feat: Introduce HandlerResolver for robust MCP element handler validation

Author: CodeWithKyrian

src/ServerBuilder.php

@@ -9,6 +9,7 @@
 use PhpMcp\Server\Exception\DefinitionException;
 use PhpMcp\Server\Model\Capabilities;
 use PhpMcp\Server\State\ClientStateManager;
+use PhpMcp\Server\Support\HandlerResolver;
 use Psr\Container\ContainerInterface;
 use Psr\Log\LoggerInterface;
 use Psr\Log\NullLogger;
@@ -44,9 +45,7 @@ final class ServerBuilder
 
     private array $manualPrompts = [];
 
-    public function __construct()
-    {
-    }
+    public function __construct() {}
 
     /**
      * Sets the server's identity. Required.
@@ -208,16 +207,16 @@ private function performManualRegistrations(Registry $registry, LoggerInterface
         // Register Tools
         foreach ($this->manualTools as $data) {
             try {
-                $methodRefl = $this->validateAndGetReflectionMethod($data['handler']);
+                $resolvedHandler = HandlerResolver::resolve($data['handler']);
                 $def = Definitions\ToolDefinition::fromReflection(
-                    $methodRefl,
+                    $resolvedHandler['reflectionMethod'],
                     $data['name'],
                     $data['description'],
                     $docBlockParser,
                     $schemaGenerator
                 );
                 $registry->registerTool($def, true);
-                $logger->debug("Registered manual tool '{$def->getName()}'");
+                $logger->debug("Registered manual tool '{$def->getName()}' from handler {$resolvedHandler['className']}::{$resolvedHandler['methodName']}");
             } catch (Throwable $e) {
                 $errorCount++;
                 $logger->error('Failed to register manual tool', ['handler' => $data['handler'], 'name' => $data['name'], 'exception' => $e]);
@@ -227,9 +226,9 @@ private function performManualRegistrations(Registry $registry, LoggerInterface
         // Register Resources
         foreach ($this->manualResources as $data) {
             try {
-                $methodRefl = $this->validateAndGetReflectionMethod($data['handler']);
+                $resolvedHandler = HandlerResolver::resolve($data['handler']);
                 $def = Definitions\ResourceDefinition::fromReflection(
-                    $methodRefl,
+                    $resolvedHandler['reflectionMethod'],
                     $data['name'],
                     $data['description'],
                     $data['uri'],
@@ -239,7 +238,7 @@ private function performManualRegistrations(Registry $registry, LoggerInterface
                     $docBlockParser
                 );
                 $registry->registerResource($def, true);
-                $logger->debug("Registered manual resource '{$def->getUri()}'");
+                $logger->debug("Registered manual resource '{$def->getUri()}' from handler {$resolvedHandler['className']}::{$resolvedHandler['methodName']}");
             } catch (Throwable $e) {
                 $errorCount++;
                 $logger->error('Failed to register manual resource', ['handler' => $data['handler'], 'uri' => $data['uri'], 'exception' => $e]);
@@ -249,9 +248,9 @@ private function performManualRegistrations(Registry $registry, LoggerInterface
         // Register Templates
         foreach ($this->manualResourceTemplates as $data) {
             try {
-                $methodRefl = $this->validateAndGetReflectionMethod($data['handler']);
+                $resolvedHandler = HandlerResolver::resolve($data['handler']);
                 $def = Definitions\ResourceTemplateDefinition::fromReflection(
-                    $methodRefl,
+                    $resolvedHandler['reflectionMethod'],
                     $data['name'],
                     $data['description'],
                     $data['uriTemplate'],
@@ -260,7 +259,7 @@ private function performManualRegistrations(Registry $registry, LoggerInterface
                     $docBlockParser
                 );
                 $registry->registerResourceTemplate($def, true);
-                $logger->debug("Registered manual template '{$def->getUriTemplate()}'");
+                $logger->debug("Registered manual template '{$def->getUriTemplate()}' from handler {$resolvedHandler['className']}::{$resolvedHandler['methodName']}");
             } catch (Throwable $e) {
                 $errorCount++;
                 $logger->error('Failed to register manual template', ['handler' => $data['handler'], 'uriTemplate' => $data['uriTemplate'], 'exception' => $e]);
@@ -270,15 +269,15 @@ private function performManualRegistrations(Registry $registry, LoggerInterface
         // Register Prompts
         foreach ($this->manualPrompts as $data) {
             try {
-                $methodRefl = $this->validateAndGetReflectionMethod($data['handler']);
+                $resolvedHandler = HandlerResolver::resolve($data['handler']);
                 $def = Definitions\PromptDefinition::fromReflection(
-                    $methodRefl,
+                    $resolvedHandler['reflectionMethod'],
                     $data['name'],
                     $data['description'],
                     $docBlockParser
                 );
                 $registry->registerPrompt($def, true);
-                $logger->debug("Registered manual prompt '{$def->getName()}'");
+                $logger->debug("Registered manual prompt '{$def->getName()}' from handler {$resolvedHandler['className']}::{$resolvedHandler['methodName']}");
             } catch (Throwable $e) {
                 $errorCount++;
                 $logger->error('Failed to register manual prompt', ['handler' => $data['handler'], 'name' => $data['name'], 'exception' => $e]);
@@ -291,56 +290,4 @@ private function performManualRegistrations(Registry $registry, LoggerInterface
 
         $logger->debug('Manual element registration complete.');
     }
-
-    /**
-     * Gets a reflection method from a handler.
-     *
-     * @throws \InvalidArgumentException If the handler is invalid.
-     */
-    private function validateAndGetReflectionMethod(array|string $handler): \ReflectionMethod
-    {
-        $className = null;
-        $methodName = null;
-
-        if (is_array($handler)) {
-            if (count($handler) !== 2 || ! is_string($handler[0]) || ! is_string($handler[1])) {
-                throw new \InvalidArgumentException('Invalid array handler format. Expected [ClassName::class, \'methodName\'].');
-            }
-            [$className, $methodName] = $handler;
-            if (! class_exists($className)) {
-                throw new \InvalidArgumentException("Class '{$className}' not found for array handler.");
-            }
-            if (! method_exists($className, $methodName)) {
-                throw new \InvalidArgumentException("Method '{$methodName}' not found in class '{$className}' for array handler.");
-            }
-        } elseif (is_string($handler) && class_exists($handler)) {
-            $className = $handler;
-            $methodName = '__invoke';
-            if (! method_exists($className, $methodName)) {
-                throw new \InvalidArgumentException("Invokable class '{$className}' must have a public '__invoke' method.");
-            }
-        } else {
-            throw new \InvalidArgumentException('Invalid handler format. Expected [ClassName::class, \'methodName\'] or InvokableClassName::class string.');
-        }
-
-        try {
-            $reflectionMethod = new \ReflectionMethod($className, $methodName);
-            if ($reflectionMethod->isStatic()) {
-                throw new \InvalidArgumentException("Handler method '{$className}::{$methodName}' cannot be static.");
-            }
-            if (! $reflectionMethod->isPublic()) {
-                throw new \InvalidArgumentException("Handler method '{$className}::{$methodName}' must be public.");
-            }
-            if ($reflectionMethod->isAbstract()) {
-                throw new \InvalidArgumentException("Handler method '{$className}::{$methodName}' cannot be abstract.");
-            }
-            if ($reflectionMethod->isConstructor() || $reflectionMethod->isDestructor()) {
-                throw new \InvalidArgumentException("Handler method '{$className}::{$methodName}' cannot be a constructor or destructor.");
-            }
-
-            return $reflectionMethod;
-        } catch (\ReflectionException $e) {
-            throw new \InvalidArgumentException("Reflection error for handler '{$className}::{$methodName}': {$e->getMessage()}", 0, $e);
-        }
-    }
 }

src/Support/HandlerResolver.php

@@ -0,0 +1,82 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpMcp\Server\Support;
+
+use InvalidArgumentException;
+use ReflectionMethod;
+use ReflectionException;
+
+/**
+ * Utility class to validate and resolve MCP element handlers.
+ */
+class HandlerResolver
+{
+    /**
+     * Validates and resolves a handler to its class name, method name, and ReflectionMethod instance.
+     *
+     * A handler can be:
+     * - An array: [ClassName::class, 'methodName']
+     * - A string: InvokableClassName::class (which will resolve to its '__invoke' method)
+     *
+     * @param array|string $handler The handler to resolve.
+     * @return array{className: class-string, methodName: string, reflectionMethod: ReflectionMethod}
+     *               An associative array containing 'className', 'methodName', and 'reflectionMethod'.
+     *
+     * @throws InvalidArgumentException If the handler format is invalid, the class/method doesn't exist,
+     *                                  or the method is unsuitable (e.g., static, private, abstract).
+     */
+    public static function resolve(array|string $handler): array
+    {
+        $className = null;
+        $methodName = null;
+
+        if (is_array($handler)) {
+            if (count($handler) !== 2 || !isset($handler[0]) || !isset($handler[1]) || !is_string($handler[0]) || !is_string($handler[1])) {
+                throw new InvalidArgumentException('Invalid array handler format. Expected [ClassName::class, \'methodName\'].');
+            }
+            [$className, $methodName] = $handler;
+            if (!class_exists($className)) {
+                throw new InvalidArgumentException("Handler class '{$className}' not found for array handler.");
+            }
+            if (!method_exists($className, $methodName)) {
+                throw new InvalidArgumentException("Handler method '{$methodName}' not found in class '{$className}' for array handler.");
+            }
+        } elseif (is_string($handler) && class_exists($handler)) {
+            $className = $handler;
+            $methodName = '__invoke';
+            if (!method_exists($className, $methodName)) {
+                throw new InvalidArgumentException("Invokable handler class '{$className}' must have a public '__invoke' method.");
+            }
+        } else {
+            throw new InvalidArgumentException('Invalid handler format. Expected [ClassName::class, \'methodName\'] or InvokableClassName::class string.');
+        }
+
+        try {
+            $reflectionMethod = new ReflectionMethod($className, $methodName);
+
+            if ($reflectionMethod->isStatic()) {
+                throw new InvalidArgumentException("Handler method '{$className}::{$methodName}' cannot be static.");
+            }
+            if (!$reflectionMethod->isPublic()) {
+                throw new InvalidArgumentException("Handler method '{$className}::{$methodName}' must be public.");
+            }
+            if ($reflectionMethod->isAbstract()) {
+                throw new InvalidArgumentException("Handler method '{$className}::{$methodName}' cannot be abstract.");
+            }
+            if ($reflectionMethod->isConstructor() || $reflectionMethod->isDestructor()) {
+                throw new InvalidArgumentException("Handler method '{$className}::{$methodName}' cannot be a constructor or destructor.");
+            }
+
+            return [
+                'className' => $className,
+                'methodName' => $methodName,
+                'reflectionMethod' => $reflectionMethod,
+            ];
+        } catch (ReflectionException $e) {
+            // This typically occurs if class_exists passed but ReflectionMethod still fails (rare)
+            throw new InvalidArgumentException("Reflection error for handler '{$className}::{$methodName}': {$e->getMessage()}", 0, $e);
+        }
+    }
+}

tests/Unit/ServerBuilderTest.php

@@ -20,26 +20,18 @@
 
 class DummyHandlerClass
 {
-    public function handle()
-    {
-    }
+    public function handle() {}
 }
 class DummyInvokableClass
 {
-    public function __invoke()
-    {
-    }
+    public function __invoke() {}
 }
 class HandlerWithDeps
 {
-    public function __construct(public LoggerInterface $log)
-    {
-    }
+    public function __construct(public LoggerInterface $log) {}
 
     #[McpTool(name: 'depTool')]
-    public function run()
-    {
-    }
+    public function run() {}
 }
 
 beforeEach(function () {
@@ -55,8 +47,6 @@ function getBuilderProperty(ServerBuilder $builder, string $propertyName)
     return $property->getValue($builder);
 }
 
-// --- Configuration Method Tests ---
-
 it('sets server info', function () {
     $this->builder->withServerInfo('MyServer', '1.2.3');
     expect(getBuilderProperty($this->builder, 'name'))->toBe('MyServer');
@@ -101,8 +91,6 @@ function getBuilderProperty(ServerBuilder $builder, string $propertyName)
     expect(getBuilderProperty($this->builder, 'loop'))->toBe($loop);
 });
 
-// --- Manual Registration Storage Tests ---
-
 it('stores manual tool registration data', function () {
     $handler = [DummyHandlerClass::class, 'handle'];
     $name = 'my-tool';
@@ -149,8 +137,6 @@ function getBuilderProperty(ServerBuilder $builder, string $propertyName)
     expect($manualPrompts[0]['name'])->toBe($name);
 });
 
-// --- Build Method Validation Tests ---
-
 it('throws exception if build called without server info', function () {
     $this->builder
         // ->withDiscoveryPaths($this->tempBasePath) // No longer needed
@@ -170,8 +156,6 @@ function getBuilderProperty(ServerBuilder $builder, string $propertyName)
         [' ', '1.0'],
     ]);
 
-// --- Default Dependency Resolution Tests ---
-
 it('resolves default Logger correctly when building', function () {
     $server = $this->builder
         ->withServerInfo('Test', '1.0')
@@ -239,8 +223,7 @@ function getBuilderProperty(ServerBuilder $builder, string $propertyName)
     expect($config->loop)->toBeInstanceOf(LoopInterface::class);
     expect($config->container)->toBe($container);
     expect($config->capabilities)->toBeInstanceOf(Capabilities::class);
-
-}); // REMOVED skip
+});
 
 it('successfully creates Server with custom dependencies', function () {
     $myLoop = Mockery::mock(LoopInterface::class);
@@ -265,8 +248,7 @@ function getBuilderProperty(ServerBuilder $builder, string $propertyName)
     expect($config->cache)->toBe($myCache);
     expect($config->capabilities)->toBe($myCaps);
     expect($server->getRegistry()->allPrompts()->count())->toBe(1);
-
-}); // REMOVED skip
+});
 
 it('throws DefinitionException if manual tool registration fails', function () {
     $container = new BasicContainer();
@@ -275,10 +257,8 @@ function getBuilderProperty(ServerBuilder $builder, string $propertyName)
     $this->builder
         ->withServerInfo('FailRegServer', '1.0')
         ->withContainer($container)
-        // Use a method that doesn't exist on the mock class
         ->withTool([DummyHandlerClass::class, 'nonExistentMethod'], 'badTool')
         ->build();
-
 })->throws(DefinitionException::class, '1 error(s) occurred during manual element registration');
 
 it('throws DefinitionException if manual resource registration fails', function () {
@@ -290,5 +270,4 @@ function getBuilderProperty(ServerBuilder $builder, string $propertyName)
         ->withContainer($container)
         ->withResource([DummyHandlerClass::class, 'handle'], 'invalid-uri-no-scheme') // Invalid URI
         ->build();
-
 })->throws(DefinitionException::class, '1 error(s) occurred during manual element registration');