mcp-proxy-adapter 6.1.0__tar.gz → 6.1.1__tar.gz

{mcp_proxy_adapter-6.1.0/mcp_proxy_adapter.egg-info → mcp_proxy_adapter-6.1.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mcp-proxy-adapter
-Version: 6.1.0
+Version: 6.1.1
 Summary: Model Context Protocol Proxy Adapter with Security Framework
 Home-page: https://github.com/maverikod/mcp-proxy-adapter
 Author: Vasiliy Zdanovskiy

{mcp_proxy_adapter-6.1.0 → mcp_proxy_adapter-6.1.1}/mcp_proxy_adapter/api/middleware/__init__.py

@@ -43,8 +43,8 @@ def setup_middleware(app: FastAPI, app_config: Optional[Dict[str, Any]] = None)
         else:
             logger.warning(f"Middleware {middleware.__class__.__name__} doesn't have dispatch method")
     
-    # Add protocol middleware (always needed)
-    setup_protocol_middleware(app)
+    # Add protocol middleware with current configuration
+    setup_protocol_middleware(app, current_config)
     
     # Log middleware information
     middleware_info = factory.get_middleware_info()

{mcp_proxy_adapter-6.1.0 → mcp_proxy_adapter-6.1.1}/mcp_proxy_adapter/api/middleware/protocol_middleware.py

@@ -4,12 +4,12 @@ Protocol middleware module.
 This module provides middleware for validating protocol access based on configuration.
 """
 
-from typing import Callable
+from typing import Callable, Dict, Any, Optional
 from fastapi import Request, Response
 from starlette.middleware.base import BaseHTTPMiddleware
 from starlette.responses import JSONResponse
 
-from mcp_proxy_adapter.core.protocol_manager import protocol_manager
+from mcp_proxy_adapter.core.protocol_manager import get_protocol_manager
 from mcp_proxy_adapter.core.logging import logger
 
 
@@ -21,16 +21,29 @@ class ProtocolMiddleware(BaseHTTPMiddleware):
     based on the protocol configuration.
     """
     
-    def __init__(self, app, protocol_manager_instance=None):
+    def __init__(self, app, app_config: Optional[Dict[str, Any]] = None):
         """
         Initialize protocol middleware.
         
         Args:
             app: FastAPI application
-            protocol_manager_instance: Protocol manager instance (optional)
+            app_config: Application configuration dictionary (optional)
         """
         super().__init__(app)
-        self.protocol_manager = protocol_manager_instance or protocol_manager
+        self.app_config = app_config
+        # Get protocol manager with current configuration
+        self.protocol_manager = get_protocol_manager(app_config)
+    
+    def update_config(self, new_config: Dict[str, Any]):
+        """
+        Update configuration and reload protocol manager.
+        
+        Args:
+            new_config: New configuration dictionary
+        """
+        self.app_config = new_config
+        self.protocol_manager = get_protocol_manager(new_config)
+        logger.info("Protocol middleware configuration updated")
     
     async def dispatch(self, request: Request, call_next: Callable) -> Response:
         """
@@ -116,20 +129,26 @@ class ProtocolMiddleware(BaseHTTPMiddleware):
         return "http"
 
 
-def setup_protocol_middleware(app, protocol_manager_instance=None):
+def setup_protocol_middleware(app, app_config: Optional[Dict[str, Any]] = None):
     """
     Setup protocol middleware for FastAPI application.
     
     Args:
         app: FastAPI application
-        protocol_manager_instance: Protocol manager instance (optional)
+        app_config: Application configuration dictionary (optional)
     """
-    if protocol_manager_instance is None:
-        protocol_manager_instance = protocol_manager
+    # Check if protocol management is enabled
+    if app_config is None:
+        from mcp_proxy_adapter.config import config
+        app_config = config.get_all()
+    
+    protocols_config = app_config.get("protocols", {})
+    enabled = protocols_config.get("enabled", True)
     
-    # Only add middleware if protocol management is enabled
-    if protocol_manager_instance.enabled:
-        app.add_middleware(ProtocolMiddleware, protocol_manager_instance=protocol_manager_instance)
+    if enabled:
+        # Create protocol middleware with current configuration
+        middleware = ProtocolMiddleware(app, app_config)
+        app.add_middleware(ProtocolMiddleware, app_config=app_config)
         logger.info("Protocol middleware added to application")
     else:
-        logger.debug("Protocol management is disabled, skipping protocol middleware") 
+        logger.info("Protocol management is disabled, skipping protocol middleware") 

{mcp_proxy_adapter-6.1.0 → mcp_proxy_adapter-6.1.1}/mcp_proxy_adapter/api/middleware/unified_security.py

@@ -66,9 +66,12 @@ class UnifiedSecurityMiddleware(BaseHTTPMiddleware):
             logger.info("Using mcp_security_framework FastAPI middleware")
         except Exception as e:
             logger.error(f"Security framework integration failed: {e}")
-            raise RuntimeError("Security framework integration failed - framework must be available for production use") from e
+            # Instead of raising error, log warning and continue without security
+            logger.warning("Continuing without security framework - some security features will be disabled")
+            self.security_integration = None
+            self.framework_middleware = None
         
-        logger.info("Unified security middleware initialized with mcp_security_framework")
+        logger.info("Unified security middleware initialized")
     
     async def dispatch(self, request: Request, call_next: Callable[[Request], Awaitable[Response]]) -> Response:
         """
@@ -82,8 +85,13 @@ class UnifiedSecurityMiddleware(BaseHTTPMiddleware):
             Response object
         """
         try:
-            # Use framework middleware only
-            return await self.framework_middleware.dispatch(request, call_next)
+            # Use framework middleware if available
+            if self.framework_middleware is not None:
+                return await self.framework_middleware.dispatch(request, call_next)
+            else:
+                # Fallback: continue without security middleware
+                logger.debug("Security framework not available, continuing without security checks")
+                return await call_next(request)
             
         except SecurityValidationError as e:
             # Handle security validation errors

{mcp_proxy_adapter-6.1.0 → mcp_proxy_adapter-6.1.1}/mcp_proxy_adapter/core/protocol_manager.py

@@ -21,19 +21,84 @@ class ProtocolManager:
     ensuring that only configured protocols are accessible.
     """
     
-    def __init__(self):
-        """Initialize the protocol manager."""
+    def __init__(self, app_config: Optional[Dict] = None):
+        """
+        Initialize the protocol manager.
+        
+        Args:
+            app_config: Application configuration dictionary (optional)
+        """
+        self.app_config = app_config
         self._load_config()
     
     def _load_config(self):
         """Load protocol configuration from config."""
-        self.protocols_config = config.get("protocols", {})
+        # Use provided config or fallback to global config
+        current_config = self.app_config if self.app_config is not None else config.get_all()
+        
+        # Get protocols configuration
+        self.protocols_config = current_config.get("protocols", {})
         self.enabled = self.protocols_config.get("enabled", True)
-        self.allowed_protocols = self.protocols_config.get("allowed_protocols", ["http"])
-        logger.debug(f"Protocol manager loaded config: enabled={self.enabled}, allowed_protocols={self.allowed_protocols}")
+        
+        # Get SSL configuration to determine allowed protocols
+        ssl_enabled = self._is_ssl_enabled(current_config)
+        
+        # Set allowed protocols based on SSL configuration
+        if ssl_enabled:
+            # If SSL is enabled, allow both HTTP and HTTPS
+            self.allowed_protocols = self.protocols_config.get("allowed_protocols", ["http", "https"])
+            # Ensure HTTPS is in allowed protocols if SSL is enabled
+            if "https" not in self.allowed_protocols:
+                self.allowed_protocols.append("https")
+        else:
+            # If SSL is disabled, only allow HTTP
+            self.allowed_protocols = self.protocols_config.get("allowed_protocols", ["http"])
+            # Remove HTTPS from allowed protocols if SSL is disabled
+            if "https" in self.allowed_protocols:
+                self.allowed_protocols.remove("https")
+        
+        logger.debug(f"Protocol manager loaded config: enabled={self.enabled}, allowed_protocols={self.allowed_protocols}, ssl_enabled={ssl_enabled}")
+    
+    def _is_ssl_enabled(self, current_config: Dict) -> bool:
+        """
+        Check if SSL is enabled in configuration.
+        
+        Args:
+            current_config: Current configuration dictionary
+            
+        Returns:
+            True if SSL is enabled, False otherwise
+        """
+        # Try security framework SSL config first
+        security_config = current_config.get("security", {})
+        ssl_config = security_config.get("ssl", {})
+        
+        if ssl_config.get("enabled", False):
+            logger.debug("SSL enabled via security.ssl configuration")
+            return True
+        
+        # Fallback to legacy SSL config
+        legacy_ssl_config = current_config.get("ssl", {})
+        if legacy_ssl_config.get("enabled", False):
+            logger.debug("SSL enabled via legacy ssl configuration")
+            return True
+        
+        logger.debug("SSL is disabled in configuration")
+        return False
+    
+    def update_config(self, new_config: Dict):
+        """
+        Update configuration and reload protocol settings.
+        
+        Args:
+            new_config: New configuration dictionary
+        """
+        self.app_config = new_config
+        self._load_config()
+        logger.info(f"Protocol manager configuration updated: allowed_protocols={self.allowed_protocols}")
     
     def reload_config(self):
-        """Reload protocol configuration."""
+        """Reload protocol configuration from global config."""
         self._load_config()
         
     def is_protocol_allowed(self, protocol: str) -> bool:
@@ -137,7 +202,11 @@ class ProtocolManager:
         if protocol.lower() not in ["https", "mtls"]:
             return None
             
-        ssl_config = config.get("ssl", {})
+        # Use provided config or fallback to global config
+        current_config = self.app_config if self.app_config is not None else config.get_all()
+        
+        # Get SSL configuration
+        ssl_config = self._get_ssl_config(current_config)
         
         if not ssl_config.get("enabled", False):
             logger.warning(f"SSL required for protocol '{protocol}' but SSL is disabled")
@@ -170,6 +239,33 @@ class ProtocolManager:
             logger.error(f"Failed to create SSL context for protocol '{protocol}': {e}")
             return None
     
+    def _get_ssl_config(self, current_config: Dict) -> Dict:
+        """
+        Get SSL configuration from config.
+        
+        Args:
+            current_config: Current configuration dictionary
+            
+        Returns:
+            SSL configuration dictionary
+        """
+        # Try security framework SSL config first
+        security_config = current_config.get("security", {})
+        ssl_config = security_config.get("ssl", {})
+        
+        if ssl_config.get("enabled", False):
+            logger.debug("Using security.ssl configuration")
+            return ssl_config
+        
+        # Fallback to legacy SSL config
+        legacy_ssl_config = current_config.get("ssl", {})
+        if legacy_ssl_config.get("enabled", False):
+            logger.debug("Using legacy ssl configuration")
+            return legacy_ssl_config
+        
+        # Return empty config if SSL is disabled
+        return {"enabled": False}
+    
     def get_protocol_info(self) -> Dict[str, Dict]:
         """
         Get information about all configured protocols.
@@ -222,7 +318,10 @@ class ProtocolManager:
                 
             # Check SSL requirements
             if protocol in ["https", "mtls"]:
-                ssl_config = config.get("ssl", {})
+                # Use provided config or fallback to global config
+                current_config = self.app_config if self.app_config is not None else config.get_all()
+                ssl_config = self._get_ssl_config(current_config)
+                
                 if not ssl_config.get("enabled", False):
                     errors.append(f"Protocol '{protocol}' requires SSL but SSL is disabled")
                 elif not ssl_config.get("cert_file") or not ssl_config.get("key_file"):
@@ -231,5 +330,28 @@ class ProtocolManager:
         return errors
 
 
-# Global protocol manager instance
-protocol_manager = ProtocolManager() 
+# Global protocol manager instance - will be updated with config when needed
+protocol_manager = None
+
+def get_protocol_manager(app_config: Optional[Dict] = None) -> ProtocolManager:
+    """
+    Get protocol manager instance with current configuration.
+    
+    Args:
+        app_config: Application configuration dictionary (optional)
+        
+    Returns:
+        ProtocolManager instance
+    """
+    global protocol_manager
+    
+    # If no app_config provided, use global config
+    if app_config is None:
+        app_config = config.get_all()
+    
+    # Create new instance if none exists or config changed
+    if protocol_manager is None or protocol_manager.app_config != app_config:
+        protocol_manager = ProtocolManager(app_config)
+        logger.info("Protocol manager created with new configuration")
+    
+    return protocol_manager 

{mcp_proxy_adapter-6.1.0 → mcp_proxy_adapter-6.1.1}/mcp_proxy_adapter/core/security_integration.py

@@ -102,18 +102,26 @@ class SecurityIntegration:
             public_paths=security_section.get("auth", {}).get("public_paths", [])
         )
         
-        # Create permission config
+        # Create permission config - handle null values properly
+        permissions_section = security_section.get("permissions", {})
+        roles_file = permissions_section.get("roles_file")
+        
+        # If roles_file is None or empty string, don't pass it to avoid framework errors
+        if roles_file is None or roles_file == "":
+            logger.warning("roles_file is None or empty, permissions will use default configuration")
+            roles_file = None
+        
         permission_config = PermissionConfig(
-            enabled=security_section.get("permissions", {}).get("enabled", True),
-            roles_file=security_section.get("permissions", {}).get("roles_file"),
-            default_role=security_section.get("permissions", {}).get("default_role", "guest"),
-            admin_role=security_section.get("permissions", {}).get("admin_role", "admin"),
-            role_hierarchy=security_section.get("permissions", {}).get("role_hierarchy", {}),
-            permission_cache_enabled=security_section.get("permissions", {}).get("permission_cache_enabled", True),
-            permission_cache_ttl=security_section.get("permissions", {}).get("permission_cache_ttl", 300),
-            wildcard_permissions=security_section.get("permissions", {}).get("wildcard_permissions", False),
-            strict_mode=security_section.get("permissions", {}).get("strict_mode", True),
-            roles=security_section.get("permissions", {}).get("roles")
+            enabled=permissions_section.get("enabled", True),
+            roles_file=roles_file,
+            default_role=permissions_section.get("default_role", "guest"),
+            admin_role=permissions_section.get("admin_role", "admin"),
+            role_hierarchy=permissions_section.get("role_hierarchy", {}),
+            permission_cache_enabled=permissions_section.get("permission_cache_enabled", True),
+            permission_cache_ttl=permissions_section.get("permission_cache_ttl", 300),
+            wildcard_permissions=permissions_section.get("wildcard_permissions", False),
+            strict_mode=permissions_section.get("strict_mode", True),
+            roles=permissions_section.get("roles")
         )
         
         # Create rate limit config

mcp_proxy_adapter-6.1.1/mcp_proxy_adapter/docs/EN/TROUBLESHOOTING.md

@@ -0,0 +1,285 @@
+# Troubleshooting Guide
+
+This guide addresses common issues with MCP Proxy Adapter Framework, particularly related to ProtocolMiddleware and SSL/TLS configuration.
+
+## Common Issues
+
+### Issue 1: ProtocolMiddleware blocks HTTPS requests
+
+**Problem:** ProtocolMiddleware is initialized with default settings and doesn't update when SSL configuration changes.
+
+**Symptoms:**
+```
+Protocol 'https' not allowed for request to /health
+INFO: 127.0.0.1:42038 - "GET /health HTTP/1.1" 403 Forbidden
+```
+
+**Root Cause:** ProtocolMiddleware was created as a global instance with default settings and didn't update when SSL was enabled.
+
+**Solution:** 
+1. **Use updated ProtocolManager** (Fixed in v1.1.0):
+   - ProtocolManager now dynamically updates based on SSL configuration
+   - Automatically allows HTTPS when SSL is enabled
+
+2. **Disable ProtocolMiddleware for HTTPS** (Temporary workaround):
+   ```json
+   {
+     "server": {"host": "127.0.0.1", "port": 10004},
+     "ssl": {"enabled": true, "cert_file": "./certs/server.crt", "key_file": "./certs/server.key"},
+     "security": {"enabled": true, "auth": {"enabled": true, "methods": ["api_key"]}},
+     "protocols": {"enabled": false}
+   }
+   ```
+
+### Issue 2: SSL Configuration Conflicts
+
+**Problem:** Framework reads SSL configuration from both `ssl` (legacy) and `security.ssl` sections, causing confusion.
+
+**Symptoms:**
+```
+🔍 Debug: SSL config at start of validation: enabled=False
+🔍 Debug: Root SSL section found: enabled=True
+🔍 Debug: _get_ssl_config: security.ssl key_file=None
+🔍 Debug: _get_ssl_config: legacy ssl key_file=./certs/server.key
+```
+
+**Solution:**
+1. **Use unified SSL configuration** (Recommended):
+   ```json
+   {
+     "security": {
+       "ssl": {
+         "enabled": true,
+         "cert_file": "./certs/server.crt",
+         "key_file": "./certs/server.key"
+       }
+     }
+   }
+   ```
+
+2. **Use legacy SSL configuration** (Backward compatible):
+   ```json
+   {
+     "ssl": {
+       "enabled": true,
+       "cert_file": "./certs/server.crt",
+       "key_file": "./certs/server.key"
+     }
+   }
+   ```
+
+### Issue 3: Security Framework Initialization Errors
+
+**Problem:** Security framework fails to initialize due to missing or null configuration values.
+
+**Symptoms:**
+```
+Failed to initialize security components: Failed to load roles configuration: argument should be a str or an os.PathLike object where __fspath__ returns a str, not 'NoneType'
+```
+
+**Solution:**
+1. **Provide roles file** (If using roles):
+   ```json
+   {
+     "security": {
+       "permissions": {
+         "enabled": true,
+         "roles_file": "./roles.json"
+       }
+     }
+   }
+   ```
+
+2. **Disable permissions** (If not using roles):
+   ```json
+   {
+     "security": {
+       "permissions": {
+         "enabled": false
+       }
+     }
+   }
+   ```
+
+3. **Use graceful fallback** (Fixed in v1.1.0):
+   - Security framework now continues without roles if roles_file is null
+   - Logs warning instead of crashing
+
+## Configuration Examples
+
+### HTTP Simple
+```json
+{
+  "server": {"host": "127.0.0.1", "port": 10001},
+  "ssl": {"enabled": false},
+  "security": {"enabled": false},
+  "protocols": {"enabled": true, "allowed_protocols": ["http"]}
+}
+```
+
+### HTTPS Simple
+```json
+{
+  "server": {"host": "127.0.0.1", "port": 10002},
+  "ssl": {"enabled": true, "cert_file": "./certs/server.crt", "key_file": "./certs/server.key"},
+  "security": {"enabled": false},
+  "protocols": {"enabled": true, "allowed_protocols": ["http", "https"]}
+}
+```
+
+### HTTPS with Token Auth
+```json
+{
+  "server": {"host": "127.0.0.1", "port": 10003},
+  "ssl": {"enabled": true, "cert_file": "./certs/server.crt", "key_file": "./certs/server.key"},
+  "security": {
+    "enabled": true,
+    "auth": {"enabled": true, "methods": ["api_key"]}
+  },
+  "protocols": {"enabled": true, "allowed_protocols": ["http", "https"]}
+}
+```
+
+### HTTPS without ProtocolMiddleware
+```json
+{
+  "server": {"host": "127.0.0.1", "port": 10004},
+  "ssl": {"enabled": true, "cert_file": "./certs/server.crt", "key_file": "./certs/server.key"},
+  "security": {
+    "enabled": true,
+    "auth": {"enabled": true, "methods": ["api_key"]}
+  },
+  "protocols": {"enabled": false}
+}
+```
+
+### mTLS Simple
+```json
+{
+  "server": {"host": "127.0.0.1", "port": 10005},
+  "ssl": {
+    "enabled": true,
+    "cert_file": "./certs/server.crt",
+    "key_file": "./certs/server.key",
+    "ca_cert": "./certs/ca.crt",
+    "verify_client": true
+  },
+  "security": {
+    "enabled": true,
+    "auth": {"enabled": true, "methods": ["certificate"]}
+  },
+  "protocols": {"enabled": true, "allowed_protocols": ["https", "mtls"]}
+}
+```
+
+## Testing Your Configuration
+
+### Test HTTP
+```bash
+curl http://127.0.0.1:10001/health
+```
+
+### Test HTTPS
+```bash
+curl -k https://127.0.0.1:10002/health
+```
+
+### Test HTTPS with Auth
+```bash
+curl -k -H "Authorization: Bearer your-api-key" https://127.0.0.1:10003/health
+```
+
+### Test mTLS
+```bash
+curl -k --cert ./certs/client.crt --key ./certs/client.key https://127.0.0.1:10005/health
+```
+
+## Debugging
+
+### Enable Debug Logging
+```json
+{
+  "logging": {
+    "level": "DEBUG",
+    "console_output": true
+  }
+}
+```
+
+### Check Protocol Manager Status
+```python
+from mcp_proxy_adapter.core.protocol_manager import get_protocol_manager
+from mcp_proxy_adapter.config import config
+
+pm = get_protocol_manager(config.get_all())
+print(f"Allowed protocols: {pm.get_allowed_protocols()}")
+print(f"Protocol info: {pm.get_protocol_info()}")
+```
+
+### Check SSL Configuration
+```python
+from mcp_proxy_adapter.config import config
+
+ssl_config = config.get("ssl", {})
+security_ssl = config.get("security", {}).get("ssl", {})
+print(f"Legacy SSL: {ssl_config}")
+print(f"Security SSL: {security_ssl}")
+```
+
+## Migration Guide
+
+### From Legacy to New Configuration
+
+**Old (Legacy):**
+```json
+{
+  "ssl": {"enabled": true, "cert_file": "./certs/server.crt", "key_file": "./certs/server.key"}
+}
+```
+
+**New (Recommended):**
+```json
+{
+  "security": {
+    "ssl": {"enabled": true, "cert_file": "./certs/server.crt", "key_file": "./certs/server.key"}
+  }
+}
+```
+
+### Adding Protocol Management
+
+**Without Protocol Management:**
+```json
+{
+  "protocols": {"enabled": false}
+}
+```
+
+**With Protocol Management:**
+```json
+{
+  "protocols": {
+    "enabled": true,
+    "allowed_protocols": ["http", "https"]
+  }
+}
+```
+
+## Best Practices
+
+1. **Use security.ssl instead of legacy ssl** for new configurations
+2. **Disable ProtocolMiddleware** if you don't need protocol validation
+3. **Provide roles_file** or disable permissions if using security framework
+4. **Test configurations** before deploying to production
+5. **Use debug logging** for troubleshooting
+6. **Keep certificates and keys secure** and properly configured
+
+## Support
+
+If you encounter issues not covered in this guide:
+
+1. Check the logs for detailed error messages
+2. Enable debug logging for more information
+3. Verify certificate files exist and are readable
+4. Test with simple configurations first
+5. Report issues with full configuration and error logs