unraid-mcp

Author	SHA1	Message	Date
Jacob Magar	1751bc2984	fix: apply all PR review agent findings (silent failures, type safety, test gaps) Addresses issues found by 4 parallel review agents (code-reviewer, silent-failure-hunter, type-design-analyzer, pr-test-analyzer). Source fixes: - core/utils.py: add public safe_display_url() (moved from tools/health.py) - core/client.py: rename _redact_sensitive → redact_sensitive (public API) - core/types.py: add SubscriptionData.__post_init__ for tz-aware datetime enforcement; remove 6 unused type aliases (SystemHealth, APIResponse, etc.) - subscriptions/manager.py: add exc_info=True to both except-Exception blocks; add except ValueError break-on-config-error before retry loop; import redact_sensitive by new public name - subscriptions/resources.py: re-raise in autostart_subscriptions() so ensure_subscriptions_started() doesn't permanently set _subscriptions_started - subscriptions/diagnostics.py: except ToolError: raise before broad except; use safe_display_url() instead of raw URL slice - tools/health.py: move _safe_display_url to core/utils; add exc_info=True; raise ToolError (not return dict) on ImportError - tools/info.py: use get_args(INFO_ACTIONS) instead of INFO_ACTIONS.__args__ - tools/{array,docker,keys,notifications,rclone,storage,virtualization}.py: add Literal-vs-ALL_ACTIONS sync check at import time Test fixes: - test_health.py: import safe_display_url from core.utils; update test_diagnose_import_error_internal to expect ToolError (not error dict) - test_storage.py: add 3 safe_get tests for zero/False/empty-string values - test_subscription_manager.py: add TestCapLogContentSingleMassiveLine (2 tests) - test_client.py: rename _redact_sensitive → redact_sensitive; add tests for new sensitive keys and is_cacheable explicit-keyword form	2026-02-19 02:23:04 -05:00
Jacob Magar	f76e676fd4	test: close critical coverage gaps and harden PR review fixes Critical bug fixes from PR review agents: - client.py: eager asyncio.Lock init, Final[frozenset] for _SENSITIVE_KEYS, explicit 429 ToolError after retries exhausted, removed lazy _get_client_lock() and _RateLimiter._get_lock() patterns - exceptions.py: use builtin TimeoutError (UP041), explicit handler before broad except so asyncio timeouts get descriptive messages - docker.py: add update_all to DESTRUCTIVE_ACTIONS (was missing), remove dead _MUTATION_ACTIONS constant - manager.py: _cap_log_content returns new dict (immutable), lock write to resource_data, clean dead task from active_subscriptions after loop exits - diagnostics.py: fix inaccurate comment about semicolon injection guard - health.py: narrow except ValueError in _safe_display_url, fix TODO comment New test coverage (98 tests added, 529 → 598 passing): - test_subscription_validation.py: 27 tests for _validate_subscription_query (security-critical allow-list, forbidden keyword guards, word-boundary test) - test_subscription_manager.py: 12 tests for _cap_log_content (immutability, truncation, nesting, passthrough) - test_client.py: +57 tests — _RateLimiter (token math, refill, sleep-on-empty), _QueryCache (TTL, invalidation, is_cacheable), 429 retry loop (1/2/3 failures) - test_health.py: +10 tests for _safe_display_url (credential strip, port, path/query removal, malformed IPv6 → <unparseable>) - test_notifications.py: +7 importance enum and field length validation tests - test_rclone.py: +7 _validate_config_data security guard tests - test_storage.py: +15 (tail_lines bounds, format_kb, safe_get) - test_docker.py: update_all now requires confirm=True + new guard test - test_destructive_guards.py: update audit to include update_all Co-authored-by: Claude <noreply@anthropic.com>	2026-02-18 01:28:40 -05:00
Jacob Magar	316193c04b	refactor: comprehensive code review fixes across 31 files Addresses all critical, high, medium, and low issues from full codebase review. 494 tests pass, ruff clean, ty type-check clean. Security: - Add tool_error_handler context manager (exceptions.py) — standardised error handling, eliminates 11 bare except-reraise patterns - Remove unused exception subclasses (ConfigurationError, UnraidAPIError, SubscriptionError, ValidationError, IdempotentOperationError) - Harden GraphQL subscription query validator with allow-list and forbidden-keyword regex (diagnostics.py) - Add input validation for rclone create_remote config_data: injection, path-traversal, and key-count limits (rclone.py) - Validate notifications importance enum before GraphQL request (notifications.py) - Sanitise HTTP/network/JSON error messages — no raw exception strings leaked to clients (client.py) - Strip path/creds from displayed API URL via _safe_display_url (health.py) - Enable Ruff S (bandit) rule category in pyproject.toml - Harden container mutations to strict-only matching — no fuzzy/substring for destructive operations (docker.py) Performance: - Token-bucket rate limiter (90 tokens, 9 req/s) with 429 retry backoff (client.py) - Lazy asyncio.Lock init via _get_client_lock() — fixes event-loop module-load crash (client.py) - Double-checked locking in get_http_client() for fast-path (client.py) - Short hex container ID fast-path skips list fetch (docker.py) - Cap resource_data log content to 1 MB / 5,000 lines (manager.py) - Reset reconnect counter after 30 s stable connection (manager.py) - Move tail_lines validation to module level; enforce 10,000 line cap (storage.py, docker.py) - force_terminal=True removed from logging RichHandler (logging.py) Architecture: - Register diagnostic tools in server startup (server.py) - Move ALL_ACTIONS computation to module level in all tools - Consolidate format_kb / format_bytes into shared core/utils.py - Add _safe_get() helper in core/utils.py for nested dict traversal - Extract _analyze_subscription_status() from health.py diagnose handler - Validate required config at startup — fail fast with CRITICAL log (server.py) Code quality: - Remove ~90 lines of dead Rich formatting helpers from logging.py - Remove dead self.websocket attribute from SubscriptionManager - Remove dead setup_uvicorn_logging() wrapper - Move _VALID_IMPORTANCE to module level (N806 fix) - Add slots=True to all three dataclasses (SubscriptionData, SystemHealth, APIResponse) - Fix None rendering as literal "None" string in info.py summaries - Change fuzzy-match log messages from INFO to DEBUG (docker.py) - UTC-aware datetimes throughout (manager.py, diagnostics.py) Infrastructure: - Upgrade base image python:3.11-slim → python:3.12-slim (Dockerfile) - Add non-root appuser (UID/GID 1000) with HEALTHCHECK (Dockerfile) - Add read_only, cap_drop: ALL, tmpfs /tmp to docker-compose.yml - Single-source version via importlib.metadata (pyproject.toml → __init__.py) - Add open_timeout to all websockets.connect() calls Tests: - Update error message matchers to match sanitised messages (test_client.py) - Fix patch targets for UNRAID_API_URL → utils module (test_subscriptions.py) - Fix importance="info" → importance="normal" (test_notifications.py, http_layer) - Fix naive datetime fixtures → UTC-aware (test_subscriptions.py) Co-authored-by: Claude <claude@anthropic.com>	2026-02-18 01:02:13 -05:00
Jacob Magar	abb7915672	feat: harden API safety and expand command docs with full test coverage	2026-02-15 22:15:51 -05:00
Jacob Magar	b00d78f408	Remove unused MCP resources and update documentation - Remove array_status, system_info, notifications_overview, and parity_status resources - Keep only logs_stream resource (unraid://logs/stream) which is working properly - Update README.md with current resource documentation and modern docker compose syntax - Fix import path issues that were causing subscription errors - Update environment configuration examples - Clean up subscription manager to only include working log streaming 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-08-11 14:19:27 -04:00

5 Commits