vector_mcp 0.3.4 → 0.5.0

data/lib/vector_mcp/handlers/core.rb

@@ -52,18 +52,21 @@ module VectorMCP
       # @raise [VectorMCP::ForbiddenError] if authorization fails.
       def self.call_tool(params, session, server)
         tool_name = params["name"]
-        arguments = params["arguments"] || {}
-
         context = create_tool_context(tool_name, params, session, server)
-        context = server.middleware_manager.execute_hooks(:before_tool_call, context)
-        return handle_middleware_error(context) if context.error?
 
         begin
+          session_context = authenticate_request!(session, server, operation_type: :tool_call, operation_name: tool_name)
+
+          context = server.middleware_manager.execute_hooks(:before_tool_call, context)
+          return handle_middleware_error(context) if context.error?
+
+          tool_name = context.params["name"] || tool_name
+          arguments = context.params["arguments"] || {}
           tool = find_tool!(tool_name, server)
-          security_result = validate_tool_security!(session, tool, server)
-          validate_input_arguments!(tool_name, tool, arguments)
+          authorize_action!(session_context, :call, tool, server)
+          validate_tool_arguments!(tool_name, tool, arguments)
 
-          result = execute_tool_handler(tool, arguments, security_result, session)
+          result = execute_tool_handler(tool, arguments, session)
           context.result = build_tool_result(result)
 
           context = server.middleware_manager.execute_hooks(:after_tool_call, context)
@@ -99,16 +102,19 @@ module VectorMCP
       # @raise [VectorMCP::ForbiddenError] if authorization fails.
       def self.read_resource(params, session, server)
         uri_s = params["uri"]
-
         context = create_resource_context(uri_s, params, session, server)
-        context = server.middleware_manager.execute_hooks(:before_resource_read, context)
-        return handle_middleware_error(context) if context.error?
 
         begin
+          session_context = authenticate_request!(session, server, operation_type: :resource_read, operation_name: uri_s)
+
+          context = server.middleware_manager.execute_hooks(:before_resource_read, context)
+          return handle_middleware_error(context) if context.error?
+
+          uri_s = context.params["uri"] || uri_s
           resource = find_resource!(uri_s, server)
-          security_result = validate_resource_security!(session, resource, server)
+          authorize_action!(session_context, :read, resource, server)
 
-          content_raw = execute_resource_handler(resource, params, security_result)
+          content_raw = execute_resource_handler(resource, context.params, session_context)
           contents = process_resource_content(content_raw, resource, uri_s)
 
           context.result = { contents: contents }
@@ -195,10 +201,12 @@ module VectorMCP
         return handle_middleware_error(context) if context.error?
 
         begin
+          context_params = context.params
+          prompt_name = context_params["name"] || prompt_name
           prompt = fetch_prompt(prompt_name, server)
 
-          arguments = params["arguments"] || {}
-          validate_arguments!(prompt_name, prompt, arguments)
+          arguments = context_params["arguments"] || {}
+          validate_prompt_arguments!(prompt_name, prompt, arguments)
 
           # Call the registered handler after arguments were validated
           result_data = prompt.handler.call(arguments)
@@ -272,7 +280,7 @@ module VectorMCP
       # @param arguments [Hash] The arguments supplied by the client.
       # @return [void]
       # @raise [VectorMCP::InvalidParamsError] if arguments are invalid (e.g., missing, unknown, wrong type).
-      def self.validate_arguments!(prompt_name, prompt, arguments)
+      def self.validate_prompt_arguments!(prompt_name, prompt, arguments)
         ensure_hash!(prompt_name, arguments, "arguments")
 
         arg_defs = prompt.respond_to?(:arguments) ? (prompt.arguments || []) : []
@@ -283,7 +291,7 @@ module VectorMCP
         raise VectorMCP::InvalidParamsError.new("Invalid arguments",
                                                 details: build_invalid_arg_details(prompt_name, missing, unknown))
       end
-      private_class_method :validate_arguments!
+      private_class_method :validate_prompt_arguments!
 
       # Ensures a given value is a Hash.
       # @api private
@@ -361,7 +369,7 @@ module VectorMCP
       # @param arguments [Hash] The arguments supplied by the client.
       # @return [void]
       # @raise [VectorMCP::InvalidParamsError] if arguments fail validation.
-      def self.validate_input_arguments!(tool_name, tool, arguments)
+      def self.validate_tool_arguments!(tool_name, tool, arguments)
         return unless tool.input_schema.is_a?(Hash)
         return if tool.input_schema.empty?
 
@@ -389,41 +397,14 @@ module VectorMCP
           }
         )
       end
-      private_class_method :validate_input_arguments!
+      private_class_method :validate_tool_arguments!
       private_class_method :raise_tool_validation_error
 
-      # Security helper methods
-
-      # Check security for tool access
-      # @api private
-      # @param session [VectorMCP::Session] The current session
-      # @param tool [VectorMCP::Definitions::Tool] The tool being accessed
-      # @param server [VectorMCP::Server] The server instance
-      # @return [Hash] Security check result
-      def self.check_tool_security(session, tool, server)
-        # Extract request context from session for security middleware
-        request = extract_request_from_session(session)
-        server.security_middleware.process_request(request, action: :call, resource: tool)
-      end
-      private_class_method :check_tool_security
-
-      # Check security for resource access
-      # @api private
-      # @param session [VectorMCP::Session] The current session
-      # @param resource [VectorMCP::Definitions::Resource] The resource being accessed
-      # @param server [VectorMCP::Server] The server instance
-      # @return [Hash] Security check result
-      def self.check_resource_security(session, resource, server)
-        request = extract_request_from_session(session)
-        server.security_middleware.process_request(request, action: :read, resource: resource)
-      end
-      private_class_method :check_resource_security
-
       # Extract request context from session for security processing
       # @api private
       # @param session [VectorMCP::Session] The current session
       # @return [Hash] Request context for security middleware
-      def self.extract_request_from_session(session)
+      def self.extract_auth_credentials(session)
         # All sessions should have a request_context - this is enforced by Session initialization
         unless session.respond_to?(:request_context) && session.request_context
           raise VectorMCP::InternalError,
@@ -436,25 +417,7 @@ module VectorMCP
           session_id: session.id
         }
       end
-      private_class_method :extract_request_from_session
-
-      # Handle security failure by raising appropriate error
-      # @api private
-      # @param security_result [Hash] The security check result
-      # @return [void]
-      # @raise [VectorMCP::UnauthorizedError, VectorMCP::ForbiddenError]
-      def self.handle_security_failure(security_result)
-        case security_result[:error_code]
-        when "AUTHENTICATION_REQUIRED"
-          raise VectorMCP::UnauthorizedError, security_result[:error]
-        when "AUTHORIZATION_FAILED"
-          raise VectorMCP::ForbiddenError, security_result[:error]
-        else
-          # Fallback to generic unauthorized error
-          raise VectorMCP::UnauthorizedError, security_result[:error] || "Security check failed"
-        end
-      end
-      private_class_method :handle_security_failure
+      private_class_method :extract_auth_credentials
 
       # Handle middleware error by returning appropriate response or raising error
       # @api private
@@ -491,15 +454,27 @@ module VectorMCP
         tool
       end
 
-      # Validate tool security
-      def self.validate_tool_security!(session, tool, server)
-        security_result = check_tool_security(session, tool, server)
-        handle_security_failure(security_result) unless security_result[:success]
-        security_result
+      # Authenticate the current request and return the caller's identity.
+      def self.authenticate_request!(session, server, operation_type:, operation_name:)
+        request = extract_auth_credentials(session)
+        context = create_auth_context(operation_type, operation_name, request, session, server)
+        context = server.middleware_manager.execute_hooks(:before_auth, context)
+        raise context.error if context.error?
+
+        session_context = server.security_middleware.authenticate_request(context.params)
+        session.security_context = session_context if session.respond_to?(:security_context=)
+
+        raise VectorMCP::UnauthorizedError, "Authentication required" if server.auth_manager.required? && !session_context.authenticated?
+
+        context.result = session_context
+        server.middleware_manager.execute_hooks(:after_auth, context)
+        session_context
+      rescue StandardError => e
+        handle_auth_error(e, context, server)
       end
 
       # Execute tool handler with proper arity handling
-      def self.execute_tool_handler(tool, arguments, _security_result, session)
+      def self.execute_tool_handler(tool, arguments, session)
         if [1, -1].include?(tool.handler.arity)
           tool.handler.call(arguments)
         else
@@ -545,19 +520,19 @@ module VectorMCP
         server.resources[uri_s]
       end
 
-      # Validate resource security
-      def self.validate_resource_security!(session, resource, server)
-        security_result = check_resource_security(session, resource, server)
-        handle_security_failure(security_result) unless security_result[:success]
-        security_result
+      # Check authorization and raise ForbiddenError if denied
+      def self.authorize_action!(session_context, action, resource, server)
+        return if server.security_middleware.authorize_action(session_context, action, resource)
+
+        raise VectorMCP::ForbiddenError, "Access denied"
       end
 
       # Execute resource handler with proper arity handling
-      def self.execute_resource_handler(resource, params, security_result)
+      def self.execute_resource_handler(resource, params, session_context)
         if [1, -1].include?(resource.handler.arity)
           resource.handler.call(params)
         else
-          resource.handler.call(params, security_result[:session_context])
+          resource.handler.call(params, session_context)
         end
       end
 
@@ -579,10 +554,32 @@ module VectorMCP
         context.result
       end
 
-      private_class_method :handle_middleware_error, :create_tool_context, :find_tool!, :validate_tool_security!,
+      # Create middleware context for authentication hooks.
+      def self.create_auth_context(operation_type, operation_name, request, session, server)
+        VectorMCP::Middleware::Context.new(
+          operation_type: operation_type,
+          operation_name: operation_name,
+          params: request,
+          session: session,
+          server: server,
+          metadata: { start_time: Time.now }
+        )
+      end
+
+      # Run auth error hooks and re-raise the original error.
+      def self.handle_auth_error(error, context, server)
+        return raise error unless context
+
+        context.error = error
+        server.middleware_manager.execute_hooks(:on_auth_error, context)
+        raise error
+      end
+
+      private_class_method :handle_middleware_error, :create_tool_context, :find_tool!, :authenticate_request!,
                            :execute_tool_handler, :build_tool_result, :handle_tool_error, :create_resource_context,
-                           :find_resource!, :validate_resource_security!, :execute_resource_handler,
-                           :process_resource_content, :handle_resource_error
+                           :find_resource!, :authorize_action!, :execute_resource_handler,
+                           :process_resource_content, :handle_resource_error, :create_auth_context,
+                           :handle_auth_error
     end
   end
 end

data/lib/vector_mcp/image_util.rb

@@ -231,29 +231,52 @@ module VectorMCP
     #     base_directory: "/app/uploads"
     #   )
     def file_to_mcp_image_content(file_path, validate: true, max_size: DEFAULT_MAX_SIZE, base_directory: nil)
-      validate_path_safety!(file_path, base_directory) if base_directory
+      validated_path = validate_path_safety!(file_path, base_directory)
 
-      raise ArgumentError, "Image file not found: #{file_path}" unless File.exist?(file_path)
+      raise ArgumentError, "Image file not found: #{validated_path}" unless File.exist?(validated_path)
 
-      raise ArgumentError, "Image file not readable: #{file_path}" unless File.readable?(file_path)
+      raise ArgumentError, "Image file not readable: #{validated_path}" unless File.readable?(validated_path)
 
-      binary_data = File.binread(file_path)
+      binary_data = File.binread(validated_path)
       to_mcp_image_content(binary_data, validate: validate, max_size: max_size)
     end
 
-    # Validates that a file path does not escape the given base directory.
+    # Validates that a file path is safe to access.
+    #
+    # When +base_directory+ is provided, the resolved path must reside within it.
+    # When +base_directory+ is omitted, the path is still canonicalized and
+    # rejected if it contains path traversal sequences (+..+) that resolve
+    # outside the current working directory.
     #
     # @param file_path [String] The file path to validate.
-    # @param base_directory [String] The base directory boundary.
-    # @raise [ArgumentError] If the resolved path is outside base_directory.
+    # @param base_directory [String, nil] Optional base directory boundary.
+    # @return [String] The canonicalized, validated path.
+    # @raise [ArgumentError] If path traversal is detected.
     # @api private
     def validate_path_safety!(file_path, base_directory)
-      resolved_base = File.expand_path(base_directory)
-      resolved_path = File.expand_path(file_path, resolved_base)
+      if base_directory
+        resolved_base = File.expand_path(base_directory)
+        resolved_path = File.expand_path(file_path, resolved_base)
 
-      return if resolved_path.start_with?("#{resolved_base}/") || resolved_path == resolved_base
+        unless resolved_path.start_with?("#{resolved_base}/") || resolved_path == resolved_base
+          raise ArgumentError, "Path traversal detected: resolved path is outside the allowed base directory"
+        end
+      else
+        resolved_path = File.expand_path(file_path)
+
+        # Reject paths that use traversal sequences to escape upward, even without
+        # an explicit base directory.  This catches the common case of
+        # user-supplied input like "../../etc/passwd".
+        if file_path.to_s.include?("..")
+          canonical_base = File.expand_path(".")
+          unless resolved_path.start_with?("#{canonical_base}/") || resolved_path == canonical_base
+            raise ArgumentError,
+                  "Path traversal detected: '#{file_path}' resolves outside the working directory"
+          end
+        end
+      end
 
-      raise ArgumentError, "Path traversal detected: resolved path is outside the allowed base directory"
+      resolved_path
     end
 
     # Extracts image metadata from binary data.

data/lib/vector_mcp/middleware/anonymizer.rb

@@ -0,0 +1,186 @@
+# frozen_string_literal: true
+
+require "json"
+
+require_relative "base"
+require_relative "../token_store"
+require_relative "../util/token_sweeper"
+
+module VectorMCP
+  module Middleware
+    # Middleware that rewrites selected string fields in outbound tool
+    # results into opaque tokens and restores them on inbound tool
+    # invocations. All domain knowledge (which keys to match, token
+    # prefixes, which keys to treat as atomic blobs) is supplied by the
+    # application via the constructor.
+    #
+    # @example Wiring on a server
+    #   anonymizer = VectorMCP::Middleware::Anonymizer.new(
+    #     store:       VectorMCP::TokenStore.new,
+    #     field_rules: [
+    #       { pattern: /\bname\b/i, prefix: "NAME"  },
+    #       { pattern: /email/i,    prefix: "EMAIL" }
+    #     ],
+    #     atomic_keys: /address/i
+    #   )
+    #   anonymizer.install_on(server)
+    class Anonymizer
+      # @param store [VectorMCP::TokenStore] the backing token store.
+      # @param field_rules [Array<Hash>] an array of +{ pattern: Regexp, prefix: String }+
+      #   hashes. The pattern is matched against each Hash key whose value is a String.
+      # @param atomic_keys [Regexp, nil] optional pattern; Hash values whose parent
+      #   key matches are serialized and tokenized as a single opaque unit instead
+      #   of recursed into.
+      def initialize(store:, field_rules:, atomic_keys: nil)
+        raise ArgumentError, "store is required"       if store.nil?
+        raise ArgumentError, "field_rules is required" if field_rules.nil?
+
+        @store = store
+        @field_rules = field_rules.map { |rule| validate_rule!(rule) }.freeze
+        @atomic_keys = atomic_keys
+      end
+
+      # Tokenize sensitive string fields in an outbound payload.
+      #
+      # @param obj [Object] a parsed JSON-like Ruby structure.
+      # @return [Object] a new structure with matched values replaced by tokens.
+      def sweep_outbound(obj)
+        replace_atomic_nodes(obj).then do |shaped|
+          VectorMCP::Util::TokenSweeper.sweep(shaped) do |value, parent_key|
+            rule = rule_for(parent_key)
+            rule ? @store.tokenize(value, prefix: rule[:prefix]) : value
+          end
+        end
+      end
+
+      # Resolve tokens in an inbound payload back to their original values.
+      # Unknown token-shaped strings pass through unchanged.
+      #
+      # @param obj [Object] a parsed JSON-like Ruby structure.
+      # @return [Object] a new structure with tokens resolved to original values.
+      def sweep_inbound(obj)
+        VectorMCP::Util::TokenSweeper.sweep(obj) do |value, _parent_key|
+          if @store.token?(value)
+            resolved = @store.resolve(value)
+            resolved.nil? ? value : resolved
+          else
+            value
+          end
+        end
+      end
+
+      # Middleware hook: rewrite tool arguments before the handler runs.
+      # @param context [VectorMCP::Middleware::Context]
+      def before_tool_call(context)
+        return unless context.params.is_a?(Hash)
+
+        arguments = context.params["arguments"]
+        return unless arguments.is_a?(Hash) || arguments.is_a?(Array)
+
+        context.params = context.params.merge("arguments" => sweep_inbound(arguments))
+      end
+
+      # Middleware hook: tokenize matched fields in the tool result.
+      # @param context [VectorMCP::Middleware::Context]
+      def after_tool_call(context)
+        return if context.result.nil?
+
+        context.result = sweep_outbound(context.result)
+      end
+
+      # Register this anonymizer instance on +server+ for the tool call
+      # lifecycle. Creates a thin adapter class so the middleware manager's
+      # argumentless instantiation can still deliver the configured instance.
+      #
+      # @param server [VectorMCP::Server] the server instance.
+      # @param priority [Integer] middleware priority.
+      # @return [Class] the adapter class registered with the server.
+      def install_on(server, priority: Hook::DEFAULT_PRIORITY)
+        instance = self
+        adapter = Class.new(Base) do
+          define_method(:before_tool_call) { |context| instance.before_tool_call(context) }
+          define_method(:after_tool_call)  { |context| instance.after_tool_call(context) }
+        end
+        server.use_middleware(adapter, %i[before_tool_call after_tool_call], priority: priority)
+        adapter
+      end
+
+      private
+
+      def validate_rule!(rule)
+        unless rule.is_a?(Hash) && rule[:pattern].is_a?(Regexp) && rule[:prefix].is_a?(String)
+          raise ArgumentError,
+                "each field_rule must be a Hash with :pattern (Regexp) and :prefix (String)"
+        end
+
+        rule
+      end
+
+      def rule_for(parent_key)
+        return nil if parent_key.nil?
+
+        key_string = parent_key.to_s
+        @field_rules.find { |rule| rule[:pattern].match?(key_string) }
+      end
+
+      def atomic_match?(parent_key)
+        return false if @atomic_keys.nil? || parent_key.nil?
+
+        @atomic_keys.match?(parent_key.to_s)
+      end
+
+      # First pass: collapse Hash nodes whose parent key matches +atomic_keys+
+      # into a single tokenized string. A fresh traversal avoids entanglement
+      # with the field-rule sweep that runs afterwards.
+      def replace_atomic_nodes(obj, parent_key = nil, visited = {}.compare_by_identity)
+        case obj
+        when Hash
+          return obj if visited[obj]
+
+          if atomic_match?(parent_key)
+            @store.tokenize(canonical_json(obj), prefix: atomic_prefix_for(parent_key))
+          else
+            visited[obj] = true
+            begin
+              obj.each_with_object({}) do |(key, value), out|
+                out[key] = replace_atomic_nodes(value, key, visited)
+              end
+            ensure
+              visited.delete(obj)
+            end
+          end
+        when Array
+          return obj if visited[obj]
+
+          visited[obj] = true
+          begin
+            obj.map { |element| replace_atomic_nodes(element, parent_key, visited) }
+          ensure
+            visited.delete(obj)
+          end
+        else
+          obj
+        end
+      end
+
+      # Atomic nodes use the prefix of the first field rule whose pattern
+      # matches the enclosing key. If no field rule matches, fall back to a
+      # neutral default so the token is still well-formed.
+      def atomic_prefix_for(parent_key)
+        rule_for(parent_key)&.dig(:prefix) || "ATOM"
+      end
+
+      def canonical_json(hash)
+        JSON.generate(canonicalize(hash))
+      end
+
+      def canonicalize(obj)
+        case obj
+        when Hash  then obj.keys.map(&:to_s).sort.to_h { |k| [k, canonicalize(obj[k] || obj[k.to_sym])] }
+        when Array then obj.map { |element| canonicalize(element) }
+        else obj
+        end
+      end
+    end
+  end
+end

data/lib/vector_mcp/middleware/base.rb

@@ -147,11 +147,7 @@ module VectorMCP
       # @param context [VectorMCP::Middleware::Context] Execution context
       # @param new_params [Hash] New parameters to set
       def modify_params(context, new_params)
-        if context.respond_to?(:params=)
-          context.params = new_params
-        else
-          @logger.warn("Cannot modify immutable params in context")
-        end
+        context.params = new_params
       end
 
       # Helper method to modify response result

data/lib/vector_mcp/middleware/context.rb

@@ -18,7 +18,7 @@ module VectorMCP
       def initialize(options = {})
         @operation_type = options[:operation_type]
         @operation_name = options[:operation_name]
-        @params = (options[:params] || {}).dup.freeze # Immutable copy
+        self.params = options[:params]
         @session = options[:session]
         @server = options[:server]
         @metadata = (options[:metadata] || {}).dup
@@ -27,6 +27,16 @@ module VectorMCP
         @skip_remaining_hooks = false
       end
 
+      # Replace request parameters for the current operation.
+      #
+      # @param value [Hash, nil] New request parameters.
+      # @return [Hash] The normalized parameter hash.
+      def params=(value)
+        raise ArgumentError, "params must be a Hash" unless value.nil? || value.is_a?(Hash)
+
+        @params = (value || {}).dup
+      end
+
       # Check if operation completed successfully
       # @return [Boolean] true if no error occurred
       def success?

data/lib/vector_mcp/middleware/hook.rb

@@ -4,7 +4,7 @@ module VectorMCP
   module Middleware
     # Represents a single middleware hook with priority and execution logic
     class Hook
-      attr_reader :middleware_class, :hook_type, :priority, :conditions
+      attr_reader :middleware_class, :hook_type, :operation_type, :priority, :conditions
 
       # Default priority for middleware (lower numbers execute first)
       DEFAULT_PRIORITY = 100
@@ -21,6 +21,8 @@ module VectorMCP
 
         validate_hook_type!
         validate_middleware_class!
+
+        @operation_type = HOOK_OPERATION_TYPES[@hook_type]
       end
 
       # Execute this hook with the given context
@@ -72,12 +74,12 @@ module VectorMCP
         raise ArgumentError, "middleware_class must inherit from VectorMCP::Middleware::Base"
       end
 
+      # Whether this hook's operation_type matches the context's. Transport- and
+      # auth-level hooks (operation_type == nil) match any context.
       def matches_operation_type?(context)
-        operation_prefix = @hook_type.split("_")[1..].join("_")
-
-        return true if transport_or_auth_hook?(operation_prefix)
+        return true if @operation_type.nil?
 
-        operation_matches?(operation_prefix, context.operation_type)
+        context.operation_type == @operation_type
       end
 
       def condition_matches?(key, value, context)
@@ -91,25 +93,6 @@ module VectorMCP
         end
       end
 
-      def transport_or_auth_hook?(operation_prefix)
-        %w[request response transport_error auth auth_error].include?(operation_prefix)
-      end
-
-      def operation_matches?(operation_prefix, operation_type)
-        case operation_prefix
-        when "tool_call", "tool_error"
-          operation_type == :tool_call
-        when "resource_read", "resource_error"
-          operation_type == :resource_read
-        when "prompt_get", "prompt_error"
-          operation_type == :prompt_get
-        when "sampling_request", "sampling_response", "sampling_error"
-          operation_type == :sampling
-        else
-          true
-        end
-      end
-
       def operation_condition_matches?(key, value, context)
         included = Array(value).include?(context.operation_name)
         key == :only_operations ? included : !included

data/lib/vector_mcp/middleware.rb

@@ -12,15 +12,32 @@ module VectorMCP
   # Middleware system for pluggable hooks around MCP operations
   # Allows developers to add custom behavior without modifying core code
   module Middleware
-    # Hook types available in the system
-    HOOK_TYPES = %w[
-      before_tool_call after_tool_call on_tool_error
-      before_resource_read after_resource_read on_resource_error
-      before_prompt_get after_prompt_get on_prompt_error
-      before_sampling_request after_sampling_response on_sampling_error
-      before_request after_response on_transport_error
-      before_auth after_auth on_auth_error
-    ].freeze
+    # Maps each hook type to the operation_type it matches. `nil` means the
+    # hook is transport- or auth-level and matches any operation_type.
+    # This is the single source of truth — HOOK_TYPES is derived from it.
+    HOOK_OPERATION_TYPES = {
+      "before_tool_call" => :tool_call,
+      "after_tool_call" => :tool_call,
+      "on_tool_error" => :tool_call,
+      "before_resource_read" => :resource_read,
+      "after_resource_read" => :resource_read,
+      "on_resource_error" => :resource_read,
+      "before_prompt_get" => :prompt_get,
+      "after_prompt_get" => :prompt_get,
+      "on_prompt_error" => :prompt_get,
+      "before_sampling_request" => :sampling,
+      "after_sampling_response" => :sampling,
+      "on_sampling_error" => :sampling,
+      "before_request" => nil,
+      "after_response" => nil,
+      "on_transport_error" => nil,
+      "before_auth" => nil,
+      "after_auth" => nil,
+      "on_auth_error" => nil
+    }.freeze
+
+    # Hook types available in the system (derived from HOOK_OPERATION_TYPES)
+    HOOK_TYPES = HOOK_OPERATION_TYPES.keys.freeze
 
     # Error raised when invalid hook type is specified
     class InvalidHookTypeError < VectorMCP::Error