mcpower-proxy 0.0.67__tar.gz → 0.0.69__tar.gz

{mcpower_proxy-0.0.67 → mcpower_proxy-0.0.69}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mcpower-proxy
-Version: 0.0.67
+Version: 0.0.69
 Summary: MCPower Security proxy
 Author-email: MCPower Security <support@mcpower.tech>
 License:                                  Apache License
@@ -209,7 +209,7 @@ Keywords: mcp,security,proxy,monitoring,audit,redaction,policy-enforcement
 Requires-Python: ~=3.11.0
 Description-Content-Type: text/markdown
 License-File: LICENSE
-Requires-Dist: fastmcp==2.13.0.1
+Requires-Dist: fastmcp==2.13.0.2
 Requires-Dist: httpx>=0.25.0
 Requires-Dist: mcp>=1.0.0
 Requires-Dist: watchdog>=3.0.0

{mcpower_proxy-0.0.67 → mcpower_proxy-0.0.69}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "mcpower-proxy"
-version = "0.0.67"
+version = "0.0.69"
 description = "MCPower Security proxy"
 readme = "README.md"
 requires-python = "~=3.11.0"
@@ -9,7 +9,7 @@ authors = [
   { name = "MCPower Security", email = "support@mcpower.tech" }
 ]
 dependencies = [
-  "fastmcp==2.13.0.1",
+  "fastmcp==2.13.0.2",
   "httpx>=0.25.0",
   "mcp>=1.0.0",
   "watchdog>=3.0.0",

{mcpower_proxy-0.0.67 → mcpower_proxy-0.0.69}/src/mcpower_proxy.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mcpower-proxy
-Version: 0.0.67
+Version: 0.0.69
 Summary: MCPower Security proxy
 Author-email: MCPower Security <support@mcpower.tech>
 License:                                  Apache License
@@ -209,7 +209,7 @@ Keywords: mcp,security,proxy,monitoring,audit,redaction,policy-enforcement
 Requires-Python: ~=3.11.0
 Description-Content-Type: text/markdown
 License-File: LICENSE
-Requires-Dist: fastmcp==2.13.0.1
+Requires-Dist: fastmcp==2.13.0.2
 Requires-Dist: httpx>=0.25.0
 Requires-Dist: mcp>=1.0.0
 Requires-Dist: watchdog>=3.0.0

{mcpower_proxy-0.0.67 → mcpower_proxy-0.0.69}/src/mcpower_proxy.egg-info/requires.txt

@@ -1,4 +1,4 @@
-fastmcp==2.13.0.1
+fastmcp==2.13.0.2
 httpx>=0.25.0
 mcp>=1.0.0
 watchdog>=3.0.0

{mcpower_proxy-0.0.67 → mcpower_proxy-0.0.69}/src/modules/apis/security_policy.py

@@ -1,9 +1,9 @@
 """Security Policy API Client"""
 
 import json
+import time
 import uuid
 from typing import Dict, Any, Optional, List
-import time
 
 import httpx
 
@@ -13,6 +13,7 @@ from modules.logs.logger import MCPLogger
 from modules.redaction import redact
 from modules.utils.config import get_api_url, get_user_id
 from modules.utils.json import safe_json_dumps, to_dict
+from wrapper.__version__ import __version__
 
 
 class SecurityAPIError(Exception):
@@ -166,6 +167,7 @@ class SecurityPolicyClient:
 
             headers = {
                 "Content-Type": "application/json",
+                "User-Agent": f"MCPower-{__version__}",
                 "X-User-UID": self.user_id,
                 "X-App-UID": self.app_id
             }
@@ -188,7 +190,7 @@ class SecurityPolicyClient:
                 raise SecurityAPIError(f"Unsupported HTTP method: {method}. Supported methods: POST, PUT")
 
             on_make_request_duration = time.time() - on_make_request_start_time
-            self.logger.info(f"PROFILE: {method} id: {id} make_request duration: {on_make_request_duration:.2f} seconds url: {url}")
+            self.logger.debug(f"PROFILE: {method} id: {id} make_request duration: {on_make_request_duration:.2f} seconds url: {url}")
 
             match response.status_code:
                 case 200:

{mcpower_proxy-0.0.67 → mcpower_proxy-0.0.69}/src/modules/utils/cli.py

@@ -7,7 +7,7 @@ import argparse
 def parse_args():
     """Parse command line arguments"""
     parser = argparse.ArgumentParser(
-        description="MCPower - Transparent 1:1 MCP Wrapper with security enforcement",
+        description="Transparent MCP wrapper with security middleware for real-time policy enforcement and monitoring.",
         formatter_class=argparse.RawDescriptionHelpFormatter,
         epilog="""
 Examples:
@@ -24,10 +24,8 @@ Examples:
   %(prog)s --wrapped-config '{"command": "node", "args": ["server.js"]}' --name MyWrapper
 
 Reference Links:
-  • FastMCP Proxy: https://gofastmcp.com/servers/proxy
-  • FastMCP Middleware: https://gofastmcp.com/servers/middleware  
+  • MCPower Proxy: https://github.com/ai-mcpower/mcpower-proxy
   • MCP Official: https://modelcontextprotocol.io
-  • Claude MCP Config: https://docs.anthropic.com/en/docs/claude-code/mcp
         """
     )
 

{mcpower_proxy-0.0.67 → mcpower_proxy-0.0.69}/src/wrapper/__version__.py

@@ -3,4 +3,4 @@
 Wrapper MCP Server Version
 """
 
-__version__ = "0.0.67"
+__version__ = "0.0.69"

{mcpower_proxy-0.0.67 → mcpower_proxy-0.0.69}/src/wrapper/middleware.py

@@ -2,6 +2,7 @@
 FastMCP middleware for security policy enforcement
 Implements pre/post interception for all MCP operations
 """
+import asyncio
 import sys
 import time
 import urllib.parse
@@ -12,6 +13,12 @@ from typing import Any, Dict, List, Optional
 from fastmcp.exceptions import FastMCPError
 from fastmcp.server.middleware.middleware import Middleware, MiddlewareContext, CallNext
 from fastmcp.server.proxy import ProxyClient
+from httpx import HTTPStatusError
+from mcp import ErrorData
+
+from mcpower_shared.mcp_types import (create_policy_request, create_policy_response, AgentContext, EnvironmentContext,
+                                      InitRequest,
+                                      ServerRef, ToolRef, UserConfirmation)
 from modules.apis.security_policy import SecurityPolicyClient
 from modules.logs.audit_trail import AuditTrailLogger
 from modules.logs.logger import MCPLogger
@@ -24,10 +31,6 @@ from modules.utils.json import safe_json_dumps, to_dict
 from modules.utils.mcp_configs import extract_wrapped_server_info
 from wrapper.schema import merge_input_schema_with_existing
 
-from mcpower_shared.mcp_types import (create_policy_request, create_policy_response, AgentContext, EnvironmentContext,
-                                      InitRequest,
-                                      ServerRef, ToolRef, UserConfirmation)
-
 
 class MockContext:
     """Mock context for internal operations"""
@@ -53,10 +56,7 @@ class MockContext:
 class SecurityMiddleware(Middleware):
     """FastMCP middleware for security policy enforcement"""
 
-    app_id: str = ""
     _TOOLS_INIT_DEBOUNCE_SECONDS = 60
-    _last_tools_init_time: Optional[float] = None
-    _last_workspace_root: Optional[str] = None
 
     def __init__(self,
                  wrapped_server_configs: dict,
@@ -72,6 +72,9 @@ class SecurityMiddleware(Middleware):
         self.audit_logger = audit_logger
         self.app_id = ""
         self._last_workspace_root = None
+        self._last_tools_init_time: Optional[float] = None
+        self._tools_list_in_progress: Optional[asyncio.Task] = None
+        self._tools_list_lock = asyncio.Lock()
 
         self.wrapped_server_name, self.wrapped_server_transport = (
             extract_wrapped_server_info(self.wrapper_server_name, self.logger, self.wrapped_server_configs)
@@ -88,17 +91,36 @@ class SecurityMiddleware(Middleware):
     async def on_message(self, context: MiddlewareContext, call_next: CallNext) -> Any:
         self.logger.info(f"on_message: {redact(safe_json_dumps(context))}")
 
-        # Check workspace roots and re-initialize app_uid if workspace changed
-        workspace_roots = await self._extract_workspace_roots(context)
-        current_workspace_root = workspace_roots[0] if workspace_roots else str(Path.home() / ".mcpower")
-        if current_workspace_root != self._last_workspace_root:
-            self.logger.debug(f"Workspace root changed from {self._last_workspace_root} to {current_workspace_root}")
-            self._last_workspace_root = current_workspace_root
-            self.app_id = read_app_uid(logger=self.logger, project_folder_path=current_workspace_root)
-            self.audit_logger.set_app_uid(self.app_id)
+        # Skip workspace check for `initialize` calls to avoid premature app_uid changes.
+        # The `initialize` request doesn't contain workspace data, so checking it would
+        # cause unnecessary audit log flushes before the actual workspace init arrives.
+        if context.method != "initialize":
+            # Check workspace roots and re-initialize app_uid if workspace changed
+            workspace_roots = await self._extract_workspace_roots(context)
+            current_workspace_root = workspace_roots[0] if workspace_roots else str(Path.home() / ".mcpower")
+            if current_workspace_root != self._last_workspace_root:
+                self.logger.debug(
+                    f"Workspace root changed from {self._last_workspace_root} to {current_workspace_root}")
+                self._last_workspace_root = current_workspace_root
+                self.app_id = read_app_uid(logger=self.logger, project_folder_path=current_workspace_root)
+                self.audit_logger.set_app_uid(self.app_id)
 
         operation_type = "message"
-        call_next_callback = call_next
+
+        async def call_next_wrapper(ctx):
+            try:
+                return await call_next(ctx)
+            except HTTPStatusError as e:
+                if e.response.status_code in (401, 403):
+                    raise FastMCPError(ErrorData(
+                        code=-32000,
+                        message="Authentication required",
+                        data={
+                            "type": "unauthorized",
+                            "details": "Please provide valid authentication credentials"
+                        }
+                    ))
+                raise e
 
         match context.type:
             case "request":
@@ -115,13 +137,13 @@ class SecurityMiddleware(Middleware):
                 operation_type = "prompt"
             case "tools/list":
                 # Special handling for tools/list - call /init instead of normal inspection
-                return await self._handle_tools_list(context, call_next)
+                return await self._handle_tools_list(context, call_next_wrapper)
             case "initialize" | "resources/list" | "resources/templates/list" | "prompts/list":
-                return await call_next_callback(context)
+                return await call_next_wrapper(context)
 
         return await self._handle_operation(
             context=context,
-            call_next=call_next_callback,
+            call_next=call_next_wrapper,
             error_class=FastMCPError,
             operation_type=operation_type
         )
@@ -181,15 +203,15 @@ class SecurityMiddleware(Middleware):
         return await ProxyClient.default_progress_handler(progress, total, message)
 
     async def secure_log_handler(self, log_message):
-        # FIXME: log_message should be redacted before logging, 
+        # FIXME: log_message should be redacted before logging,
         self.logger.info(f"secure_log_handler: {str(log_message)[:100]}...")
         # FIXME: log_message should be reviewed with policy before forwarding
-        
+
         # Handle case where log_message.data is a string instead of dict
         # The default_log_handler expects data to be a dict with 'msg' and 'extra' keys
         if hasattr(log_message, 'data') and isinstance(log_message.data, str):
             log_message = safe_copy(log_message, {'data': {'msg': log_message.data, 'extra': None}})
-        
+
         return await ProxyClient.default_log_handler(log_message)
 
     async def _handle_operation(self, context: MiddlewareContext, call_next, error_class, operation_type: str):
@@ -222,7 +244,8 @@ class SecurityMiddleware(Middleware):
             prompt_id=prompt_id
         )
         on_inspect_request_duration = time.time() - on_inspect_request_start_time
-        self.logger.info(f"PROFILE: {operation_type} id: {event_id} inspect_request duration: {on_inspect_request_duration:.2f} seconds")
+        self.logger.debug(
+            f"PROFILE: {operation_type} id: {event_id} inspect_request duration: {on_inspect_request_duration:.2f} seconds")
 
         await self._enforce_decision(
             decision=request_decision,
@@ -251,7 +274,8 @@ class SecurityMiddleware(Middleware):
         # Call wrapped MCP with cleaned context (e.g., no wrapper args)
         result = await call_next(cleaned_context)
         on_call_next_duration = time.time() - on_call_next_start_time
-        self.logger.info(f"PROFILE: {operation_type} id: {event_id} call_next duration: {on_call_next_duration:.2f} seconds")
+        self.logger.debug(
+            f"PROFILE: {operation_type} id: {event_id} call_next duration: {on_call_next_duration:.2f} seconds")
 
         response_content = self._extract_response_content(result)
 
@@ -276,7 +300,8 @@ class SecurityMiddleware(Middleware):
             prompt_id=prompt_id
         )
         on_inspect_response_duration = time.time() - on_inspect_response_start_time
-        self.logger.info(f"PROFILE: {operation_type} id: {event_id} inspect_response duration: {on_inspect_response_duration:.2f} seconds")
+        self.logger.debug(
+            f"PROFILE: {operation_type} id: {event_id} inspect_response duration: {on_inspect_response_duration:.2f} seconds")
 
         await self._enforce_decision(
             decision=response_decision,
@@ -301,15 +326,30 @@ class SecurityMiddleware(Middleware):
             prompt_id=prompt_id
         )
         on_handle_operation_duration = time.time() - on_handle_operation_start_time
-        self.logger.info(f"PROFILE: {operation_type} id: {event_id} duration: {on_handle_operation_duration:.2f} seconds")
+        self.logger.debug(
+            f"PROFILE: {operation_type} id: {event_id} duration: {on_handle_operation_duration:.2f} seconds")
         return result
 
     async def _handle_tools_list(self, context: MiddlewareContext, call_next: CallNext) -> Any:
-        """Handle tools/list by calling /init API and modifying schemas"""
+        """Handle tools/list by calling /init API and modifying schemas with deduplication"""
         event_id = generate_event_id()
         on_handle_tools_list_start_time = time.time()
-        result = await call_next(context)
-        self.logger.info(f"PROFILE: tools/list call_next duration: {time.time() - on_handle_tools_list_start_time:.2f} seconds id: {event_id}")
+
+        async with self._tools_list_lock:
+            if not self._tools_list_in_progress or self._tools_list_in_progress.done():
+                self._tools_list_in_progress = asyncio.create_task(call_next(context))
+            shared_task = self._tools_list_in_progress
+
+        try:
+            result = await shared_task
+        except Exception as e:
+            async with self._tools_list_lock:
+                if self._tools_list_in_progress is shared_task:
+                    self._tools_list_in_progress = None
+            raise
+        self.logger.debug(
+            f"PROFILE: tools/list call_next duration: {time.time() - on_handle_tools_list_start_time:.2f} seconds id: {event_id}")
+
         tools_list = None
         if isinstance(result, list):
             tools_list = result
@@ -339,11 +379,13 @@ class SecurityMiddleware(Middleware):
                 enhanced_result = result
 
             on_handle_tools_list_duration = time.time() - on_handle_tools_list_start_time
-            self.logger.info(f"PROFILE: tools/list enhanced_result duration: {on_handle_tools_list_duration:.2f} seconds id: {event_id}")
+            self.logger.debug(
+                f"PROFILE: tools/list enhanced_result duration: {on_handle_tools_list_duration:.2f} seconds id: {event_id}")
             return enhanced_result
 
         on_handle_tools_list_duration = time.time() - on_handle_tools_list_start_time
-        self.logger.info(f"PROFILE: tools/list result duration: {on_handle_tools_list_duration:.2f} seconds id: {event_id}")
+        self.logger.debug(
+            f"PROFILE: tools/list result duration: {on_handle_tools_list_duration:.2f} seconds id: {event_id}")
 
         return result
 
@@ -482,12 +524,12 @@ class SecurityMiddleware(Middleware):
                         file_path_prefix = 'file://'
                         if uri.startswith(file_path_prefix):
                             path = urllib.parse.unquote(uri[len(file_path_prefix):])
-                            
+
                             # Windows fix: remove leading slash before drive letter
                             # file:///C:/path becomes /C:/path, should be C:/path
                             if sys.platform == 'win32' and len(path) >= 3 and path[0] == '/' and path[2] == ':':
                                 path = path[1:]
-                            
+
                             try:
                                 resolved_path = str(Path(path).resolve())
                                 workspace_roots.append(resolved_path)
@@ -614,7 +656,6 @@ class SecurityMiddleware(Middleware):
             # Don't fail the operation if API call fails - just log the error
             self.logger.error(f"Failed to record user confirmation: {e}")
 
-
     @staticmethod
     def _create_security_api_failure_decision(error: Exception) -> Dict[str, Any]:
         """Create a standard failure decision when security API is unavailable/failing/unreachable"""
@@ -722,7 +763,7 @@ class SecurityMiddleware(Middleware):
             error_parts = [
                 f"SECURITY POLICY NEEDS MORE INFORMATION FOR REVIEWING {stage_title}:",
                 '\n'.join(reasons),
-                '' # newline
+                ''  # newline
             ]
 
             if need_fields:
@@ -749,7 +790,6 @@ class SecurityMiddleware(Middleware):
                     error_parts.append("MISSING INFORMATION:")
                     error_parts.extend(need_fields)
 
-
             error_parts.append("\nMANDATORY ACTIONS:")
             error_parts.append("1. Add/Edit ALL affected fields according to the required information")
             error_parts.append("2. Retry the tool call")

{mcpower_proxy-0.0.67 → mcpower_proxy-0.0.69}/src/wrapper/server.py

@@ -6,10 +6,11 @@ Implements transparent 1:1 MCP proxying with security middleware
 import logging
 
 from fastmcp.server.middleware.logging import StructuredLoggingMiddleware
-from fastmcp.server.proxy import ProxyClient, default_proxy_roots_handler, FastMCPProxy
+from fastmcp.server.proxy import ProxyClient, default_proxy_roots_handler, FastMCPProxy, StatefulProxyClient
 
 from modules.logs.audit_trail import AuditTrailLogger
 from modules.logs.logger import MCPLogger
+from modules.utils.json import safe_json_dumps
 from .__version__ import __version__
 from .middleware import SecurityMiddleware
 
@@ -42,7 +43,7 @@ def create_wrapper_server(wrapper_server_name: str,
         logger=logger,
         audit_logger=audit_logger
     )
-    
+
     # Log MCPower startup to audit trail
     audit_logger.log_event("mcpower_start", {
         "wrapper_version": __version__,
@@ -51,16 +52,23 @@ def create_wrapper_server(wrapper_server_name: str,
     })
 
     # Create FastMCP server as proxy with our security-aware ProxyClient
+    # Use StatefulProxyClient for remote servers (mcp-remote or url-based transports)
+    config_str = safe_json_dumps(wrapped_server_configs)
+    is_remote = '"mcp-remote",' in config_str or '"url":' in config_str
+    backend_class = StatefulProxyClient if is_remote else ProxyClient
+    backend = backend_class(
+        wrapped_server_configs,
+        name=wrapper_server_name,
+        roots=default_proxy_roots_handler,  # Use default for filesystem roots
+        sampling_handler=security_middleware.secure_sampling_handler,
+        elicitation_handler=security_middleware.secure_elicitation_handler,
+        log_handler=security_middleware.secure_log_handler,
+        progress_handler=security_middleware.secure_progress_handler,
+    )
+
     def client_factory():
-        return ProxyClient(
-            wrapped_server_configs,
-            name=wrapper_server_name,
-            roots=default_proxy_roots_handler,  # Use default for filesystem roots
-            sampling_handler=security_middleware.secure_sampling_handler,
-            elicitation_handler=security_middleware.secure_elicitation_handler,
-            log_handler=security_middleware.secure_log_handler,
-            progress_handler=security_middleware.secure_progress_handler,
-        )
+        # we must return the same instance, otherwise StatefulProxyClient doesn't play nice with mcp-remote
+        return backend
 
     server = FastMCPProxy(client_factory=client_factory, name=wrapper_server_name, version=__version__)