golf-mcp 0.1.20__py3-none-any.whl → 0.2.1__py3-none-any.whl

golf/core/builder_auth.py

@@ -1,22 +1,25 @@
-"""Authentication integration for the GolfMCP build process.
+"""Authentication integration for the Golf MCP build process.
 
 This module adds support for injecting authentication configuration
-into the generated FastMCP application during the build process.
+into the generated FastMCP application during the build process using
+FastMCP 2.11+ built-in auth providers.
 """
 
-from golf.auth import get_auth_config
+from golf.auth import get_auth_config, is_auth_configured
 from golf.auth.api_key import get_api_key_config
+from golf.auth.providers import AuthConfig
 
 
 def generate_auth_code(
     server_name: str,
-    host: str = "127.0.0.1",
+    host: str = "localhost",
     port: int = 3000,
     https: bool = False,
     opentelemetry_enabled: bool = False,
     transport: str = "streamable-http",
 ) -> dict:
-    """Generate authentication components for the FastMCP app.
+    """Generate authentication components for the FastMCP app using modern
+    auth providers.
 
     Returns a dictionary with:
         - imports: List of import statements
@@ -27,116 +30,49 @@ def generate_auth_code(
     # Check for API key configuration first
     api_key_config = get_api_key_config()
     if api_key_config:
-        return generate_api_key_auth_components(
-            server_name, opentelemetry_enabled, transport
-        )
-
-    # Otherwise check for OAuth configuration
-    original_provider_config, required_scopes_from_config = get_auth_config()
+        return generate_api_key_auth_components(server_name, opentelemetry_enabled, transport)
 
-    if not original_provider_config:
+    # Check for modern auth configuration
+    auth_config = get_auth_config()
+    if not auth_config:
         # If no auth config, return empty components
         return {"imports": [], "setup_code": [], "fastmcp_args": {}, "has_auth": False}
 
-    # Build auth components
+    # Validate that we have a modern auth config
+    if not isinstance(auth_config, AuthConfig):
+        raise ValueError(
+            f"Invalid auth configuration type: {type(auth_config).__name__}. "
+            "Golf 0.2.x requires modern auth configurations (JWTAuthConfig, "
+            "StaticTokenConfig, OAuthServerConfig, or RemoteAuthConfig). "
+            "Please update your auth.py file."
+        )
+
+    # Generate modern auth components with embedded configuration
     auth_imports = [
         "import os",
-        "import sys  # For stderr output",
-        "from mcp.server.auth.settings import AuthSettings, ClientRegistrationOptions",
-        "from golf.auth.provider import ProviderConfig as GolfProviderConfigInternal # Alias to avoid conflict if user also has ProviderConfig",
-        "from golf.auth.oauth import GolfOAuthProvider",
-        "# get_access_token and create_callback_handler are used by generated auth_routes",
-        "from golf.auth import get_access_token, create_callback_handler",
+        "import sys",
+        "from golf.auth.factory import create_auth_provider",
+        "from golf.auth.providers import RemoteAuthConfig, JWTAuthConfig, StaticTokenConfig, OAuthServerConfig, OAuthProxyConfig",
     ]
 
-    setup_code_lines = []
-
-    # Code to determine runtime server address configuration
-    setup_code_lines.extend(
-        [
-            "# Determine runtime server address configuration",
-            f"runtime_host = os.environ.get('HOST', {repr(host)})",
-            f"runtime_port = int(os.environ.get('PORT', {repr(port)}))",
-            f"runtime_protocol = 'https' if os.environ.get('HTTPS', {repr(str(https)).lower()}).lower() in ('1', 'true', 'yes') else 'http'",
-            "",
-            "# Determine proper issuer URL at runtime for this server instance",
-            "include_port = (runtime_protocol == 'http' and runtime_port != 80) or (runtime_protocol == 'https' and runtime_port != 443)",
-            "if include_port:",
-            "    runtime_issuer_url = f'{runtime_protocol}://{runtime_host}:{runtime_port}'",
-            "else:",
-            "    runtime_issuer_url = f'{runtime_protocol}://{runtime_host}'",
-            "",
-        ]
-    )
+    # Embed the auth configuration directly in the generated code
+    # Convert the auth config to its string representation for embedding
+    auth_config_repr = repr(auth_config)
 
-    # Code to load secrets from environment variables AT RUNTIME in server.py
-    setup_code_lines.extend(
-        [
-            "# Load secrets from environment variables using names specified in pre_build.py ProviderConfig",
-            f"runtime_client_id = os.environ.get({repr(original_provider_config.client_id_env_var)})",
-            f"runtime_client_secret = os.environ.get({repr(original_provider_config.client_secret_env_var)})",
-            f"runtime_jwt_secret = os.environ.get({repr(original_provider_config.jwt_secret_env_var)})",
-            "",
-            "# Check and warn if essential secrets are missing",
-            "if not runtime_client_id:",
-            f"    print(f\"AUTH WARNING: Environment variable '{original_provider_config.client_id_env_var}' for OAuth Client ID is not set. Authentication will likely fail.\", file=sys.stderr)",
-            "if not runtime_client_secret:",
-            f"    print(f\"AUTH WARNING: Environment variable '{original_provider_config.client_secret_env_var}' for OAuth Client Secret is not set. Authentication will likely fail.\", file=sys.stderr)",
-            "if not runtime_jwt_secret:",
-            f"    print(f\"AUTH WARNING: Environment variable '{original_provider_config.jwt_secret_env_var}' for JWT Secret is not set. Using a default insecure fallback. DO NOT USE IN PRODUCTION.\", file=sys.stderr)",
-            f"    runtime_jwt_secret = {repr(f'fallback-dev-jwt-secret-for-{server_name}-!PLEASE-CHANGE-THIS!')}",  # Fixed fallback string
-            "",
-        ]
-    )
-
-    # Code to instantiate ProviderConfig using runtime-loaded secrets and other baked-in non-secrets
-    setup_code_lines.extend(
-        [
-            "# Instantiate ProviderConfig with runtime-resolved secrets and other pre-configured values",
-            "provider_config_instance = GolfProviderConfigInternal(",  # Use aliased import
-            f"    provider={repr(original_provider_config.provider)},",
-            f"    client_id_env_var={repr(original_provider_config.client_id_env_var)},",
-            f"    client_secret_env_var={repr(original_provider_config.client_secret_env_var)},",
-            f"    jwt_secret_env_var={repr(original_provider_config.jwt_secret_env_var)},",
-            "    client_id=runtime_client_id,",
-            "    client_secret=runtime_client_secret,",
-            "    jwt_secret=runtime_jwt_secret,",
-            f"    authorize_url={repr(original_provider_config.authorize_url)},",
-            f"    token_url={repr(original_provider_config.token_url)},",
-            f"    userinfo_url={repr(original_provider_config.userinfo_url)},",
-            f"    jwks_uri={repr(original_provider_config.jwks_uri)},",
-            f"    scopes={repr(original_provider_config.scopes)},",
-            "    issuer_url=runtime_issuer_url,",
-            f"    callback_path={repr(original_provider_config.callback_path)},",
-            f"    token_expiration={original_provider_config.token_expiration}",
-            ")",
-            "",
-            "auth_provider = GolfOAuthProvider(provider_config_instance)",
-            "from golf.auth.helpers import _set_active_golf_oauth_provider  # Ensure helper is imported",
-            "_set_active_golf_oauth_provider(auth_provider)  # Make provider instance available",
-            "",
-        ]
-    )
-
-    # AuthSettings creation
-    setup_code_lines.extend(
-        [
-            "# Create auth settings for FastMCP",
-            "auth_settings = AuthSettings(",
-            "    issuer_url=runtime_issuer_url,",
-            "    client_registration_options=ClientRegistrationOptions(",
-            "        enabled=True,",
-            f"        valid_scopes={repr(original_provider_config.scopes)},",
-            f"        default_scopes={repr(original_provider_config.scopes)}",
-            "    ),",
-            f"    required_scopes={repr(required_scopes_from_config) if required_scopes_from_config else None}",
-            ")",
-            "",
-        ]
-    )
+    setup_code_lines = [
+        "# Modern FastMCP 2.11+ authentication setup with embedded configuration",
+        f"auth_config = {auth_config_repr}",
+        "try:",
+        "    auth_provider = create_auth_provider(auth_config)",
+        "    print(f'Authentication configured with {auth_config.provider_type} provider')",
+        "except Exception as e:",
+        "    print(f'Authentication setup failed: {e}', file=sys.stderr)",
+        "    auth_provider = None",
+        "",
+    ]
 
-    # FastMCP constructor arguments
-    fastmcp_args = {"auth_server_provider": "auth_provider", "auth": "auth_settings"}
+    # FastMCP constructor arguments - FastMCP 2.11+ uses auth parameter
+    fastmcp_args = {"auth": "auth_provider"}
 
     return {
         "imports": auth_imports,
@@ -174,7 +110,7 @@ def generate_api_key_auth_components(
     ]
 
     setup_code_lines = [
-        "# Recreate API key configuration from pre_build.py",
+        "# Recreate API key configuration from auth.py",
         "configure_api_key(",
         f"    header_name={repr(api_key_config.header_name)},",
         f"    header_prefix={repr(api_key_config.header_prefix)},",
@@ -221,7 +157,8 @@ def generate_api_key_auth_components(
         "            # Check if API key is required but missing",
         "            if api_key_config.required and not api_key:",
         "                return JSONResponse(",
-        "                    {'error': 'unauthorized', 'detail': f'Missing required {header_name} header'},",
+        "                    {'error': 'unauthorized', "
+        "'detail': f'Missing required {header_name} header'},"
         "                    status_code=401,",
         "                    headers={'WWW-Authenticate': f'{header_name} realm=\"MCP Server\"'}",
         "                )",
@@ -243,48 +180,30 @@ def generate_api_key_auth_components(
 
 
 def generate_auth_routes() -> str:
-    """Generate code for OAuth routes in the FastMCP app.
-    These routes are added to the FastMCP instance (`mcp`) created by `generate_auth_code`.
+    """Generate code for auth routes in the FastMCP app.
+
+    Auth providers (RemoteAuthProvider, OAuthProvider) provide OAuth metadata routes
+    that need to be added to the server.
     """
     # API key auth doesn't need special routes
     api_key_config = get_api_key_config()
     if api_key_config:
         return ""
 
-    provider_config, _ = get_auth_config()  # Used to check if auth is enabled generally
-    if not provider_config:
+    # Check if auth is configured
+    if not is_auth_configured():
         return ""
 
-    auth_routes_list = [
-        "",
-        "# Auth-specific routes, using the 'auth_provider' instance defined in the auth setup code",
-        "@mcp.custom_route('/auth/callback', methods=['GET'])",
-        "async def oauth_callback(request):",
-        "    # create_callback_handler is imported in the auth setup code block",
-        "    handler = create_callback_handler(auth_provider)",
-        "    return await handler(request)",
-        "",
-        "@mcp.custom_route('/login', methods=['GET'])",
-        "async def login(request):",
-        "    from starlette.responses import RedirectResponse",
-        "    import urllib.parse",
-        '    default_redirect_uri = urllib.parse.quote_plus("http://localhost:5173/callback")',
-        '    authorize_url = f"/mcp/auth/authorize?client_id=default&response_type=code&redirect_uri={default_redirect_uri}"',
-        "    return RedirectResponse(authorize_url)",
-        "",
-        "@mcp.custom_route('/auth-error', methods=['GET'])",
-        "async def auth_error(request):",
-        "    from starlette.responses import HTMLResponse",
-        "    error = request.query_params.get('error', 'unknown_error')",
-        "    error_desc = request.query_params.get('error_description', 'An authentication error occurred')",
-        '    html_content = f"""',
-        "    <!DOCTYPE html>",
-        "    <html><head><title>Authentication Error</title>",
-        "    <style> body {{ font-family: system-ui, sans-serif; padding: 2rem; max-width: 600px; margin: auto; }} h1 {{ color: #c53030; }} .error-box {{ background-color: #fed7d7; border: 1px solid #f56565; border-radius: 0.25rem; padding: 1rem; margin: 1rem 0; }} .btn {{ background-color: #4299e1; color: white; border: none; padding: 0.5rem 1rem; border-radius: 0.25rem; cursor: pointer; text-decoration: none; display: inline-block; margin-top: 1rem; }} .btn:hover {{ background-color: #2b6cb0; }} </style>",
-        "    </head><body><h1>Authentication Failed</h1><div class='error-box'>",
-        "    <p><strong>Error:</strong> {error}</p><p><strong>Description:</strong> {error_desc}</p></div>",
-        "    <a href='/login' class='btn'>Try Again</a></body></html>\"\"\"",
-        "    return HTMLResponse(content=html_content)",
-        "",
-    ]
-    return "\n".join(auth_routes_list)
+    # Auth providers provide OAuth metadata routes that need to be added to the server
+    return """
+# Add OAuth metadata routes from auth provider
+if auth_provider and hasattr(auth_provider, 'get_routes'):
+    auth_routes = auth_provider.get_routes()
+    if auth_routes:
+        # Add routes to FastMCP's additional HTTP routes list
+        try:
+            mcp._additional_http_routes.extend(auth_routes)
+            print(f"Added {len(auth_routes)} OAuth metadata routes")
+        except Exception as e:
+            print(f"Warning: Failed to add OAuth routes: {e}")
+"""

golf/core/builder_telemetry.py

@@ -29,6 +29,7 @@ def generate_component_registration_with_telemetry(
     entry_function: str,
     docstring: str = "",
     uri_template: str = None,
+    is_template: bool = False,
 ) -> str:
     """Generate component registration code with telemetry instrumentation.
 
@@ -39,6 +40,7 @@ def generate_component_registration_with_telemetry(
         entry_function: Entry function name
         docstring: Component description
         uri_template: URI template for resources (optional)
+        is_template: Whether the resource is a template (has URI parameters)
 
     Returns:
         Python code string for registering the component with instrumentation
@@ -48,15 +50,36 @@ def generate_component_registration_with_telemetry(
 
     if component_type == "tool":
         wrapped_func = f"instrument_tool({func_ref}, '{component_name}')"
-        return f'mcp.add_tool({wrapped_func}, name="{component_name}", description="{escaped_docstring}")'
+        return (
+            f"_tool = Tool.from_function({wrapped_func}, "
+            f'name="{component_name}", description="{escaped_docstring}")\n'
+            f"mcp.add_tool(_tool)"
+        )
 
     elif component_type == "resource":
         wrapped_func = f"instrument_resource({func_ref}, '{uri_template}')"
-        return f'mcp.add_resource_fn({wrapped_func}, uri="{uri_template}", name="{component_name}", description="{escaped_docstring}")'
+        if is_template:
+            return (
+                f"_resource = ResourceTemplate.from_function({wrapped_func}, "
+                f'uri_template="{uri_template}", name="{component_name}", '
+                f'description="{escaped_docstring}")\n'
+                f"mcp.add_template(_resource)"
+            )
+        else:
+            return (
+                f"_resource = Resource.from_function({wrapped_func}, "
+                f'uri="{uri_template}", name="{component_name}", '
+                f'description="{escaped_docstring}")\n'
+                f"mcp.add_resource(_resource)"
+            )
 
     elif component_type == "prompt":
         wrapped_func = f"instrument_prompt({func_ref}, '{component_name}')"
-        return f'mcp.add_prompt({wrapped_func}, name="{component_name}", description="{escaped_docstring}")'
+        return (
+            f"_prompt = Prompt.from_function({wrapped_func}, "
+            f'name="{component_name}", description="{escaped_docstring}")\n'
+            f"mcp.add_prompt(_prompt)"
+        )
 
     else:
         raise ValueError(f"Unknown component type: {component_type}")

golf/core/config.py

@@ -13,19 +13,11 @@ console = Console()
 class AuthConfig(BaseModel):
     """Authentication configuration."""
 
-    provider: str = Field(
-        ..., description="Authentication provider (e.g., 'jwks', 'google', 'github')"
-    )
+    provider: str = Field(..., description="Authentication provider (e.g., 'jwks', 'google', 'github')")
     scopes: list[str] = Field(default_factory=list, description="Required OAuth scopes")
-    client_id_env: str | None = Field(
-        None, description="Environment variable name for client ID"
-    )
-    client_secret_env: str | None = Field(
-        None, description="Environment variable name for client secret"
-    )
-    redirect_uri: str | None = Field(
-        None, description="OAuth redirect URI (defaults to localhost callback)"
-    )
+    client_id_env: str | None = Field(None, description="Environment variable name for client ID")
+    client_secret_env: str | None = Field(None, description="Environment variable name for client secret")
+    redirect_uri: str | None = Field(None, description="OAuth redirect URI (defaults to localhost callback)")
 
     @field_validator("provider")
     @classmethod
@@ -33,10 +25,7 @@ class AuthConfig(BaseModel):
         """Validate the provider value."""
         valid_providers = {"jwks", "google", "github", "custom"}
         if value not in valid_providers and not value.startswith("custom:"):
-            raise ValueError(
-                f"Invalid provider '{value}'. Must be one of {valid_providers} "
-                "or start with 'custom:'"
-            )
+            raise ValueError(f"Invalid provider '{value}'. Must be one of {valid_providers} or start with 'custom:'")
         return value
 
 
@@ -44,9 +33,7 @@ class DeployConfig(BaseModel):
     """Deployment configuration."""
 
     default: str = Field("vercel", description="Default deployment target")
-    options: dict[str, Any] = Field(
-        default_factory=dict, description="Target-specific options"
-    )
+    options: dict[str, Any] = Field(default_factory=dict, description="Target-specific options")
 
 
 class Settings(BaseSettings):
@@ -64,10 +51,10 @@ class Settings(BaseSettings):
     description: str | None = Field(None, description="Project description")
 
     # Build settings
-    output_dir: str = Field("build", description="Build artifact folder")
+    output_dir: str = Field("dist", description="Build artifact folder")
 
     # Server settings
-    host: str = Field("127.0.0.1", description="Server host")
+    host: str = Field("localhost", description="Server host")
     port: int = Field(3000, description="Server port")
     transport: str = Field(
         "streamable-http",
@@ -75,37 +62,28 @@ class Settings(BaseSettings):
     )
 
     # Auth settings
-    auth: str | AuthConfig | None = Field(
-        None, description="Authentication configuration or URI"
-    )
+    auth: str | AuthConfig | None = Field(None, description="Authentication configuration or URI")
 
     # Deploy settings
-    deploy: DeployConfig = Field(
-        default_factory=DeployConfig, description="Deployment configuration"
-    )
+    deploy: DeployConfig = Field(default_factory=DeployConfig, description="Deployment configuration")
 
     # Feature flags
     telemetry: bool = Field(True, description="Enable anonymous telemetry")
 
     # Project paths
     tools_dir: str = Field("tools", description="Directory containing tools")
-    resources_dir: str = Field(
-        "resources", description="Directory containing resources"
-    )
+    resources_dir: str = Field("resources", description="Directory containing resources")
     prompts_dir: str = Field("prompts", description="Directory containing prompts")
 
     # OpenTelemetry config
-    opentelemetry_enabled: bool = Field(
-        False, description="Enable OpenTelemetry tracing"
-    )
-    opentelemetry_default_exporter: str = Field(
-        "console", description="Default OpenTelemetry exporter type"
+    opentelemetry_enabled: bool = Field(False, description="Enable OpenTelemetry tracing")
+    opentelemetry_default_exporter: str = Field("console", description="Default OpenTelemetry exporter type")
+    detailed_tracing: bool = Field(
+        False, description="Enable detailed tracing with input/output capture (may contain sensitive data)"
     )
 
     # Health check configuration
-    health_check_enabled: bool = Field(
-        False, description="Enable health check endpoint"
-    )
+    health_check_enabled: bool = Field(False, description="Enable health check endpoint")
     health_check_path: str = Field("/health", description="Health check endpoint path")
     health_check_response: str = Field("OK", description="Health check response text")
 
@@ -116,9 +94,7 @@ class Settings(BaseSettings):
     )
 
     # Metrics configuration
-    metrics_enabled: bool = Field(
-        False, description="Enable Prometheus metrics endpoint"
-    )
+    metrics_enabled: bool = Field(False, description="Enable Prometheus metrics endpoint")
     metrics_path: str = Field("/metrics", description="Metrics endpoint path")
 
 
@@ -166,7 +142,8 @@ def find_project_root(
         start_path: Path to start searching from (defaults to current directory)
 
     Returns:
-        Tuple of (project_root, config_path) if a project is found, or (None, None) if not
+        Tuple of (project_root, config_path) if a project is found, or
+        (None, None) if not
     """
     config_path = find_config_path(start_path)
     if config_path:
@@ -195,20 +172,24 @@ def load_settings(project_path: str | Path) -> Settings:
     if env_file.exists():
         settings = Settings(_env_file=env_file)
 
+        # Auto-enable OpenTelemetry if GOLF_API_KEY is present (from .env file)
+        import os
+
+        if os.environ.get("GOLF_API_KEY"):
+            settings.opentelemetry_enabled = True
+
     # Try to load JSON config file first
     json_config_path = project_path / "golf.json"
     if json_config_path.exists():
         return _load_json_settings(json_config_path, settings)
 
-    # Fall back to TOML config file if JSON not found
-    toml_config_path = project_path / "golf.toml"
-    if toml_config_path.exists():
-        console.print(
-            "[yellow]Warning: Using .toml configuration is deprecated. Please migrate to .json format.[/yellow]"
-        )
-        return _load_toml_settings(toml_config_path, settings)
-
     # No config file found, use defaults
+    # Auto-enable OpenTelemetry if GOLF_API_KEY is present
+    import os
+
+    if os.environ.get("GOLF_API_KEY"):
+        settings.opentelemetry_enabled = True
+
     return settings
 
 
@@ -225,15 +206,13 @@ def _load_json_settings(path: Path, settings: Settings) -> Settings:
             if hasattr(settings, key):
                 setattr(settings, key, value)
 
+        # Auto-enable OpenTelemetry if GOLF_API_KEY is present and telemetry wasn't explicitly configured
+        import os
+
+        if os.environ.get("GOLF_API_KEY") and "opentelemetry_enabled" not in config_data:
+            settings.opentelemetry_enabled = True
+
         return settings
     except Exception as e:
-        console.print(
-            f"[bold red]Error loading JSON config from {path}: {e}[/bold red]"
-        )
+        console.print(f"[bold red]Error loading JSON config from {path}: {e}[/bold red]")
         return settings
-
-
-def _load_toml_settings(path: Path, settings: Settings) -> Settings:
-    """Load settings from a TOML file."""
-
-    return settings