Class: McpAuthorization::Configuration

Inherits:
Object
  • Object
show all
Defined in:
lib/mcp_authorization/configuration.rb

Overview

Holds gem-wide settings. A single global instance is created lazily by McpAuthorization.configuration and configured in a Rails initializer:

McpAuthorization.configure do |c|
  c.server_name      = "my-app"
  c.server_version   = MyApp::VERSION
  c.tool_paths       = %w[app/mcp]
  c.context_builder  = ->(request) { ... }
end

Required settings

context_builder must be set before the first MCP request. Everything else has sensible defaults.

The context contract

Both context_builder and cli_context_builder must return an object whose current_user responds to:

current_user.can?(:symbol)              # required — gates field/tool visibility
current_user.default_for(:symbol)       # optional — populates @default_for tags

The context object itself can implement predicate methods for generic tag filtering. Any @tag(:value) not in the known constraint list calls context.tag?(value):

context.requires?(flag)                 # optional — for @requires, falls back to current_user.can?
context.feature?(flag)                  # optional — for @feature (account-level feature flags)
context.tier?(name)                     # optional — for @tier (plan-level gating)

For public/anonymous MCP interfaces, supply a context with minimum-viable permissions rather than current_user: nil. A nil user causes @requires fields to be silently excluded (no user = no permissions).

See RbsSchemaCompiler.predicate_excluded? for the full protocol.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeConfiguration

: () -> void



111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
 
# File 'lib/mcp_authorization/configuration.rb', line 111

def initialize
  @server_name = "mcp-authorization"
  @server_version = "1.0.0"
  @tool_paths = %w[app/mcp]
  @shared_type_paths = %w[sig/shared]
  @default_domain = "default"
  @mount_path = "/mcp"
  @context_builder = nil
  @cli_context_builder = nil
  @strict_schema = false
  @tools_list_cache = nil
  @tools_list_cache_ttl = 3600
  @tools_list_cache_redis = nil
  @tools_list_cache_redis_url = nil
end

Instance Attribute Details

#cli_context_builderObject

Lambda that builds a server context for CLI/rake usage. Same duck-type contract as context_builder. : (^(domain: String, role: String) -> untyped)?



74
75
76
 
# File 'lib/mcp_authorization/configuration.rb', line 74

def cli_context_builder
  @cli_context_builder
end

#context_builderObject

Lambda that builds a server context from a Rack request. The returned object must satisfy the context contract above. : (^(untyped) -> untyped)?



69
70
71
 
# File 'lib/mcp_authorization/configuration.rb', line 69

def context_builder
  @context_builder
end

#default_domainObject

Domain name used when the request URL has no :domain segment. : String



60
61
62
 
# File 'lib/mcp_authorization/configuration.rb', line 60

def default_domain
  @default_domain
end

#mount_pathObject

URL prefix where the Engine mounts its routes. : String



64
65
66
 
# File 'lib/mcp_authorization/configuration.rb', line 64

def mount_path
  @mount_path
end

#server_nameObject

Server name reported in the MCP initialize handshake. : String



42
43
44
 
# File 'lib/mcp_authorization/configuration.rb', line 42

def server_name
  @server_name
end

#server_versionObject

Server version reported in the MCP initialize handshake. : String



46
47
48
 
# File 'lib/mcp_authorization/configuration.rb', line 46

def server_version
  @server_version
end

#shared_type_pathsObject

Directories (relative to Rails.root) where shared .rbs type files live. Used by RbsSchemaCompiler to resolve # @rbs import. : Array



56
57
58
 
# File 'lib/mcp_authorization/configuration.rb', line 56

def shared_type_paths
  @shared_type_paths
end

#strict_schemaObject

When true, strips JSON Schema keywords that cause 400 errors in Anthropic’s strict tool use mode (minLength, maximum, maxItems, etc.) and adds additionalProperties: false to all objects. : bool



80
81
82
 
# File 'lib/mcp_authorization/configuration.rb', line 80

def strict_schema
  @strict_schema
end

#tool_pathsObject

Directories (relative to Rails.root) that contain tool classes. Added to autoload_paths and eager_load_paths by the Engine. : Array



51
52
53
 
# File 'lib/mcp_authorization/configuration.rb', line 51

def tool_paths
  @tool_paths
end

#tools_list_cacheObject

Cache for the tools/list response. Opt-in; defaults to no caching. Accepts:

nil / false  — no caching (default)
:memory      — process-local MemoryStore
:redis       — shared RedisStore (connection resolved from
               +tools_list_cache_redis+ / +tools_list_cache_redis_url+ /
               ENV["REDIS_URL"] / a bare Redis.new — the Rails redis config)
<object>     — any store responding to +get+/+set+

See McpAuthorization::Cache for the keying strategy. : untyped



92
93
94
 
# File 'lib/mcp_authorization/configuration.rb', line 92

def tools_list_cache
  @tools_list_cache
end

#tools_list_cache_redisObject

Optional explicit Redis client for the :redis store. When nil, the store resolves a connection from tools_list_cache_redis_url, then ENV, then a bare Redis.new. : untyped



104
105
106
 
# File 'lib/mcp_authorization/configuration.rb', line 104

def tools_list_cache_redis
  @tools_list_cache_redis
end

#tools_list_cache_redis_urlObject

Optional explicit Redis URL for the :redis store. : String?



108
109
110
 
# File 'lib/mcp_authorization/configuration.rb', line 108

def tools_list_cache_redis_url
  @tools_list_cache_redis_url
end

#tools_list_cache_ttlObject

TTL (seconds) for cached tools/list entries. Bounds staleness from out-of-band changes (e.g. a feature flag toggled with no deploy); the deploy digest invalidates on tool/schema changes independently. : Integer



98
99
100
 
# File 'lib/mcp_authorization/configuration.rb', line 98

def tools_list_cache_ttl
  @tools_list_cache_ttl
end