vector_mcp 0.3.4 → 0.4.0

data/lib/vector_mcp/handlers/core.rb

@@ -52,18 +52,21 @@ module VectorMCP
       # @raise [VectorMCP::ForbiddenError] if authorization fails.
       def self.call_tool(params, session, server)
         tool_name = params["name"]
-        arguments = params["arguments"] || {}
-
         context = create_tool_context(tool_name, params, session, server)
-        context = server.middleware_manager.execute_hooks(:before_tool_call, context)
-        return handle_middleware_error(context) if context.error?
 
         begin
+          session_context = authenticate_session!(session, server, operation_type: :tool_call, operation_name: tool_name)
+
+          context = server.middleware_manager.execute_hooks(:before_tool_call, context)
+          return handle_middleware_error(context) if context.error?
+
+          tool_name = context.params["name"] || tool_name
+          arguments = context.params["arguments"] || {}
           tool = find_tool!(tool_name, server)
-          security_result = validate_tool_security!(session, tool, server)
+          authorize_action!(session_context, :call, tool, server)
           validate_input_arguments!(tool_name, tool, arguments)
 
-          result = execute_tool_handler(tool, arguments, security_result, session)
+          result = execute_tool_handler(tool, arguments, session)
           context.result = build_tool_result(result)
 
           context = server.middleware_manager.execute_hooks(:after_tool_call, context)
@@ -99,16 +102,19 @@ module VectorMCP
       # @raise [VectorMCP::ForbiddenError] if authorization fails.
       def self.read_resource(params, session, server)
         uri_s = params["uri"]
-
         context = create_resource_context(uri_s, params, session, server)
-        context = server.middleware_manager.execute_hooks(:before_resource_read, context)
-        return handle_middleware_error(context) if context.error?
 
         begin
+          session_context = authenticate_session!(session, server, operation_type: :resource_read, operation_name: uri_s)
+
+          context = server.middleware_manager.execute_hooks(:before_resource_read, context)
+          return handle_middleware_error(context) if context.error?
+
+          uri_s = context.params["uri"] || uri_s
           resource = find_resource!(uri_s, server)
-          security_result = validate_resource_security!(session, resource, server)
+          authorize_action!(session_context, :read, resource, server)
 
-          content_raw = execute_resource_handler(resource, params, security_result)
+          content_raw = execute_resource_handler(resource, context.params, session_context)
           contents = process_resource_content(content_raw, resource, uri_s)
 
           context.result = { contents: contents }
@@ -195,9 +201,11 @@ module VectorMCP
         return handle_middleware_error(context) if context.error?
 
         begin
+          context_params = context.params
+          prompt_name = context_params["name"] || prompt_name
           prompt = fetch_prompt(prompt_name, server)
 
-          arguments = params["arguments"] || {}
+          arguments = context_params["arguments"] || {}
           validate_arguments!(prompt_name, prompt, arguments)
 
           # Call the registered handler after arguments were validated
@@ -491,15 +499,34 @@ module VectorMCP
         tool
       end
 
-      # Validate tool security
-      def self.validate_tool_security!(session, tool, server)
-        security_result = check_tool_security(session, tool, server)
-        handle_security_failure(security_result) unless security_result[:success]
-        security_result
+      # Resolve the session authentication state before operation middleware runs.
+      def self.authenticate_session!(session, server, operation_type:, operation_name:)
+        request = extract_request_from_session(session)
+        context = create_auth_context(operation_type, operation_name, request, session, server)
+        context = server.middleware_manager.execute_hooks(:before_auth, context)
+        raise context.error if context.error?
+
+        request = context.params
+        session_context = if server.security_middleware.respond_to?(:authenticate_request)
+                            server.security_middleware.authenticate_request(request)
+                          else
+                            legacy_result = server.security_middleware.process_request(request)
+                            legacy_result[:session_context]
+                          end
+        session.security_context = session_context if session.respond_to?(:security_context=)
+
+        auth_required = server.respond_to?(:auth_manager) ? server.auth_manager.required? : false
+        raise VectorMCP::UnauthorizedError, "Authentication required" if auth_required && !session_context.authenticated?
+
+        context.result = session_context
+        server.middleware_manager.execute_hooks(:after_auth, context)
+        session_context
+      rescue StandardError => e
+        handle_auth_error(e, context, server)
       end
 
       # Execute tool handler with proper arity handling
-      def self.execute_tool_handler(tool, arguments, _security_result, session)
+      def self.execute_tool_handler(tool, arguments, session)
         if [1, -1].include?(tool.handler.arity)
           tool.handler.call(arguments)
         else
@@ -546,18 +573,24 @@ module VectorMCP
       end
 
       # Validate resource security
-      def self.validate_resource_security!(session, resource, server)
-        security_result = check_resource_security(session, resource, server)
-        handle_security_failure(security_result) unless security_result[:success]
-        security_result
+      def self.authorize_action!(session_context, action, resource, server)
+        authorized = if server.security_middleware.respond_to?(:authorize_action)
+                       server.security_middleware.authorize_action(session_context, action, resource)
+                     else
+                       legacy_result = server.security_middleware.process_request({}, action: action, resource: resource)
+                       legacy_result[:success]
+                     end
+        return if authorized
+
+        raise VectorMCP::ForbiddenError, "Access denied"
       end
 
       # Execute resource handler with proper arity handling
-      def self.execute_resource_handler(resource, params, security_result)
+      def self.execute_resource_handler(resource, params, session_context)
         if [1, -1].include?(resource.handler.arity)
           resource.handler.call(params)
         else
-          resource.handler.call(params, security_result[:session_context])
+          resource.handler.call(params, session_context)
         end
       end
 
@@ -579,10 +612,32 @@ module VectorMCP
         context.result
       end
 
-      private_class_method :handle_middleware_error, :create_tool_context, :find_tool!, :validate_tool_security!,
+      # Create middleware context for authentication hooks.
+      def self.create_auth_context(operation_type, operation_name, request, session, server)
+        VectorMCP::Middleware::Context.new(
+          operation_type: operation_type,
+          operation_name: operation_name,
+          params: request,
+          session: session,
+          server: server,
+          metadata: { start_time: Time.now }
+        )
+      end
+
+      # Run auth error hooks and re-raise the original error.
+      def self.handle_auth_error(error, context, server)
+        return raise error unless context
+
+        context.error = error
+        server.middleware_manager.execute_hooks(:on_auth_error, context)
+        raise error
+      end
+
+      private_class_method :handle_middleware_error, :create_tool_context, :find_tool!, :authenticate_session!,
                            :execute_tool_handler, :build_tool_result, :handle_tool_error, :create_resource_context,
-                           :find_resource!, :validate_resource_security!, :execute_resource_handler,
-                           :process_resource_content, :handle_resource_error
+                           :find_resource!, :authorize_action!, :execute_resource_handler,
+                           :process_resource_content, :handle_resource_error, :create_auth_context,
+                           :handle_auth_error
     end
   end
 end

data/lib/vector_mcp/image_util.rb

@@ -231,29 +231,52 @@ module VectorMCP
     #     base_directory: "/app/uploads"
     #   )
     def file_to_mcp_image_content(file_path, validate: true, max_size: DEFAULT_MAX_SIZE, base_directory: nil)
-      validate_path_safety!(file_path, base_directory) if base_directory
+      validated_path = validate_path_safety!(file_path, base_directory)
 
-      raise ArgumentError, "Image file not found: #{file_path}" unless File.exist?(file_path)
+      raise ArgumentError, "Image file not found: #{validated_path}" unless File.exist?(validated_path)
 
-      raise ArgumentError, "Image file not readable: #{file_path}" unless File.readable?(file_path)
+      raise ArgumentError, "Image file not readable: #{validated_path}" unless File.readable?(validated_path)
 
-      binary_data = File.binread(file_path)
+      binary_data = File.binread(validated_path)
       to_mcp_image_content(binary_data, validate: validate, max_size: max_size)
     end
 
-    # Validates that a file path does not escape the given base directory.
+    # Validates that a file path is safe to access.
+    #
+    # When +base_directory+ is provided, the resolved path must reside within it.
+    # When +base_directory+ is omitted, the path is still canonicalized and
+    # rejected if it contains path traversal sequences (+..+) that resolve
+    # outside the current working directory.
     #
     # @param file_path [String] The file path to validate.
-    # @param base_directory [String] The base directory boundary.
-    # @raise [ArgumentError] If the resolved path is outside base_directory.
+    # @param base_directory [String, nil] Optional base directory boundary.
+    # @return [String] The canonicalized, validated path.
+    # @raise [ArgumentError] If path traversal is detected.
     # @api private
     def validate_path_safety!(file_path, base_directory)
-      resolved_base = File.expand_path(base_directory)
-      resolved_path = File.expand_path(file_path, resolved_base)
+      if base_directory
+        resolved_base = File.expand_path(base_directory)
+        resolved_path = File.expand_path(file_path, resolved_base)
 
-      return if resolved_path.start_with?("#{resolved_base}/") || resolved_path == resolved_base
+        unless resolved_path.start_with?("#{resolved_base}/") || resolved_path == resolved_base
+          raise ArgumentError, "Path traversal detected: resolved path is outside the allowed base directory"
+        end
+      else
+        resolved_path = File.expand_path(file_path)
+
+        # Reject paths that use traversal sequences to escape upward, even without
+        # an explicit base directory.  This catches the common case of
+        # user-supplied input like "../../etc/passwd".
+        if file_path.to_s.include?("..")
+          canonical_base = File.expand_path(".")
+          unless resolved_path.start_with?("#{canonical_base}/") || resolved_path == canonical_base
+            raise ArgumentError,
+                  "Path traversal detected: '#{file_path}' resolves outside the working directory"
+          end
+        end
+      end
 
-      raise ArgumentError, "Path traversal detected: resolved path is outside the allowed base directory"
+      resolved_path
     end
 
     # Extracts image metadata from binary data.

data/lib/vector_mcp/middleware/base.rb

@@ -147,11 +147,7 @@ module VectorMCP
       # @param context [VectorMCP::Middleware::Context] Execution context
       # @param new_params [Hash] New parameters to set
       def modify_params(context, new_params)
-        if context.respond_to?(:params=)
-          context.params = new_params
-        else
-          @logger.warn("Cannot modify immutable params in context")
-        end
+        context.params = new_params
       end
 
       # Helper method to modify response result

data/lib/vector_mcp/middleware/context.rb

@@ -18,7 +18,7 @@ module VectorMCP
       def initialize(options = {})
         @operation_type = options[:operation_type]
         @operation_name = options[:operation_name]
-        @params = (options[:params] || {}).dup.freeze # Immutable copy
+        self.params = options[:params]
         @session = options[:session]
         @server = options[:server]
         @metadata = (options[:metadata] || {}).dup
@@ -27,6 +27,16 @@ module VectorMCP
         @skip_remaining_hooks = false
       end
 
+      # Replace request parameters for the current operation.
+      #
+      # @param value [Hash, nil] New request parameters.
+      # @return [Hash] The normalized parameter hash.
+      def params=(value)
+        raise ArgumentError, "params must be a Hash" unless value.nil? || value.is_a?(Hash)
+
+        @params = (value || {}).dup
+      end
+
       # Check if operation completed successfully
       # @return [Boolean] true if no error occurred
       def success?

data/lib/vector_mcp/rails/tool.rb

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+require "active_record"
+require "active_support/core_ext/hash/indifferent_access"
+require "vector_mcp/tool"
+
+module VectorMCP
+  module Rails
+    # Rails-aware base class for declarative tool definitions.
+    #
+    # Adds ergonomics for the common patterns that show up in ActiveRecord-
+    # backed MCP tools:
+    #
+    # * +find!+ -- fetch a record or raise +VectorMCP::NotFoundError+
+    # * +respond_with+ -- standard success/error payload from a record
+    # * +with_transaction+ -- wrap a mutation in an AR transaction
+    # * Auto-rescue of +ActiveRecord::RecordNotFound+ (-> NotFoundError)
+    #   and +ActiveRecord::RecordInvalid+ (-> error payload)
+    # * Arguments delivered to +#call+ as a +HashWithIndifferentAccess+
+    #   so +args[:id]+ and +args["id"]+ both work
+    #
+    # @example
+    #   class UpdateProvider < VectorMCP::Rails::Tool
+    #     tool_name   "update_provider"
+    #     description "Update an existing provider"
+    #
+    #     param :id,   type: :integer, required: true
+    #     param :name, type: :string
+    #
+    #     def call(args, _session)
+    #       provider = find!(Provider, args[:id])
+    #       provider.update(args.except(:id))
+    #       respond_with(provider, name: provider.name)
+    #     end
+    #   end
+    class Tool < VectorMCP::Tool
+      # Overrides the parent handler to add indifferent-access args and
+      # auto-rescue ActiveRecord exceptions.
+      def self.build_handler
+        klass = self
+        params = @params
+        lambda do |args, session|
+          coerced = klass.coerce_args(args, params).with_indifferent_access
+          klass.new.call(coerced, session)
+        rescue ActiveRecord::RecordNotFound => e
+          raise VectorMCP::NotFoundError, e.message
+        rescue ActiveRecord::RecordInvalid => e
+          { success: false, errors: e.record.errors.full_messages }
+        end
+      end
+      private_class_method :build_handler
+
+      # Finds a record by id or raises VectorMCP::NotFoundError.
+      #
+      # @param model [Class] an ActiveRecord model class
+      # @param id [Integer, String] the record id
+      # @return [ActiveRecord::Base]
+      def find!(model, id)
+        model.find_by(id: id) ||
+          raise(VectorMCP::NotFoundError, "#{model.name} #{id} not found")
+      end
+
+      # Builds a standard response payload from a record.
+      #
+      # Success shape: +{ success: true, id: record.id, **extras }+
+      # Error shape:   +{ success: false, errors: record.errors.full_messages }+
+      #
+      # @param record [ActiveRecord::Base]
+      # @param extras [Hash] additional keys to merge into the success payload
+      # @return [Hash]
+      def respond_with(record, **extras)
+        if record.persisted? && record.errors.empty?
+          { success: true, id: record.id, **extras }
+        else
+          { success: false, errors: record.errors.full_messages }
+        end
+      end
+
+      # Runs the given block inside an ActiveRecord transaction.
+      def with_transaction(&)
+        ActiveRecord::Base.transaction(&)
+      end
+    end
+  end
+end

data/lib/vector_mcp/request_context.rb

@@ -92,7 +92,7 @@ module VectorMCP
     end
 
     # Create a minimal request context for non-HTTP transports.
-    # This is useful for stdio and other command-line transports.
+    # This is useful for non-HTTP transports or testing contexts.
     #
     # @param transport_type [String] The transport type identifier
     # @return [RequestContext] A minimal request context

data/lib/vector_mcp/security/middleware.rb

@@ -120,11 +120,11 @@ module VectorMCP
       # @param transport_request [Object] the transport request
       # @return [Hash] extracted request data
       def extract_request_data(transport_request)
-        # Handle Rack environment (for SSE transport)
+        # Handle Rack environment (for HTTP transports)
         if transport_request.respond_to?(:[]) && transport_request["REQUEST_METHOD"]
           extract_from_rack_env(transport_request)
         else
-          # Default fallback
+          # Default fallback for non-HTTP request formats
           { headers: {}, params: {} }
         end
       end

data/lib/vector_mcp/server/capabilities.rb

@@ -43,11 +43,8 @@ module VectorMCP
 
         notification_method = "notifications/prompts/list_changed"
         begin
-          if transport.respond_to?(:broadcast_notification)
-            logger.debug("Broadcasting prompts list changed notification.")
-            transport.broadcast_notification(notification_method)
-          elsif transport.respond_to?(:send_notification)
-            logger.debug("Sending prompts list changed notification (transport may broadcast or send to first client).")
+          if transport.respond_to?(:send_notification)
+            logger.debug("Sending prompts list changed notification.")
             transport.send_notification(notification_method)
           else
             logger.warn("Transport does not support sending notifications/prompts/list_changed.")
@@ -70,11 +67,8 @@ module VectorMCP
 
         notification_method = "notifications/roots/list_changed"
         begin
-          if transport.respond_to?(:broadcast_notification)
-            logger.debug("Broadcasting roots list changed notification.")
-            transport.broadcast_notification(notification_method)
-          elsif transport.respond_to?(:send_notification)
-            logger.debug("Sending roots list changed notification (transport may broadcast or send to first client).")
+          if transport.respond_to?(:send_notification)
+            logger.debug("Sending roots list changed notification.")
             transport.send_notification(notification_method)
           else
             logger.warn("Transport does not support sending notifications/roots/list_changed.")

data/lib/vector_mcp/server/registry.rb

@@ -29,6 +29,38 @@ module VectorMCP
         self
       end
 
+      # Registers one or more class-based tool definitions with the server.
+      #
+      # Each argument must be a subclass of +VectorMCP::Tool+ that declares
+      # its metadata via the class-level DSL (+tool_name+, +description+,
+      # +param+) and implements +#call+.
+      #
+      # @param tool_classes [Array<Class>] One or more +VectorMCP::Tool+ subclasses.
+      # @return [self] The server instance, for chaining.
+      # @raise [ArgumentError] If any argument is not a +VectorMCP::Tool+ subclass.
+      #
+      # @example Register a single tool
+      #   server.register(ListProviders)
+      #
+      # @example Register multiple tools
+      #   server.register(ListProviders, CreateProvider, UpdateProvider)
+      def register(*tool_classes)
+        tool_classes.each do |tool_class|
+          unless tool_class.is_a?(Class) && tool_class < VectorMCP::Tool
+            raise ArgumentError, "#{tool_class.inspect} is not a VectorMCP::Tool subclass"
+          end
+
+          definition = tool_class.to_definition
+          register_tool(
+            name: definition.name,
+            description: definition.description,
+            input_schema: definition.input_schema,
+            &definition.handler
+          )
+        end
+        self
+      end
+
       # Registers a new resource with the server.
       #
       # @param uri [String, URI] The unique URI for the resource.
@@ -159,7 +191,7 @@ module VectorMCP
       # @param required_parameters [Array<String>] List of required parameter names.
       # @param block [Proc] The tool handler block.
       # @return [VectorMCP::Definitions::Tool] The registered tool.
-      def register_image_tool(name:, description:, image_parameter: "image", additional_parameters: {}, required_parameters: [], &block)
+      def register_image_tool(name:, description:, image_parameter: "image", additional_parameters: {}, required_parameters: [], &)
         # Build the input schema with image support
         image_property = {
           type: "string",
@@ -180,7 +212,7 @@ module VectorMCP
           name: name,
           description: description,
           input_schema: input_schema,
-          &block
+          &
         )
       end
 
@@ -192,13 +224,13 @@ module VectorMCP
       # @param additional_arguments [Array<Hash>] Additional prompt arguments.
       # @param block [Proc] The prompt handler block.
       # @return [VectorMCP::Definitions::Prompt] The registered prompt.
-      def register_image_prompt(name:, description:, image_argument: "image", additional_arguments: [], &block)
+      def register_image_prompt(name:, description:, image_argument: "image", additional_arguments: [], &)
         prompt = VectorMCP::Definitions::Prompt.with_image_support(
           name: name,
           description: description,
           image_argument_name: image_argument,
           additional_arguments: additional_arguments,
-          &block
+          &
         )
 
         register_prompt(

data/lib/vector_mcp/server.rb

@@ -5,8 +5,6 @@ require "logger"
 require_relative "definitions"
 require_relative "session"
 require_relative "errors"
-require_relative "transport/stdio" # Default transport
-# require_relative "transport/sse" # Load on demand to avoid async dependencies
 require_relative "handlers/core" # Default handlers
 require_relative "util" # Needed if not using Handlers::Core
 require_relative "server/registry"
@@ -26,7 +24,7 @@ module VectorMCP
   # It manages tools, resources, prompts, and handles the MCP message lifecycle.
   #
   # A server instance is typically initialized, configured with capabilities (tools,
-  # resources, prompts), and then run with a chosen transport mechanism (e.g., Stdio, SSE).
+  # resources, prompts), and then run with a chosen transport mechanism (e.g., HttpStream).
   #
   # @example Creating and running a simple server
   #   server = VectorMCP::Server.new(name: "MySimpleServer", version: "1.0")
@@ -39,7 +37,7 @@ module VectorMCP
   #     args["message"]
   #   end
   #
-  #   server.run(transport: :stdio) # Runs with Stdio transport by default
+  #   server.run # Runs with HttpStream transport by default
   #
   # @!attribute [r] logger
   #   @return [Logger] The logger instance for this server.
@@ -68,7 +66,10 @@ module VectorMCP
     include MessageHandling
 
     # The specific version of the Model Context Protocol this server implements.
-    PROTOCOL_VERSION = "2024-11-05"
+    PROTOCOL_VERSION = "2025-11-25"
+
+    # All protocol versions this server accepts via the MCP-Protocol-Version header.
+    SUPPORTED_PROTOCOL_VERSIONS = %w[2025-11-25 2025-03-26 2024-11-05].freeze
 
     attr_reader :logger, :name, :version, :protocol_version, :tools, :resources, :prompts, :roots, :in_flight_requests,
                 :auth_manager, :authorization, :security_middleware, :middleware_manager
@@ -134,33 +135,19 @@ module VectorMCP
 
     # Runs the server using the specified transport mechanism.
     #
-    # @param transport [:stdio, :sse, :http_stream, VectorMCP::Transport::Base] The transport to use.
-    #   Can be a symbol (`:stdio`, `:sse`, `:http_stream`) or an initialized transport instance.
-    #   If a symbol is provided, the method will instantiate the corresponding transport class.
-    #   If `:sse` is chosen, it uses Puma as the HTTP server (deprecated).
-    #   If `:http_stream` is chosen, it uses the MCP-compliant streamable HTTP transport.
-    # @param options [Hash] Transport-specific options (e.g., `:host`, `:port` for HTTP transports).
+    # @param transport [:http_stream, VectorMCP::Transport::Base] The transport to use.
+    #   Can be the symbol `:http_stream` or an initialized transport instance.
+    #   If `:http_stream` is provided, the method will instantiate the MCP-compliant streamable HTTP transport.
+    # @param options [Hash] Transport-specific options (e.g., `:host`, `:port`).
     #   These are passed to the transport's constructor if a symbol is provided for `transport`.
     # @return [void]
     # @raise [ArgumentError] if an unsupported transport symbol is given.
-    # @raise [NotImplementedError] if `:sse` transport is specified (currently a placeholder).
-    def run(transport: :stdio, **options)
+    def run(transport: :http_stream, **)
       active_transport = case transport
-                         when :stdio
-                           VectorMCP::Transport::Stdio.new(self, **options)
-                         when :sse
-                           begin
-                             require_relative "transport/sse"
-                             logger.warn("SSE transport is deprecated. Please use :http_stream instead.")
-                             VectorMCP::Transport::SSE.new(self, **options)
-                           rescue LoadError => e
-                             logger.fatal("SSE transport requires additional dependencies.")
-                             raise NotImplementedError, "SSE transport dependencies not available: #{e.message}"
-                           end
                          when :http_stream
                            begin
                              require_relative "transport/http_stream"
-                             VectorMCP::Transport::HttpStream.new(self, **options)
+                             VectorMCP::Transport::HttpStream.new(self, **)
                            rescue LoadError => e
                              logger.fatal("HttpStream transport requires additional dependencies.")
                              raise NotImplementedError, "HttpStream transport dependencies not available: #{e.message}"
@@ -176,6 +163,26 @@ module VectorMCP
       active_transport.run
     end
 
+    # Returns the MCP server as a Rack application suitable for mounting inside
+    # another Rack-based framework (e.g., Rails, Sinatra).
+    #
+    # Unlike {#run}, this method does NOT start its own HTTP server or block.
+    # The returned object responds to `#call(env)` and can be mounted directly:
+    #
+    #   # config/routes.rb (Rails)
+    #   mount MCP_APP => "/mcp"
+    #
+    # Call `server.transport.stop` on application shutdown to clean up resources.
+    #
+    # @param options [Hash] Transport options (e.g., :session_timeout, :event_retention, :allowed_origins)
+    # @return [VectorMCP::Transport::HttpStream] A Rack-compatible app
+    def rack_app(**)
+      require_relative "transport/http_stream"
+      active_transport = VectorMCP::Transport::HttpStream.new(self, mounted: true, **)
+      self.transport = active_transport
+      active_transport
+    end
+
     # --- Security Configuration ---
 
     # Enable authentication with specified strategy and configuration
@@ -216,9 +223,9 @@ module VectorMCP
     # Enable authorization with optional policy configuration block
     # @param block [Proc] optional block for configuring authorization policies
     # @return [void]
-    def enable_authorization!(&block)
+    def enable_authorization!(&)
       @authorization.enable!
-      instance_eval(&block) if block_given?
+      instance_eval(&) if block_given?
       @logger.info("Authorization enabled")
     end
 
@@ -232,29 +239,29 @@ module VectorMCP
     # Add authorization policy for tools
     # @param block [Proc] policy block that receives (user, action, tool)
     # @return [void]
-    def authorize_tools(&block)
-      @authorization.add_policy(:tool, &block)
+    def authorize_tools(&)
+      @authorization.add_policy(:tool, &)
     end
 
     # Add authorization policy for resources
     # @param block [Proc] policy block that receives (user, action, resource)
     # @return [void]
-    def authorize_resources(&block)
-      @authorization.add_policy(:resource, &block)
+    def authorize_resources(&)
+      @authorization.add_policy(:resource, &)
     end
 
     # Add authorization policy for prompts
     # @param block [Proc] policy block that receives (user, action, prompt)
     # @return [void]
-    def authorize_prompts(&block)
-      @authorization.add_policy(:prompt, &block)
+    def authorize_prompts(&)
+      @authorization.add_policy(:prompt, &)
     end
 
     # Add authorization policy for roots
     # @param block [Proc] policy block that receives (user, action, root)
     # @return [void]
-    def authorize_roots(&block)
-      @authorization.add_policy(:root, &block)
+    def authorize_roots(&)
+      @authorization.add_policy(:root, &)
     end
 
     # Check if security features are enabled
@@ -331,8 +338,8 @@ module VectorMCP
     # Add custom authentication strategy
     # @param handler [Proc] custom authentication handler block
     # @return [void]
-    def add_custom_auth(&block)
-      strategy = Security::Strategies::Custom.new(&block)
+    def add_custom_auth(&)
+      strategy = Security::Strategies::Custom.new(&)
       @auth_manager.add_strategy(:custom, strategy)
     end
 
@@ -347,7 +354,7 @@ module VectorMCP
 
   module Transport
     # Dummy base class placeholder used only for argument validation in tests.
-    # Real transport classes (e.g., Stdio, SSE) are separate concrete classes.
+    # Real transport classes (e.g., HttpStream) are separate concrete classes.
     class Base # :nodoc:
     end
   end