @attr_reader transport_metadata [Hash] Transport-specific metadata
+  class RequestContext
+    attr_reader :headers, :params, :method, :path, :transport_metadata
+
+    # Initialize a new request context with the provided data.
+    #
+    # @param headers [Hash] HTTP headers from the request (default: {})
+    # @param params [Hash] Query parameters from the request (default: {})
+    # @param method [String, nil] HTTP method or transport-specific method (default: nil)
+    # @param path [String, nil] Request path or transport-specific path (default: nil)
+    # @param transport_metadata [Hash] Transport-specific metadata (default: {})
+    def initialize(headers: {}, params: {}, method: nil, path: nil, transport_metadata: {})
+      @headers = normalize_headers(headers).freeze
+      @params = normalize_params(params).freeze
+      @method = method&.to_s&.freeze
+      @path = path&.to_s&.freeze
+      @transport_metadata = normalize_metadata(transport_metadata).freeze
+    end
+
+    # Convert the request context to a hash representation.
+    # This is useful for serialization and debugging.
+    #
+    # @return [Hash] Hash representation of the request context
+    def to_h
+      {
+        headers: @headers,
+        params: @params,
+        method: @method,
+        path: @path,
+        transport_metadata: @transport_metadata
+      }
+    end
+
+    # Check if the request context has any headers.
+    #
+    # @return [Boolean] True if headers are present, false otherwise
+    def headers?
+      !@headers.empty?
+    end
+
+    # Check if the request context has any parameters.
+    #
+    # @return [Boolean] True if parameters are present, false otherwise
+    def params?
+      !@params.empty?
+    end
+
+    # Get a specific header value.
+    #
+    # @param name [String] The header name
+    # @return [String, nil] The header value or nil if not found
+    def header(name)
+      @headers[name.to_s]
+    end
+
+    # Get a specific parameter value.
+    #
+    # @param name [String] The parameter name
+    # @return [String, nil] The parameter value or nil if not found
+    def param(name)
+      @params[name.to_s]
+    end
+
+    # Get transport-specific metadata.
+    #
+    # @param key [String, Symbol] The metadata key
+    # @return [Object, nil] The metadata value or nil if not found
+    def metadata(key)
+      @transport_metadata[key.to_s]
+    end
+
+    # Check if this is an HTTP-based transport.
+    #
+    # @return [Boolean] True if method is an HTTP method and path is present
+    def http_transport?
+      return false unless @method && @path
+
+      # Check if method is an HTTP method
+      http_methods = %w[GET POST PUT DELETE HEAD OPTIONS PATCH TRACE CONNECT]
+      http_methods.include?(@method.upcase)
+    end
+
+    # Create a minimal request context for non-HTTP transports.
+    # This is useful for stdio and other command-line transports.
+    #
+    # @param transport_type [String] The transport type identifier
+    # @return [RequestContext] A minimal request context
+    def self.minimal(transport_type)
+      new(
+        headers: {},
+        params: {},
+        method: transport_type.to_s.upcase,
+        path: "/",
+        transport_metadata: { transport_type: transport_type.to_s }
+      )
+    end
+
+    # Create a request context from a Rack environment.
+    # This is a convenience method for HTTP-based transports.
+    #
+    # @param rack_env [Hash] The Rack environment hash
+    # @param transport_type [String] The transport type identifier
+    # @return [RequestContext] A request context populated from the Rack environment
+    def self.from_rack_env(rack_env, transport_type)
+      # Handle nil rack_env by returning a minimal context
+      return minimal(transport_type) if rack_env.nil?
+
+      new(
+        headers: VectorMCP::Util.extract_headers_from_rack_env(rack_env),
+        params: VectorMCP::Util.extract_params_from_rack_env(rack_env),
+        method: rack_env["REQUEST_METHOD"],
+        path: rack_env["PATH_INFO"],
+        transport_metadata: {
+          transport_type: transport_type.to_s,
+          remote_addr: rack_env["REMOTE_ADDR"],
+          user_agent: rack_env["HTTP_USER_AGENT"],
+          content_type: rack_env["CONTENT_TYPE"]
+        }
+      )
+    end
+
+    # String representation of the request context.
+    #
+    # @return [String] String representation for debugging
+    def to_s
+      "<RequestContext method=#{@method} path=#{@path} headers=#{@headers.keys.size} params=#{@params.keys.size}>"
+    end
+
+    # Detailed string representation for debugging.
+    #
+    # @return [String] Detailed string representation
+    def inspect
+      "#<#{self.class.name}:0x#{object_id.to_s(16)} " \
+        "method=#{@method.inspect} path=#{@path.inspect} " \
+        "headers=#{@headers.inspect} params=#{@params.inspect} " \
+        "transport_metadata=#{@transport_metadata.inspect}>"
+    end
+
+    private
+
+    # Normalize headers to ensure consistent format.
+    #
+    # @param headers [Hash] Raw headers hash
+    # @return [Hash] Normalized headers hash
+    def normalize_headers(headers)
+      return {} unless headers.is_a?(Hash)
+
+      headers.transform_keys(&:to_s).transform_values { |v| v.nil? ? "" : v.to_s }
+    end
+
+    # Normalize parameters to ensure consistent format.
+    #
+    # @param params [Hash] Raw parameters hash
+    # @return [Hash] Normalized parameters hash
+    def normalize_params(params)
+      return {} unless params.is_a?(Hash)
+
+      params.transform_keys(&:to_s).transform_values { |v| v.nil? ? "" : v.to_s }
+    end
+
+    # Normalize transport metadata to ensure consistent format.
+    #
+    # @param metadata [Hash] Raw metadata hash
+    # @return [Hash] Normalized metadata hash
+    def normalize_metadata(metadata)
+      return {} unless metadata.is_a?(Hash)
+
+      metadata.transform_keys(&:to_s)
+    end
+  end
+end

data/lib/vector_mcp/sampling/result.rb

@@ -19,12 +19,22 @@ module VectorMCP
       #     - 'data' [String] (Optional) Base64 image data if type is "image".
       #     - 'mimeType' [String] (Optional) Mime type if type is "image".
       def initialize(result_hash)
+        # Handle malformed or nil result_hash
+        raise ArgumentError, "Sampling result must be a Hash, got #{result_hash.class}: #{result_hash.inspect}" unless result_hash.is_a?(Hash)
+
         @raw_result = result_hash.transform_keys { |k| k.to_s.gsub(/(.)([A-Z])/, '\1_\2').downcase.to_sym }
 
         @model = @raw_result[:model]
         @stop_reason = @raw_result[:stop_reason]
         @role = @raw_result[:role]
-        @content = (@raw_result[:content] || {}).transform_keys(&:to_sym)
+
+        # Safe content processing for malformed responses
+        content_raw = @raw_result[:content]
+        @content = if content_raw.is_a?(Hash)
+                     content_raw.transform_keys(&:to_sym)
+                   else
+                     {}
+                   end
 
         validate!
       end

data/lib/vector_mcp/security/middleware.rb

@@ -133,35 +133,9 @@ module VectorMCP
       # @param env [Hash] the Rack environment
       # @return [Hash] extracted request data
       def extract_from_rack_env(env)
-        # Extract headers (HTTP_ prefixed in Rack env)
-        headers = {}
-        env.each do |key, value|
-          next unless key.start_with?("HTTP_")
-
-          # Convert HTTP_X_API_KEY to X-API-Key format
-          header_name = key[5..].split("_").map do |part|
-            case part.upcase
-            when "API" then "API" # Keep API in all caps
-            else part.capitalize
-            end
-          end.join("-")
-          headers[header_name] = value
-        end
-
-        # Add special headers
-        headers["Authorization"] = env["HTTP_AUTHORIZATION"] if env["HTTP_AUTHORIZATION"]
-        headers["Content-Type"] = env["CONTENT_TYPE"] if env["CONTENT_TYPE"]
-
-        # Extract query parameters
-        params = {}
-        if env["QUERY_STRING"]
-          require "uri"
-          params = URI.decode_www_form(env["QUERY_STRING"]).to_h
-        end
-
         {
-          headers: headers,
-          params: params,
+          headers: VectorMCP::Util.extract_headers_from_rack_env(env),
+          params: VectorMCP::Util.extract_params_from_rack_env(env),
           method: env["REQUEST_METHOD"],
           path: env["PATH_INFO"],
           rack_env: env

data/lib/vector_mcp/security/strategies/api_key.rb

@@ -96,36 +96,14 @@ module VectorMCP
         # @param env [Hash] the Rack environment
         # @return [Hash] normalized headers
         def extract_headers_from_rack_env(env)
-          headers = {}
-          env.each do |key, value|
-            next unless key.start_with?("HTTP_")
-
-            # Convert HTTP_X_API_KEY to X-API-Key format
-            header_name = key[5..].split("_").map do |part|
-              case part.upcase
-              when "API" then "API" # Keep API in all caps
-              else part.capitalize
-              end
-            end.join("-")
-            headers[header_name] = value
-          end
-
-          # Add special headers
-          headers["Authorization"] = env["HTTP_AUTHORIZATION"] if env["HTTP_AUTHORIZATION"]
-          headers["Content-Type"] = env["CONTENT_TYPE"] if env["CONTENT_TYPE"]
-          headers
+          VectorMCP::Util.extract_headers_from_rack_env(env)
         end
 
         # Extract params from Rack environment
         # @param env [Hash] the Rack environment
         # @return [Hash] normalized params
         def extract_params_from_rack_env(env)
-          params = {}
-          if env["QUERY_STRING"]
-            require "uri"
-            params = URI.decode_www_form(env["QUERY_STRING"]).to_h
-          end
-          params
+          VectorMCP::Util.extract_params_from_rack_env(env)
         end
 
         # Extract API key from headers

data/lib/vector_mcp/server/capabilities.rb

@@ -34,7 +34,6 @@ module VectorMCP
       # @return [void]
       def clear_prompts_list_changed
         @prompts_list_changed = false
-        logger.debug("Prompts listChanged flag cleared.")
       end
 
       # Notifies connected clients that the list of available prompts has changed.
@@ -45,10 +44,10 @@ module VectorMCP
         notification_method = "notifications/prompts/list_changed"
         begin
           if transport.respond_to?(:broadcast_notification)
-            logger.info("Broadcasting prompts list changed notification.")
+            logger.debug("Broadcasting prompts list changed notification.")
             transport.broadcast_notification(notification_method)
           elsif transport.respond_to?(:send_notification)
-            logger.info("Sending prompts list changed notification (transport may broadcast or send to first client).")
+            logger.debug("Sending prompts list changed notification (transport may broadcast or send to first client).")
             transport.send_notification(notification_method)
           else
             logger.warn("Transport does not support sending notifications/prompts/list_changed.")
@@ -62,7 +61,6 @@ module VectorMCP
       # @return [void]
       def clear_roots_list_changed
         @roots_list_changed = false
-        logger.debug("Roots listChanged flag cleared.")
       end
 
       # Notifies connected clients that the list of available roots has changed.
@@ -73,10 +71,10 @@ module VectorMCP
         notification_method = "notifications/roots/list_changed"
         begin
           if transport.respond_to?(:broadcast_notification)
-            logger.info("Broadcasting roots list changed notification.")
+            logger.debug("Broadcasting roots list changed notification.")
             transport.broadcast_notification(notification_method)
           elsif transport.respond_to?(:send_notification)
-            logger.info("Sending roots list changed notification (transport may broadcast or send to first client).")
+            logger.debug("Sending roots list changed notification (transport may broadcast or send to first client).")
             transport.send_notification(notification_method)
           else
             logger.warn("Transport does not support sending notifications/roots/list_changed.")
@@ -90,7 +88,7 @@ module VectorMCP
       # @api private
       def subscribe_prompts(session)
         @prompt_subscribers << session unless @prompt_subscribers.include?(session)
-        logger.debug("Session subscribed to prompt list changes: #{session.object_id}")
+        # Session subscribed to prompt list changes
       end
 
       private

data/lib/vector_mcp/server/message_handling.rb

@@ -21,10 +21,10 @@ module VectorMCP
         params = message["params"] || {}
 
         if id && method # Request
-          logger.info("[#{session_id}] Request [#{id}]: #{method} with params: #{params.inspect}")
+          logger.debug("[#{session_id}] Request [#{id}]: #{method} with params: #{params.inspect}")
           handle_request(id, method, params, session)
         elsif method # Notification
-          logger.info("[#{session_id}] Notification: #{method} with params: #{params.inspect}")
+          logger.debug("[#{session_id}] Notification: #{method} with params: #{params.inspect}")
           handle_notification(method, params, session)
           nil # Notifications do not have a return value to send back to client
         elsif id # Invalid: Has ID but no method
@@ -74,7 +74,9 @@ module VectorMCP
       # Validates that the session is properly initialized for the given request.
       # @api private
       def validate_session_initialization(id, method, _params, session)
-        return if session.initialized?
+        # Handle both direct VectorMCP::Session and BaseSessionManager::Session wrapper
+        actual_session = session.respond_to?(:context) ? session.context : session
+        return if actual_session.initialized?
 
         # Allow "initialize" even if not marked initialized yet by server
         return if method == "initialize"
@@ -113,7 +115,9 @@ module VectorMCP
       # Internal handler for JSON-RPC notifications.
       # @api private
       def handle_notification(method, params, session)
-        unless session.initialized? || method == "initialized"
+        # Handle both direct VectorMCP::Session and BaseSessionManager::Session wrapper
+        actual_session = session.respond_to?(:context) ? session.context : session
+        unless actual_session.initialized? || method == "initialized"
           logger.warn("Ignoring notification '#{method}' before session is initialized. Params: #{params.inspect}")
           return
         end
@@ -158,7 +162,9 @@ module VectorMCP
       # @api private
       def session_method(method_name)
         lambda do |params, session, _server|
-          session.public_send(method_name, params)
+          # Handle both direct VectorMCP::Session and BaseSessionManager::Session wrapper
+          actual_session = session.respond_to?(:context) ? session.context : session
+          actual_session.public_send(method_name, params)
         end
       end
     end