vector_mcp 0.3.3 → 0.4.0

data/lib/vector_mcp/handlers/core.rb

@@ -52,18 +52,21 @@ module VectorMCP
       # @raise [VectorMCP::ForbiddenError] if authorization fails.
       def self.call_tool(params, session, server)
         tool_name = params["name"]
-        arguments = params["arguments"] || {}
-
         context = create_tool_context(tool_name, params, session, server)
-        context = server.middleware_manager.execute_hooks(:before_tool_call, context)
-        return handle_middleware_error(context) if context.error?
 
         begin
+          session_context = authenticate_session!(session, server, operation_type: :tool_call, operation_name: tool_name)
+
+          context = server.middleware_manager.execute_hooks(:before_tool_call, context)
+          return handle_middleware_error(context) if context.error?
+
+          tool_name = context.params["name"] || tool_name
+          arguments = context.params["arguments"] || {}
           tool = find_tool!(tool_name, server)
-          security_result = validate_tool_security!(session, tool, server)
+          authorize_action!(session_context, :call, tool, server)
           validate_input_arguments!(tool_name, tool, arguments)
 
-          result = execute_tool_handler(tool, arguments, security_result, session)
+          result = execute_tool_handler(tool, arguments, session)
           context.result = build_tool_result(result)
 
           context = server.middleware_manager.execute_hooks(:after_tool_call, context)
@@ -99,16 +102,19 @@ module VectorMCP
       # @raise [VectorMCP::ForbiddenError] if authorization fails.
       def self.read_resource(params, session, server)
         uri_s = params["uri"]
-
         context = create_resource_context(uri_s, params, session, server)
-        context = server.middleware_manager.execute_hooks(:before_resource_read, context)
-        return handle_middleware_error(context) if context.error?
 
         begin
+          session_context = authenticate_session!(session, server, operation_type: :resource_read, operation_name: uri_s)
+
+          context = server.middleware_manager.execute_hooks(:before_resource_read, context)
+          return handle_middleware_error(context) if context.error?
+
+          uri_s = context.params["uri"] || uri_s
           resource = find_resource!(uri_s, server)
-          security_result = validate_resource_security!(session, resource, server)
+          authorize_action!(session_context, :read, resource, server)
 
-          content_raw = execute_resource_handler(resource, params, security_result)
+          content_raw = execute_resource_handler(resource, context.params, session_context)
           contents = process_resource_content(content_raw, resource, uri_s)
 
           context.result = { contents: contents }
@@ -195,9 +201,11 @@ module VectorMCP
         return handle_middleware_error(context) if context.error?
 
         begin
+          context_params = context.params
+          prompt_name = context_params["name"] || prompt_name
           prompt = fetch_prompt(prompt_name, server)
 
-          arguments = params["arguments"] || {}
+          arguments = context_params["arguments"] || {}
           validate_arguments!(prompt_name, prompt, arguments)
 
           # Call the registered handler after arguments were validated
@@ -491,15 +499,34 @@ module VectorMCP
         tool
       end
 
-      # Validate tool security
-      def self.validate_tool_security!(session, tool, server)
-        security_result = check_tool_security(session, tool, server)
-        handle_security_failure(security_result) unless security_result[:success]
-        security_result
+      # Resolve the session authentication state before operation middleware runs.
+      def self.authenticate_session!(session, server, operation_type:, operation_name:)
+        request = extract_request_from_session(session)
+        context = create_auth_context(operation_type, operation_name, request, session, server)
+        context = server.middleware_manager.execute_hooks(:before_auth, context)
+        raise context.error if context.error?
+
+        request = context.params
+        session_context = if server.security_middleware.respond_to?(:authenticate_request)
+                            server.security_middleware.authenticate_request(request)
+                          else
+                            legacy_result = server.security_middleware.process_request(request)
+                            legacy_result[:session_context]
+                          end
+        session.security_context = session_context if session.respond_to?(:security_context=)
+
+        auth_required = server.respond_to?(:auth_manager) ? server.auth_manager.required? : false
+        raise VectorMCP::UnauthorizedError, "Authentication required" if auth_required && !session_context.authenticated?
+
+        context.result = session_context
+        server.middleware_manager.execute_hooks(:after_auth, context)
+        session_context
+      rescue StandardError => e
+        handle_auth_error(e, context, server)
       end
 
       # Execute tool handler with proper arity handling
-      def self.execute_tool_handler(tool, arguments, _security_result, session)
+      def self.execute_tool_handler(tool, arguments, session)
         if [1, -1].include?(tool.handler.arity)
           tool.handler.call(arguments)
         else
@@ -546,18 +573,24 @@ module VectorMCP
       end
 
       # Validate resource security
-      def self.validate_resource_security!(session, resource, server)
-        security_result = check_resource_security(session, resource, server)
-        handle_security_failure(security_result) unless security_result[:success]
-        security_result
+      def self.authorize_action!(session_context, action, resource, server)
+        authorized = if server.security_middleware.respond_to?(:authorize_action)
+                       server.security_middleware.authorize_action(session_context, action, resource)
+                     else
+                       legacy_result = server.security_middleware.process_request({}, action: action, resource: resource)
+                       legacy_result[:success]
+                     end
+        return if authorized
+
+        raise VectorMCP::ForbiddenError, "Access denied"
       end
 
       # Execute resource handler with proper arity handling
-      def self.execute_resource_handler(resource, params, security_result)
+      def self.execute_resource_handler(resource, params, session_context)
         if [1, -1].include?(resource.handler.arity)
           resource.handler.call(params)
         else
-          resource.handler.call(params, security_result[:session_context])
+          resource.handler.call(params, session_context)
         end
       end
 
@@ -579,10 +612,32 @@ module VectorMCP
         context.result
       end
 
-      private_class_method :handle_middleware_error, :create_tool_context, :find_tool!, :validate_tool_security!,
+      # Create middleware context for authentication hooks.
+      def self.create_auth_context(operation_type, operation_name, request, session, server)
+        VectorMCP::Middleware::Context.new(
+          operation_type: operation_type,
+          operation_name: operation_name,
+          params: request,
+          session: session,
+          server: server,
+          metadata: { start_time: Time.now }
+        )
+      end
+
+      # Run auth error hooks and re-raise the original error.
+      def self.handle_auth_error(error, context, server)
+        return raise error unless context
+
+        context.error = error
+        server.middleware_manager.execute_hooks(:on_auth_error, context)
+        raise error
+      end
+
+      private_class_method :handle_middleware_error, :create_tool_context, :find_tool!, :authenticate_session!,
                            :execute_tool_handler, :build_tool_result, :handle_tool_error, :create_resource_context,
-                           :find_resource!, :validate_resource_security!, :execute_resource_handler,
-                           :process_resource_content, :handle_resource_error
+                           :find_resource!, :authorize_action!, :execute_resource_handler,
+                           :process_resource_content, :handle_resource_error, :create_auth_context,
+                           :handle_auth_error
     end
   end
 end

data/lib/vector_mcp/image_util.rb

@@ -217,20 +217,68 @@ module VectorMCP
     # @param file_path [String] Path to the image file.
     # @param validate [Boolean] Whether to validate the image.
     # @param max_size [Integer] Maximum allowed size for validation.
+    # @param base_directory [String, nil] Optional base directory for path traversal protection.
+    #   When provided, the resolved file_path must reside within this directory.
     # @return [Hash] MCP image content hash.
-    # @raise [ArgumentError] If file doesn't exist or validation fails.
+    # @raise [ArgumentError] If file doesn't exist, validation fails, or path traversal is detected.
     #
     # @example
     #   content = VectorMCP::ImageUtil.file_to_mcp_image_content("./avatar.png")
-    def file_to_mcp_image_content(file_path, validate: true, max_size: DEFAULT_MAX_SIZE)
-      raise ArgumentError, "Image file not found: #{file_path}" unless File.exist?(file_path)
+    #
+    # @example With path traversal protection
+    #   content = VectorMCP::ImageUtil.file_to_mcp_image_content(
+    #     user_input_path,
+    #     base_directory: "/app/uploads"
+    #   )
+    def file_to_mcp_image_content(file_path, validate: true, max_size: DEFAULT_MAX_SIZE, base_directory: nil)
+      validated_path = validate_path_safety!(file_path, base_directory)
 
-      raise ArgumentError, "Image file not readable: #{file_path}" unless File.readable?(file_path)
+      raise ArgumentError, "Image file not found: #{validated_path}" unless File.exist?(validated_path)
 
-      binary_data = File.binread(file_path)
+      raise ArgumentError, "Image file not readable: #{validated_path}" unless File.readable?(validated_path)
+
+      binary_data = File.binread(validated_path)
       to_mcp_image_content(binary_data, validate: validate, max_size: max_size)
     end
 
+    # Validates that a file path is safe to access.
+    #
+    # When +base_directory+ is provided, the resolved path must reside within it.
+    # When +base_directory+ is omitted, the path is still canonicalized and
+    # rejected if it contains path traversal sequences (+..+) that resolve
+    # outside the current working directory.
+    #
+    # @param file_path [String] The file path to validate.
+    # @param base_directory [String, nil] Optional base directory boundary.
+    # @return [String] The canonicalized, validated path.
+    # @raise [ArgumentError] If path traversal is detected.
+    # @api private
+    def validate_path_safety!(file_path, base_directory)
+      if base_directory
+        resolved_base = File.expand_path(base_directory)
+        resolved_path = File.expand_path(file_path, resolved_base)
+
+        unless resolved_path.start_with?("#{resolved_base}/") || resolved_path == resolved_base
+          raise ArgumentError, "Path traversal detected: resolved path is outside the allowed base directory"
+        end
+      else
+        resolved_path = File.expand_path(file_path)
+
+        # Reject paths that use traversal sequences to escape upward, even without
+        # an explicit base directory.  This catches the common case of
+        # user-supplied input like "../../etc/passwd".
+        if file_path.to_s.include?("..")
+          canonical_base = File.expand_path(".")
+          unless resolved_path.start_with?("#{canonical_base}/") || resolved_path == canonical_base
+            raise ArgumentError,
+                  "Path traversal detected: '#{file_path}' resolves outside the working directory"
+          end
+        end
+      end
+
+      resolved_path
+    end
+
     # Extracts image metadata from binary data.
     #
     # @param data [String] Binary image data.

data/lib/vector_mcp/log_filter.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module VectorMCP
+  # Filters sensitive data from values before they are written to logs.
+  # Redacts known sensitive keys in hashes and token patterns in strings.
+  module LogFilter
+    SENSITIVE_KEYS = %w[
+      authorization x-api-key api_key apikey token jwt_token
+      password secret cookie set-cookie x-jwt-token
+    ].freeze
+
+    FILTERED = "[FILTERED]"
+
+    # Bearer/Basic token pattern: "Bearer <token>" or "Basic <token>"
+    TOKEN_PATTERN = /\b(Bearer|Basic|API-Key)\s+\S+/i
+
+    module_function
+
+    # Deep-redacts sensitive keys from a hash.
+    # @param hash [Hash] the hash to filter
+    # @return [Hash] a copy with sensitive values replaced by "[FILTERED]"
+    def filter_hash(hash)
+      return hash unless hash.is_a?(Hash)
+
+      hash.each_with_object({}) do |(key, value), filtered|
+        str_key = key.to_s.downcase
+        filtered[key] = if SENSITIVE_KEYS.include?(str_key)
+                          FILTERED
+                        elsif value.is_a?(Hash)
+                          filter_hash(value)
+                        elsif value.is_a?(String)
+                          filter_string(value)
+                        else
+                          value
+                        end
+      end
+    end
+
+    # Redacts Bearer/Basic/API-Key token patterns in a string.
+    # @param str [String] the string to filter
+    # @return [String] the filtered string
+    def filter_string(str)
+      return str unless str.is_a?(String)
+
+      str.gsub(TOKEN_PATTERN, '\1 [FILTERED]')
+    end
+  end
+end

data/lib/vector_mcp/middleware/base.rb

@@ -147,11 +147,7 @@ module VectorMCP
       # @param context [VectorMCP::Middleware::Context] Execution context
       # @param new_params [Hash] New parameters to set
       def modify_params(context, new_params)
-        if context.respond_to?(:params=)
-          context.params = new_params
-        else
-          @logger.warn("Cannot modify immutable params in context")
-        end
+        context.params = new_params
       end
 
       # Helper method to modify response result

data/lib/vector_mcp/middleware/context.rb

@@ -18,7 +18,7 @@ module VectorMCP
       def initialize(options = {})
         @operation_type = options[:operation_type]
         @operation_name = options[:operation_name]
-        @params = (options[:params] || {}).dup.freeze # Immutable copy
+        self.params = options[:params]
         @session = options[:session]
         @server = options[:server]
         @metadata = (options[:metadata] || {}).dup
@@ -27,6 +27,16 @@ module VectorMCP
         @skip_remaining_hooks = false
       end
 
+      # Replace request parameters for the current operation.
+      #
+      # @param value [Hash, nil] New request parameters.
+      # @return [Hash] The normalized parameter hash.
+      def params=(value)
+        raise ArgumentError, "params must be a Hash" unless value.nil? || value.is_a?(Hash)
+
+        @params = (value || {}).dup
+      end
+
       # Check if operation completed successfully
       # @return [Boolean] true if no error occurred
       def success?

data/lib/vector_mcp/rails/tool.rb

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+require "active_record"
+require "active_support/core_ext/hash/indifferent_access"
+require "vector_mcp/tool"
+
+module VectorMCP
+  module Rails
+    # Rails-aware base class for declarative tool definitions.
+    #
+    # Adds ergonomics for the common patterns that show up in ActiveRecord-
+    # backed MCP tools:
+    #
+    # * +find!+ -- fetch a record or raise +VectorMCP::NotFoundError+
+    # * +respond_with+ -- standard success/error payload from a record
+    # * +with_transaction+ -- wrap a mutation in an AR transaction
+    # * Auto-rescue of +ActiveRecord::RecordNotFound+ (-> NotFoundError)
+    #   and +ActiveRecord::RecordInvalid+ (-> error payload)
+    # * Arguments delivered to +#call+ as a +HashWithIndifferentAccess+
+    #   so +args[:id]+ and +args["id"]+ both work
+    #
+    # @example
+    #   class UpdateProvider < VectorMCP::Rails::Tool
+    #     tool_name   "update_provider"
+    #     description "Update an existing provider"
+    #
+    #     param :id,   type: :integer, required: true
+    #     param :name, type: :string
+    #
+    #     def call(args, _session)
+    #       provider = find!(Provider, args[:id])
+    #       provider.update(args.except(:id))
+    #       respond_with(provider, name: provider.name)
+    #     end
+    #   end
+    class Tool < VectorMCP::Tool
+      # Overrides the parent handler to add indifferent-access args and
+      # auto-rescue ActiveRecord exceptions.
+      def self.build_handler
+        klass = self
+        params = @params
+        lambda do |args, session|
+          coerced = klass.coerce_args(args, params).with_indifferent_access
+          klass.new.call(coerced, session)
+        rescue ActiveRecord::RecordNotFound => e
+          raise VectorMCP::NotFoundError, e.message
+        rescue ActiveRecord::RecordInvalid => e
+          { success: false, errors: e.record.errors.full_messages }
+        end
+      end
+      private_class_method :build_handler
+
+      # Finds a record by id or raises VectorMCP::NotFoundError.
+      #
+      # @param model [Class] an ActiveRecord model class
+      # @param id [Integer, String] the record id
+      # @return [ActiveRecord::Base]
+      def find!(model, id)
+        model.find_by(id: id) ||
+          raise(VectorMCP::NotFoundError, "#{model.name} #{id} not found")
+      end
+
+      # Builds a standard response payload from a record.
+      #
+      # Success shape: +{ success: true, id: record.id, **extras }+
+      # Error shape:   +{ success: false, errors: record.errors.full_messages }+
+      #
+      # @param record [ActiveRecord::Base]
+      # @param extras [Hash] additional keys to merge into the success payload
+      # @return [Hash]
+      def respond_with(record, **extras)
+        if record.persisted? && record.errors.empty?
+          { success: true, id: record.id, **extras }
+        else
+          { success: false, errors: record.errors.full_messages }
+        end
+      end
+
+      # Runs the given block inside an ActiveRecord transaction.
+      def with_transaction(&)
+        ActiveRecord::Base.transaction(&)
+      end
+    end
+  end
+end

data/lib/vector_mcp/request_context.rb

@@ -92,7 +92,7 @@ module VectorMCP
     end
 
     # Create a minimal request context for non-HTTP transports.
-    # This is useful for stdio and other command-line transports.
+    # This is useful for non-HTTP transports or testing contexts.
     #
     # @param transport_type [String] The transport type identifier
     # @return [RequestContext] A minimal request context

data/lib/vector_mcp/security/middleware.rb

@@ -120,11 +120,11 @@ module VectorMCP
       # @param transport_request [Object] the transport request
       # @return [Hash] extracted request data
       def extract_request_data(transport_request)
-        # Handle Rack environment (for SSE transport)
+        # Handle Rack environment (for HTTP transports)
         if transport_request.respond_to?(:[]) && transport_request["REQUEST_METHOD"]
           extract_from_rack_env(transport_request)
         else
-          # Default fallback
+          # Default fallback for non-HTTP request formats
           { headers: {}, params: {} }
         end
       end

data/lib/vector_mcp/security/strategies/api_key.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "openssl"
+
 module VectorMCP
   module Security
     module Strategies
@@ -10,8 +12,10 @@ module VectorMCP
 
         # Initialize with a list of valid API keys
         # @param keys [Array<String>] array of valid API keys
-        def initialize(keys: [])
+        # @param allow_query_params [Boolean] whether to accept API keys from query parameters (default: false)
+        def initialize(keys: [], allow_query_params: false)
           @valid_keys = Set.new(keys.map(&:to_s))
+          @allow_query_params = allow_query_params
         end
 
         # Add a valid API key
@@ -33,7 +37,7 @@ module VectorMCP
           api_key = extract_api_key(request)
           return false unless api_key&.length&.positive?
 
-          if @valid_keys.include?(api_key)
+          if secure_key_match?(api_key)
             {
               api_key: api_key,
               strategy: "api_key",
@@ -58,14 +62,33 @@ module VectorMCP
 
         private
 
+        # Constant-time comparison of API key against all valid keys.
+        # Iterates all keys to prevent timing side-channels.
+        # @param candidate [String] the API key to check
+        # @return [Boolean] true if the candidate matches a valid key
+        def secure_key_match?(candidate)
+          matched = false
+          @valid_keys.each do |valid_key|
+            next unless candidate.bytesize == valid_key.bytesize
+
+            matched = true if OpenSSL.fixed_length_secure_compare(candidate, valid_key)
+          end
+          matched
+        end
+
         # Extract API key from various request formats
         # @param request [Hash] the request object
         # @return [String, nil] the extracted API key
         def extract_api_key(request)
           headers = normalize_headers(request)
-          params = normalize_params(request)
 
-          extract_from_headers(headers) || extract_from_params(params)
+          from_headers = extract_from_headers(headers)
+          return from_headers if from_headers
+
+          return nil unless @allow_query_params
+
+          params = normalize_params(request)
+          extract_from_params(params)
         end
 
         # Normalize headers to handle different formats

data/lib/vector_mcp/security/strategies/jwt_token.rb

@@ -17,12 +17,14 @@ module VectorMCP
         # Initialize JWT strategy
         # @param secret [String] the secret key for JWT verification
         # @param algorithm [String] the JWT algorithm (default: HS256)
+        # @param allow_query_params [Boolean] whether to accept JWT tokens from query parameters (default: false)
         # @param options [Hash] additional JWT verification options
-        def initialize(secret:, algorithm: "HS256", **options)
+        def initialize(secret:, algorithm: "HS256", allow_query_params: false, **options)
           raise LoadError, "JWT gem is required for JWT authentication strategy" unless defined?(JWT)
 
           @secret = secret
           @algorithm = algorithm
+          @allow_query_params = allow_query_params
           @options = {
             algorithm: @algorithm,
             verify_expiration: true,
@@ -82,11 +84,14 @@ module VectorMCP
         # @return [String, nil] the extracted token
         def extract_token(request)
           headers = request[:headers] || request["headers"] || {}
-          params = request[:params] || request["params"] || {}
 
-          extract_from_auth_header(headers) ||
-            extract_from_jwt_header(headers) ||
-            extract_from_params(params)
+          from_headers = extract_from_auth_header(headers) || extract_from_jwt_header(headers)
+          return from_headers if from_headers
+
+          return nil unless @allow_query_params
+
+          params = request[:params] || request["params"] || {}
+          extract_from_params(params)
         end
 
         # Extract token from Authorization header

data/lib/vector_mcp/server/capabilities.rb

@@ -43,11 +43,8 @@ module VectorMCP
 
         notification_method = "notifications/prompts/list_changed"
         begin
-          if transport.respond_to?(:broadcast_notification)
-            logger.debug("Broadcasting prompts list changed notification.")
-            transport.broadcast_notification(notification_method)
-          elsif transport.respond_to?(:send_notification)
-            logger.debug("Sending prompts list changed notification (transport may broadcast or send to first client).")
+          if transport.respond_to?(:send_notification)
+            logger.debug("Sending prompts list changed notification.")
             transport.send_notification(notification_method)
           else
             logger.warn("Transport does not support sending notifications/prompts/list_changed.")
@@ -70,11 +67,8 @@ module VectorMCP
 
         notification_method = "notifications/roots/list_changed"
         begin
-          if transport.respond_to?(:broadcast_notification)
-            logger.debug("Broadcasting roots list changed notification.")
-            transport.broadcast_notification(notification_method)
-          elsif transport.respond_to?(:send_notification)
-            logger.debug("Sending roots list changed notification (transport may broadcast or send to first client).")
+          if transport.respond_to?(:send_notification)
+            logger.debug("Sending roots list changed notification.")
             transport.send_notification(notification_method)
           else
             logger.warn("Transport does not support sending notifications/roots/list_changed.")

data/lib/vector_mcp/server/message_handling.rb

@@ -21,10 +21,10 @@ module VectorMCP
         params = message["params"] || {}
 
         if id && method # Request
-          logger.debug("[#{session_id}] Request [#{id}]: #{method} with params: #{params.inspect}")
+          logger.debug("[#{session_id}] Request [#{id}]: #{method} with params: #{VectorMCP::LogFilter.filter_hash(params).inspect}")
           handle_request(id, method, params, session)
         elsif method # Notification
-          logger.debug("[#{session_id}] Notification: #{method} with params: #{params.inspect}")
+          logger.debug("[#{session_id}] Notification: #{method} with params: #{VectorMCP::LogFilter.filter_hash(params).inspect}")
           handle_notification(method, params, session)
           nil # Notifications do not have a return value to send back to client
         elsif id # Invalid: Has ID but no method

data/lib/vector_mcp/server/registry.rb

@@ -29,6 +29,38 @@ module VectorMCP
         self
       end
 
+      # Registers one or more class-based tool definitions with the server.
+      #
+      # Each argument must be a subclass of +VectorMCP::Tool+ that declares
+      # its metadata via the class-level DSL (+tool_name+, +description+,
+      # +param+) and implements +#call+.
+      #
+      # @param tool_classes [Array<Class>] One or more +VectorMCP::Tool+ subclasses.
+      # @return [self] The server instance, for chaining.
+      # @raise [ArgumentError] If any argument is not a +VectorMCP::Tool+ subclass.
+      #
+      # @example Register a single tool
+      #   server.register(ListProviders)
+      #
+      # @example Register multiple tools
+      #   server.register(ListProviders, CreateProvider, UpdateProvider)
+      def register(*tool_classes)
+        tool_classes.each do |tool_class|
+          unless tool_class.is_a?(Class) && tool_class < VectorMCP::Tool
+            raise ArgumentError, "#{tool_class.inspect} is not a VectorMCP::Tool subclass"
+          end
+
+          definition = tool_class.to_definition
+          register_tool(
+            name: definition.name,
+            description: definition.description,
+            input_schema: definition.input_schema,
+            &definition.handler
+          )
+        end
+        self
+      end
+
       # Registers a new resource with the server.
       #
       # @param uri [String, URI] The unique URI for the resource.
@@ -159,7 +191,7 @@ module VectorMCP
       # @param required_parameters [Array<String>] List of required parameter names.
       # @param block [Proc] The tool handler block.
       # @return [VectorMCP::Definitions::Tool] The registered tool.
-      def register_image_tool(name:, description:, image_parameter: "image", additional_parameters: {}, required_parameters: [], &block)
+      def register_image_tool(name:, description:, image_parameter: "image", additional_parameters: {}, required_parameters: [], &)
         # Build the input schema with image support
         image_property = {
           type: "string",
@@ -180,7 +212,7 @@ module VectorMCP
           name: name,
           description: description,
           input_schema: input_schema,
-          &block
+          &
         )
       end
 
@@ -192,13 +224,13 @@ module VectorMCP
       # @param additional_arguments [Array<Hash>] Additional prompt arguments.
       # @param block [Proc] The prompt handler block.
       # @return [VectorMCP::Definitions::Prompt] The registered prompt.
-      def register_image_prompt(name:, description:, image_argument: "image", additional_arguments: [], &block)
+      def register_image_prompt(name:, description:, image_argument: "image", additional_arguments: [], &)
         prompt = VectorMCP::Definitions::Prompt.with_image_support(
           name: name,
           description: description,
           image_argument_name: image_argument,
           additional_arguments: additional_arguments,
-          &block
+          &
         )
 
         register_prompt(