mirror of
https://github.com/jmagar/unraid-mcp.git
synced 2026-03-23 12:39:24 -07:00
2b777be927
Security: - Remove /mnt/ from _ALLOWED_LOG_PREFIXES to prevent Unraid share exposure - Add early .. detection for disk/logs and live/log_tail path validation - Add /boot/ prefix restriction for flash_backup source_path - Use hmac.compare_digest for timing-safe API key verification in server.py - Gate include_traceback on DEBUG log level (no tracebacks in production) Correctness: - Re-raise CredentialsNotConfiguredError in health check instead of swallowing - Fix ups_device query (remove non-existent nominalPower/currentPower fields) Best practices (BP-01, BP-05, BP-06): - Add # noqa: ASYNC109 to timeout params in _handle_live and unraid() - Fix start_array* → start_array in docstring (not in ARRAY_DESTRUCTIVE) - Remove from __future__ import annotations from snapshot.py - Replace import-time UNRAID_API_KEY/URL bindings with _settings.ATTR pattern in manager.py, snapshot.py, utils.py, diagnostics.py — fixes stale binding after apply_runtime_config() post-elicitation (BP-05) CI/CD: - Add .github/workflows/ci.yml (5-job pipeline: lint, typecheck, test, version-sync, audit) - Add fail_under = 80 to [tool.coverage.report] - Add version sync check to scripts/validate-marketplace.sh Documentation: - Sync plugin.json version 1.1.1 → 1.1.2 with pyproject.toml - Update CLAUDE.md: 3 tools, system domain count 18, scripts comment fix - Update README.md: 3 tools, security notes - Update docs/AUTHENTICATION.md: H1 title fix - Add UNRAID_CREDENTIALS_DIR to .env.example Bump: 1.1.1 → 1.1.2 Co-Authored-By: Claude <noreply@anthropic.com>
170 lines
6.5 KiB
Python
170 lines
6.5 KiB
Python
"""One-shot GraphQL subscription helpers for MCP tool snapshot actions.
|
|
|
|
`subscribe_once(query, variables, timeout)` — connect, subscribe, return the
|
|
first event's data, then disconnect.
|
|
|
|
`subscribe_collect(query, variables, collect_for, timeout)` — connect,
|
|
subscribe, collect all events for `collect_for` seconds, return the list.
|
|
|
|
Neither function maintains a persistent connection — they open and close a
|
|
WebSocket per call. This is intentional: MCP tools are request-response.
|
|
Use the SubscriptionManager for long-lived monitoring resources.
|
|
"""
|
|
|
|
import asyncio
|
|
import json
|
|
from typing import Any
|
|
|
|
import websockets
|
|
from websockets.typing import Subprotocol
|
|
|
|
from ..config import settings as _settings
|
|
from ..config.logging import logger
|
|
from ..core.exceptions import ToolError
|
|
from .utils import build_ws_ssl_context, build_ws_url
|
|
|
|
|
|
async def subscribe_once(
|
|
query: str,
|
|
variables: dict[str, Any] | None = None,
|
|
timeout: float = 10.0, # noqa: ASYNC109
|
|
) -> dict[str, Any]:
|
|
"""Open a WebSocket subscription, receive the first data event, close, return it.
|
|
|
|
Raises ToolError on auth failure, GraphQL errors, or timeout.
|
|
"""
|
|
ws_url = build_ws_url()
|
|
ssl_context = build_ws_ssl_context(ws_url)
|
|
|
|
async with websockets.connect(
|
|
ws_url,
|
|
subprotocols=[Subprotocol("graphql-transport-ws"), Subprotocol("graphql-ws")],
|
|
open_timeout=timeout,
|
|
ping_interval=20,
|
|
ping_timeout=10,
|
|
ssl=ssl_context,
|
|
) as ws:
|
|
proto = ws.subprotocol or "graphql-transport-ws"
|
|
sub_id = "snapshot-1"
|
|
|
|
# Handshake
|
|
init: dict[str, Any] = {"type": "connection_init"}
|
|
if _settings.UNRAID_API_KEY:
|
|
init["payload"] = {"x-api-key": _settings.UNRAID_API_KEY}
|
|
await ws.send(json.dumps(init))
|
|
|
|
raw = await asyncio.wait_for(ws.recv(), timeout=timeout)
|
|
ack = json.loads(raw)
|
|
if ack.get("type") == "connection_error":
|
|
raise ToolError(f"Subscription auth failed: {ack.get('payload')}")
|
|
if ack.get("type") != "connection_ack":
|
|
raise ToolError(f"Unexpected handshake response: {ack.get('type')}")
|
|
|
|
# Subscribe
|
|
start_type = "subscribe" if proto == "graphql-transport-ws" else "start"
|
|
await ws.send(
|
|
json.dumps(
|
|
{
|
|
"id": sub_id,
|
|
"type": start_type,
|
|
"payload": {"query": query, "variables": variables or {}},
|
|
}
|
|
)
|
|
)
|
|
|
|
# Await first matching data event
|
|
expected_type = "next" if proto == "graphql-transport-ws" else "data"
|
|
|
|
try:
|
|
async with asyncio.timeout(timeout):
|
|
async for raw_msg in ws:
|
|
msg = json.loads(raw_msg)
|
|
if msg.get("type") == "ping":
|
|
await ws.send(json.dumps({"type": "pong"}))
|
|
continue
|
|
if msg.get("type") == expected_type and msg.get("id") == sub_id:
|
|
payload = msg.get("payload", {})
|
|
if errors := payload.get("errors"):
|
|
msgs = "; ".join(e.get("message", str(e)) for e in errors)
|
|
raise ToolError(f"Subscription errors: {msgs}")
|
|
if data := payload.get("data"):
|
|
return data
|
|
elif msg.get("type") == "error" and msg.get("id") == sub_id:
|
|
raise ToolError(f"Subscription error: {msg.get('payload')}")
|
|
except TimeoutError:
|
|
raise ToolError(f"Subscription timed out after {timeout:.0f}s") from None
|
|
|
|
raise ToolError("WebSocket closed before receiving subscription data")
|
|
|
|
|
|
async def subscribe_collect(
|
|
query: str,
|
|
variables: dict[str, Any] | None = None,
|
|
collect_for: float = 5.0,
|
|
timeout: float = 10.0, # noqa: ASYNC109
|
|
) -> list[dict[str, Any]]:
|
|
"""Open a subscription, collect events for `collect_for` seconds, close, return list.
|
|
|
|
Returns an empty list if no events arrive within the window.
|
|
Always closes the connection after the window expires.
|
|
"""
|
|
ws_url = build_ws_url()
|
|
ssl_context = build_ws_ssl_context(ws_url)
|
|
events: list[dict[str, Any]] = []
|
|
|
|
async with websockets.connect(
|
|
ws_url,
|
|
subprotocols=[Subprotocol("graphql-transport-ws"), Subprotocol("graphql-ws")],
|
|
open_timeout=timeout,
|
|
ping_interval=20,
|
|
ping_timeout=10,
|
|
ssl=ssl_context,
|
|
) as ws:
|
|
proto = ws.subprotocol or "graphql-transport-ws"
|
|
sub_id = "snapshot-1"
|
|
|
|
init: dict[str, Any] = {"type": "connection_init"}
|
|
if _settings.UNRAID_API_KEY:
|
|
init["payload"] = {"x-api-key": _settings.UNRAID_API_KEY}
|
|
await ws.send(json.dumps(init))
|
|
|
|
raw = await asyncio.wait_for(ws.recv(), timeout=timeout)
|
|
ack = json.loads(raw)
|
|
if ack.get("type") == "connection_error":
|
|
raise ToolError(f"Subscription auth failed: {ack.get('payload')}")
|
|
if ack.get("type") != "connection_ack":
|
|
raise ToolError(f"Unexpected handshake response: {ack.get('type')}")
|
|
|
|
start_type = "subscribe" if proto == "graphql-transport-ws" else "start"
|
|
await ws.send(
|
|
json.dumps(
|
|
{
|
|
"id": sub_id,
|
|
"type": start_type,
|
|
"payload": {"query": query, "variables": variables or {}},
|
|
}
|
|
)
|
|
)
|
|
|
|
expected_type = "next" if proto == "graphql-transport-ws" else "data"
|
|
|
|
try:
|
|
async with asyncio.timeout(collect_for):
|
|
async for raw_msg in ws:
|
|
msg = json.loads(raw_msg)
|
|
if msg.get("type") == "ping":
|
|
await ws.send(json.dumps({"type": "pong"}))
|
|
continue
|
|
if msg.get("type") == expected_type and msg.get("id") == sub_id:
|
|
payload = msg.get("payload", {})
|
|
if errors := payload.get("errors"):
|
|
msgs = "; ".join(e.get("message", str(e)) for e in errors)
|
|
raise ToolError(f"Subscription errors: {msgs}")
|
|
if data := payload.get("data"):
|
|
events.append(data)
|
|
except TimeoutError:
|
|
pass # Collection window expired — return whatever was collected
|
|
|
|
logger.debug(f"[SNAPSHOT] Collected {len(events)} events in {collect_for}s window")
|
|
return events
|