mcp-proxy-adapter 6.3.4__py3-none-any.whl → 6.3.6__py3-none-any.whl

mcp_proxy_adapter/core/security_integration.py

@@ -33,7 +33,9 @@ try:
         ValidationResult,
         CertificatePair,
     )
-    from mcp_security_framework.middleware.fastapi_middleware import FastAPISecurityMiddleware
+    from mcp_security_framework.middleware.fastapi_middleware import (
+        FastAPISecurityMiddleware,
+    )
 
     SECURITY_FRAMEWORK_AVAILABLE = True
 except ImportError:
@@ -73,7 +75,9 @@ class SecurityIntegration:
         # Initialize framework components
         self.security_manager = SecurityManager(self.security_config)
         self.permission_manager = PermissionManager(self.security_config.permissions)
-        self.auth_manager = AuthManager(self.security_config.auth, self.permission_manager)
+        self.auth_manager = AuthManager(
+            self.security_config.auth, self.permission_manager
+        )
         self.certificate_manager = CertificateManager(self.security_config.certificates)
         self.rate_limiter = RateLimiter(self.security_config.rate_limit)
 
@@ -92,11 +96,17 @@ class SecurityIntegration:
             ca_cert_file=security_section.get("ssl", {}).get("ca_cert_file"),
             client_cert_file=security_section.get("ssl", {}).get("client_cert_file"),
             client_key_file=security_section.get("ssl", {}).get("client_key_file"),
-            verify_mode=security_section.get("ssl", {}).get("verify_mode", "CERT_REQUIRED"),
-            min_tls_version=security_section.get("ssl", {}).get("min_tls_version", "TLSv1.2"),
+            verify_mode=security_section.get("ssl", {}).get(
+                "verify_mode", "CERT_REQUIRED"
+            ),
+            min_tls_version=security_section.get("ssl", {}).get(
+                "min_tls_version", "TLSv1.2"
+            ),
             check_hostname=security_section.get("ssl", {}).get("check_hostname", True),
             check_expiry=security_section.get("ssl", {}).get("check_expiry", True),
-            expiry_warning_days=security_section.get("ssl", {}).get("expiry_warning_days", 30),
+            expiry_warning_days=security_section.get("ssl", {}).get(
+                "expiry_warning_days", 30
+            ),
         )
 
         # Create auth config
@@ -106,9 +116,15 @@ class SecurityIntegration:
             api_keys=security_section.get("auth", {}).get("api_keys", {}),
             user_roles=security_section.get("auth", {}).get("user_roles", {}),
             jwt_secret=security_section.get("auth", {}).get("jwt_secret"),
-            jwt_algorithm=security_section.get("auth", {}).get("jwt_algorithm", "HS256"),
-            jwt_expiry_hours=security_section.get("auth", {}).get("jwt_expiry_hours", 24),
-            certificate_auth=security_section.get("auth", {}).get("certificate_auth", False),
+            jwt_algorithm=security_section.get("auth", {}).get(
+                "jwt_algorithm", "HS256"
+            ),
+            jwt_expiry_hours=security_section.get("auth", {}).get(
+                "jwt_expiry_hours", 24
+            ),
+            certificate_auth=security_section.get("auth", {}).get(
+                "certificate_auth", False
+            ),
             public_paths=security_section.get("auth", {}).get("public_paths", []),
         )
 
@@ -132,9 +148,15 @@ class SecurityIntegration:
                 default_role=permissions_section.get("default_role", "guest"),
                 admin_role=permissions_section.get("admin_role", "admin"),
                 role_hierarchy=permissions_section.get("role_hierarchy", {}),
-                permission_cache_enabled=permissions_section.get("permission_cache_enabled", True),
-                permission_cache_ttl=permissions_section.get("permission_cache_ttl", 300),
-                wildcard_permissions=permissions_section.get("wildcard_permissions", False),
+                permission_cache_enabled=permissions_section.get(
+                    "permission_cache_enabled", True
+                ),
+                permission_cache_ttl=permissions_section.get(
+                    "permission_cache_ttl", 300
+                ),
+                wildcard_permissions=permissions_section.get(
+                    "wildcard_permissions", False
+                ),
                 strict_mode=permissions_section.get("strict_mode", True),
                 roles=permissions_section.get("roles"),
             )
@@ -166,7 +188,9 @@ class SecurityIntegration:
             window_size_seconds=security_section.get("rate_limit", {}).get(
                 "window_size_seconds", 60
             ),
-            storage_backend=security_section.get("rate_limit", {}).get("storage_backend", "memory"),
+            storage_backend=security_section.get("rate_limit", {}).get(
+                "storage_backend", "memory"
+            ),
             exempt_paths=security_section.get("rate_limit", {}).get("exempt_paths", []),
             exempt_roles=security_section.get("rate_limit", {}).get("exempt_roles", []),
         )
@@ -186,7 +210,9 @@ class SecurityIntegration:
                 "default_validity_days", 365
             ),
             key_size=security_section.get("certificates", {}).get("key_size", 2048),
-            hash_algorithm=security_section.get("certificates", {}).get("hash_algorithm", "sha256"),
+            hash_algorithm=security_section.get("certificates", {}).get(
+                "hash_algorithm", "sha256"
+            ),
         )
 
         # Create logging config
@@ -196,7 +222,9 @@ class SecurityIntegration:
             format=security_section.get("logging", {}).get(
                 "format", "%(asctime)s - %(name)s - %(levelname)s - %(message)s"
             ),
-            console_output=security_section.get("logging", {}).get("console_output", True),
+            console_output=security_section.get("logging", {}).get(
+                "console_output", True
+            ),
             file_path=security_section.get("logging", {}).get("file_path"),
         )
 
@@ -231,17 +259,29 @@ class SecurityIntegration:
         return await self.security_manager.validate_request(request_data)
 
     # Certificate methods - direct calls to CertificateManager
-    async def create_ca_certificate(self, common_name: str, **kwargs) -> CertificatePair:
+    async def create_ca_certificate(
+        self, common_name: str, **kwargs
+    ) -> CertificatePair:
         """Create CA certificate."""
-        return await self.certificate_manager.create_ca_certificate(common_name, **kwargs)
+        return await self.certificate_manager.create_ca_certificate(
+            common_name, **kwargs
+        )
 
-    async def create_client_certificate(self, common_name: str, **kwargs) -> CertificatePair:
+    async def create_client_certificate(
+        self, common_name: str, **kwargs
+    ) -> CertificatePair:
         """Create client certificate."""
-        return await self.certificate_manager.create_client_certificate(common_name, **kwargs)
+        return await self.certificate_manager.create_client_certificate(
+            common_name, **kwargs
+        )
 
-    async def create_server_certificate(self, common_name: str, **kwargs) -> CertificatePair:
+    async def create_server_certificate(
+        self, common_name: str, **kwargs
+    ) -> CertificatePair:
         """Create server certificate."""
-        return await self.certificate_manager.create_server_certificate(common_name, **kwargs)
+        return await self.certificate_manager.create_server_certificate(
+            common_name, **kwargs
+        )
 
     async def validate_certificate(self, cert_path: str) -> bool:
         """Validate certificate with CRL check if enabled."""
@@ -261,12 +301,16 @@ class SecurityIntegration:
                         "crl_enabled": cert_config.crl_enabled,
                         "crl_path": getattr(cert_config, "crl_path", None),
                         "crl_url": getattr(cert_config, "crl_url", None),
-                        "crl_validity_days": getattr(cert_config, "crl_validity_days", 30),
+                        "crl_validity_days": getattr(
+                            cert_config, "crl_validity_days", 30
+                        ),
                     }
 
             # Use mcp_security_framework's validate_certificate_chain with CRL
             if crl_config and crl_config.get("crl_enabled"):
-                from mcp_security_framework.utils.cert_utils import validate_certificate_chain
+                from mcp_security_framework.utils.cert_utils import (
+                    validate_certificate_chain,
+                )
                 from .crl_utils import CRLManager
 
                 # Get CRL data
@@ -276,7 +320,9 @@ class SecurityIntegration:
                 # Validate with CRL
                 if crl_data:
                     return validate_certificate_chain(
-                        cert_path, self.security_config.certificates.ca_cert_path, crl_data
+                        cert_path,
+                        self.security_config.certificates.ca_cert_path,
+                        crl_data,
                     )
 
             # Fallback to standard validation
@@ -312,7 +358,9 @@ class SecurityIntegration:
         return await self.permission_manager.remove_user_role(user_id, role)
 
     # Rate limiting methods - direct calls to RateLimiter
-    async def check_rate_limit(self, identifier: str, limit_type: str = "per_minute") -> bool:
+    async def check_rate_limit(
+        self, identifier: str, limit_type: str = "per_minute"
+    ) -> bool:
         """Check rate limit."""
         return await self.rate_limiter.check_rate_limit(identifier, limit_type)
 

mcp_proxy_adapter/core/server_adapter.py

@@ -20,23 +20,22 @@ logger = logging.getLogger(__name__)
 class ServerConfigAdapter:
     """
     Adapter for converting server configurations between different engines.
-    
+
     This class handles the mapping of configuration parameters between
     different server engines and provides unified configuration management.
     """
-    
+
     @staticmethod
     def convert_ssl_config_for_engine(
-        ssl_config: Dict[str, Any], 
-        target_engine: str
+        ssl_config: Dict[str, Any], target_engine: str
     ) -> Dict[str, Any]:
         """
         Convert SSL configuration for a specific server engine.
-        
+
         Args:
             ssl_config: Source SSL configuration
             target_engine: Target engine name (hypercorn)
-            
+
         Returns:
             Converted SSL configuration for the target engine
         """
@@ -44,18 +43,18 @@ class ServerConfigAdapter:
         if not engine:
             logger.error(f"Unknown server engine: {target_engine}")
             return {}
-        
+
         if target_engine == "hypercorn":
             return ServerConfigAdapter._convert_to_hypercorn_ssl(ssl_config)
         else:
             logger.warning(f"No SSL conversion available for engine: {target_engine}")
             return {}
-    
+
     @staticmethod
     def _convert_to_hypercorn_ssl(ssl_config: Dict[str, Any]) -> Dict[str, Any]:
         """Convert SSL configuration to hypercorn format."""
         hypercorn_ssl = {}
-        
+
         # Map SSL parameters
         if ssl_config.get("cert_file"):
             hypercorn_ssl["certfile"] = ssl_config["cert_file"]
@@ -63,42 +62,39 @@ class ServerConfigAdapter:
             hypercorn_ssl["keyfile"] = ssl_config["key_file"]
         if ssl_config.get("ca_cert"):
             hypercorn_ssl["ca_certs"] = ssl_config["ca_cert"]
-        
+
         # Map verification mode
         if ssl_config.get("verify_client", False):
             hypercorn_ssl["verify_mode"] = "CERT_REQUIRED"
-        
+
         logger.debug(f"Converted SSL config to hypercorn: {hypercorn_ssl}")
         return hypercorn_ssl
-    
+
     @staticmethod
     def get_optimal_engine_for_config(config: Dict[str, Any]) -> Optional[str]:
         """
         Determine the optimal server engine for a given configuration.
-        
+
         Currently only hypercorn is supported.
-        
+
         Args:
             config: Server configuration
-            
+
         Returns:
             Optimal engine name (currently always "hypercorn")
         """
         # Currently only hypercorn is supported
         return "hypercorn"
-    
+
     @staticmethod
-    def validate_engine_compatibility(
-        config: Dict[str, Any], 
-        engine_name: str
-    ) -> bool:
+    def validate_engine_compatibility(config: Dict[str, Any], engine_name: str) -> bool:
         """
         Validate if a configuration is compatible with a specific engine.
-        
+
         Args:
             config: Server configuration
             engine_name: Name of the server engine
-            
+
         Returns:
             True if compatible, False otherwise
         """
@@ -106,73 +102,72 @@ class ServerConfigAdapter:
         if not engine:
             logger.error(f"Unknown engine: {engine_name}")
             return False
-        
+
         # Check SSL requirements
         ssl_config = config.get("ssl", {})
         if not ssl_config:
             # Try to get SSL config from security section
             ssl_config = config.get("security", {}).get("ssl", {})
-        
+
         if ssl_config.get("verify_client", False):
             if not engine.get_supported_features().get("mtls_client_certs", False):
-                logger.error(f"Engine {engine_name} doesn't support mTLS client certificates")
+                logger.error(
+                    f"Engine {engine_name} doesn't support mTLS client certificates"
+                )
                 return False
-        
+
         # Validate engine-specific configuration
         return engine.validate_config(config)
-    
+
     @staticmethod
     def get_engine_capabilities(engine_name: str) -> Dict[str, Any]:
         """
         Get capabilities of a specific server engine.
-        
+
         Args:
             engine_name: Name of the server engine
-            
+
         Returns:
             Dictionary of engine capabilities
         """
         engine = ServerEngineFactory.get_engine(engine_name)
         if not engine:
             return {}
-        
+
         return {
             "name": engine.get_name(),
             "features": engine.get_supported_features(),
-            "config_schema": engine.get_config_schema()
+            "config_schema": engine.get_config_schema(),
         }
 
 
 class UnifiedServerRunner:
     """
     Unified server runner that uses hypercorn as the default engine.
-    
+
     This class provides a unified interface for running servers using hypercorn
     as the underlying engine.
     """
-    
+
     def __init__(self, default_engine: str = "hypercorn"):
         """
         Initialize the unified server runner.
-        
+
         Args:
             default_engine: Default engine to use (currently only hypercorn is supported)
         """
         self.default_engine = default_engine
         self.available_engines = ServerEngineFactory.get_available_engines()
-        
+
         logger.info(f"Available engines: {list(self.available_engines.keys())}")
         logger.info(f"Default engine: {default_engine}")
-    
+
     def run_server(
-        self, 
-        app: Any, 
-        config: Dict[str, Any], 
-        engine_name: Optional[str] = None
+        self, app: Any, config: Dict[str, Any], engine_name: Optional[str] = None
     ) -> None:
         """
         Run server with hypercorn engine.
-        
+
         Args:
             app: ASGI application
             config: Server configuration
@@ -181,29 +176,33 @@ class UnifiedServerRunner:
         # Use hypercorn as the only supported engine
         selected_engine = "hypercorn"
         logger.info(f"Using hypercorn engine")
-        
+
         # Validate compatibility
-        if not ServerConfigAdapter.validate_engine_compatibility(config, selected_engine):
-            raise ValueError(f"Configuration not compatible with engine: {selected_engine}")
-        
+        if not ServerConfigAdapter.validate_engine_compatibility(
+            config, selected_engine
+        ):
+            raise ValueError(
+                f"Configuration not compatible with engine: {selected_engine}"
+            )
+
         # Get engine instance
         engine = ServerEngineFactory.get_engine(selected_engine)
         if not engine:
             raise ValueError(f"Engine not available: {selected_engine}")
-        
+
         # Convert configuration if needed
         converted_config = self._prepare_config_for_engine(config, selected_engine)
-        
+
         # Run server
         logger.info(f"Starting server with {selected_engine} engine")
         engine.run_server(app, converted_config)
-    
+
     def _prepare_config_for_engine(
-        self, 
-        config: Dict[str, Any], 
-        engine_name: str
+        self, config: Dict[str, Any], engine_name: str
     ) -> Dict[str, Any]:
-        logger.info(f"🔍 Debug: _prepare_config_for_engine called with config keys: {list(config.keys())}")
+        logger.info(
+            f"🔍 Debug: _prepare_config_for_engine called with config keys: {list(config.keys())}"
+        )
         logger.info(f"🔍 Debug: SSL config in input: {config.get('ssl', 'NOT_FOUND')}")
         """
         Prepare configuration for a specific engine.
@@ -220,12 +219,17 @@ class UnifiedServerRunner:
             "host": config.get("host", "127.0.0.1"),
             "port": config.get("port", 8000),
             "log_level": config.get("log_level", "info"),
-            "reload": config.get("reload", False)
+            "reload": config.get("reload", False),
         }
-        
+
         # Add SSL configuration if present
         # First check for direct SSL parameters (from app_factory.py)
-        if "certfile" in config or "keyfile" in config or "ca_certs" in config or "verify_mode" in config:
+        if (
+            "certfile" in config
+            or "keyfile" in config
+            or "ca_certs" in config
+            or "verify_mode" in config
+        ):
             logger.info(f"🔍 DEBUG: Direct SSL parameters found in config")
             if "certfile" in config:
                 engine_config["certfile"] = config["certfile"]
@@ -241,35 +245,35 @@ class UnifiedServerRunner:
             if not ssl_config:
                 # Try to get SSL config from security section
                 ssl_config = config.get("security", {}).get("ssl", {})
-            
+
             if ssl_config:
                 converted_ssl = ServerConfigAdapter.convert_ssl_config_for_engine(
                     ssl_config, engine_name
                 )
                 engine_config.update(converted_ssl)
-        
+
         # Add engine-specific configuration
         if "workers" in config:
             engine_config["workers"] = config["workers"]
-        
+
         return engine_config
-    
+
     def get_engine_info(self, engine_name: str) -> Dict[str, Any]:
         """
         Get information about a specific engine.
-        
+
         Args:
             engine_name: Name of the engine
-            
+
         Returns:
             Engine information dictionary
         """
         return ServerConfigAdapter.get_engine_capabilities(engine_name)
-    
+
     def list_available_engines(self) -> Dict[str, Dict[str, Any]]:
         """
         List all available engines with their capabilities.
-        
+
         Returns:
             Dictionary mapping engine names to their capabilities
         """
@@ -277,6 +281,6 @@ class UnifiedServerRunner:
         for name, engine in self.available_engines.items():
             engines_info[name] = {
                 "features": engine.get_supported_features(),
-                "config_schema": engine.get_config_schema()
+                "config_schema": engine.get_config_schema(),
             }
         return engines_info