mcp-proxy-adapter 6.9.28__py3-none-any.whl → 6.9.30__py3-none-any.whl

mcp_proxy_adapter/core/__init__.py

@@ -1,42 +1,8 @@
 """
-Core functionality for MCP Proxy Adapter.
-"""
+Core package marker for MCP Proxy Adapter.
 
-from .errors import *
-from .logging import *
-from .settings import *
+Intentionally lightweight: avoids importing submodules at package import time
+to prevent heavy side effects and circular imports.
+"""
 
-__all__ = [
-    # Errors
-    "NotFoundError",
-    "InvalidParamsError",
-    "CommandExecutionError",
-    "ConfigurationError",
-    # Logging
-    "setup_logging",
-    "get_logger",
-    "get_global_logger()",
-    "RequestLogger",
-    "CustomFormatter",
-    "RequestContextFilter",
-    # Settings
-    "Settings",
-    "ServerSettings",
-    "LoggingSettings",
-    "CommandsSettings",
-    "get_server_host",
-    "get_server_port",
-    "get_server_debug",
-    "get_logging_level",
-    "get_logging_dir",
-    "get_auto_discovery",
-    "get_discovery_path",
-    "get_setting",
-    "set_setting",
-    "reload_settings",
-    "add_custom_settings",
-    "get_custom_settings",
-    "get_custom_setting_value",
-    "set_custom_setting_value",
-    "clear_custom_settings",
-]
+__all__ = []

mcp_proxy_adapter/core/app_factory.py

@@ -14,18 +14,11 @@ from typing import Optional, Dict, Any
 
 from fastapi import FastAPI
 from mcp_proxy_adapter.api.app import create_app
-from mcp_proxy_adapter.core.logging import setup_logging, get_logger
+from mcp_proxy_adapter.core.logging import setup_logging, get_global_logger
 from mcp_proxy_adapter.config import config
-from mcp_proxy_adapter.commands.builtin_commands import (
-    register_builtin_commands,
-)
-from mcp_proxy_adapter.core.utils import (
-    check_port_availability,
-    handle_port_conflict,
-    find_port_for_internal_server,
-)
+# Built-in command registration is temporarily disabled in this startup path
 
-logger = get_logger("app_factory")
+logger = get_global_logger()
 
 
 async def create_and_run_server(
@@ -253,13 +246,8 @@ async def create_and_run_server(
         print(f"❌ Failed to setup logging: {e}")
         sys.exit(1)
 
-    # 3. Register built-in commands
-    try:
-        builtin_count = register_builtin_commands()
-        print(f"✅ Registered {builtin_count} built-in commands")
-    except Exception as e:
-        print(f"❌ Failed to register built-in commands: {e}")
-        sys.exit(1)
+    # 3. Register built-in commands (disabled)
+    print("⚠️  Built-in command registration disabled for simplified startup")
 
     # 4. Create FastAPI application with configuration
     try:
@@ -449,13 +437,7 @@ async def create_and_run_server(
         else:
             print(f"🌐 Starting HTTP server with hypercorn...")
 
-        # Final port check before starting hypercorn
-        print(f"🔍 Final port check before starting hypercorn: {host}:{server_port}")
-        if not check_port_availability(host, server_port):
-            print(f"❌ CRITICAL: Port {server_port} is occupied during final check")
-            handle_port_conflict(host, server_port)
-            return  # Exit immediately
-        print(f"✅ Final port check passed: {host}:{server_port}")
+        # Final port check disabled in this refactor; rely on OS errors
 
         # Run the server
         # hypercorn.asyncio.serve() should be run with asyncio.run(), not awaited
@@ -469,18 +451,14 @@ async def create_and_run_server(
             print("🛑 Stopping internal mTLS server...")
             mtls_server.stop()
     except OSError as e:
-        if e.errno == 98:  # Address already in use
-            print(f"\n❌ Port conflict detected: {e}")
-            handle_port_conflict(host, server_port)
-        else:
-            print(f"\n❌ Failed to start server: {e}")
-            # Stop mTLS server if running
-            if mtls_server:
-                print("🛑 Stopping mTLS server...")
-                mtls_server.stop()
-            import traceback
-            traceback.print_exc()
-            sys.exit(1)
+        print(f"\n❌ Failed to start server: {e}")
+        # Stop mTLS server if running
+        if mtls_server:
+            print("🛑 Stopping mTLS server...")
+            mtls_server.stop()
+        import traceback
+        traceback.print_exc()
+        sys.exit(1)
     except Exception as e:
         print(f"\n❌ Failed to start server: {e}")
         # Stop internal mTLS server if running

mcp_proxy_adapter/core/app_runner.py

@@ -11,7 +11,6 @@ with full configuration validation and error handling.
 import socket
 import sys
 from pathlib import Path
-from typing import Dict, Any, List, Optional
 
 from fastapi import FastAPI
 
@@ -227,16 +226,9 @@ class ApplicationRunner:
 
         # Add startup event
         @self.app.on_event("startup")
-        async def startup_event():
-            get_global_logger().info("Application starting up")
-            get_global_logger().info(
-                f"Configuration validation passed with {len(self.errors)} errors"
-            )
 
         # Add shutdown event
         @self.app.on_event("shutdown")
-        async def shutdown_event():
-            get_global_logger().info("Application shutting down")
 
     def run(self) -> None:
         """
@@ -252,25 +244,6 @@ class ApplicationRunner:
             sys.exit(1)
 
         # Setup signal handling for graceful shutdown
-        def shutdown_callback():
-            """Callback for graceful shutdown with proxy unregistration."""
-            print("\n🛑 Graceful shutdown initiated...")
-            try:
-                from mcp_proxy_adapter.core.async_proxy_registration import (
-                    stop_async_registration,
-                    get_registration_status,
-                )
-                
-                # Get final status
-                final_status = get_registration_status()
-                print(f"📊 Final registration status: {final_status}")
-                
-                # Stop async registration (this will unregister from proxy)
-                stop_async_registration()
-                print("✅ Proxy unregistration completed")
-                
-            except Exception as e:
-                print(f"❌ Error during shutdown: {e}")
         
         setup_signal_handling(shutdown_callback)
         print("🔧 Signal handling configured for graceful shutdown")

mcp_proxy_adapter/core/auth_validator.py

@@ -12,12 +12,10 @@ import json
 import logging
 import os
 from datetime import datetime
-from typing import Dict, List, Optional, Any, Union
 from pathlib import Path
+from typing import Optional, Dict, Any, List
 
 from cryptography import x509
-from cryptography.hazmat.primitives import hashes
-from cryptography.hazmat.primitives.asymmetric import rsa, padding
 
 
 # Standard JSON-RPC error codes
@@ -71,36 +69,7 @@ class AuthValidationResult:
         self.error_message = error_message
         self.roles = roles or []
 
-    def to_json_rpc_error(self) -> Dict[str, Any]:
-        """
-        Convert to JSON-RPC error format.
-
-        Returns:
-            JSON-RPC error dictionary
-        """
-        if self.is_valid:
-            return {}
-
-        return {
-            "code": self.error_code or -32603,
-            "message": self.error_message
-            or JSON_RPC_ERRORS.get(self.error_code, "Unknown error"),
-            "data": {"validation_type": "authentication", "roles": self.roles},
-        }
 
-    def to_dict(self) -> Dict[str, Any]:
-        """
-        Convert to dictionary format.
-
-        Returns:
-            Dictionary representation
-        """
-        return {
-            "is_valid": self.is_valid,
-            "error_code": self.error_code,
-            "error_message": self.error_message,
-            "roles": self.roles,
-        }
 
 
 class AuthValidator:
@@ -127,67 +96,6 @@ class AuthValidator:
         # Custom OID for roles
         self.role_oid = "1.3.6.1.4.1.99999.1"
 
-    def validate_auth(
-        self, auth_data: Dict[str, Any], auth_type: str = "auto"
-    ) -> AuthValidationResult:
-        """
-        Universal authentication validation.
-
-        Logic:
-        1. Check SSL configuration
-        2. If SSL disabled - return success
-        3. Determine validation type (auto/ssl/mtls/token)
-        4. Check for required data
-        5. Perform validation
-        6. Return result with JSON-RPC error code
-
-        Args:
-            auth_data: Authentication data dictionary
-            auth_type: Type of authentication to validate
-
-        Returns:
-            Authentication validation result
-        """
-        try:
-            # Determine validation type
-            if auth_type == "auto":
-                auth_type = self._get_validation_mode()
-
-            # Check for unsupported types first
-            if auth_type not in ["certificate", "token", "mtls", "ssl"]:
-                return AuthValidationResult(
-                    is_valid=False,
-                    error_code=-32602,
-                    error_message=f"Unsupported authentication type: {auth_type}",
-                )
-
-            # Check if authentication is enabled for the determined type
-            if not self._check_config(auth_type):
-                return AuthValidationResult(is_valid=True, roles=[])
-
-            # Validate based on type
-            if auth_type == "certificate":
-                return self.validate_certificate(
-                    auth_data.get("cert_path"), auth_data.get("cert_type", "server")
-                )
-            elif auth_type == "token":
-                return self.validate_token(
-                    auth_data.get("token"), auth_data.get("token_type", "jwt")
-                )
-            elif auth_type == "mtls":
-                return self.validate_mtls(
-                    auth_data.get("client_cert"), auth_data.get("ca_cert")
-                )
-            elif auth_type == "ssl":
-                return self.validate_ssl(auth_data.get("server_cert"))
-
-        except Exception as e:
-            self.get_global_logger().error(f"Authentication validation error: {e}")
-            return AuthValidationResult(
-                is_valid=False,
-                error_code=-32603,
-                error_message=f"Internal validation error: {str(e)}",
-            )
 
     def validate_certificate(
         self, cert_path: Optional[str], cert_type: str = "server"

mcp_proxy_adapter/core/certificate/__init__.py

@@ -0,0 +1,20 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Certificate utilities package for MCP Proxy Adapter.
+"""
+
+from .certificate_utils import CertificateUtils
+from .certificate_creator import CertificateCreator
+from .certificate_validator import CertificateValidator
+from .certificate_extractor import CertificateExtractor
+from .ssl_context_manager import SSLContextManager
+
+__all__ = [
+    "CertificateUtils",
+    "CertificateCreator",
+    "CertificateValidator", 
+    "CertificateExtractor",
+    "SSLContextManager",
+]

mcp_proxy_adapter/core/certificate/certificate_creator.py

@@ -0,0 +1,371 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Certificate creation utilities for MCP Proxy Adapter.
+"""
+
+import logging
+from datetime import datetime, timedelta, timezone
+from pathlib import Path
+from typing import Dict, List, Optional
+
+# Import mcp_security_framework
+try:
+    from mcp_security_framework.core.cert_manager import CertificateManager
+        CertificateConfig,
+        CAConfig,
+        ClientCertConfig,
+        ServerCertConfig,
+    )
+    SECURITY_FRAMEWORK_AVAILABLE = True
+except ImportError:
+    SECURITY_FRAMEWORK_AVAILABLE = False
+    # Fallback to cryptography if mcp_security_framework is not available
+    from cryptography import x509
+    from cryptography.hazmat.primitives import hashes, serialization
+    from cryptography.hazmat.primitives.asymmetric import rsa
+    from cryptography.x509.oid import NameOID
+
+logger = logging.getLogger(__name__)
+
+
+class CertificateCreator:
+    """Creator for various types of certificates."""
+
+    # Default certificate validity period (1 year)
+    DEFAULT_VALIDITY_DAYS = 365
+
+    # Default key size
+    DEFAULT_KEY_SIZE = 2048
+
+    @staticmethod
+    def create_ca_certificate(
+        common_name: str,
+        output_dir: str,
+        validity_days: int = DEFAULT_VALIDITY_DAYS,
+        key_size: int = DEFAULT_KEY_SIZE,
+    ) -> Dict[str, str]:
+        """
+        Create a CA certificate and private key using mcp_security_framework.
+
+        Args:
+            common_name: Common name for the CA certificate
+            output_dir: Directory to save certificate and key files
+            validity_days: Certificate validity period in days
+            key_size: RSA key size in bits
+
+        Returns:
+            Dictionary with paths to created files
+
+        Raises:
+            ValueError: If parameters are invalid
+            OSError: If files cannot be created
+        """
+        if not SECURITY_FRAMEWORK_AVAILABLE:
+            logger.warning("mcp_security_framework not available, using fallback method")
+            return CertificateCreator._create_ca_certificate_fallback(
+                common_name, output_dir, validity_days, key_size
+            )
+
+        try:
+            # Validate parameters
+            if not common_name or not common_name.strip():
+                raise ValueError("Common name cannot be empty")
+
+            if validity_days <= 0:
+                raise ValueError("Validity days must be positive")
+
+            if key_size < 1024:
+                raise ValueError("Key size must be at least 1024 bits")
+
+            # Create output directory if it doesn't exist
+            Path(output_dir).mkdir(parents=True, exist_ok=True)
+
+            # Configure CA using mcp_security_framework
+            ca_config = CAConfig(
+                common_name=common_name,
+                organization="MCP Proxy Adapter CA",
+                organizational_unit="Certificate Authority",
+                country="US",
+                state="Default State",
+                locality="Default City",
+                validity_days=validity_days,
+                key_size=key_size,
+                key_type="RSA",
+            )
+
+            # Create certificate manager
+            cert_config = CertificateConfig(
+                output_dir=output_dir,
+                ca_cert_path=str(Path(output_dir) / f"{common_name}.crt"),
+                ca_key_path=str(Path(output_dir) / f"{common_name}.key"),
+            )
+
+            cert_manager = CertificateManager(cert_config)
+
+            # Generate CA certificate
+            ca_pair = cert_manager.create_ca_certificate(ca_config)
+
+            return {
+                "cert_path": str(ca_pair.cert_path),
+                "key_path": str(ca_pair.key_path),
+            }
+
+        except Exception as e:
+            logger.error(f"Failed to create CA certificate: {e}")
+            raise
+
+    @staticmethod
+    def _create_ca_certificate_fallback(
+        common_name: str, output_dir: str, validity_days: int, key_size: int
+    ) -> Dict[str, str]:
+        """Fallback CA certificate creation using cryptography."""
+        try:
+            # Create output directory if it doesn't exist
+            Path(output_dir).mkdir(parents=True, exist_ok=True)
+
+            # Generate private key
+            private_key = rsa.generate_private_key(
+                public_exponent=65537,
+                key_size=key_size,
+            )
+
+            # Create certificate
+            subject = issuer = x509.Name([
+                x509.NameAttribute(NameOID.COUNTRY_NAME, "US"),
+                x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Default State"),
+                x509.NameAttribute(NameOID.LOCALITY_NAME, "Default City"),
+                x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MCP Proxy Adapter CA"),
+                x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Certificate Authority"),
+                x509.NameAttribute(NameOID.COMMON_NAME, common_name),
+            ])
+
+            cert = x509.CertificateBuilder().subject_name(
+                subject
+            ).issuer_name(
+                issuer
+            ).public_key(
+                private_key.public_key()
+            ).serial_number(
+                x509.random_serial_number()
+            ).not_valid_before(
+                datetime.now(timezone.utc)
+            ).not_valid_after(
+                datetime.now(timezone.utc) + timedelta(days=validity_days)
+            ).add_extension(
+                x509.BasicConstraints(ca=True, path_length=None),
+                critical=True,
+            ).add_extension(
+                x509.KeyUsage(
+                    key_cert_sign=True,
+                    crl_sign=True,
+                    digital_signature=True,
+                    key_encipherment=False,
+                    data_encipherment=False,
+                    key_agreement=False,
+                    encipher_only=False,
+                    decipher_only=False,
+                    content_commitment=False,
+                ),
+                critical=True,
+            ).sign(private_key, hashes.SHA256())
+
+            # Save certificate and key
+            cert_path = Path(output_dir) / f"{common_name}.crt"
+            key_path = Path(output_dir) / f"{common_name}.key"
+
+            with open(cert_path, "wb") as f:
+                f.write(cert.public_bytes(serialization.Encoding.PEM))
+
+            with open(key_path, "wb") as f:
+                f.write(private_key.private_bytes(
+                    encoding=serialization.Encoding.PEM,
+                    format=serialization.PrivateFormat.PKCS8,
+                    encryption_algorithm=serialization.NoEncryption()
+                ))
+
+            return {
+                "cert_path": str(cert_path),
+                "key_path": str(key_path),
+            }
+
+        except Exception as e:
+            logger.error(f"Failed to create CA certificate (fallback): {e}")
+            raise
+
+    @staticmethod
+    def create_server_certificate(
+        common_name: str,
+        output_dir: str,
+        ca_cert_path: str,
+        ca_key_path: str,
+        validity_days: int = DEFAULT_VALIDITY_DAYS,
+        key_size: int = DEFAULT_KEY_SIZE,
+        san_dns: Optional[List[str]] = None,
+        san_ip: Optional[List[str]] = None,
+    ) -> Dict[str, str]:
+        """
+        Create a server certificate signed by CA.
+
+        Args:
+            common_name: Common name for the server certificate
+            output_dir: Directory to save certificate and key files
+            ca_cert_path: Path to CA certificate
+            ca_key_path: Path to CA private key
+            validity_days: Certificate validity period in days
+            key_size: RSA key size in bits
+            san_dns: List of DNS names for SAN extension
+            san_ip: List of IP addresses for SAN extension
+
+        Returns:
+            Dictionary with paths to created files
+        """
+        if not SECURITY_FRAMEWORK_AVAILABLE:
+            logger.warning("mcp_security_framework not available, using fallback method")
+            return CertificateCreator._create_server_certificate_fallback(
+                common_name, output_dir, ca_cert_path, ca_key_path,
+                validity_days, key_size, san_dns, san_ip
+            )
+
+        try:
+            # Validate parameters
+            if not common_name or not common_name.strip():
+                raise ValueError("Common name cannot be empty")
+
+            if not Path(ca_cert_path).exists():
+                raise FileNotFoundError(f"CA certificate not found: {ca_cert_path}")
+
+            if not Path(ca_key_path).exists():
+                raise FileNotFoundError(f"CA key not found: {ca_key_path}")
+
+            # Create output directory if it doesn't exist
+            Path(output_dir).mkdir(parents=True, exist_ok=True)
+
+            # Configure server certificate using mcp_security_framework
+            server_config = ServerCertConfig(
+                common_name=common_name,
+                organization="MCP Proxy Adapter",
+                organizational_unit="Server",
+                country="US",
+                state="Default State",
+                locality="Default City",
+                validity_days=validity_days,
+                key_size=key_size,
+                key_type="RSA",
+                san_dns=san_dns or [],
+                san_ip=san_ip or [],
+            )
+
+            # Create certificate manager
+            cert_config = CertificateConfig(
+                output_dir=output_dir,
+                ca_cert_path=ca_cert_path,
+                ca_key_path=ca_key_path,
+            )
+
+            cert_manager = CertificateManager(cert_config)
+
+            # Generate server certificate
+            server_pair = cert_manager.create_server_certificate(server_config)
+
+            return {
+                "cert_path": str(server_pair.cert_path),
+                "key_path": str(server_pair.key_path),
+            }
+
+        except Exception as e:
+            logger.error(f"Failed to create server certificate: {e}")
+            raise
+
+    @staticmethod
+    def _create_server_certificate_fallback(
+        common_name: str,
+        output_dir: str,
+        ca_cert_path: str,
+        ca_key_path: str,
+        validity_days: int,
+        key_size: int,
+        san_dns: Optional[List[str]],
+        san_ip: Optional[List[str]],
+    ) -> Dict[str, str]:
+        """Fallback server certificate creation using cryptography."""
+        try:
+            # Create output directory if it doesn't exist
+            Path(output_dir).mkdir(parents=True, exist_ok=True)
+
+            # Load CA certificate and key
+            with open(ca_cert_path, "rb") as f:
+                ca_cert = x509.load_pem_x509_certificate(f.read())
+
+            with open(ca_key_path, "rb") as f:
+                ca_key = serialization.load_pem_private_key(f.read(), password=None)
+
+            # Generate server private key
+            private_key = rsa.generate_private_key(
+                public_exponent=65537,
+                key_size=key_size,
+            )
+
+            # Create certificate
+            subject = x509.Name([
+                x509.NameAttribute(NameOID.COUNTRY_NAME, "US"),
+                x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Default State"),
+                x509.NameAttribute(NameOID.LOCALITY_NAME, "Default City"),
+                x509.NameAttribute(NameOID.ORGANIZATION_NAME, "MCP Proxy Adapter"),
+                x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Server"),
+                x509.NameAttribute(NameOID.COMMON_NAME, common_name),
+            ])
+
+            # Build certificate
+            cert_builder = x509.CertificateBuilder().subject_name(
+                subject
+            ).issuer_name(
+                ca_cert.subject
+            ).public_key(
+                private_key.public_key()
+            ).serial_number(
+                x509.random_serial_number()
+            ).not_valid_before(
+                datetime.now(timezone.utc)
+            ).not_valid_after(
+                datetime.now(timezone.utc) + timedelta(days=validity_days)
+            )
+
+            # Add SAN extension if provided
+            if san_dns or san_ip:
+                san_list = []
+                if san_dns:
+                    san_list.extend([x509.DNSName(name) for name in san_dns])
+                if san_ip:
+                    san_list.extend([x509.IPAddress(ip) for ip in san_ip])
+                
+                cert_builder = cert_builder.add_extension(
+                    x509.SubjectAlternativeName(san_list),
+                    critical=False,
+                )
+
+            cert = cert_builder.sign(ca_key, hashes.SHA256())
+
+            # Save certificate and key
+            cert_path = Path(output_dir) / f"{common_name}_server.crt"
+            key_path = Path(output_dir) / f"{common_name}_server.key"
+
+            with open(cert_path, "wb") as f:
+                f.write(cert.public_bytes(serialization.Encoding.PEM))
+
+            with open(key_path, "wb") as f:
+                f.write(private_key.private_bytes(
+                    encoding=serialization.Encoding.PEM,
+                    format=serialization.PrivateFormat.PKCS8,
+                    encryption_algorithm=serialization.NoEncryption()
+                ))
+
+            return {
+                "cert_path": str(cert_path),
+                "key_path": str(key_path),
+            }
+
+        except Exception as e:
+            logger.error(f"Failed to create server certificate (fallback): {e}")
+            raise