mcp-proxy-adapter 6.4.47__py3-none-any.whl → 6.6.0__py3-none-any.whl

mcp_proxy_adapter/api/handlers.py

@@ -2,6 +2,7 @@
 Module with API request handlers.
 """
 
+import asyncio
 import json
 import time
 from typing import Any, Dict, List, Optional, Union
@@ -75,7 +76,16 @@ async def execute_command(
                 "permissions": getattr(request.state, "user_permissions", ["read"]),
             }
 
-        result = await command_class.run(**params, context=context)
+        # Add timeout to prevent hanging commands
+        try:
+            result = await asyncio.wait_for(
+                command_class.run(**params, context=context),
+                timeout=10.0  # 10 seconds timeout
+            )
+        except asyncio.TimeoutError:
+            execution_time = time.time() - start_time
+            log.error(f"⏰ Command '{command_name}' timed out after {execution_time:.3f} sec")
+            raise InternalError(f"Command execution timed out after 10 seconds")
 
         execution_time = time.time() - start_time
 
@@ -136,7 +146,7 @@ async def handle_json_rpc(
     request: Optional[Request] = None,
 ) -> Dict[str, Any]:
     """
-    Handles JSON-RPC request.
+    Handles JSON-RPC request with support for both standard JSON-RPC and simplified formats.
 
     Args:
         request_data: JSON-RPC request data.
@@ -148,40 +158,66 @@ async def handle_json_rpc(
     # Create request logger if request_id is provided
     log = RequestLogger(__name__, request_id) if request_id else logger
 
-    # Check JSON-RPC version
-    if request_data.get("jsonrpc") != "2.0":
-        return _create_error_response(
-            InvalidRequestError("Invalid Request. Expected jsonrpc: 2.0"),
-            request_data.get("id"),
-        )
-
-    # Get method and parameters
-    method = request_data.get("method")
-    params = request_data.get("params", {})
-    json_rpc_id = request_data.get("id")
-
-    if not method:
-        return _create_error_response(
-            InvalidRequestError("Invalid Request. Method is required"), json_rpc_id
-        )
+    # Support both standard JSON-RPC and simplified formats
+    method = None
+    params = {}
+    json_rpc_id = None
+
+    # Check if it's a standard JSON-RPC request
+    if "jsonrpc" in request_data:
+        # Standard JSON-RPC format
+        if request_data.get("jsonrpc") != "2.0":
+            return _create_error_response(
+                InvalidRequestError("Invalid Request. Expected jsonrpc: 2.0"),
+                request_data.get("id"),
+            )
+        
+        method = request_data.get("method")
+        params = request_data.get("params", {})
+        json_rpc_id = request_data.get("id")
+        
+        if not method:
+            return _create_error_response(
+                InvalidRequestError("Invalid Request. Method is required"), json_rpc_id
+            )
+    else:
+        # Simplified format: {"command": "help"} or {"command": "echo", "params": {...}}
+        method = request_data.get("command")
+        params = request_data.get("params", {})
+        json_rpc_id = request_data.get("id", 1)  # Default ID for simplified format
+        
+        if not method:
+            return _create_error_response(
+                InvalidRequestError("Invalid Request. Command is required"), json_rpc_id
+            )
+        
+        log.info(f"Using simplified format for command: {method}")
 
     log.info(f"Executing JSON-RPC method: {method}")
 
     try:
-        # Execute command
+        # Execute command with detailed logging
+        log.info(f"🔍 Starting command execution: {method}")
+        log.debug(f"📋 Command params: {params}")
+        
         result = await execute_command(method, params, request_id, request)
 
+        log.info(f"✅ Command {method} completed successfully")
+        
         # Form successful response
         return {"jsonrpc": "2.0", "result": result, "id": json_rpc_id}
     except MicroserviceError as e:
         # Method execution error
-        log.error(f"Method execution error: {str(e)}")
+        log.error(f"❌ Method execution error: {str(e)}")
+        log.error(f"📊 Error type: {type(e).__name__}")
         return _create_error_response(e, json_rpc_id)
     except Exception as e:
         # Internal server error
-        log.exception(f"Unhandled error in JSON-RPC handler: {e}")
+        log.exception(f"❌ Unhandled error in JSON-RPC handler: {e}")
+        log.error(f"📊 Exception type: {type(e).__name__}")
+        log.error(f"📊 Exception details: {repr(e)}")
         return _create_error_response(
-            InternalError("Internal error", data={"error": str(e)}), json_rpc_id
+            InternalError("Internal error", data={"error": str(e), "error_type": type(e).__name__}), json_rpc_id
         )
 
 

mcp_proxy_adapter/api/middleware/unified_security.py

@@ -65,11 +65,10 @@ class UnifiedSecurityMiddleware(BaseHTTPMiddleware):
         try:
             security_config = config.get("security", {})
             
-            # Check if permissions are enabled - only use mcp_security_framework if needed
-            permissions_config = security_config.get("permissions", {})
-            permissions_enabled = permissions_config.get("enabled", False)
+            # Check if security is enabled - use mcp_security_framework if needed
+            security_enabled = security_config.get("enabled", False)
             
-            if permissions_enabled:
+            if security_enabled:
                 self.security_integration = create_security_integration(security_config)
                 # Use framework's FastAPI middleware
                 self.framework_middleware = (
@@ -80,7 +79,7 @@ class UnifiedSecurityMiddleware(BaseHTTPMiddleware):
                 # Instead, store the framework middleware for use in dispatch method.
                 logger.info("Framework middleware will be used in dispatch method")
             else:
-                logger.info("Permissions disabled, skipping mcp_security_framework integration")
+                logger.info("Security disabled, skipping mcp_security_framework integration")
                 self.security_integration = None
                 self.framework_middleware = None
         except Exception as e:
@@ -114,16 +113,13 @@ class UnifiedSecurityMiddleware(BaseHTTPMiddleware):
             security_cfg = (
                 self.config.get("security", {}) if isinstance(self.config, dict) else {}
             )
-            auth_cfg = security_cfg.get("auth", {})
-            permissions_cfg = security_cfg.get("permissions", {})
-            public_paths = set(
-                auth_cfg.get("public_paths", ["/health", "/docs", "/openapi.json"])
-            )
+            # Use new simplified structure
+            public_paths = set(["/health", "/docs", "/openapi.json"])
             # JSON-RPC endpoint must not be public when API key is required
             public_paths.discard("/api/jsonrpc")
             path = request.url.path
-            methods = set(auth_cfg.get("methods", []))
-            api_keys: Dict[str, str] = auth_cfg.get("api_keys", {}) or {}
+            methods = set(["api_key"])  # Use token-based authentication
+            api_keys: Dict[str, str] = security_cfg.get("tokens", {}) or {}
 
             # Enforce only for non-public paths when api_key method configured
             if (

mcp_proxy_adapter/config.py

@@ -6,9 +6,12 @@ email: vasilyvz@gmail.com
 """
 
 import json
+import logging
 import os
 from typing import Any, Dict, Optional, List
 
+logger = logging.getLogger(__name__)
+
 
 class Config:
     """
@@ -38,6 +41,7 @@ class Config:
             "server": {
                 "host": "0.0.0.0",
                 "port": 8000,
+                "protocol": "http",
                 "debug": False,
                 "log_level": "INFO",
             },
@@ -65,30 +69,6 @@ class Config:
                 "disabled_commands": [],
                 "custom_commands_path": "./commands",
             },
-            "ssl": {
-                "enabled": False,
-                "mode": "https_only",
-                "cert_file": None,
-                "key_file": None,
-                "ca_cert": None,
-                "verify_client": False,
-                "client_cert_required": False,
-                "cipher_suites": [
-                    "TLS_AES_256_GCM_SHA384",
-                    "TLS_CHACHA20_POLY1305_SHA256",
-                ],
-                "min_tls_version": "TLSv1.2",
-                "max_tls_version": "1.3",
-                "token_auth": {
-                    "enabled": False,
-                    "header_name": "Authorization",
-                    "token_prefix": "Bearer",
-                    "tokens_file": "tokens.json",
-                    "token_expiry": 3600,
-                    "jwt_secret": "",
-                    "jwt_algorithm": "HS256",
-                },
-            },
             "roles": {
                 "enabled": False,
                 "config_file": None,
@@ -111,6 +91,7 @@ class Config:
                     "ca_cert": None,
                     "verify_client": False,
                     "client_cert_required": False,
+                    "chk_hostname": False,  # Default to False when SSL is disabled
                 },
             },
             "proxy_registration": {
@@ -128,102 +109,18 @@ class Config:
             },
             "debug": {"enabled": False, "level": "WARNING"},
             "security": {
-                "framework": "mcp_security_framework",
                 "enabled": False,
-                "debug": False,
-                "environment": "dev",
-                "version": "1.0.0",
-                "auth": {
-                    "enabled": False,
-                    "methods": ["api_key"],
-                    "api_keys": {},
-                    "user_roles": {},
-                    "jwt_secret": "",
-                    "jwt_algorithm": "HS256",
-                    "jwt_expiry_hours": 24,
-                    "certificate_auth": False,
-                    "certificate_roles_oid": "1.3.6.1.4.1.99999.1.1",
-                    "certificate_permissions_oid": "1.3.6.1.4.1.99999.1.2",
-                    "basic_auth": False,
-                    "oauth2_config": None,
-                    "public_paths": ["/health", "/docs", "/openapi.json"],
-                    "security_headers": None,
+                "tokens": {
+                    "admin": "admin-secret-key",
+                    "user": "user-secret-key",
+                    "readonly": "readonly-secret-key"
                 },
-                "ssl": {
-                    "enabled": False,
-                    "cert_file": None,
-                    "key_file": None,
-                    "ca_cert_file": None,
-                    "client_cert_file": None,
-                    "client_key_file": None,
-                    "verify_mode": "CERT_NONE",
-                    "min_tls_version": "TLSv1.2",
-                    "max_tls_version": None,
-                    "cipher_suite": None,
-                    "check_hostname": True,
-                    "check_expiry": True,
-                    "expiry_warning_days": 30,
-                },
-                "certificates": {
-                    "enabled": False,
-                    "ca_cert_path": None,
-                    "ca_key_path": None,
-                    "cert_storage_path": "./certs",
-                    "key_storage_path": "./keys",
-                    "default_validity_days": 365,
-                    "key_size": 2048,
-                    "hash_algorithm": "sha256",
-                    "crl_enabled": False,
-                    "crl_path": None,
-                    "crl_url": None,
-                    "crl_validity_days": 30,
-                    "auto_renewal": False,
-                    "renewal_threshold_days": 30,
+                "roles": {
+                    "admin": ["read", "write", "delete", "admin"],
+                    "user": ["read", "write"],
+                    "readonly": ["read"]
                 },
-                "permissions": {
-                    "enabled": False,
-                    "roles_file": None,
-                    "default_role": "guest",
-                    "admin_role": "admin",
-                    "role_hierarchy": {},
-                    "permission_cache_enabled": False,
-                    "permission_cache_ttl": 300,
-                    "wildcard_permissions": False,
-                    "strict_mode": False,
-                    "roles": None,
-                },
-                "rate_limit": {
-                    "enabled": False,
-                    "default_requests_per_minute": 60,
-                    "default_requests_per_hour": 1000,
-                    "burst_limit": 2,
-                    "window_size_seconds": 60,
-                    "storage_backend": "memory",
-                    "redis_config": None,
-                    "cleanup_interval": 300,
-                    "exempt_paths": ["/health", "/docs", "/openapi.json"],
-                    "exempt_roles": ["admin"],
-                },
-                "logging": {
-                    "enabled": True,
-                    "level": "INFO",
-                    "format": "%(asctime)s - %(name)s - %(levelname)s - %(message)s",
-                    "date_format": "%Y-%m-%d %H:%M:%S",
-                    "file_path": None,
-                    "max_file_size": 10,
-                    "backup_count": 5,
-                    "console_output": True,
-                    "json_format": False,
-                    "include_timestamp": True,
-                    "include_level": True,
-                    "include_module": True,
-                },
-            },
-            "protocols": {
-                "enabled": True,
-                "allowed_protocols": ["http", "jsonrpc"],
-                "default_protocol": "http",
-                "auto_discovery": True,
+                "roles_file": None
             },
         }
 
@@ -238,6 +135,10 @@ class Config:
 
         # Load configuration from environment variables
         self._load_env_variables()
+        
+        # Apply hostname check logic based on SSL configuration
+        self._validate_security_config()
+        self._apply_hostname_check_logic()
 
     def load_from_file(self, config_path: str) -> None:
         """
@@ -344,6 +245,12 @@ class Config:
                 current = current[part]
 
             current[parts[-1]] = value
+            
+            # Special handling for chk_hostname - mark it as user-set
+            if key == "transport.ssl.chk_hostname":
+                if "ssl" not in self.config_data.get("transport", {}):
+                    self.config_data["transport"]["ssl"] = {}
+                self.config_data["transport"]["ssl"]["_chk_hostname_user_set"] = True
 
     def save(self, path: Optional[str] = None) -> None:
         """
@@ -588,6 +495,58 @@ class Config:
 
         return secure_config
 
+    def _validate_security_config(self) -> None:
+        """
+        Validate security configuration and log warnings for incomplete setup.
+        """
+        if not self.get("security.enabled", False):
+            return
+            
+        # Check if security is enabled but no authentication methods are configured
+        tokens = self.get("security.tokens", {})
+        roles = self.get("security.roles", {})
+        roles_file = self.get("security.roles_file")
+        
+        has_tokens = bool(tokens and any(tokens.values()))
+        has_roles = bool(roles and any(roles.values()))
+        has_roles_file = bool(roles_file and os.path.exists(roles_file))
+        
+        if not (has_tokens or has_roles or has_roles_file):
+            logger.warning(
+                "Security is enabled but no authentication methods are configured. "
+                "Please configure tokens, roles, or roles_file in the security section."
+            )
+
+    def _apply_hostname_check_logic(self) -> None:
+        """
+        Apply hostname check logic based on protocol configuration.
+        chk_hostname should be True for HTTPS/mTLS protocols, False for HTTP.
+        Only set default values if chk_hostname is not explicitly configured.
+        """
+        protocol = self.get("server.protocol", "http")
+        ssl_enabled = self.get("transport.ssl.enabled", False)
+        
+        # Check if chk_hostname is explicitly set by the user
+        # We check if it was set by looking for a special flag
+        transport_section = self.config_data.get("transport", {})
+        ssl_section = transport_section.get("ssl", {})
+        chk_hostname_explicitly_set = ssl_section.get("_chk_hostname_user_set", False)
+        
+        # Set chk_hostname based on protocol only if not explicitly set
+        if not chk_hostname_explicitly_set:
+            if protocol in ["https", "mtls"]:
+                # For HTTPS/mTLS, enable hostname checking by default
+                self.set("transport.ssl.chk_hostname", True)
+                logger.debug(f"Set chk_hostname=True for protocol {protocol} (default)")
+            else:
+                # For HTTP, disable hostname checking
+                self.set("transport.ssl.chk_hostname", False)
+                logger.debug(f"Set chk_hostname=False for protocol {protocol} (default)")
+        else:
+            # Log the explicitly set value
+            chk_hostname_value = self.get("transport.ssl.chk_hostname")
+            logger.debug(f"Using explicitly set chk_hostname={chk_hostname_value} for protocol {protocol}")
+
 
 # Singleton instance
 config = Config()

mcp_proxy_adapter/core/protocol_manager.py

@@ -56,54 +56,37 @@ class ProtocolManager:
                 f"ProtocolManager._load_config - current_config keys: {list(current_config.keys()) if hasattr(current_config, 'keys') else 'no keys'}"
             )
 
-        # Get protocols configuration
-        logger.debug(f"ProtocolManager._load_config - before getting protocols")
+        # Get server protocol configuration (new simplified structure)
+        logger.debug(f"ProtocolManager._load_config - before getting server protocol")
         try:
-            self.protocols_config = current_config.get("protocols", {})
-            logger.debug(
-                f"ProtocolManager._load_config - protocols_config type: {type(self.protocols_config)}"
-            )
-            if hasattr(self.protocols_config, "get"):
-                logger.debug(
-                    f"ProtocolManager._load_config - protocols_config is dict-like"
-                )
+            server_config = current_config.get("server", {})
+            server_protocol = server_config.get("protocol", "http")
+            logger.debug(f"ProtocolManager._load_config - server protocol: {server_protocol}")
+            
+            # Set allowed protocols based on server protocol
+            if server_protocol == "http":
+                self.allowed_protocols = ["http"]
+            elif server_protocol == "https":
+                self.allowed_protocols = ["https"]
+            elif server_protocol == "mtls":
+                self.allowed_protocols = ["mtls", "https"]  # mTLS also supports HTTPS
             else:
-                logger.debug(
-                    f"ProtocolManager._load_config - protocols_config is NOT dict-like: {repr(self.protocols_config)}"
-                )
+                # Fallback to HTTP
+                self.allowed_protocols = ["http"]
+                logger.warning(f"Unknown server protocol '{server_protocol}', defaulting to HTTP")
+                
+            logger.debug(f"ProtocolManager._load_config - allowed protocols: {self.allowed_protocols}")
+            
         except Exception as e:
-            logger.debug(f"ProtocolManager._load_config - ERROR getting protocols: {e}")
-            self.protocols_config = {}
+            logger.debug(f"ProtocolManager._load_config - ERROR getting server protocol: {e}")
+            # Fallback to HTTP
+            self.allowed_protocols = ["http"]
 
-        self.enabled = (
-            self.protocols_config.get("enabled", True)
-            if hasattr(self.protocols_config, "get")
-            else True
-        )
-
-        # Get SSL configuration to determine allowed protocols
-        ssl_enabled = self._is_ssl_enabled(current_config)
-
-        # Set allowed protocols based on SSL configuration
-        if ssl_enabled:
-            # If SSL is enabled, allow both HTTP and HTTPS
-            self.allowed_protocols = self.protocols_config.get(
-                "allowed_protocols", ["http", "https"]
-            )
-            # Ensure HTTPS is in allowed protocols if SSL is enabled
-            if "https" not in self.allowed_protocols:
-                self.allowed_protocols.append("https")
-        else:
-            # If SSL is disabled, only allow HTTP
-            self.allowed_protocols = self.protocols_config.get(
-                "allowed_protocols", ["http"]
-            )
-            # Remove HTTPS from allowed protocols if SSL is disabled
-            if "https" in self.allowed_protocols:
-                self.allowed_protocols.remove("https")
+        # Protocol management is always enabled in new structure
+        self.enabled = True
 
         logger.debug(
-            f"Protocol manager loaded config: enabled={self.enabled}, allowed_protocols={self.allowed_protocols}, ssl_enabled={ssl_enabled}"
+            f"Protocol manager loaded config: enabled={self.enabled}, allowed_protocols={self.allowed_protocols}"
         )
 
     def _is_ssl_enabled(self, current_config: Dict) -> bool: