crackerjack 0.31.10__py3-none-any.whl → 0.31.13__py3-none-any.whl

crackerjack/mcp/tools/monitoring_tools.py

@@ -4,10 +4,32 @@ import typing as t
 from contextlib import suppress
 
 from crackerjack.mcp.context import get_context
+from crackerjack.services.bounded_status_operations import (
+    execute_bounded_status_operation,
+)
+from crackerjack.services.secure_status_formatter import (
+    StatusVerbosity,
+    format_secure_status,
+    get_secure_status_formatter,
+)
+from crackerjack.services.status_authentication import (
+    authenticate_status_request,
+    get_status_authenticator,
+)
+from crackerjack.services.status_security_manager import (
+    get_status_security_manager,
+    secure_status_operation,
+    validate_status_request,
+)
+from crackerjack.services.thread_safe_status_collector import (
+    get_thread_safe_status_collector,
+)
+from crackerjack.services.websocket_resource_limiter import (
+    get_websocket_resource_limiter,
+)
 
 
 def _suggest_agent_for_context(state_manager) -> dict[str, t.Any]:
-    """Suggest appropriate agents based on current development context."""
     suggestions = {
         "recommended_agent": None,
         "reason": "",
@@ -15,24 +37,22 @@ def _suggest_agent_for_context(state_manager) -> dict[str, t.Any]:
         "priority": "MEDIUM",
     }
 
-    # Check for errors or failures that need specific agents
     with suppress(Exception):
         recent_errors = getattr(state_manager, "recent_errors", [])
         stage_statuses = _get_stage_status_dict(state_manager)
 
-        # Test failures suggest test specialist
         if stage_statuses.get("tests") == "failed" or any(
             "test" in str(error).lower() for error in recent_errors
         ):
             suggestions.update(
                 {
-                    "recommended_agent": "crackerjack-test-specialist",
-                    "reason": "Test failures detected - specialist needed for debugging and fixes",
-                    "usage": 'Task tool with subagent_type="crackerjack-test-specialist"',
+                    "recommended_agent": "crackerjack - test-specialist",
+                    "reason": "Test failures detected-specialist needed for debugging and fixes",
+                    "usage": 'Task tool with subagent_type ="crackerjack - test-specialist"',
                     "priority": "HIGH",
                 }
             )
-        # Security issues suggest security auditor
+
         elif any(
             "security" in str(error).lower() or "bandit" in str(error).lower()
             for error in recent_errors
@@ -40,28 +60,28 @@ def _suggest_agent_for_context(state_manager) -> dict[str, t.Any]:
             suggestions.update(
                 {
                     "recommended_agent": "security-auditor",
-                    "reason": "Security issues detected - immediate audit required",
-                    "usage": 'Task tool with subagent_type="security-auditor"',
+                    "reason": "Security issues detected-immediate audit required",
+                    "usage": 'Task tool with subagent_type ="security-auditor"',
                     "priority": "HIGH",
                 }
             )
-        # Complexity issues suggest architect
+
         elif any("complex" in str(error).lower() for error in recent_errors):
             suggestions.update(
                 {
                     "recommended_agent": "crackerjack-architect",
-                    "reason": "Complexity issues detected - architectural review needed",
-                    "usage": 'Task tool with subagent_type="crackerjack-architect"',
+                    "reason": "Complexity issues detected-architectural review needed",
+                    "usage": 'Task tool with subagent_type ="crackerjack-architect"',
                     "priority": "HIGH",
                 }
             )
-        # Default recommendation for Python projects
+
         else:
             suggestions.update(
                 {
                     "recommended_agent": "crackerjack-architect",
-                    "reason": "Python project - ensure crackerjack compliance from the start",
-                    "usage": 'Task tool with subagent_type="crackerjack-architect"',
+                    "reason": "Python project-ensure crackerjack compliance from the start",
+                    "usage": 'Task tool with subagent_type ="crackerjack-architect"',
                     "priority": "MEDIUM",
                 }
             )
@@ -70,7 +90,6 @@ def _suggest_agent_for_context(state_manager) -> dict[str, t.Any]:
 
 
 def _create_error_response(message: str, success: bool = False) -> str:
-    """Utility function to create standardized error responses."""
     import json
 
     return json.dumps({"error": message, "success": success})
@@ -145,7 +164,6 @@ def _add_state_manager_stats(stats: dict, state_manager) -> None:
 
 
 def _get_active_jobs(context) -> list[dict[str, t.Any]]:
-    """Get information about active jobs from progress files."""
     jobs = []
     if not context.progress_dir.exists():
         return jobs
@@ -174,80 +192,96 @@ def _get_active_jobs(context) -> list[dict[str, t.Any]]:
     return jobs
 
 
-async def _get_comprehensive_status() -> dict[str, t.Any]:
-    """Get comprehensive status of MCP server, WebSocket server, and active jobs."""
+async def _get_comprehensive_status_secure(
+    client_id: str = "mcp_client",
+    client_ip: str = "127.0.0.1",
+    auth_header: str | None = None,
+    verbosity: StatusVerbosity = StatusVerbosity.STANDARD,
+) -> dict[str, t.Any]:
+    """Get comprehensive status with full security integration."""
+
+    # 1. Authentication
+    auth_manager = get_status_authenticator()
     try:
-        context = get_context()
-    except RuntimeError:
-        context = None
+        credentials = await authenticate_status_request(
+            auth_header, client_ip, "get_comprehensive_status"
+        )
+
+        # Check if operation is allowed for this auth level
+        if not auth_manager.is_operation_allowed(
+            "get_comprehensive_status", credentials.access_level
+        ):
+            return {"error": "Insufficient privileges for comprehensive status"}
 
-    if not context:
-        return {"error": "Server context not available"}
+    except Exception as e:
+        return {"error": f"Authentication failed: {e}"}
 
+    # 2. Security validation
     try:
-        # Get server status
-        from crackerjack.services.server_manager import (
-            find_mcp_server_processes,
-            find_websocket_server_processes,
+        await validate_status_request(client_id, "get_comprehensive_status", {})
+    except Exception as e:
+        return {"error": f"Security validation failed: {e}"}
+
+    # 3. Resource management with bounded operations
+    try:
+        return await execute_bounded_status_operation(
+            "status_collection",
+            client_id,
+            _collect_comprehensive_status_internal,
+            client_id,
+            verbosity,
         )
+    except Exception as e:
+        return {"error": f"Resource limit exceeded: {e}"}
 
-        mcp_processes = find_mcp_server_processes()
-        websocket_processes = find_websocket_server_processes()
 
-        # Get active jobs
-        active_jobs = _get_active_jobs(context)
+async def _collect_comprehensive_status_internal(
+    client_id: str = "mcp_client",
+    verbosity: StatusVerbosity = StatusVerbosity.STANDARD,
+) -> dict[str, t.Any]:
+    """Internal comprehensive status collection using thread-safe collector."""
 
-        # Get WebSocket server status from context
-        websocket_status = None
-        try:
-            websocket_status = await context.get_websocket_server_status()
-        except (ConnectionError, TimeoutError) as e:
-            websocket_status = {"error": f"Connection failed: {e}"}
-        except Exception as e:
-            websocket_status = {"error": f"Status unavailable: {e}"}
+    # Use thread-safe status collector
+    collector = get_thread_safe_status_collector()
 
-        # Build comprehensive status
+    try:
+        # Collect status with thread safety and proper timeout handling
+        snapshot = await collector.collect_comprehensive_status(
+            client_id=client_id,
+        )
+
+        # Build final status from snapshot
         status = {
-            "services": {
-                "mcp_server": {
-                    "running": len(mcp_processes) > 0,
-                    "processes": mcp_processes,
-                },
-                "websocket_server": {
-                    "running": len(websocket_processes) > 0,
-                    "processes": websocket_processes,
-                    "port": getattr(context, "websocket_server_port", 8675),
-                    "status": websocket_status,
-                },
+            "services": snapshot.services,
+            "jobs": snapshot.jobs,
+            "server_stats": snapshot.server_stats,
+            "collection_info": {
+                "timestamp": snapshot.timestamp,
+                "duration": snapshot.collection_duration,
+                "is_complete": snapshot.is_complete,
+                "errors": snapshot.errors,
             },
-            "jobs": {
-                "active_count": len(
-                    [j for j in active_jobs if j["status"] == "running"],
-                ),
-                "completed_count": len(
-                    [j for j in active_jobs if j["status"] == "completed"],
-                ),
-                "failed_count": len(
-                    [j for j in active_jobs if j["status"] == "failed"],
-                ),
-                "details": active_jobs,
-            },
-            "server_stats": _build_server_stats(context),
-            "timestamp": time.time(),
         }
 
-        # Add state manager stats
-        state_manager = getattr(context, "state_manager", None)
-        _add_state_manager_stats(status["server_stats"], state_manager)
+        # Add agent suggestions if available
+        context = None
+        with suppress(RuntimeError):
+            context = get_context()
 
-        # Add agent suggestions based on current context
-        if state_manager:
-            status["agent_suggestions"] = _suggest_agent_for_context(state_manager)
+        if context:
+            state_manager = getattr(context, "state_manager", None)
+            if state_manager:
+                status["agent_suggestions"] = _suggest_agent_for_context(state_manager)
 
         return status
 
     except Exception as e:
-        return {"error": f"Failed to get comprehensive status: {e}"}
+        return {"error": f"Failed to collect comprehensive status: {e}"}
+
+
+async def _get_comprehensive_status() -> dict[str, t.Any]:
+    """Legacy wrapper for backward compatibility."""
+    return await _get_comprehensive_status_secure()
 
 
 def register_monitoring_tools(mcp_app: t.Any) -> None:
@@ -262,20 +296,27 @@ def register_monitoring_tools(mcp_app: t.Any) -> None:
 def _register_stage_status_tool(mcp_app: t.Any) -> None:
     @mcp_app.tool()
     async def get_stage_status() -> str:
-        context = get_context()
-        if not context:
-            return _create_error_response("Server context not available")
+        client_id = "mcp_client"
 
         try:
+            # Security validation
+            await validate_status_request(client_id, "get_stage_status", {})
+
+            context = get_context()
+            if not context:
+                return _create_error_response("Server context not available")
+
             state_manager = getattr(context, "state_manager", None)
             if not state_manager:
                 return _create_error_response("State manager not available")
 
-            result = {
-                "stages": _get_stage_status_dict(state_manager),
-                "session": _get_session_info(state_manager),
-                "timestamp": time.time(),
-            }
+            # Use bounded operation for resource protection
+            result = await execute_bounded_status_operation(
+                "stage_status",
+                client_id,
+                _build_stage_status,
+                state_manager,
+            )
 
             return json.dumps(result, indent=2)
 
@@ -283,19 +324,40 @@ def _register_stage_status_tool(mcp_app: t.Any) -> None:
             return f'{{"error": "Failed to get stage status: {e}"}}'
 
 
+def _build_stage_status(state_manager) -> dict[str, t.Any]:
+    """Build stage status with bounded resource usage."""
+    return {
+        "stages": _get_stage_status_dict(state_manager),
+        "session": _get_session_info(state_manager),
+        "timestamp": time.time(),
+    }
+
+
 def _register_next_action_tool(mcp_app: t.Any) -> None:
     @mcp_app.tool()
     async def get_next_action() -> str:
-        context = get_context()
-        if not context:
-            return _create_error_response("Server context not available")
+        client_id = "mcp_client"
 
         try:
+            # Security validation
+            await validate_status_request(client_id, "get_next_action", {})
+
+            context = get_context()
+            if not context:
+                return _create_error_response("Server context not available")
+
             state_manager = getattr(context, "state_manager", None)
             if not state_manager:
                 return '{"recommended_action": "initialize", "reason": "No state manager available"}'
 
-            action = _determine_next_action(state_manager)
+            # Use bounded operation for consistency
+            action = await execute_bounded_status_operation(
+                "next_action",
+                client_id,
+                _determine_next_action,
+                state_manager,
+            )
+
             return json.dumps(action, indent=2)
 
         except Exception as e:
@@ -305,53 +367,122 @@ def _register_next_action_tool(mcp_app: t.Any) -> None:
 def _register_server_stats_tool(mcp_app: t.Any) -> None:
     @mcp_app.tool()
     async def get_server_stats() -> str:
-        context = get_context()
-        if not context:
-            return _create_error_response("Server context not available")
+        client_id = "mcp_client"
 
         try:
-            stats = _build_server_stats(context)
-            state_manager = getattr(context, "state_manager", None)
-            _add_state_manager_stats(stats, state_manager)
+            # Security validation
+            await validate_status_request(client_id, "get_server_stats", {})
+
+            # Use secure status operation with resource limits
+            async with await secure_status_operation(
+                client_id, "get_server_stats", timeout=15.0
+            ):
+                # Get context
+                context = get_context()
+                if not context:
+                    formatter = get_secure_status_formatter()
+                    error_response = formatter.format_error_response(
+                        "Server context not available",
+                    )
+                    return json.dumps(error_response, indent=2)
+
+                # Get raw stats with bounded operation
+                raw_stats = await execute_bounded_status_operation(
+                    "server_stats",
+                    client_id,
+                    _build_server_stats_secure,
+                    context,
+                )
+
+                # Apply secure formatting
+                secure_stats = format_secure_status(
+                    raw_stats,
+                    project_root=context.config.project_path,
+                    user_context="mcp_client",
+                )
 
-            return json.dumps(stats, indent=2)
+                return json.dumps(secure_stats, indent=2)
 
         except Exception as e:
-            return f'{{"error": "Failed to get server stats: {e}"}}'
+            # Use secure error formatting
+            formatter = get_secure_status_formatter()
+            error_response = formatter.format_error_response(
+                str(e),
+            )
+            return json.dumps(error_response, indent=2)
+
+
+def _build_server_stats_secure(context) -> dict[str, t.Any]:
+    """Build server stats with security controls."""
+
+    # Build base stats
+    stats = _build_server_stats(context)
+
+    # Add state manager stats
+    state_manager = getattr(context, "state_manager", None)
+    _add_state_manager_stats(stats, state_manager)
+
+    # Add security status
+    security_manager = get_status_security_manager()
+    stats["security_status"] = security_manager.get_security_status()
+
+    # Add resource limiter status if available
+    with suppress(Exception):
+        # Resource limiter may not be initialized
+        resource_limiter = get_websocket_resource_limiter()
+        stats["websocket_resources"] = resource_limiter.get_resource_status()
+
+    return stats
 
 
 def _register_comprehensive_status_tool(mcp_app: t.Any) -> None:
     @mcp_app.tool()
     async def get_comprehensive_status() -> str:
-        """Get comprehensive status of MCP server, WebSocket server, and active jobs.
-
-        This is the main status tool used by the /crackerjack:status slash command.
-        Provides information about:
-        - MCP server status and processes
-        - WebSocket server status and connections
-        - Active, completed, and failed jobs
-        - Progress information for running jobs
-        - Error metrics and resolution counts
-        - Service health and resource usage
-        """
+        client_id = "mcp_client"
+        client_ip = "127.0.0.1"
+
         try:
-            status = await _get_comprehensive_status()
-            return json.dumps(status, indent=2)
-        except Exception as e:
-            import traceback
+            # Use secure status operation with request lock
+            async with await secure_status_operation(
+                client_id,
+                "get_comprehensive_status",
+            ):
+                # Get raw status data with full security integration
+                raw_status = await _get_comprehensive_status_secure(
+                    client_id=client_id,
+                    client_ip=client_ip,
+                    # Local-only access (auth_header defaults to None)
+                )
 
-            return f'{{"error": "Failed to get comprehensive status: {e}", "traceback": "{traceback.format_exc()}"}}'
+                # Apply secure formatting
+                context = get_context()
+                project_root = context.config.project_path if context else None
+
+                secure_status = format_secure_status(
+                    raw_status,
+                    project_root=project_root,
+                    user_context="mcp_client",
+                )
+
+                return json.dumps(secure_status, indent=2)
+
+        except Exception as e:
+            # Use secure error formatting
+            formatter = get_secure_status_formatter()
+            error_response = formatter.format_error_response(
+                str(e),
+            )
+            return json.dumps(error_response, indent=2)
 
 
 def _register_command_help_tool(mcp_app: t.Any) -> None:
     @mcp_app.tool()
     async def list_slash_commands() -> str:
-        """List all available crackerjack slash commands with descriptions and usage."""
         try:
             commands = {
-                "/crackerjack:run": {
+                "/ crackerjack: run": {
                     "description": "Run full iterative auto-fixing with AI agent, tests, progress tracking, and verbose output",
-                    "usage": "Direct execution - no parameters needed",
+                    "usage": "Direct execution-no parameters needed",
                     "features": [
                         "Up to 10 iterations of quality improvement",
                         "Real-time WebSocket progress streaming",
@@ -360,9 +491,9 @@ def _register_command_help_tool(mcp_app: t.Any) -> None:
                         "Debug mode support",
                     ],
                 },
-                "/crackerjack:status": {
+                "/ crackerjack: status": {
                     "description": "Get comprehensive system status including servers, jobs, and resource usage",
-                    "usage": "Direct execution - no parameters needed",
+                    "usage": "Direct execution-no parameters needed",
                     "features": [
                         "MCP server health monitoring",
                         "WebSocket server status",
@@ -371,11 +502,11 @@ def _register_command_help_tool(mcp_app: t.Any) -> None:
                         "Error counts and progress data",
                     ],
                 },
-                "/crackerjack:init": {
+                "/ crackerjack: init": {
                     "description": "Initialize or update crackerjack configuration with smart configuration merging",
                     "usage": "Optional parameters: target_path (defaults to current directory)",
                     "kwargs": {
-                        "force": "boolean - force overwrite existing configurations"
+                        "force": "boolean-force overwrite existing configurations"
                     },
                     "features": [
                         "Smart merge preserving existing configurations",
@@ -404,9 +535,8 @@ def _register_command_help_tool(mcp_app: t.Any) -> None:
 
 
 def _validate_status_components(components: str) -> tuple[set[str], str | None]:
-    """Validate and parse status components."""
     valid_components = {"services", "jobs", "resources", "all"}
-    requested = {c.strip().lower() for c in components.split(",")}
+    requested = {c.strip().lower() for c in components.split(", ")}
 
     invalid = requested - valid_components
     if invalid:
@@ -416,7 +546,6 @@ def _validate_status_components(components: str) -> tuple[set[str], str | None]:
 
 
 def _get_services_status() -> dict:
-    """Get services status information."""
     from crackerjack.services.server_manager import (
         find_mcp_server_processes,
         find_websocket_server_processes,
@@ -438,7 +567,6 @@ def _get_services_status() -> dict:
 
 
 def _get_resources_status(context: t.Any) -> dict:
-    """Get resources status information."""
     temp_files_count = (
         len(list(context.progress_dir.glob("*.json")))
         if context.progress_dir.exists()
@@ -452,7 +580,6 @@ def _get_resources_status(context: t.Any) -> dict:
 
 
 def _build_filtered_status(requested: set[str], context: t.Any) -> dict:
-    """Build filtered status based on requested components."""
     filtered_status = {"timestamp": time.time()}
 
     if "services" in requested:
@@ -470,33 +597,69 @@ def _build_filtered_status(requested: set[str], context: t.Any) -> dict:
 def _register_filtered_status_tool(mcp_app: t.Any) -> None:
     @mcp_app.tool()
     async def get_filtered_status(components: str = "all") -> str:
-        """Get specific status components for better performance.
+        client_id = "mcp_client"
 
-        Args:
-            components: Comma-separated list of components to include:
-                       'services', 'jobs', 'resources', 'all' (default)
-        """
         try:
-            requested, error = _validate_status_components(components)
-            if error:
-                return json.dumps({"error": error, "success": False}, indent=2)
+            # Security validation with component filter data
+            await validate_status_request(
+                client_id, "get_filtered_status", {"components": components}
+            )
 
-            # If 'all' is requested, get everything
-            if "all" in requested:
-                status = await _get_comprehensive_status()
-                return json.dumps(status, indent=2)
+            return await _process_filtered_status_request(client_id, components)
 
-            context = get_context()
-            if not context:
-                return json.dumps(
-                    {"error": "Server context not available", "success": False}
-                )
+        except Exception as e:
+            return _format_status_error(str(e))
 
-            filtered_status = _build_filtered_status(requested, context)
-            return json.dumps(filtered_status, indent=2)
 
-        except Exception as e:
-            return json.dumps(
-                {"error": f"Failed to get filtered status: {e}", "success": False},
-                indent=2,
-            )
+async def _process_filtered_status_request(client_id: str, components: str) -> str:
+    """Process filtered status request with component validation."""
+    requested, error = _validate_status_components(components)
+    if error:
+        return _format_status_error(error)
+
+    # Use secure status operation with timeout
+    async with await secure_status_operation(
+        client_id, "get_filtered_status", timeout=20.0
+    ):
+        return await _collect_status_data(client_id, requested)
+
+
+async def _collect_status_data(client_id: str, requested: set[str]) -> str:
+    """Collect status data based on requested components."""
+    context = get_context()
+
+    if "all" in requested:
+        raw_status = await _get_comprehensive_status_secure(
+            client_id=client_id,
+        )
+    else:
+        if not context:
+            return _format_status_error("Server context not available")
+
+        # Use bounded operation for filtered status
+        raw_status = await execute_bounded_status_operation(
+            "filtered_status",
+            client_id,
+            _build_filtered_status,
+            requested,
+            context,
+        )
+
+    return _apply_secure_formatting(raw_status, context)
+
+
+def _apply_secure_formatting(raw_status: dict, context: t.Any) -> str:
+    """Apply secure formatting to status data."""
+    project_root = context.config.project_path if context else None
+    secure_status = format_secure_status(
+        raw_status,
+        project_root=project_root,
+        user_context="mcp_client",
+    )
+    return json.dumps(secure_status, indent=2)
+
+
+def _format_status_error(error_message: str) -> str:
+    """Format status error response consistently."""
+    formatter = get_secure_status_formatter()
+    return json.dumps(formatter.format_error_response(error_message), indent=2)