fix: address 54 MEDIUM/LOW priority PR review issues

Comprehensive fixes across Python code, shell scripts, and documentation addressing all remaining MEDIUM and LOW priority review comments. Python Code Fixes (27 fixes): - tools/info.py: Simplified dispatch with lookup tables, defensive guards, CPU fallback formatting, !s conversion flags, module-level sync assertion - tools/docker.py: Case-insensitive container ID regex, keyword-only confirm, module-level ALL_ACTIONS constant - tools/virtualization.py: Normalized single-VM dict responses, unified list/details queries - core/client.py: Fixed HTTP client singleton race condition, compound key substring matching for sensitive data redaction - subscriptions/: Extracted SSL context creation to shared helper in utils.py, replaced deprecated ssl._create_unverified_context API - tools/array.py: Renamed parity_history to parity_status, hoisted ALL_ACTIONS - tools/storage.py: Fixed dict(None) risks, temperature 0 falsiness bug - tools/notifications.py, keys.py, rclone.py: Fixed dict(None) TypeError risks - tests/: Fixed generator type annotations, added coverage for compound keys Shell Script Fixes (13 fixes): - dashboard.sh: Dynamic server discovery, conditional debug output, null-safe jq, notification count guard order, removed unused variables - unraid-query.sh: Proper JSON escaping via jq, --ignore-errors and --insecure CLI flags, TLS verification now on by default - validate-marketplace.sh: Removed unused YELLOW variable, defensive jq, simplified repository URL output Documentation Fixes (24+ fixes): - Version consistency: Updated all references to v0.2.0 across pyproject.toml, plugin.json, marketplace.json, MARKETPLACE.md, __init__.py, README files - Tool count updates: Changed all "26 tools" references to "10 tools, 90 actions" - Markdown lint: Fixed MD022, MD031, MD047 issues across multiple files - Research docs: Fixed auth headers, removed web artifacts, corrected stale info - Skills docs: Fixed query examples, endpoint counts, env var references All 227 tests pass, ruff and ty checks clean.
2026-03-01 16:04:24 -08:00 · 2026-02-15 17:09:31 -05:00
parent 6bbe46879e
commit 37e9424a5c
58 changed files with 1333 additions and 1175 deletions
--- a/unraid_mcp/subscriptions/diagnostics.py
+++ b/unraid_mcp/subscriptions/diagnostics.py
@@ -7,7 +7,6 @@ development and debugging purposes.

 import asyncio
 import json
-import ssl
 from datetime import datetime
 from typing import Any

@@ -16,10 +15,11 @@ from fastmcp import FastMCP
 from websockets.typing import Subprotocol

 from ..config.logging import logger
-from ..config.settings import UNRAID_API_KEY, UNRAID_API_URL, UNRAID_VERIFY_SSL
+from ..config.settings import UNRAID_API_KEY, UNRAID_API_URL
 from ..core.exceptions import ToolError
 from .manager import subscription_manager
 from .resources import ensure_subscriptions_started
+from .utils import build_ws_ssl_context


 def register_diagnostic_tools(mcp: FastMCP) -> None:
@@ -31,8 +31,8 @@ def register_diagnostic_tools(mcp: FastMCP) -> None:

    @mcp.tool()
    async def test_subscription_query(subscription_query: str) -> dict[str, Any]:
-        """
-        Test a GraphQL subscription query directly to debug schema issues.
+        """Test a GraphQL subscription query directly to debug schema issues.
+
        Use this to find working subscription field names and structure.

        Args:
@@ -49,15 +49,7 @@ def register_diagnostic_tools(mcp: FastMCP) -> None:
                raise ToolError("UNRAID_API_URL is not configured")
            ws_url = UNRAID_API_URL.replace("https://", "wss://").replace("http://", "ws://") + "/graphql"

-            # Build SSL context for wss:// connections
-            ssl_context = None
-            if ws_url.startswith("wss://"):
-                if isinstance(UNRAID_VERIFY_SSL, str):
-                    ssl_context = ssl.create_default_context(cafile=UNRAID_VERIFY_SSL)
-                elif UNRAID_VERIFY_SSL:
-                    ssl_context = ssl.create_default_context()
-                else:
-                    ssl_context = ssl._create_unverified_context()
+            ssl_context = build_ws_ssl_context(ws_url)

            # Test connection
            async with websockets.connect(
@@ -104,7 +96,7 @@ def register_diagnostic_tools(mcp: FastMCP) -> None:
                        "query_tested": subscription_query
                    }

-                except asyncio.TimeoutError:
+                except TimeoutError:
                    return {
                        "success": True,
                        "response": "No immediate response (subscriptions may only send data on changes)",
@@ -121,8 +113,8 @@ def register_diagnostic_tools(mcp: FastMCP) -> None:

    @mcp.tool()
    async def diagnose_subscriptions() -> dict[str, Any]:
-        """
-        Comprehensive diagnostic tool for subscription system.
+        """Comprehensive diagnostic tool for subscription system.
+
        Shows detailed status, connection states, errors, and troubleshooting info.

        Returns:
@@ -163,14 +155,14 @@ def register_diagnostic_tools(mcp: FastMCP) -> None:

            # Calculate WebSocket URL
            if UNRAID_API_URL:
-                if UNRAID_API_URL.startswith('https://'):
-                    ws_url = 'wss://' + UNRAID_API_URL[len('https://'):]
-                elif UNRAID_API_URL.startswith('http://'):
-                    ws_url = 'ws://' + UNRAID_API_URL[len('http://'):]
+                if UNRAID_API_URL.startswith("https://"):
+                    ws_url = "wss://" + UNRAID_API_URL[len("https://"):]
+                elif UNRAID_API_URL.startswith("http://"):
+                    ws_url = "ws://" + UNRAID_API_URL[len("http://"):]
                else:
                    ws_url = UNRAID_API_URL
-                if not ws_url.endswith('/graphql'):
-                    ws_url = ws_url.rstrip('/') + '/graphql'
+                if not ws_url.endswith("/graphql"):
+                    ws_url = ws_url.rstrip("/") + "/graphql"
                diagnostic_info["environment"]["websocket_url"] = ws_url

            # Analyze issues
@@ -222,6 +214,6 @@ def register_diagnostic_tools(mcp: FastMCP) -> None:

        except Exception as e:
            logger.error(f"[DIAGNOSTIC] Failed to generate diagnostics: {e}")
-            raise ToolError(f"Failed to generate diagnostics: {str(e)}") from e
+            raise ToolError(f"Failed to generate diagnostics: {e!s}") from e

    logger.info("Subscription diagnostic tools registered successfully")
--- a/unraid_mcp/subscriptions/manager.py
+++ b/unraid_mcp/subscriptions/manager.py
@@ -8,7 +8,6 @@ error handling, reconnection logic, and authentication.
 import asyncio
 import json
 import os
-import ssl
 from datetime import datetime
 from typing import Any

@@ -16,8 +15,9 @@ import websockets
 from websockets.typing import Subprotocol

 from ..config.logging import logger
-from ..config.settings import UNRAID_API_KEY, UNRAID_API_URL, UNRAID_VERIFY_SSL
+from ..config.settings import UNRAID_API_KEY, UNRAID_API_URL
 from ..core.types import SubscriptionData
+from .utils import build_ws_ssl_context


 class SubscriptionManager:
@@ -141,28 +141,20 @@ class SubscriptionManager:
                if not UNRAID_API_URL:
                    raise ValueError("UNRAID_API_URL is not configured")

-                if UNRAID_API_URL.startswith('https://'):
-                    ws_url = 'wss://' + UNRAID_API_URL[len('https://'):]
-                elif UNRAID_API_URL.startswith('http://'):
-                    ws_url = 'ws://' + UNRAID_API_URL[len('http://'):]
+                if UNRAID_API_URL.startswith("https://"):
+                    ws_url = "wss://" + UNRAID_API_URL[len("https://"):]
+                elif UNRAID_API_URL.startswith("http://"):
+                    ws_url = "ws://" + UNRAID_API_URL[len("http://"):]
                else:
                    ws_url = UNRAID_API_URL

-                if not ws_url.endswith('/graphql'):
-                    ws_url = ws_url.rstrip('/') + '/graphql'
+                if not ws_url.endswith("/graphql"):
+                    ws_url = ws_url.rstrip("/") + "/graphql"

                logger.debug(f"[WEBSOCKET:{subscription_name}] Connecting to: {ws_url}")
                logger.debug(f"[WEBSOCKET:{subscription_name}] API Key present: {'Yes' if UNRAID_API_KEY else 'No'}")

-                # Build SSL context for wss:// connections
-                ssl_context = None
-                if ws_url.startswith('wss://'):
-                    if isinstance(UNRAID_VERIFY_SSL, str):
-                        ssl_context = ssl.create_default_context(cafile=UNRAID_VERIFY_SSL)
-                    elif UNRAID_VERIFY_SSL:
-                        ssl_context = ssl.create_default_context()
-                    else:
-                        ssl_context = ssl._create_unverified_context()
+                ssl_context = build_ws_ssl_context(ws_url)

                # Connection with timeout
                connect_timeout = 10
@@ -213,7 +205,7 @@ class SubscriptionManager:
                        init_data = json.loads(init_raw)
                        logger.debug(f"[PROTOCOL:{subscription_name}] Received init response: {init_data.get('type')}")
                    except json.JSONDecodeError as e:
-                        init_preview = init_raw[:200] if isinstance(init_raw, str) else init_raw[:200].decode('utf-8', errors='replace')
+                        init_preview = init_raw[:200] if isinstance(init_raw, str) else init_raw[:200].decode("utf-8", errors="replace")
                        logger.error(f"[PROTOCOL:{subscription_name}] Failed to decode init response: {init_preview}...")
                        self.last_error[subscription_name] = f"Invalid JSON in init response: {e}"
                        break
@@ -223,7 +215,7 @@ class SubscriptionManager:
                        logger.info(f"[PROTOCOL:{subscription_name}] Connection acknowledged successfully")
                        self.connection_states[subscription_name] = "authenticated"
                    elif init_data.get("type") == "connection_error":
-                        error_payload = init_data.get('payload', {})
+                        error_payload = init_data.get("payload", {})
                        logger.error(f"[AUTH:{subscription_name}] Authentication failed: {error_payload}")
                        self.last_error[subscription_name] = f"Authentication error: {error_payload}"
                        self.connection_states[subscription_name] = "auth_failed"
@@ -259,7 +251,7 @@ class SubscriptionManager:
                        try:
                            data = json.loads(message)
                            message_count += 1
-                            message_type = data.get('type', 'unknown')
+                            message_type = data.get("type", "unknown")

                            logger.debug(f"[DATA:{subscription_name}] Message #{message_count}: {message_type}")

@@ -288,7 +280,7 @@ class SubscriptionManager:
                                await websocket.send(json.dumps({"type": "pong"}))

                            elif data.get("type") == "error":
-                                error_payload = data.get('payload', {})
+                                error_payload = data.get("payload", {})
                                logger.error(f"[SUBSCRIPTION:{subscription_name}] Subscription error: {error_payload}")
                                self.last_error[subscription_name] = f"Subscription error: {error_payload}"
                                self.connection_states[subscription_name] = "error"
@@ -305,15 +297,15 @@ class SubscriptionManager:
                                logger.debug(f"[PROTOCOL:{subscription_name}] Unhandled message type: {message_type}")

                        except json.JSONDecodeError as e:
-                            msg_preview = message[:200] if isinstance(message, str) else message[:200].decode('utf-8', errors='replace')
+                            msg_preview = message[:200] if isinstance(message, str) else message[:200].decode("utf-8", errors="replace")
                            logger.error(f"[PROTOCOL:{subscription_name}] Failed to decode message: {msg_preview}...")
                            logger.error(f"[PROTOCOL:{subscription_name}] JSON decode error: {e}")
                        except Exception as e:
                            logger.error(f"[DATA:{subscription_name}] Error processing message: {e}")
-                            msg_preview = message[:200] if isinstance(message, str) else message[:200].decode('utf-8', errors='replace')
+                            msg_preview = message[:200] if isinstance(message, str) else message[:200].decode("utf-8", errors="replace")
                            logger.debug(f"[DATA:{subscription_name}] Raw message: {msg_preview}...")

-            except asyncio.TimeoutError:
+            except TimeoutError:
                error_msg = "Connection or authentication timeout"
                logger.error(f"[WEBSOCKET:{subscription_name}] {error_msg}")
                self.last_error[subscription_name] = error_msg
@@ -353,9 +345,8 @@ class SubscriptionManager:
            age_seconds = (datetime.now() - data.last_updated).total_seconds()
            logger.debug(f"[RESOURCE:{resource_name}] Data found, age: {age_seconds:.1f}s")
            return data.data
-        else:
-            logger.debug(f"[RESOURCE:{resource_name}] No data available")
-            return None
+        logger.debug(f"[RESOURCE:{resource_name}] No data available")
+        return None

    def list_active_subscriptions(self) -> list[str]:
        """List all active subscriptions."""
--- a/unraid_mcp/subscriptions/resources.py
+++ b/unraid_mcp/subscriptions/resources.py
@@ -13,6 +13,7 @@ from fastmcp import FastMCP
 from ..config.logging import logger
 from .manager import subscription_manager

+
 # Global flag to track subscription startup
 _subscriptions_started = False

--- a/unraid_mcp/subscriptions/utils.py
+++ b/unraid_mcp/subscriptions/utils.py
@@ -0,0 +1,27 @@
+"""Shared utilities for the subscription system."""
+
+import ssl as _ssl
+
+from ..config.settings import UNRAID_VERIFY_SSL
+
+
+def build_ws_ssl_context(ws_url: str) -> _ssl.SSLContext | None:
+    """Build an SSL context for WebSocket connections when using wss://.
+
+    Args:
+        ws_url: The WebSocket URL to connect to.
+
+    Returns:
+        An SSLContext configured per UNRAID_VERIFY_SSL, or None for non-TLS URLs.
+    """
+    if not ws_url.startswith("wss://"):
+        return None
+    if isinstance(UNRAID_VERIFY_SSL, str):
+        return _ssl.create_default_context(cafile=UNRAID_VERIFY_SSL)
+    if UNRAID_VERIFY_SSL:
+        return _ssl.create_default_context()
+    # Explicitly disable verification (equivalent to verify=False)
+    ctx = _ssl.SSLContext(_ssl.PROTOCOL_TLS_CLIENT)
+    ctx.check_hostname = False
+    ctx.verify_mode = _ssl.CERT_NONE
+    return ctx