PyPI - mcp-proxy-adapter - Versions diffs - 6.0.0__py3-none-any.whl → 6.1.0__py3-none-any.whl - Mend

mcp-proxy-adapter 6.0.0py3-none-any.whl → 6.1.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (259) hide show

mcp_proxy_adapter/examples/universal_client.py ADDED Viewed

@@ -0,0 +1,628 @@
+"""
+Universal Client Example
+This module demonstrates all possible secure connection methods to the server
+using the mcp_security_framework. The client supports all authentication methods
+and connection types supported by the security framework.
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+import asyncio
+import json
+import ssl
+import time
+from typing import Dict, Any, Optional, List, Union
+from urllib.parse import urljoin
+from pathlib import Path
+import aiohttp
+import requests
+from requests.exceptions import RequestException
+# Import security framework components
+try:
+    from mcp_security_framework import SecurityManager, AuthManager, CertificateManager
+    from mcp_security_framework.utils import generate_api_key, create_jwt_token, validate_jwt_token
+    from mcp_security_framework.utils import extract_roles_from_cert, validate_certificate_chain
+    from mcp_security_framework.utils import create_ssl_context, validate_server_certificate
+    SECURITY_FRAMEWORK_AVAILABLE = True
+except ImportError:
+    SECURITY_FRAMEWORK_AVAILABLE = False
+    print("Warning: mcp_security_framework not available. Using basic HTTP client.")
+class UniversalClient:
+    """
+    Universal client that demonstrates all possible secure connection methods.
+    Supports:
+    - HTTP/HTTPS connections
+    - API Key authentication
+    - JWT token authentication
+    - Certificate-based authentication
+    - SSL/TLS with custom certificates
+    - Role-based access control
+    - Rate limiting awareness
+    """
+    def __init__(self, config: Dict[str, Any]):
+        """
+        Initialize universal client with configuration.
+        Args:
+            config: Client configuration with security settings
+        """
+        self.config = config
+        self.base_url = config.get("server_url", "http://localhost:8000")
+        self.timeout = config.get("timeout", 30)
+        self.retry_attempts = config.get("retry_attempts", 3)
+        self.retry_delay = config.get("retry_delay", 1)
+        # Security configuration
+        self.security_config = config.get("security", {})
+        self.auth_method = self.security_config.get("auth_method", "none")
+        # Initialize security managers if framework is available
+        self.security_manager = None
+        self.auth_manager = None
+        self.cert_manager = None
+        if SECURITY_FRAMEWORK_AVAILABLE:
+            self._initialize_security_managers()
+        # Session management
+        self.session: Optional[aiohttp.ClientSession] = None
+        self.current_token: Optional[str] = None
+        self.token_expiry: Optional[float] = None
+        print(f"Universal client initialized with auth method: {self.auth_method}")
+    def _initialize_security_managers(self) -> None:
+        """Initialize security framework managers."""
+        try:
+            # Initialize security manager
+            self.security_manager = SecurityManager(self.security_config)
+            # Initialize auth manager
+            auth_config = self.security_config.get("auth", {})
+            self.auth_manager = AuthManager(auth_config)
+            # Initialize certificate manager
+            cert_config = self.security_config.get("certificates", {})
+            self.cert_manager = CertificateManager(cert_config)
+            print("Security framework managers initialized successfully")
+        except Exception as e:
+            print(f"Warning: Failed to initialize security managers: {e}")
+    async def __aenter__(self):
+        """Async context manager entry."""
+        await self.connect()
+        return self
+    async def __aexit__(self, exc_type, exc_val, exc_tb):
+        """Async context manager exit."""
+        await self.disconnect()
+    async def connect(self) -> None:
+        """Establish connection with authentication."""
+        print(f"Connecting to {self.base_url} with {self.auth_method} authentication...")
+        # Perform authentication based on method
+        if self.auth_method == "api_key":
+            await self._authenticate_api_key()
+        elif self.auth_method == "jwt":
+            await self._authenticate_jwt()
+        elif self.auth_method == "certificate":
+            await self._authenticate_certificate()
+        elif self.auth_method == "basic":
+            await self._authenticate_basic()
+        else:
+            print("No authentication required")
+        print("Connection established successfully")
+    async def disconnect(self) -> None:
+        """Close connection and cleanup."""
+        if self.session:
+            await self.session.close()
+            self.session = None
+        print("Connection closed")
+    async def _authenticate_api_key(self) -> None:
+        """Authenticate using API key."""
+        api_key_config = self.security_config.get("api_key", {})
+        api_key = api_key_config.get("key")
+        if not api_key:
+            raise ValueError("API key not provided in configuration")
+        # Store API key for requests
+        self.current_token = api_key
+        print(f"Authenticated with API key: {api_key[:8]}...")
+    async def _authenticate_jwt(self) -> None:
+        """Authenticate using JWT token."""
+        jwt_config = self.security_config.get("jwt", {})
+        # Check if we have a stored token that's still valid
+        if self.current_token and self.token_expiry and time.time() < self.token_expiry:
+            print("Using existing JWT token")
+            return
+        # Get credentials for JWT
+        username = jwt_config.get("username")
+        password = jwt_config.get("password")
+        secret = jwt_config.get("secret")
+        if not all([username, password, secret]):
+            raise ValueError("JWT credentials not provided in configuration")
+        # Create JWT token
+        if SECURITY_FRAMEWORK_AVAILABLE:
+            self.current_token = create_jwt_token(
+                username,
+                secret,
+                expiry_hours=jwt_config.get("expiry_hours", 24)
+            )
+        else:
+            # Simple JWT creation (for demonstration)
+            import jwt
+            payload = {
+                "username": username,
+                "exp": time.time() + (jwt_config.get("expiry_hours", 24) * 3600)
+            }
+            self.current_token = jwt.encode(payload, secret, algorithm="HS256")
+        self.token_expiry = time.time() + (jwt_config.get("expiry_hours", 24) * 3600)
+        print(f"Authenticated with JWT token: {self.current_token[:20]}...")
+    async def _authenticate_certificate(self) -> None:
+        """Authenticate using client certificate."""
+        cert_config = self.security_config.get("certificate", {})
+        cert_file = cert_config.get("cert_file")
+        key_file = cert_config.get("key_file")
+        if not cert_file or not key_file:
+            raise ValueError("Certificate files not provided in configuration")
+        # Validate certificate
+        if SECURITY_FRAMEWORK_AVAILABLE and self.cert_manager:
+            try:
+                cert_info = self.cert_manager.validate_certificate(cert_file, key_file)
+                print(f"Certificate validated: {cert_info.get('subject', 'Unknown')}")
+                # Extract roles from certificate
+                roles = extract_roles_from_cert(cert_file)
+                if roles:
+                    print(f"Certificate roles: {roles}")
+            except Exception as e:
+                print(f"Warning: Certificate validation failed: {e}")
+        print("Certificate authentication prepared")
+    async def _authenticate_basic(self) -> None:
+        """Authenticate using basic authentication."""
+        basic_config = self.security_config.get("basic", {})
+        username = basic_config.get("username")
+        password = basic_config.get("password")
+        if not username or not password:
+            raise ValueError("Basic auth credentials not provided in configuration")
+        import base64
+        credentials = base64.b64encode(f"{username}:{password}".encode()).decode()
+        self.current_token = f"Basic {credentials}"
+        print(f"Authenticated with basic auth: {username}")
+    def _get_auth_headers(self) -> Dict[str, str]:
+        """Get authentication headers for requests."""
+        headers = {"Content-Type": "application/json"}
+        if not self.current_token:
+            return headers
+        if self.auth_method == "api_key":
+            api_key_config = self.security_config.get("api_key", {})
+            header_name = api_key_config.get("header", "X-API-Key")
+            headers[header_name] = self.current_token
+        elif self.auth_method == "jwt":
+            headers["Authorization"] = f"Bearer {self.current_token}"
+        elif self.auth_method == "basic":
+            headers["Authorization"] = self.current_token
+        return headers
+    def _create_ssl_context(self) -> Optional[ssl.SSLContext]:
+        """Create SSL context for secure connections."""
+        if not SECURITY_FRAMEWORK_AVAILABLE:
+            return None
+        try:
+            ssl_config = self.security_config.get("ssl", {})
+            if not ssl_config.get("enabled", False):
+                return None
+            # Create SSL context using security framework
+            if self.security_manager:
+                return self.security_manager.create_client_ssl_context()
+            # Fallback SSL context creation
+            context = ssl.create_default_context()
+            # Add client certificate if provided
+            cert_config = self.security_config.get("certificate", {})
+            if cert_config.get("enabled", False):
+                cert_file = cert_config.get("cert_file")
+                key_file = cert_config.get("key_file")
+                if cert_file and key_file:
+                    context.load_cert_chain(cert_file, key_file)
+            # Add CA certificate if provided
+            ca_cert_file = ssl_config.get("ca_cert_file")
+            if ca_cert_file:
+                context.load_verify_locations(ca_cert_file)
+            # Configure verification
+            if ssl_config.get("check_hostname", True):
+                context.check_hostname = True
+                context.verify_mode = ssl.CERT_REQUIRED
+            else:
+                context.check_hostname = False
+                context.verify_mode = ssl.CERT_NONE
+            return context
+        except Exception as e:
+            print(f"Warning: Failed to create SSL context: {e}")
+            return None
+    async def request(
+        self,
+        method: str,
+        endpoint: str,
+        data: Optional[Dict[str, Any]] = None,
+        headers: Optional[Dict[str, str]] = None
+    ) -> Dict[str, Any]:
+        """
+        Make authenticated request to server.
+        Args:
+            method: HTTP method (GET, POST, etc.)
+            endpoint: API endpoint
+            data: Request data
+            headers: Additional headers
+        Returns:
+            Response data
+        """
+        url = urljoin(self.base_url, endpoint)
+        # Prepare headers
+        request_headers = self._get_auth_headers()
+        if headers:
+            request_headers.update(headers)
+        # Create SSL context
+        ssl_context = self._create_ssl_context()
+        # Create connector with SSL context
+        connector = None
+        if ssl_context:
+            connector = aiohttp.TCPConnector(ssl=ssl_context)
+        try:
+            async with aiohttp.ClientSession(connector=connector) as session:
+                for attempt in range(self.retry_attempts):
+                    try:
+                        async with session.request(
+                            method,
+                            url,
+                            json=data,
+                            headers=request_headers,
+                            timeout=aiohttp.ClientTimeout(total=self.timeout)
+                        ) as response:
+                            result = await response.json()
+                            # Validate response if security framework available
+                            if SECURITY_FRAMEWORK_AVAILABLE and self.security_manager:
+                                self.security_manager.validate_server_response(dict(response.headers))
+                            if response.status >= 400:
+                                print(f"Request failed with status {response.status}: {result}")
+                                return {"error": result, "status": response.status}
+                            return result
+                    except Exception as e:
+                        print(f"Request attempt {attempt + 1} failed: {e}")
+                        if attempt < self.retry_attempts - 1:
+                            await asyncio.sleep(self.retry_delay)
+                        else:
+                            raise
+        finally:
+            if connector:
+                await connector.close()
+    async def get(self, endpoint: str, **kwargs) -> Dict[str, Any]:
+        """Make GET request."""
+        return await self.request("GET", endpoint, **kwargs)
+    async def post(self, endpoint: str, data: Dict[str, Any], **kwargs) -> Dict[str, Any]:
+        """Make POST request."""
+        return await self.request("POST", endpoint, data=data, **kwargs)
+    async def put(self, endpoint: str, data: Dict[str, Any], **kwargs) -> Dict[str, Any]:
+        """Make PUT request."""
+        return await self.request("PUT", endpoint, data=data, **kwargs)
+    async def delete(self, endpoint: str, **kwargs) -> Dict[str, Any]:
+        """Make DELETE request."""
+        return await self.request("DELETE", endpoint, **kwargs)
+    async def test_connection(self) -> bool:
+        """Test connection to server."""
+        try:
+            result = await self.get("/health")
+            if "error" not in result:
+                print("✅ Connection test successful")
+                return True
+            else:
+                print(f"❌ Connection test failed: {result}")
+                return False
+        except Exception as e:
+            print(f"❌ Connection test failed: {e}")
+            return False
+    async def test_security_features(self) -> Dict[str, bool]:
+        """Test various security features."""
+        results = {}
+        # Test basic connectivity
+        results["connectivity"] = await self.test_connection()
+        # Test authentication
+        if self.auth_method != "none":
+            try:
+                result = await self.get("/api/auth/status")
+                results["authentication"] = "error" not in result
+            except:
+                results["authentication"] = False
+        # Test SSL/TLS
+        if self.base_url.startswith("https"):
+            results["ssl_tls"] = True
+        else:
+            results["ssl_tls"] = False
+        # Test certificate validation
+        if self.auth_method == "certificate" and SECURITY_FRAMEWORK_AVAILABLE:
+            results["certificate_validation"] = True
+        else:
+            results["certificate_validation"] = False
+        return results
+def create_client_config(
+    server_url: str,
+    auth_method: str = "none",
+    **kwargs
+) -> Dict[str, Any]:
+    """
+    Create client configuration for different authentication methods.
+    Args:
+        server_url: Server URL
+        auth_method: Authentication method (none, api_key, jwt, certificate, basic)
+        **kwargs: Additional configuration parameters
+    Returns:
+        Client configuration dictionary
+    """
+    config = {
+        "server_url": server_url,
+        "timeout": 30,
+        "retry_attempts": 3,
+        "retry_delay": 1,
+        "security": {
+            "auth_method": auth_method
+        }
+    }
+    if auth_method == "api_key":
+        config["security"]["api_key"] = {
+            "key": kwargs.get("api_key", "your_api_key_here"),
+            "header": kwargs.get("header", "X-API-Key")
+        }
+    elif auth_method == "jwt":
+        config["security"]["jwt"] = {
+            "username": kwargs.get("username", "user"),
+            "password": kwargs.get("password", "password"),
+            "secret": kwargs.get("secret", "your_jwt_secret"),
+            "expiry_hours": kwargs.get("expiry_hours", 24)
+        }
+    elif auth_method == "certificate":
+        config["security"]["certificate"] = {
+            "enabled": True,
+            "cert_file": kwargs.get("cert_file", "./certs/client.crt"),
+            "key_file": kwargs.get("key_file", "./keys/client.key"),
+            "ca_cert_file": kwargs.get("ca_cert_file", "./certs/ca.crt")
+        }
+        config["security"]["ssl"] = {
+            "enabled": True,
+            "check_hostname": kwargs.get("check_hostname", True),
+            "ca_cert_file": kwargs.get("ca_cert_file", "./certs/ca.crt")
+        }
+    elif auth_method == "basic":
+        config["security"]["basic"] = {
+            "username": kwargs.get("username", "user"),
+            "password": kwargs.get("password", "password")
+        }
+    return config
+async def demo_all_connection_methods():
+    """Demonstrate all possible connection methods."""
+    print("🚀 Universal Client Demo - All Connection Methods")
+    print("=" * 60)
+    # Test configurations for different auth methods
+    test_configs = [
+        {
+            "name": "No Authentication",
+            "config": create_client_config("http://localhost:8000", "none")
+        },
+        {
+            "name": "API Key Authentication",
+            "config": create_client_config(
+                "http://localhost:8000",
+                "api_key",
+                api_key="demo_api_key_123"
+            )
+        },
+        {
+            "name": "JWT Authentication",
+            "config": create_client_config(
+                "http://localhost:8000",
+                "jwt",
+                username="demo_user",
+                password="demo_password",
+                secret="demo_jwt_secret"
+            )
+        },
+        {
+            "name": "Basic Authentication",
+            "config": create_client_config(
+                "http://localhost:8000",
+                "basic",
+                username="demo_user",
+                password="demo_password"
+            )
+        },
+        {
+            "name": "Certificate Authentication (HTTPS)",
+            "config": create_client_config(
+                "https://localhost:8443",
+                "certificate",
+                cert_file="./certs/client.crt",
+                key_file="./keys/client.key",
+                ca_cert_file="./certs/ca.crt"
+            )
+        }
+    ]
+    for test_config in test_configs:
+        print(f"\n📋 Testing: {test_config['name']}")
+        print("-" * 40)
+        try:
+            async with UniversalClient(test_config["config"]) as client:
+                # Test connection
+                success = await client.test_connection()
+                if success:
+                    # Test security features
+                    security_results = await client.test_security_features()
+                    print("Security Features:")
+                    for feature, status in security_results.items():
+                        status_icon = "✅" if status else "❌"
+                        print(f"  {status_icon} {feature}: {status}")
+                    # Make a test API call
+                    try:
+                        result = await client.get("/api/status")
+                        print(f"API Status: {result}")
+                    except Exception as e:
+                        print(f"API call failed: {e}")
+                else:
+                    print("❌ Connection failed")
+        except Exception as e:
+            print(f"❌ Test failed: {e}")
+    print("\n🎉 Demo completed!")
+async def demo_specific_connection(auth_method: str, **kwargs):
+    """
+    Demo specific connection method.
+    Args:
+        auth_method: Authentication method to test
+        **kwargs: Configuration parameters
+    """
+    print(f"🚀 Testing {auth_method} connection")
+    print("=" * 40)
+    config = create_client_config("http://localhost:8000", auth_method, **kwargs)
+    async with UniversalClient(config) as client:
+        # Test connection
+        success = await client.test_connection()
+        if success:
+            print("✅ Connection successful!")
+            # Make some API calls
+            try:
+                # Get server status
+                status = await client.get("/api/status")
+                print(f"Server Status: {status}")
+                # Test command execution
+                command_data = {
+                    "jsonrpc": "2.0",
+                    "method": "test_command",
+                    "params": {"message": "Hello from universal client!"},
+                    "id": 1
+                }
+                result = await client.post("/api/jsonrpc", command_data)
+                print(f"Command Result: {result}")
+            except Exception as e:
+                print(f"API calls failed: {e}")
+        else:
+            print("❌ Connection failed")
+if __name__ == "__main__":
+    import sys
+    if len(sys.argv) > 1:
+        # Test specific auth method
+        auth_method = sys.argv[1]
+        kwargs = {}
+        if auth_method == "api_key":
+            kwargs["api_key"] = "demo_key_123"
+        elif auth_method == "jwt":
+            kwargs.update({
+                "username": "demo_user",
+                "password": "demo_password",
+                "secret": "demo_secret"
+            })
+        elif auth_method == "certificate":
+            kwargs.update({
+                "cert_file": "./certs/client.crt",
+                "key_file": "./keys/client.key",
+                "ca_cert_file": "./certs/ca.crt"
+            })
+        elif auth_method == "basic":
+            kwargs.update({
+                "username": "demo_user",
+                "password": "demo_password"
+            })
+        asyncio.run(demo_specific_connection(auth_method, **kwargs))
+    else:
+        # Demo all connection methods
+        asyncio.run(demo_all_connection_methods())

mcp_proxy_adapter/main.py CHANGED Viewed

@@ -113,6 +113,14 @@ def main():
     logger.info("Configuration validation passed")
+    # Load commands
+    from mcp_proxy_adapter.commands.command_registry import registry
+    import asyncio
+    # Reload system to load all commands
+    reload_result = asyncio.run(registry.reload_system())
+    logger.info(f"Commands loaded: {reload_result}")
     # Override settings with command line arguments
     if args.host:
         server_settings['host'] = args.host
@@ -154,17 +162,20 @@ def main():
             version="1.0.0"
         )
-        # Get SSL configuration for uvicorn
-        uvicorn_ssl_config = SSLUtils.get_ssl_config_for_uvicorn(ssl_settings)
+        # Create unified server configuration
+        server_config = {
+            "host": server_settings['host'],
+            "port": server_settings['port'],
+            "log_level": server_settings.get('log_level', 'info'),
+            "ssl": ssl_settings
+        }
-        # Run the server
-        uvicorn.run(
-            app,
-            host=server_settings['host'],
-            port=server_settings['port'],
-            log_level=server_settings.get('log_level', 'info').lower(),
-            **uvicorn_ssl_config
-        )
+        # Use unified server runner
+        from mcp_proxy_adapter.core.server_adapter import UnifiedServerRunner
+        server_runner = UnifiedServerRunner()
+        # Run the server with optimal engine selection
+        server_runner.run_server(app, server_config)
     except Exception as e:
         logger.error(f"Failed to start server: {e}")

mcp-proxy-adapter 6.0.0__py3-none-any.whl → 6.1.0__py3-none-any.whl

mcp-proxy-adapter 6.0.0py3-none-any.whl → 6.1.0py3-none-any.whl