PyPI - nocfo-cli - Versions diffs - 1.4.4__tar.gz → 1.4.6__tar.gz - Mend

nocfo-cli 1.4.4tar.gz → 1.4.6tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

{nocfo_cli-1.4.4 → nocfo_cli-1.4.6}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: nocfo-cli
-Version: 1.4.4
+Version: 1.4.6
 Summary: NoCFO CLI, MCP server, and Cursor skill toolkit.
 License: MIT
 License-File: LICENSE

{nocfo_cli-1.4.4 → nocfo_cli-1.4.6}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "poetry.core.masonry.api"
 [tool.poetry]
 name = "nocfo-cli"
-version = "1.4.4"
+version = "1.4.6"
 description = "NoCFO CLI, MCP server, and Cursor skill toolkit."
 authors = ["NoCFO"]
 readme = "README.md"

{nocfo_cli-1.4.4 → nocfo_cli-1.4.6}/src/nocfo_toolkit/mcp/middleware.py RENAMED Viewed

@@ -83,9 +83,23 @@ class MCPToolErrorMiddleware(Middleware):
                 normalized.get("summary"),
             )
             raise ToolError(json.dumps(normalized, ensure_ascii=True)) from exc
-        except Exception:
+        except Exception as exc:
             logger.exception("MCP tool call crashed tool=%s", tool_name)
-            raise
+            captured = get_last_http_error()
+            if captured:
+                normalized = normalize_http_error(
+                    tool_name=tool_name,
+                    status_code=captured.get("status_code"),
+                    payload=captured.get("payload"),
+                    fallback_message=f"{type(exc).__name__}: {exc}",
+                )
+            else:
+                normalized = {
+                    "tool": tool_name,
+                    "error_type": "tool_error",
+                    "summary": f"{type(exc).__name__}: {exc}",
+                }
+            raise ToolError(json.dumps(normalized, ensure_ascii=True)) from exc
         finally:
             clear_last_http_error()

{nocfo_cli-1.4.4 → nocfo_cli-1.4.6}/src/nocfo_toolkit/mcp/server.py RENAMED Viewed

@@ -3,7 +3,10 @@
 from __future__ import annotations
 import asyncio
+import json
+import logging
 import re
+from uuid import uuid4
 from dataclasses import dataclass
 from typing import TYPE_CHECKING, Any, Literal
@@ -15,6 +18,7 @@ from fastmcp.server.providers.openapi.components import (
 )
 from fastmcp.server.providers.openapi.routing import MCPType, RouteMap
 from fastmcp.tools.tool import Tool
+from mcp import types as mcp_types
 from nocfo_toolkit.config import AUTH_HEADER_SCHEME, ToolkitConfig
 from nocfo_toolkit.mcp.auth import (
@@ -37,6 +41,8 @@ from fastmcp.utilities.openapi import extract_output_schema_from_responses
 if TYPE_CHECKING:
     from fastmcp import FastMCP
+logger = logging.getLogger(__name__)
 # Semantic mapping for MCP-tagged routes (see FastMCP OpenAPI route maps):
 # https://gofastmcp.com/integrations/openapi#custom-route-maps
 MCP_OPENAPI_ROUTE_MAPS: list[RouteMap] = [
@@ -49,6 +55,8 @@ MCP_OPENAPI_ROUTE_MAPS: list[RouteMap] = [
 X_MCP_NAMESPACE = "x-mcp-namespace"
 _X_MCP_PREFIX = "x-mcp-"
 X_NOCFO_MCP_SERVER_INSTRUCTIONS = "x-nocfo-mcp-server-instructions"
+_OUTPUT_VALIDATION_ERROR_PREFIX = "Output validation error:"
+_GENERIC_TOOL_EXECUTION_ERROR = "Error occurred during tool execution"
 def _normalize_mcp_namespace_token(value: str) -> str:
@@ -125,26 +133,68 @@ def apply_mcp_operation_metadata(route: Any, component: Any) -> None:
     component.meta = meta
-_VALIDATION_ONLY_KEYS = frozenset({"enum", "const"})
+def patch_mcp_runtime_output_validation(server: FastMCP) -> None:
+    """Disable SDK output validation at runtime without changing listed schemas.
+    MCP SDK validates tool outputs against ``outputSchema`` unconditionally in the
+    low-level ``call_tool`` handler. We patch the low-level lookup used only by that
+    validation path to return a cloned tool definition with ``outputSchema=None``.
+    ``tools/list`` responses are unaffected and keep the original schema intact.
+    """
+    lowlevel = getattr(server, "_mcp_server", None)
+    if lowlevel is None:
+        return
+    if getattr(lowlevel, "_nocfo_runtime_output_validation_patched", False):
+        return
-def _strip_validation_constraints(schema: Any) -> Any:
-    """Recursively strip strict validation constraints from a JSON schema.
+    original_get_cached_tool_definition = lowlevel._get_cached_tool_definition
-    Removes ``enum`` and ``const`` so that the MCP SDK's unconditional
-    ``jsonschema.validate()`` on ``outputSchema`` never rejects responses
-    containing values absent from the declared set (e.g. legacy DB values).
-    Structural information (types, properties, descriptions) is preserved.
-    """
-    if isinstance(schema, dict):
-        return {
-            key: _strip_validation_constraints(value)
-            for key, value in schema.items()
-            if key not in _VALIDATION_ONLY_KEYS
-        }
-    if isinstance(schema, list):
-        return [_strip_validation_constraints(item) for item in schema]
-    return schema
+    async def _get_cached_tool_definition_without_output_schema(
+        tool_name: str,
+    ) -> mcp_types.Tool | None:
+        tool = await original_get_cached_tool_definition(tool_name)
+        if tool is None or tool.outputSchema is None:
+            return tool
+        return tool.model_copy(update={"outputSchema": None})
+    lowlevel._get_cached_tool_definition = (
+        _get_cached_tool_definition_without_output_schema
+    )
+    lowlevel._nocfo_runtime_output_validation_patched = True
+def patch_mcp_output_error_masking(server: FastMCP) -> None:
+    """Mask verbose output-validation errors and log full details server-side."""
+    lowlevel = getattr(server, "_mcp_server", None)
+    if lowlevel is None:
+        return
+    if getattr(lowlevel, "_nocfo_output_validation_error_mask_patched", False):
+        return
+    original_make_error_result = lowlevel._make_error_result
+    def _make_error_result_with_masking(error_message: str):
+        if isinstance(error_message, str) and error_message.startswith(
+            _OUTPUT_VALIDATION_ERROR_PREFIX
+        ):
+            request_id = f"req_{uuid4().hex[:24]}"
+            logger.error(
+                "MCP output validation failure request_id=%s detail=%s",
+                request_id,
+                error_message,
+            )
+            client_payload = json.dumps(
+                {
+                    "error": _GENERIC_TOOL_EXECUTION_ERROR,
+                    "request_id": request_id,
+                },
+                ensure_ascii=True,
+            )
+            return original_make_error_result(client_payload)
+        return original_make_error_result(error_message)
+    lowlevel._make_error_result = _make_error_result_with_masking
+    lowlevel._nocfo_output_validation_error_mask_patched = True
 def restore_openapi_output_schema(route: Any, component: Any) -> None:
@@ -156,11 +206,9 @@ def restore_openapi_output_schema(route: Any, component: Any) -> None:
     onto the tool so that ``tools/list`` still exposes precise type information
     to the agent.
-    The MCP SDK (``mcp.server.lowlevel``) unconditionally validates
-    ``structured_content`` against ``outputSchema`` via ``jsonschema``.
-    To prevent validation failures on legacy or unexpected values the
-    restored schema has strict value constraints (``enum``, ``const``)
-    stripped while keeping full structural and type information.
+    Runtime output validation bypass is handled separately in
+    :func:`patch_mcp_runtime_output_validation`, so the listed schema can remain
+    fully backend-authored (including enums and other constraints).
     """
     if not isinstance(component, Tool):
         return
@@ -173,7 +221,7 @@ def restore_openapi_output_schema(route: Any, component: Any) -> None:
         getattr(route, "openapi_version", None),
     )
     if real_schema is not None:
-        component.output_schema = _strip_validation_constraints(real_schema)
+        component.output_schema = real_schema
 def _get_server_instructions(openapi_spec: dict[str, Any]) -> str | None:
@@ -282,7 +330,7 @@ def create_server(
                 required_scopes=opts.required_scopes,
             )
-    return FastMCP.from_openapi(
+    server = FastMCP.from_openapi(
         openapi_spec=filtered_spec,
         client=client,
         name=opts.name,
@@ -293,6 +341,9 @@ def create_server(
         mcp_component_fn=component_mapper,
         validate_output=False,
     )
+    patch_mcp_runtime_output_validation(server)
+    patch_mcp_output_error_masking(server)
+    return server
 def run_server(