@mseep/mcp-agent-social 1.1.0

package/src/middleware/timeout.ts

@@ -0,0 +1,216 @@
+// ABOUTME: Timeout management for MCP requests
+// ABOUTME: Prevents hanging requests and provides configurable timeout handling
+
+import { logger } from '../logger.js';
+import { McpTimeoutError } from './error-handler.js';
+
+// Simple async lock implementation for thread safety
+class AsyncLock {
+  private queue: Array<() => void> = [];
+  private locked = false;
+
+  async acquire(): Promise<() => void> {
+    return new Promise((resolve) => {
+      const unlock = () => {
+        this.locked = false;
+        const next = this.queue.shift();
+        if (next) {
+          this.locked = true;
+          next();
+        }
+      };
+
+      if (this.locked) {
+        this.queue.push(() => resolve(unlock));
+      } else {
+        this.locked = true;
+        resolve(unlock);
+      }
+    });
+  }
+}
+
+export interface TimeoutConfig {
+  defaultTimeout: number;
+  methodTimeouts: Record<string, number>;
+  maxTimeout: number;
+}
+
+export class TimeoutManager {
+  private readonly config: TimeoutConfig;
+  private timeoutCount = 0;
+  private activeTimeouts = new Set<NodeJS.Timeout>();
+  private readonly timeoutLock = new AsyncLock();
+
+  constructor(config?: Partial<TimeoutConfig>) {
+    this.config = {
+      defaultTimeout: 30000, // 30 seconds
+      maxTimeout: 120000, // 2 minutes
+      methodTimeouts: {
+        'tools/call': 60000, // Tool calls can take longer
+        'sampling/create': 90000, // LLM requests need more time
+        'resources/read': 10000, // Resource reads should be fast
+        'resources/list': 5000,
+        'tools/list': 5000,
+        'prompts/list': 5000,
+        'prompts/get': 10000,
+        'roots/list': 5000,
+        ...config?.methodTimeouts,
+      },
+      ...config,
+    };
+
+    logger.info('Timeout manager initialized', {
+      defaultTimeout: this.config.defaultTimeout,
+      maxTimeout: this.config.maxTimeout,
+      methodTimeouts: Object.keys(this.config.methodTimeouts).length,
+    });
+  }
+
+  /**
+   * Create a timeout promise for a specific method
+   */
+  createTimeout(method: string): Promise<never> {
+    const timeoutMs = this.getTimeoutForMethod(method);
+
+    return new Promise((_, reject) => {
+      const timeoutId = setTimeout(async () => {
+        // Use lock for thread-safe updates
+        const unlock = await this.timeoutLock.acquire();
+        try {
+          this.timeoutCount++;
+          this.activeTimeouts.delete(timeoutId);
+        } finally {
+          unlock();
+        }
+
+        logger.warn('Request timed out', {
+          method,
+          timeout: timeoutMs,
+          totalTimeouts: this.timeoutCount,
+        });
+
+        const error = new McpTimeoutError(`Request timed out after ${timeoutMs}ms`, timeoutMs);
+        reject(error);
+      }, timeoutMs);
+
+      // Thread-safe addition to active timeouts
+      this.activeTimeouts.add(timeoutId);
+    });
+  }
+
+  /**
+   * Create a timeout promise that can be cleared
+   */
+  createClearableTimeout(method: string): {
+    promise: Promise<never>;
+    clear: () => void;
+  } {
+    const timeoutMs = this.getTimeoutForMethod(method);
+    let timeoutId: NodeJS.Timeout;
+
+    const promise = new Promise<never>((_, reject) => {
+      timeoutId = setTimeout(async () => {
+        // Use lock for thread-safe updates
+        const unlock = await this.timeoutLock.acquire();
+        try {
+          this.timeoutCount++;
+          this.activeTimeouts.delete(timeoutId);
+        } finally {
+          unlock();
+        }
+
+        logger.warn('Request timed out', {
+          method,
+          timeout: timeoutMs,
+        });
+
+        const error = new McpTimeoutError(`Request timed out after ${timeoutMs}ms`, timeoutMs);
+        reject(error);
+      }, timeoutMs);
+
+      this.activeTimeouts.add(timeoutId);
+    });
+
+    const clear = async () => {
+      if (timeoutId) {
+        clearTimeout(timeoutId);
+        // Use lock for thread-safe removal
+        const unlock = await this.timeoutLock.acquire();
+        try {
+          this.activeTimeouts.delete(timeoutId);
+        } finally {
+          unlock();
+        }
+      }
+    };
+
+    return { promise, clear };
+  }
+
+  /**
+   * Wrap a promise with timeout
+   */
+  async withTimeout<T>(promise: Promise<T>, method: string): Promise<T> {
+    const { promise: timeoutPromise, clear } = this.createClearableTimeout(method);
+
+    try {
+      const result = await Promise.race([promise, timeoutPromise]);
+      clear();
+      return result;
+    } catch (error) {
+      clear();
+      throw error;
+    }
+  }
+
+  /**
+   * Get timeout duration for a specific method
+   */
+  private getTimeoutForMethod(method: string): number {
+    const methodTimeout = this.config.methodTimeouts[method];
+    if (methodTimeout) {
+      return Math.min(methodTimeout, this.config.maxTimeout);
+    }
+    return this.config.defaultTimeout;
+  }
+
+  /**
+   * Clear all active timeouts
+   */
+  async clearAllTimeouts(): Promise<void> {
+    const unlock = await this.timeoutLock.acquire();
+    try {
+      for (const timeoutId of this.activeTimeouts) {
+        clearTimeout(timeoutId);
+      }
+      this.activeTimeouts.clear();
+    } finally {
+      unlock();
+    }
+    logger.info('Cleared all active timeouts');
+  }
+
+  /**
+   * Get timeout statistics
+   */
+  getStats() {
+    return {
+      totalTimeouts: this.timeoutCount,
+      activeTimeouts: this.activeTimeouts.size,
+      config: {
+        defaultTimeout: this.config.defaultTimeout,
+        maxTimeout: this.config.maxTimeout,
+        methodTimeoutCount: Object.keys(this.config.methodTimeouts).length,
+      },
+    };
+  }
+
+  /**
+   * Update timeout configuration
+   */
+  updateConfig(newConfig: Partial<TimeoutConfig>): void {
+    Object.assign(this.config, newConfig);
+    logger.info('Timeout configuration updated', { config: this.config });
+  }
+}

package/src/middleware/validator.ts

@@ -0,0 +1,216 @@
+// ABOUTME: Protocol-level request and response validation
+// ABOUTME: Ensures MCP protocol compliance and data integrity
+
+import { z } from 'zod';
+import { logger } from '../logger.js';
+
+// Base MCP request schema
+const McpRequestSchema = z.object({
+  jsonrpc: z.literal('2.0'),
+  id: z.union([z.string(), z.number(), z.null()]),
+  method: z.string(),
+  params: z.record(z.any()).optional(),
+});
+
+// Base MCP response schema
+const McpResponseSchema = z.object({
+  jsonrpc: z.literal('2.0'),
+  id: z.union([z.string(), z.number(), z.null()]),
+  result: z.any().optional(),
+  error: z
+    .object({
+      code: z.number(),
+      message: z.string(),
+      data: z.any().optional(),
+    })
+    .optional(),
+});
+
+// Method-specific validation schemas (only validate params, base structure already validated)
+const MethodSchemas = {
+  'tools/list': {
+    request: z.object({
+      params: z.object({}).optional(),
+    }),
+    response: z.object({
+      tools: z.array(
+        z.object({
+          name: z.string(),
+          description: z.string(),
+          inputSchema: z.record(z.any()),
+        }),
+      ),
+    }),
+  },
+  'tools/call': {
+    request: z.object({
+      params: z.object({
+        name: z.string(),
+        arguments: z.record(z.any()).optional(),
+      }),
+    }),
+    response: z.object({
+      content: z.array(
+        z.object({
+          type: z.string(),
+          text: z.string().optional(),
+          data: z.any().optional(),
+        }),
+      ),
+    }),
+  },
+  'resources/list': {
+    request: z.object({
+      params: z
+        .object({
+          cursor: z.string().optional(),
+        })
+        .optional(),
+    }),
+    response: z.object({
+      resources: z.array(
+        z.object({
+          uri: z.string(),
+          name: z.string(),
+          description: z.string().optional(),
+          mimeType: z.string().optional(),
+        }),
+      ),
+    }),
+  },
+};
+
+export class RequestValidator {
+  private validationCount = 0;
+  private validationErrors = 0;
+
+  /**
+   * Validate an MCP request
+   */
+  async validateRequest(request: any): Promise<void> {
+    this.validationCount++;
+
+    try {
+      // Validate base MCP structure
+      McpRequestSchema.parse(request);
+
+      // Then validate method-specific params only (avoiding redundant validation)
+      const methodSchema = MethodSchemas[request.method as keyof typeof MethodSchemas];
+      if (methodSchema?.request) {
+        // Extract just the params and validate them separately
+        const paramsToValidate = { params: request.params };
+        methodSchema.request.parse(paramsToValidate);
+      }
+
+      // Additional custom validations
+      await this.performCustomValidations(request);
+
+      logger.debug('Request validation passed', {
+        method: request.method,
+        id: request.id,
+      });
+    } catch (error) {
+      this.validationErrors++;
+
+      if (error instanceof z.ZodError) {
+        const validationError = new Error(
+          `Request validation failed: ${error.errors.map((e) => e.message).join(', ')}`,
+        );
+        (validationError as any).code = -32602; // Invalid params
+        (validationError as any).data = error.errors;
+        throw validationError;
+      }
+
+      throw error;
+    }
+  }
+
+  /**
+   * Validate an MCP response
+   */
+  async validateResponse(response: any, method: string): Promise<void> {
+    try {
+      // Validate base response structure
+      McpResponseSchema.parse(response);
+
+      // Validate method-specific response if available
+      const methodSchema = MethodSchemas[method as keyof typeof MethodSchemas];
+      if (methodSchema?.response && response.result) {
+        methodSchema.response.parse(response.result);
+      }
+
+      logger.debug('Response validation passed', { method });
+    } catch (error) {
+      if (error instanceof z.ZodError) {
+        const validationError = new Error(
+          `Response validation failed: ${error.errors.map((e) => e.message).join(', ')}`,
+        );
+        (validationError as any).code = -32603; // Internal error
+        (validationError as any).data = error.errors;
+        throw validationError;
+      }
+
+      throw error;
+    }
+  }
+
+  /**
+   * Perform additional custom validations
+   */
+  private async performCustomValidations(request: any): Promise<void> {
+    // Validate content length limits
+    if (request.params) {
+      const stringContent = JSON.stringify(request.params);
+      if (stringContent.length > 100000) {
+        // 100KB limit
+        throw new Error('Request payload exceeds maximum size limit');
+      }
+    }
+
+    // Validate method exists
+    const allowedMethods = [
+      'tools/list',
+      'tools/call',
+      'resources/list',
+      'resources/read',
+      'prompts/list',
+      'prompts/get',
+      'sampling/create',
+      'roots/list',
+    ];
+
+    if (!allowedMethods.includes(request.method)) {
+      const error = new Error(`Method not found: ${request.method}`);
+      (error as any).code = -32601;
+      throw error;
+    }
+
+    // Validate specific parameter constraints
+    if (request.method === 'sampling/create' && request.params?.messages) {
+      const messageCount = request.params.messages.length;
+      if (messageCount > 50) {
+        throw new Error('Too many messages in sampling request (max 50)');
+      }
+
+      for (const message of request.params.messages) {
+        if (message.content.length > 10000) {
+          throw new Error('Message content exceeds maximum length (10000 characters)');
+        }
+      }
+    }
+  }
+
+  /**
+   * Get validation statistics
+   */
+  getStats() {
+    return {
+      totalValidations: this.validationCount,
+      validationErrors: this.validationErrors,
+      successRate:
+        this.validationCount > 0
+          ? (this.validationCount - this.validationErrors) / this.validationCount
+          : 1,
+    };
+  }
+}