mcp-proxy-adapter 2.0.1__py3-none-any.whl → 6.9.50__py3-none-any.whl

mcp_proxy_adapter/core/validation/config_validator.py

@@ -0,0 +1,219 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Main configuration validator for MCP Proxy Adapter.
+"""
+
+import json
+import logging
+from pathlib import Path
+from typing import Dict, List, Any, Optional
+
+from .file_validator import FileValidator
+from .security_validator import SecurityValidator
+from .protocol_validator import ProtocolValidator
+from .validation_result import ValidationResult
+
+logger = logging.getLogger(__name__)
+
+
+class ConfigValidator:
+    """
+    Comprehensive configuration validator for MCP Proxy Adapter.
+    
+    Validates:
+    - Required sections and keys
+    - File existence for referenced files
+    - Feature flag dependencies
+    - Protocol-specific requirements
+    - Security configuration consistency
+    """
+    
+    def __init__(self, config_path: Optional[str] = None):
+        """
+        Initialize configuration validator.
+
+        Args:
+            config_path: Path to configuration file (optional)
+        """
+        self.config_path = config_path
+        self.config_data: Dict[str, Any] = {}
+        self.validation_results: List[ValidationResult] = []
+
+    def load_config(self, config_path: Optional[str] = None) -> None:
+        """
+        Load configuration from file.
+
+        Args:
+            config_path: Path to configuration file
+        """
+        if config_path:
+            self.config_path = config_path
+        
+        if not self.config_path:
+            raise ValueError("No configuration path provided")
+        
+        try:
+            with open(self.config_path, 'r', encoding='utf-8') as f:
+                self.config_data = json.load(f)
+            logger.info(f"Configuration loaded from {self.config_path}")
+        except FileNotFoundError:
+            raise FileNotFoundError(f"Configuration file not found: {self.config_path}")
+        except json.JSONDecodeError as e:
+            raise ValueError(f"Invalid JSON in configuration file: {e}")
+        except Exception as e:
+            raise RuntimeError(f"Error loading configuration: {e}")
+
+    def validate_config(self, config_data: Optional[Dict[str, Any]] = None) -> List[ValidationResult]:
+        """
+        Validate configuration data.
+
+        Args:
+            config_data: Configuration data to validate (optional)
+
+        Returns:
+            List of validation results
+        """
+        if config_data is not None:
+            self.config_data = config_data
+        
+        if not self.config_data:
+            raise ValueError("No configuration data to validate")
+        
+        self.validation_results = []
+        
+        # Initialize validators
+        file_validator = FileValidator(self.config_data)
+        security_validator = SecurityValidator(self.config_data)
+        protocol_validator = ProtocolValidator(self.config_data)
+        
+        # Run all validations
+        protocol_validator._validate_server_section()
+        protocol_validator._validate_feature_flags()
+        protocol = self.config_data.get("server", {}).get("protocol", "http")
+        if protocol == "https":
+            protocol_validator._validate_https_requirements()
+        elif protocol == "mtls":
+            protocol_validator._validate_mtls_requirements()
+        self.validation_results.extend(protocol_validator.validation_results)
+        
+        self.validation_results.extend(file_validator.validate_file_existence())
+        self.validation_results.extend(security_validator.validate_security_consistency())
+        self.validation_results.extend(security_validator.validate_ssl_configuration())
+        self.validation_results.extend(security_validator.validate_roles_configuration())
+        self.validation_results.extend(security_validator.validate_proxy_registration())
+        
+        # Additional validations
+        self._validate_unknown_fields()
+        self._validate_uuid_format()
+        
+        return self.validation_results
+
+    def validate_all(self, config_data: Optional[Dict[str, Any]] = None) -> List[ValidationResult]:
+        """
+        Validate all aspects of the configuration.
+
+        Args:
+            config_data: Configuration data to validate (optional)
+
+        Returns:
+            List of validation results
+        """
+        return self.validate_config(config_data)
+
+    def _validate_unknown_fields(self) -> None:
+        """Validate for unknown configuration fields."""
+        known_sections = {
+            "server", "protocols", "security", "ssl", "auth", "roles", 
+            "logging", "commands", "proxy_registration", "transport"
+        }
+        
+        for section in self.config_data.keys():
+            if section not in known_sections:
+                self.validation_results.append(ValidationResult(
+                    level="warning",
+                    message=f"Unknown configuration section: {section}",
+                    section=section,
+                    suggestion="Check if this section is needed or if it's a typo"
+                ))
+
+    def _validate_uuid_format(self) -> None:
+        """Validate UUID format in configuration."""
+        uuid_fields = ["server.server_id", "proxy_registration.server_id"]
+        
+        for field in uuid_fields:
+            value = self._get_nested_value_safe(field)
+            if value and not self._is_valid_uuid4(str(value)):
+                self.validation_results.append(ValidationResult(
+                    level="warning",
+                    message=f"Invalid UUID format in {field}: {value}",
+                    section=field.split(".")[0],
+                    key=field.split(".")[1],
+                    suggestion="Use a valid UUID4 format"
+                ))
+
+    def _is_valid_uuid4(self, uuid_str: str) -> bool:
+        """Check if string is a valid UUID4."""
+        import re
+        uuid_pattern = r'^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$'
+        return bool(re.match(uuid_pattern, uuid_str, re.IGNORECASE))
+
+    def _get_nested_value_safe(self, key: str, default: Any = None) -> Any:
+        """Safely get a nested value from configuration."""
+        keys = key.split('.')
+        value = self.config_data
+        
+        for k in keys:
+            if isinstance(value, dict) and k in value:
+                value = value[k]
+            else:
+                return default
+        
+        return value
+
+    def get_validation_summary(self) -> Dict[str, Any]:
+        """
+        Get a summary of validation results.
+
+        Returns:
+            Dictionary with validation summary
+        """
+        error_count = sum(1 for r in self.validation_results if r.level == "error")
+        warning_count = sum(1 for r in self.validation_results if r.level == "warning")
+        info_count = sum(1 for r in self.validation_results if r.level == "info")
+        
+        return {
+            "total_issues": len(self.validation_results),
+            "errors": error_count,
+            "warnings": warning_count,
+            "info": info_count,
+            "is_valid": error_count == 0
+        }
+
+    def print_validation_report(self) -> None:
+        """Print a formatted validation report."""
+        summary = self.get_validation_summary()
+        
+        print(f"\\n📋 Configuration Validation Report")
+        print(f"{'=' * 40}")
+        print(f"Total issues: {summary['total_issues']}")
+        print(f"Errors: {summary['errors']}")
+        print(f"Warnings: {summary['warnings']}")
+        print(f"Info: {summary['info']}")
+        print(f"Valid: {'✅ Yes' if summary['is_valid'] else '❌ No'}")
+        
+        if self.validation_results:
+            print(f"\\n📝 Issues:")
+            for i, result in enumerate(self.validation_results, 1):
+                level_icon = {"error": "❌", "warning": "⚠️", "info": "ℹ️"}[result.level]
+                print(f"{i:2d}. {level_icon} {result.message}")
+                if result.section:
+                    print(f"    Section: {result.section}")
+                if result.key:
+                    print(f"    Key: {result.key}")
+                if result.suggestion:
+                    print(f"    Suggestion: {result.suggestion}")
+                print()
+
+

mcp_proxy_adapter/core/validation/file_validator.py

@@ -0,0 +1,131 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+File validation utilities for MCP Proxy Adapter configuration validation.
+"""
+
+import os
+import ssl
+from typing import Dict, Any, List
+
+from .validation_result import ValidationResult
+
+
+class FileValidator:
+    """Validator for file-related configuration settings."""
+
+    def __init__(self, config_data: Dict[str, Any]):
+        self.config_data = config_data
+        self.validation_results: List[ValidationResult] = []
+
+
+
+
+
+    def _get_nested_value_safe(self, key: str, default: Any = None) -> Any:
+        """Safely get a nested value from configuration."""
+        keys = key.split('.')
+        value = self.config_data
+        
+        for k in keys:
+            if isinstance(value, dict) and k in value:
+                value = value[k]
+            else:
+                return default
+        
+        return value
+
+    def _has_nested_key(self, key: str) -> bool:
+        """Check if a nested key exists in configuration."""
+        keys = key.split('.')
+        value = self.config_data
+        
+        for k in keys:
+            if isinstance(value, dict) and k in value:
+                value = value[k]
+            else:
+                return False
+        
+        return True
+
+    def _is_file_required_for_enabled_features(self, file_key: str) -> bool:
+        """Check if a file is required based on enabled features."""
+        # SSL files are required if SSL is enabled
+        if file_key.startswith("ssl.") or file_key.startswith("transport.ssl."):
+            return self._get_nested_value_safe("ssl.enabled", False)
+        
+        # Proxy registration files are required if proxy registration is enabled
+        if file_key.startswith("proxy_registration."):
+            return self._get_nested_value_safe("proxy_registration.enabled", False)
+        
+        # Log directory is required if logging is enabled
+        if file_key == "logging.log_dir":
+            return self._get_nested_value_safe("logging.enabled", True)
+        
+        # Command directories are required if commands are enabled
+        if file_key.startswith("commands."):
+            return self._get_nested_value_safe("commands.enabled", True)
+        
+        # Security files are required if security is enabled
+        if file_key.startswith("security."):
+            return self._get_nested_value_safe("security.enabled", False)
+        
+        return False
+
+    def validate_file_existence(self) -> List[ValidationResult]:
+        """
+        Validate that referenced files exist.
+
+        Returns:
+            List of validation results
+        """
+        self.validation_results = []
+        
+        # Check SSL certificate files if SSL is enabled
+        if self._get_nested_value_safe("ssl.enabled", False):
+            cert_file = self._get_nested_value_safe("ssl.cert_file")
+            key_file = self._get_nested_value_safe("ssl.key_file")
+            
+            if cert_file and not os.path.exists(cert_file):
+                self.validation_results.append(ValidationResult(
+                    level="error",
+                    message=f"SSL certificate file not found: {cert_file}",
+                    section="ssl",
+                    key="cert_file",
+                    suggestion=f"Create or fix path to certificate file"
+                ))
+            
+            if key_file and not os.path.exists(key_file):
+                self.validation_results.append(ValidationResult(
+                    level="error",
+                    message=f"SSL key file not found: {key_file}",
+                    section="ssl",
+                    key="key_file",
+                    suggestion=f"Create or fix path to key file"
+                ))
+        
+        # Check proxy registration certificate files if proxy registration is enabled
+        if self._get_nested_value_safe("proxy_registration.enabled", False):
+            proxy_cert = self._get_nested_value_safe("proxy_registration.certificate.cert_file")
+            proxy_key = self._get_nested_value_safe("proxy_registration.certificate.key_file")
+            
+            if proxy_cert and not os.path.exists(proxy_cert):
+                self.validation_results.append(ValidationResult(
+                    level="warning",
+                    message=f"Proxy registration certificate file not found: {proxy_cert}",
+                    section="proxy_registration.certificate",
+                    key="cert_file",
+                    suggestion=f"Create or fix path to certificate file"
+                ))
+            
+            if proxy_key and not os.path.exists(proxy_key):
+                self.validation_results.append(ValidationResult(
+                    level="warning",
+                    message=f"Proxy registration key file not found: {proxy_key}",
+                    section="proxy_registration.certificate",
+                    key="key_file",
+                    suggestion=f"Create or fix path to key file"
+                ))
+        
+        return self.validation_results

mcp_proxy_adapter/core/validation/protocol_validator.py

@@ -0,0 +1,205 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Protocol validation utilities for MCP Proxy Adapter configuration validation.
+"""
+
+import re
+from typing import Dict, List, Any
+
+from .validation_result import ValidationResult
+
+
+class ProtocolValidator:
+    """Validator for protocol-related configuration settings."""
+
+    def __init__(self, config_data: Dict[str, Any]):
+        self.config_data = config_data
+        self.validation_results: List[ValidationResult] = []
+
+    def _validate_https_requirements(self) -> None:
+        """Validate HTTPS-specific requirements."""
+        # Check server section for certificates (SimpleConfig format)
+        server_config = self._get_nested_value_safe("server", {})
+
+        # Check for required SSL files in server section
+        if not server_config.get("cert_file"):
+            self.validation_results.append(
+                ValidationResult(
+                    level="error",
+                    message="HTTPS protocol requires SSL certificate file",
+                    section="server",
+                    key="cert_file",
+                    suggestion="Specify server.cert_file",
+                )
+            )
+
+        if not server_config.get("key_file"):
+            self.validation_results.append(
+                ValidationResult(
+                    level="error",
+                    message="HTTPS protocol requires SSL key file",
+                    section="server",
+                    key="key_file",
+                    suggestion="Specify server.key_file",
+                )
+            )
+
+    def _validate_mtls_requirements(self) -> None:
+        """Validate mTLS-specific requirements."""
+        # mTLS requires HTTPS
+        self._validate_https_requirements()
+
+        # Check server section for certificates (SimpleConfig format)
+        server_config = self._get_nested_value_safe("server", {})
+        transport_config = self._get_nested_value_safe("transport", {})
+
+        # For mTLS server, we need:
+        # - Server cert/key (already checked by _validate_https_requirements)
+        # - CA cert for verifying client certificates
+        # - verify_client enabled
+
+        # Check for CA certificate (needed for client certificate verification)
+        if not server_config.get("ca_cert_file"):
+            self.validation_results.append(
+                ValidationResult(
+                    level="error",
+                    message="mTLS protocol requires CA certificate for client verification",
+                    section="server",
+                    key="ca_cert_file",
+                    suggestion="Specify server.ca_cert_file for client certificate verification",
+                )
+            )
+
+        # Check for client verification
+        if not transport_config.get("verify_client", False):
+            self.validation_results.append(
+                ValidationResult(
+                    level="warning",
+                    message="mTLS protocol should have client verification enabled",
+                    section="transport",
+                    key="verify_client",
+                    suggestion="Set transport.verify_client to true",
+                )
+            )
+
+        # Note: client_cert and client_key are NOT required for mTLS server
+        # They are only needed for client/registration configuration when connecting TO a proxy
+
+    def _validate_feature_flags(self) -> None:
+        """Validate feature flags based on protocol."""
+        protocol = self._get_nested_value_safe("server.protocol", "http")
+        server_config = self._get_nested_value_safe("server", {})
+
+        # Check if features are compatible with protocol
+        if protocol == "http":
+            # HTTP doesn't support SSL features
+            if server_config.get("cert_file") or server_config.get("key_file"):
+                self.validation_results.append(
+                    ValidationResult(
+                        level="warning",
+                        message="SSL certificates are configured but protocol is HTTP. Consider using HTTPS",
+                        section="server",
+                        suggestion="Change protocol to https or remove certificate configuration",
+                    )
+                )
+
+        # Check transport configuration
+        transport_config = self._get_nested_value_safe("transport", {})
+        if transport_config:
+            verify_client = transport_config.get("verify_client", False)
+            if verify_client and protocol == "http":
+                self.validation_results.append(
+                    ValidationResult(
+                        level="warning",
+                        message="Client verification is enabled but protocol is HTTP",
+                        section="transport",
+                        key="verify_client",
+                        suggestion="Change protocol to https or mtls, or disable client verification",
+                    )
+                )
+
+    def _validate_server_section(self) -> None:
+        """Validate server section requirements."""
+        server_config = self.config_data.get("server", {})
+
+        # Check required fields
+        if "host" not in server_config:
+            self.validation_results.append(
+                ValidationResult(
+                    level="error",
+                    message="Server host is required",
+                    section="server",
+                    key="host",
+                    suggestion="Add host field to server section",
+                )
+            )
+
+        if "port" not in server_config:
+            self.validation_results.append(
+                ValidationResult(
+                    level="error",
+                    message="Server port is required",
+                    section="server",
+                    key="port",
+                    suggestion="Add port field to server section",
+                )
+            )
+
+        # Validate port number
+        port = server_config.get("port")
+        if port is not None:
+            if not isinstance(port, int) or not (1 <= port <= 65535):
+                self.validation_results.append(
+                    ValidationResult(
+                        level="error",
+                        message=f"Invalid port number: {port}. Must be between 1 and 65535",
+                        section="server",
+                        key="port",
+                    )
+                )
+
+        # Validate host format
+        host = server_config.get("host")
+        if host is not None:
+            if not self._is_valid_host(host):
+                self.validation_results.append(
+                    ValidationResult(
+                        level="error",
+                        message=f"Invalid host format: {host}",
+                        section="server",
+                        key="host",
+                        suggestion="Use a valid hostname or IP address",
+                    )
+                )
+
+    def _is_valid_host(self, host: str) -> bool:
+        """Check if host has valid format."""
+        # Check for localhost
+        if host in ["localhost", "127.0.0.1", "::1", "0.0.0.0"]:
+            return True
+
+        # Check for IP address
+        ip_pattern = r"^(\d{1,3}\.){3}\d{1,3}$"
+        if re.match(ip_pattern, host):
+            # Validate IP address ranges
+            parts = host.split(".")
+            return all(0 <= int(part) <= 255 for part in parts)
+
+        # Check for hostname (basic validation)
+        hostname_pattern = r"^[a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?)*$"
+        return bool(re.match(hostname_pattern, host))
+
+    def _get_nested_value_safe(self, key: str, default: Any = None) -> Any:
+        """Safely get a nested value from configuration."""
+        keys = key.split(".")
+        value = self.config_data
+
+        for k in keys:
+            if isinstance(value, dict) and k in value:
+                value = value[k]
+            else:
+                return default
+
+        return value

mcp_proxy_adapter/core/validation/security_validator.py

@@ -0,0 +1,140 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Security validation utilities for MCP Proxy Adapter configuration validation.
+"""
+
+import os
+from typing import Dict, List, Any
+
+from .validation_result import ValidationResult
+
+
+class SecurityValidator:
+    """Validator for security-related configuration settings."""
+
+    def __init__(self, config_data: Dict[str, Any]):
+        self.config_data = config_data
+        self.validation_results: List[ValidationResult] = []
+
+
+
+
+
+    def _get_nested_value_safe(self, key: str, default: Any = None) -> Any:
+        """Safely get a nested value from configuration."""
+        keys = key.split('.')
+        value = self.config_data
+        
+        for k in keys:
+            if isinstance(value, dict) and k in value:
+                value = value[k]
+            else:
+                return default
+        
+        return value
+
+    def _has_nested_key(self, key: str) -> bool:
+        """Check if a nested key exists in configuration."""
+        keys = key.split('.')
+        value = self.config_data
+        
+        for k in keys:
+            if isinstance(value, dict) and k in value:
+                value = value[k]
+            else:
+                return False
+        
+        return True
+
+    def _is_valid_url(self, url: str) -> bool:
+        """Check if URL has valid format."""
+        try:
+            from urllib.parse import urlparse
+            parsed = urlparse(url)
+            return bool(parsed.scheme and parsed.netloc)
+        except Exception:
+            return False
+
+    def validate_security_consistency(self) -> List[ValidationResult]:
+        """
+        Validate security configuration consistency.
+
+        Returns:
+            List of validation results
+        """
+        self.validation_results = []
+        # Basic consistency checks can be added here
+        return self.validation_results
+
+    def validate_ssl_configuration(self) -> List[ValidationResult]:
+        """
+        Validate SSL configuration.
+
+        Returns:
+            List of validation results
+        """
+        self.validation_results = []
+        
+        ssl_config = self._get_nested_value_safe("ssl", {})
+        if ssl_config.get("enabled", False):
+            if not ssl_config.get("cert_file"):
+                self.validation_results.append(ValidationResult(
+                    level="error",
+                    message="SSL is enabled but cert_file is not specified",
+                    section="ssl",
+                    key="cert_file",
+                    suggestion="Specify ssl.cert_file"
+                ))
+            if not ssl_config.get("key_file"):
+                self.validation_results.append(ValidationResult(
+                    level="error",
+                    message="SSL is enabled but key_file is not specified",
+                    section="ssl",
+                    key="key_file",
+                    suggestion="Specify ssl.key_file"
+                ))
+        
+        return self.validation_results
+
+    def validate_roles_configuration(self) -> List[ValidationResult]:
+        """
+        Validate roles configuration.
+
+        Returns:
+            List of validation results
+        """
+        self.validation_results = []
+        # Roles validation can be added here
+        return self.validation_results
+
+    def validate_proxy_registration(self) -> List[ValidationResult]:
+        """
+        Validate proxy registration configuration.
+
+        Returns:
+            List of validation results
+        """
+        self.validation_results = []
+        
+        proxy_config = self._get_nested_value_safe("proxy_registration", {})
+        if proxy_config.get("enabled", False):
+            if not proxy_config.get("proxy_url"):
+                self.validation_results.append(ValidationResult(
+                    level="error",
+                    message="Proxy registration is enabled but proxy_url is not specified",
+                    section="proxy_registration",
+                    key="proxy_url",
+                    suggestion="Specify proxy_registration.proxy_url"
+                ))
+            elif not self._is_valid_url(proxy_config.get("proxy_url", "")):
+                self.validation_results.append(ValidationResult(
+                    level="error",
+                    message=f"Invalid proxy URL format: {proxy_config.get('proxy_url')}",
+                    section="proxy_registration",
+                    key="proxy_url",
+                    suggestion="Use a valid URL format (e.g., http://host:port)"
+                ))
+        
+        return self.validation_results