mcp-proxy-adapter 6.2.18__py3-none-any.whl → 6.2.22__py3-none-any.whl

mcp_proxy_adapter/__main__.py

@@ -16,7 +16,7 @@ from mcp_proxy_adapter.api.app import create_app
 
 def main():
     """Main CLI entry point."""
-    print("MCP Proxy Adapter v6.2.18")
+    print("MCP Proxy Adapter v6.2.21")
     print("========================")
     print()
     print("Usage:")

mcp_proxy_adapter/api/app.py

@@ -350,6 +350,9 @@ def create_app(title: Optional[str] = None, description: Optional[str] = None, v
     )
     
     # Setup middleware using the new middleware package
+    print(f"DEBUG create_app: calling setup_middleware with config type: {type(current_config)}")
+    if hasattr(current_config, 'keys'):
+        print(f"DEBUG create_app: current_config keys: {list(current_config.keys())}")
     setup_middleware(app, current_config)
     
     # Use custom OpenAPI schema

mcp_proxy_adapter/api/middleware/__init__.py

@@ -23,18 +23,21 @@ def setup_middleware(app: FastAPI, app_config: Optional[Dict[str, Any]] = None)
     # Use provided configuration or fallback to global config
     current_config = app_config if app_config is not None else config.get_all()
     
+    # Add protocol middleware FIRST (before other middleware)
+    setup_protocol_middleware(app, current_config)
+
     # Create middleware factory
     factory = MiddlewareFactory(app, current_config)
-    
+
     # Validate middleware configuration
     if not factory.validate_middleware_config():
         logger.error("Middleware configuration validation failed")
         raise SystemExit(1)
-    
+
     logger.info("Using unified security middleware")
     middleware_list = factory.create_all_middleware()
-    
-    # Add middleware to application
+
+    # Add middleware to application AFTER protocol middleware
     for middleware in middleware_list:
         # For ASGI middleware, we need to wrap the application
         if hasattr(middleware, 'dispatch'):
@@ -43,9 +46,6 @@ def setup_middleware(app: FastAPI, app_config: Optional[Dict[str, Any]] = None)
         else:
             logger.warning(f"Middleware {middleware.__class__.__name__} doesn't have dispatch method")
     
-    # Add protocol middleware with current configuration
-    setup_protocol_middleware(app, current_config)
-    
     # Log middleware information
     middleware_info = factory.get_middleware_info()
     logger.info(f"Middleware setup completed:")

mcp_proxy_adapter/api/middleware/protocol_middleware.py

@@ -24,15 +24,37 @@ class ProtocolMiddleware(BaseHTTPMiddleware):
     def __init__(self, app, app_config: Optional[Dict[str, Any]] = None):
         """
         Initialize protocol middleware.
-        
+
         Args:
             app: FastAPI application
             app_config: Application configuration dictionary (optional)
         """
         super().__init__(app)
-        self.app_config = app_config
+        # Normalize config to dictionary
+        normalized_config: Optional[Dict[str, Any]]
+        if app_config is None:
+            normalized_config = None
+        elif hasattr(app_config, 'get_all'):
+            try:
+                normalized_config = app_config.get_all()
+            except Exception as e:
+                logger.debug(f"ProtocolMiddleware - Error calling get_all(): {e}, type: {type(app_config)}")
+                normalized_config = None
+        elif hasattr(app_config, 'keys'):
+            normalized_config = app_config  # Already dict-like
+        else:
+            logger.debug(f"ProtocolMiddleware - app_config is not dict-like, type: {type(app_config)}, value: {repr(app_config)}")
+            normalized_config = None
+
+        logger.debug(f"ProtocolMiddleware - normalized_config type: {type(normalized_config)}")
+        if normalized_config:
+            logger.debug(f"ProtocolMiddleware - protocols in config: {'protocols' in normalized_config}")
+            if 'protocols' in normalized_config:
+                logger.debug(f"ProtocolMiddleware - protocols type: {type(normalized_config['protocols'])}")
+
+        self.app_config = normalized_config
         # Get protocol manager with current configuration
-        self.protocol_manager = get_protocol_manager(app_config)
+        self.protocol_manager = get_protocol_manager(normalized_config)
     
     def update_config(self, new_config: Dict[str, Any]):
         """
@@ -41,21 +63,31 @@ class ProtocolMiddleware(BaseHTTPMiddleware):
         Args:
             new_config: New configuration dictionary
         """
-        self.app_config = new_config
-        self.protocol_manager = get_protocol_manager(new_config)
+        # Normalize new config
+        if hasattr(new_config, 'get_all'):
+            try:
+                self.app_config = new_config.get_all()
+            except Exception:
+                self.app_config = None
+        elif hasattr(new_config, 'keys'):
+            self.app_config = new_config
+        else:
+            self.app_config = None
+        self.protocol_manager = get_protocol_manager(self.app_config)
         logger.info("Protocol middleware configuration updated")
     
     async def dispatch(self, request: Request, call_next: Callable) -> Response:
         """
         Process request through protocol middleware.
-        
+
         Args:
             request: Incoming request
             call_next: Next middleware/endpoint function
-            
+
         Returns:
             Response object
         """
+        logger.info(f"ProtocolMiddleware.dispatch called for {request.method} {request.url.path}")
         try:
             # Get protocol from request
             protocol = self._get_request_protocol(request)
@@ -132,22 +164,37 @@ class ProtocolMiddleware(BaseHTTPMiddleware):
 def setup_protocol_middleware(app, app_config: Optional[Dict[str, Any]] = None):
     """
     Setup protocol middleware for FastAPI application.
-    
+
     Args:
         app: FastAPI application
         app_config: Application configuration dictionary (optional)
     """
+    logger.info(f"setup_protocol_middleware - app_config type: {type(app_config)}")
+
     # Check if protocol management is enabled
     if app_config is None:
         from mcp_proxy_adapter.config import config
         app_config = config.get_all()
-    
-    protocols_config = app_config.get("protocols", {})
-    enabled = protocols_config.get("enabled", True)
-    
+        logger.info(f"setup_protocol_middleware - loaded from global config, type: {type(app_config)}")
+
+    logger.info(f"setup_protocol_middleware - final app_config type: {type(app_config)}")
+
+    if hasattr(app_config, 'get'):
+        logger.info(f"setup_protocol_middleware - app_config keys: {list(app_config.keys()) if hasattr(app_config, 'keys') else 'no keys'}")
+        protocols_config = app_config.get("protocols", {})
+        logger.info(f"setup_protocol_middleware - protocols_config type: {type(protocols_config)}")
+        enabled = protocols_config.get("enabled", True) if hasattr(protocols_config, 'get') else True
+    else:
+        logger.info(f"setup_protocol_middleware - app_config is not dict-like: {repr(app_config)}")
+        enabled = True
+
+    logger.info(f"setup_protocol_middleware - protocol management enabled: {enabled}")
+
     if enabled:
         # Create protocol middleware with current configuration
+        logger.info(f"setup_protocol_middleware - creating ProtocolMiddleware with config type: {type(app_config)}")
         middleware = ProtocolMiddleware(app, app_config)
+        logger.info(f"setup_protocol_middleware - adding middleware to app")
         app.add_middleware(ProtocolMiddleware, app_config=app_config)
         logger.info("Protocol middleware added to application")
     else:

mcp_proxy_adapter/api/middleware/unified_security.py

@@ -61,19 +61,21 @@ class UnifiedSecurityMiddleware(BaseHTTPMiddleware):
         # Create security integration
         try:
             security_config = config.get("security", {})
-            logger.info(f"DEBUG: Full config keys: {list(config.keys())}")
-            logger.info(f"DEBUG: Security config: {security_config}")
-            logger.info(f"DEBUG: Permissions in security: {'permissions' in security_config}")
             self.security_integration = create_security_integration(security_config)
             # Use framework's FastAPI middleware
             self.framework_middleware = self.security_integration.security_manager.create_fastapi_middleware()
             logger.info("Using mcp_security_framework FastAPI middleware")
+            # IMPORTANT: Don't replace self.app! This breaks the middleware chain.
+            # Instead, store the framework middleware for use in dispatch method.
+            logger.info("Framework middleware will be used in dispatch method")
         except Exception as e:
             logger.error(f"Security framework integration failed: {e}")
             # Instead of raising error, log warning and continue without security
             logger.warning("Continuing without security framework - some security features will be disabled")
             self.security_integration = None
             self.framework_middleware = None
+            # Keep original app in place when framework middleware is unavailable
+            # BaseHTTPMiddleware initialized it via super().__init__(app)
         
         logger.info("Unified security middleware initialized")
     
@@ -89,14 +91,45 @@ class UnifiedSecurityMiddleware(BaseHTTPMiddleware):
             Response object
         """
         try:
-            # Use framework middleware if available
-            if self.framework_middleware is not None:
-                return await self.framework_middleware.dispatch(request, call_next)
+            # Simple built-in API key enforcement if configured
+            security_cfg = self.config.get("security", {}) if isinstance(self.config, dict) else {}
+            auth_cfg = security_cfg.get("auth", {})
+            permissions_cfg = security_cfg.get("permissions", {})
+            public_paths = set(auth_cfg.get("public_paths", ["/health", "/docs", "/openapi.json"]))
+            # JSON-RPC endpoint must not be public when API key is required
+            public_paths.discard("/api/jsonrpc")
+            path = request.url.path
+            methods = set(auth_cfg.get("methods", []))
+            api_keys: Dict[str, str] = auth_cfg.get("api_keys", {}) or {}
+
+            # Enforce only for non-public paths when api_key method configured
+            if security_cfg.get("enabled", False) and ("api_key" in methods) and (path not in public_paths):
+                # Accept either X-API-Key or Authorization: Bearer
+                token = request.headers.get("X-API-Key")
+                if not token:
+                    authz = request.headers.get("Authorization", "")
+                    if authz.startswith("Bearer "):
+                        token = authz[7:]
+                if not token or (api_keys and token not in api_keys):
+                    from fastapi.responses import JSONResponse
+                    return JSONResponse(status_code=401, content={
+                        "error": {
+                            "code": 401,
+                            "message": "Unauthorized: invalid or missing API key",
+                            "type": "authentication_error"
+                        }
+                    })
+
+            # Continue with framework middleware or regular flow
+            if self.framework_middleware:
+                # If framework middleware exists, we need to call it manually
+                # This is a workaround since we can't chain ASGI apps in BaseHTTPMiddleware
+                logger.debug("Framework middleware exists, continuing with regular call_next")
+                return await call_next(request)
             else:
-                # Fallback: continue without security middleware
-                logger.debug("Security framework not available, continuing without security checks")
+                # No framework middleware, continue normally
                 return await call_next(request)
-            
+
         except SecurityValidationError as e:
             # Handle security validation errors
             return await self._handle_security_error(request, e)

mcp_proxy_adapter/api/middleware/user_info_middleware.py

@@ -15,6 +15,16 @@ from starlette.middleware.base import BaseHTTPMiddleware
 
 from mcp_proxy_adapter.core.logging import logger
 
+# Import mcp_security_framework components
+try:
+    from mcp_security_framework import AuthManager
+    from mcp_security_framework.schemas.config import AuthConfig
+    _MCP_SECURITY_AVAILABLE = True
+    print("✅ mcp_security_framework available in middleware")
+except ImportError:
+    _MCP_SECURITY_AVAILABLE = False
+    print("⚠️ mcp_security_framework not available in middleware, using basic auth")
+
 
 class UserInfoMiddleware(BaseHTTPMiddleware):
     """
@@ -27,20 +37,43 @@ class UserInfoMiddleware(BaseHTTPMiddleware):
     def __init__(self, app, config: Dict[str, Any]):
         """
         Initialize user info middleware.
-        
+
         Args:
             app: FastAPI application
             config: Configuration dictionary
         """
         super().__init__(app)
         self.config = config
-        
-        # Get API keys configuration
-        security_config = config.get("security", {})
-        auth_config = security_config.get("auth", {})
-        self.api_keys = auth_config.get("api_keys", {})
-        
-        logger.info("User info middleware initialized")
+
+        # Initialize AuthManager if available
+        self.auth_manager = None
+        self._security_available = _MCP_SECURITY_AVAILABLE
+
+        if self._security_available:
+            try:
+                # Get API keys configuration
+                security_config = config.get("security", {})
+                auth_config = security_config.get("auth", {})
+
+                # Create AuthConfig for mcp_security_framework
+                mcp_auth_config = AuthConfig(
+                    enabled=True,
+                    methods=["api_key"],
+                    api_keys=auth_config.get("api_keys", {})
+                )
+
+                self.auth_manager = AuthManager(mcp_auth_config)
+                logger.info("✅ User info middleware initialized with mcp_security_framework")
+            except Exception as e:
+                logger.warning(f"⚠️ Failed to initialize AuthManager: {e}")
+                self._security_available = False
+
+        if not self._security_available:
+            # Fallback to basic API key handling
+            security_config = config.get("security", {})
+            auth_config = security_config.get("auth", {})
+            self.api_keys = auth_config.get("api_keys", {})
+            logger.info("ℹ️ User info middleware initialized with basic auth")
     
     async def dispatch(self, request: Request, call_next: Callable[[Request], Awaitable[Response]]) -> Response:
         """
@@ -56,28 +89,70 @@ class UserInfoMiddleware(BaseHTTPMiddleware):
         # Extract API key from headers
         api_key = request.headers.get("X-API-Key")
         
-        if api_key and api_key in self.api_keys:
-            # Get user info from API key configuration
-            user_config = self.api_keys[api_key]
-            
-            # Set user info in request.state
-            request.state.user = {
-                "id": api_key,
-                "role": user_config.get("roles", ["guest"])[0] if user_config.get("roles") else "guest",
-                "roles": user_config.get("roles", ["guest"]),
-                "permissions": user_config.get("permissions", ["read"])
-            }
-            
-            logger.debug(f"Set user info for {api_key}: {request.state.user}")
+        if api_key:
+            if self.auth_manager and self._security_available:
+                try:
+                    # Use mcp_security_framework AuthManager
+                    auth_result = self.auth_manager.authenticate_api_key(api_key)
+
+                    if auth_result.is_valid:
+                        # Set user info from AuthManager result
+                        request.state.user = {
+                            "id": api_key,
+                            "role": auth_result.roles[0] if auth_result.roles else "guest",
+                            "roles": auth_result.roles or ["guest"],
+                            "permissions": getattr(auth_result, 'permissions', ["read"])
+                        }
+                        logger.debug(f"✅ Authenticated user with mcp_security_framework: {request.state.user}")
+                    else:
+                        # Authentication failed
+                        request.state.user = {
+                            "id": None,
+                            "role": "guest",
+                            "roles": ["guest"],
+                            "permissions": ["read"]
+                        }
+                        logger.debug(f"❌ Authentication failed for API key: {api_key[:8]}...")
+                except Exception as e:
+                    logger.warning(f"⚠️ AuthManager error: {e}, falling back to basic auth")
+                    self._security_available = False
+
+            if not self._security_available:
+                # Fallback to basic API key handling
+                if api_key in getattr(self, 'api_keys', {}):
+                    user_role = self.api_keys[api_key]
+
+                    # Get permissions for this role from roles file if available
+                    role_permissions = ["read"]  # default permissions
+                    if hasattr(self, 'roles_config') and self.roles_config and user_role in self.roles_config:
+                        role_permissions = self.roles_config[user_role].get("permissions", ["read"])
+
+                    # Set user info in request.state
+                    request.state.user = {
+                        "id": api_key,
+                        "role": user_role,
+                        "roles": [user_role],
+                        "permissions": role_permissions
+                    }
+
+                    logger.debug(f"✅ Authenticated user with basic auth: {request.state.user}")
+                else:
+                    # API key not found
+                    request.state.user = {
+                        "id": None,
+                        "role": "guest",
+                        "roles": ["guest"],
+                        "permissions": ["read"]
+                    }
+                    logger.debug(f"❌ API key not found: {api_key[:8]}...")
         else:
-            # Set default guest user info
+            # No API key provided - guest access
             request.state.user = {
                 "id": None,
                 "role": "guest",
                 "roles": ["guest"],
                 "permissions": ["read"]
             }
-            
-            logger.debug("Set default guest user info")
+            logger.debug("ℹ️ No API key provided, using guest access")
         
         return await call_next(request)

mcp_proxy_adapter/config.py

@@ -175,7 +175,7 @@ class Config:
                     "renewal_threshold_days": 30
                 },
                 "permissions": {
-                    "enabled": False,
+                    "enabled": True,
                     "roles_file": None,
                     "default_role": "guest",
                     "admin_role": "admin",

mcp_proxy_adapter/core/protocol_manager.py

@@ -33,12 +33,33 @@ class ProtocolManager:
     
     def _load_config(self):
         """Load protocol configuration from config."""
-        # Use provided config or fallback to global config
+        # Use provided config or fallback to global config; normalize types
         current_config = self.app_config if self.app_config is not None else config.get_all()
-        
+        logger.info(f"ProtocolManager._load_config - current_config type: {type(current_config)}")
+
+        if not hasattr(current_config, 'get'):
+            # Not a dict-like config, fallback to global
+            logger.info(f"ProtocolManager._load_config - current_config is not dict-like, falling back to global config")
+            current_config = config.get_all()
+
+        logger.info(f"ProtocolManager._load_config - final current_config type: {type(current_config)}")
+        if hasattr(current_config, 'get'):
+            logger.info(f"ProtocolManager._load_config - current_config keys: {list(current_config.keys()) if hasattr(current_config, 'keys') else 'no keys'}")
+
         # Get protocols configuration
-        self.protocols_config = current_config.get("protocols", {})
-        self.enabled = self.protocols_config.get("enabled", True)
+        logger.info(f"ProtocolManager._load_config - before getting protocols")
+        try:
+            self.protocols_config = current_config.get("protocols", {})
+            logger.info(f"ProtocolManager._load_config - protocols_config type: {type(self.protocols_config)}")
+            if hasattr(self.protocols_config, 'get'):
+                logger.info(f"ProtocolManager._load_config - protocols_config is dict-like")
+            else:
+                logger.info(f"ProtocolManager._load_config - protocols_config is NOT dict-like: {repr(self.protocols_config)}")
+        except Exception as e:
+            logger.info(f"ProtocolManager._load_config - ERROR getting protocols: {e}")
+            self.protocols_config = {}
+
+        self.enabled = self.protocols_config.get("enabled", True) if hasattr(self.protocols_config, 'get') else True
         
         # Get SSL configuration to determine allowed protocols
         ssl_enabled = self._is_ssl_enabled(current_config)
@@ -162,7 +183,14 @@ class ProtocolManager:
             Protocol configuration dictionary
         """
         protocol_lower = protocol.lower()
-        return self.protocols_config.get(protocol_lower, {}).copy()
+        cfg = self.protocols_config.get(protocol_lower, {})
+        # Ensure dict type
+        if isinstance(cfg, dict):
+            try:
+                return cfg.copy()
+            except Exception:
+                return {}
+        return {}
     
     def validate_url_protocol(self, url: str) -> Tuple[bool, Optional[str]]:
         """

mcp_proxy_adapter/examples/__init__.py

@@ -13,4 +13,4 @@ Examples include:
 For detailed documentation, see the main README.md file.
 """
 
-__version__ = "6.2.18"
+__version__ = "6.2.21"

mcp_proxy_adapter/examples/generate_test_configs.py

@@ -36,7 +36,18 @@ def generate_http_token_config(port: int = 8001) -> Dict[str, Any]:
         "ssl": {"enabled": False},
         "security": {
             "enabled": True,
-            "auth": {"enabled": True, "methods": ["api_key"]},
+            "auth": {
+                "enabled": True,
+                "methods": ["api_key"],
+                # Map API tokens to roles for testing
+                "api_keys": {
+                    "test-token-123": "admin",
+                    "user-token-456": "user",
+                    "readonly-token-123": "readonly",
+                    "guest-token-123": "guest",
+                    "proxy-token-123": "proxy"
+                }
+            },
             "permissions": {"enabled": True, "roles_file": "./roles.json"}
         },
         "registration": {
@@ -82,7 +93,17 @@ def generate_https_token_config(port: int = 8003) -> Dict[str, Any]:
         },
         "security": {
             "enabled": True,
-            "auth": {"enabled": True, "methods": ["api_key"]},
+            "auth": {
+                "enabled": True,
+                "methods": ["api_key"],
+                "api_keys": {
+                    "test-token-123": "admin",
+                    "user-token-456": "user",
+                    "readonly-token-123": "readonly",
+                    "guest-token-123": "guest",
+                    "proxy-token-123": "proxy"
+                }
+            },
             "permissions": {"enabled": True, "roles_file": "./roles.json"}
         },
         "registration": {
@@ -104,7 +125,7 @@ def generate_mtls_no_roles_config(port: int = 8004) -> Dict[str, Any]:
             "enabled": True,
             "cert_file": "./certs/localhost_server.crt", 
             "key_file": "./keys/localhost_server.key",
-            "ca_cert": "./certs/mcp_proxy_adapter_test_ca_ca.crt",
+            "ca_cert": "./certs/mcp_proxy_adapter_ca_ca.crt",
             "verify_client": True
         },
         "security": {
@@ -122,7 +143,7 @@ def generate_mtls_with_roles_config(port: int = 8005) -> Dict[str, Any]:
             "enabled": True,
             "cert_file": "./certs/localhost_server.crt", 
             "key_file": "./keys/localhost_server.key",
-            "ca_cert": "./certs/mcp_proxy_adapter_test_ca_ca.crt",
+            "ca_cert": "./certs/mcp_proxy_adapter_ca_ca.crt",
             "verify_client": True
         },
         "registration": {
@@ -160,7 +181,7 @@ def generate_roles_config() -> Dict[str, Any]:
                 "heartbeat",
                 "discover"
             ],
-            "tokens": []
+            "tokens": ["test-token-123"]
         },
         "user": {
             "description": "User role with limited access",
@@ -172,7 +193,7 @@ def generate_roles_config() -> Dict[str, Any]:
                 "heartbeat",
                 "discover"
             ],
-            "tokens": []
+            "tokens": ["user-token-456"]
         },
         "readonly": {
             "description": "Read-only role",
@@ -180,7 +201,7 @@ def generate_roles_config() -> Dict[str, Any]:
                 "read",
                 "discover"
             ],
-            "tokens": []
+            "tokens": ["readonly-token-123"]
         },
         "guest": {
             "description": "Guest role with read-only access",
@@ -188,7 +209,7 @@ def generate_roles_config() -> Dict[str, Any]:
                 "read",
                 "discover"
             ],
-            "tokens": []
+            "tokens": ["guest-token-123"]
         },
         "proxy": {
             "description": "Proxy role for registration",
@@ -198,7 +219,7 @@ def generate_roles_config() -> Dict[str, Any]:
                 "heartbeat",
                 "discover"
             ],
-            "tokens": []
+            "tokens": ["proxy-token-123"]
         }
     }
 def generate_all_configs(output_dir: str) -> None:

mcp_proxy_adapter/examples/run_proxy_server.py

@@ -19,7 +19,7 @@ from datetime import datetime, timedelta
 
 from fastapi import FastAPI, HTTPException
 from pydantic import BaseModel
-import uvicorn
+from mcp_proxy_adapter.core.server_adapter import UnifiedServerRunner
 
 
 # Simple in-memory storage for registered adapters
@@ -130,13 +130,15 @@ def main() -> None:
     print("   POST /proxy/heartbeat   - Heartbeat from adapter")
     print("⚡ Press Ctrl+C to stop\n")
 
-    # Run server
-    uvicorn.run(
+    # Run server via unified runner (hypercorn under the hood)
+    runner = UnifiedServerRunner()
+    runner.run_server(
         app,
-        host=args.host,
-        port=args.port,
-        log_level=args.log_level,
-        access_log=True
+        {
+            "host": args.host,
+            "port": args.port,
+            "log_level": args.log_level,
+        },
     )