PyPI - nocfo-cli - Versions diffs - 1.4.6__tar.gz → 1.4.7__tar.gz - Mend

nocfo-cli 1.4.6tar.gz → 1.4.7tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

{nocfo_cli-1.4.6 → nocfo_cli-1.4.7}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: nocfo-cli
-Version: 1.4.6
+Version: 1.4.7
 Summary: NoCFO CLI, MCP server, and Cursor skill toolkit.
 License: MIT
 License-File: LICENSE

{nocfo_cli-1.4.6 → nocfo_cli-1.4.7}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "poetry.core.masonry.api"
 [tool.poetry]
 name = "nocfo-cli"
-version = "1.4.6"
+version = "1.4.7"
 description = "NoCFO CLI, MCP server, and Cursor skill toolkit."
 authors = ["NoCFO"]
 readme = "README.md"

{nocfo_cli-1.4.6 → nocfo_cli-1.4.7}/src/nocfo_toolkit/mcp/contract_validation.py RENAMED Viewed

@@ -11,6 +11,7 @@ from fastmcp.server.providers.openapi import OpenAPIProvider
 from nocfo_toolkit.mcp.server import (
     MCP_OPENAPI_ROUTE_MAPS,
+    _client_event_hooks,
     apply_mcp_operation_metadata,
     apply_mcp_namespace_names,
     restore_openapi_output_schema,
@@ -160,7 +161,10 @@ def validate_openapi_mcp_contract(
         filtered_spec
     )
-    client = httpx.AsyncClient(base_url=_get_base_url(openapi_spec))
+    client = httpx.AsyncClient(
+        base_url=_get_base_url(openapi_spec),
+        event_hooks=_client_event_hooks(),
+    )
     try:
         provider = OpenAPIProvider(
             openapi_spec=filtered_spec,

{nocfo_cli-1.4.6 → nocfo_cli-1.4.7}/src/nocfo_toolkit/mcp/middleware.py RENAMED Viewed

@@ -83,23 +83,9 @@ class MCPToolErrorMiddleware(Middleware):
                 normalized.get("summary"),
             )
             raise ToolError(json.dumps(normalized, ensure_ascii=True)) from exc
-        except Exception as exc:
+        except Exception:
             logger.exception("MCP tool call crashed tool=%s", tool_name)
-            captured = get_last_http_error()
-            if captured:
-                normalized = normalize_http_error(
-                    tool_name=tool_name,
-                    status_code=captured.get("status_code"),
-                    payload=captured.get("payload"),
-                    fallback_message=f"{type(exc).__name__}: {exc}",
-                )
-            else:
-                normalized = {
-                    "tool": tool_name,
-                    "error_type": "tool_error",
-                    "summary": f"{type(exc).__name__}: {exc}",
-                }
-            raise ToolError(json.dumps(normalized, ensure_ascii=True)) from exc
+            raise
         finally:
             clear_last_http_error()

{nocfo_cli-1.4.6 → nocfo_cli-1.4.7}/src/nocfo_toolkit/mcp/server.py RENAMED Viewed

@@ -3,10 +3,7 @@
 from __future__ import annotations
 import asyncio
-import json
-import logging
 import re
-from uuid import uuid4
 from dataclasses import dataclass
 from typing import TYPE_CHECKING, Any, Literal
@@ -18,7 +15,6 @@ from fastmcp.server.providers.openapi.components import (
 )
 from fastmcp.server.providers.openapi.routing import MCPType, RouteMap
 from fastmcp.tools.tool import Tool
-from mcp import types as mcp_types
 from nocfo_toolkit.config import AUTH_HEADER_SCHEME, ToolkitConfig
 from nocfo_toolkit.mcp.auth import (
@@ -41,8 +37,6 @@ from fastmcp.utilities.openapi import extract_output_schema_from_responses
 if TYPE_CHECKING:
     from fastmcp import FastMCP
-logger = logging.getLogger(__name__)
 # Semantic mapping for MCP-tagged routes (see FastMCP OpenAPI route maps):
 # https://gofastmcp.com/integrations/openapi#custom-route-maps
 MCP_OPENAPI_ROUTE_MAPS: list[RouteMap] = [
@@ -55,8 +49,8 @@ MCP_OPENAPI_ROUTE_MAPS: list[RouteMap] = [
 X_MCP_NAMESPACE = "x-mcp-namespace"
 _X_MCP_PREFIX = "x-mcp-"
 X_NOCFO_MCP_SERVER_INSTRUCTIONS = "x-nocfo-mcp-server-instructions"
-_OUTPUT_VALIDATION_ERROR_PREFIX = "Output validation error:"
-_GENERIC_TOOL_EXECUTION_ERROR = "Error occurred during tool execution"
+MCP_RUNTIME_CONTRACT_HEADER = "X-Nocfo-MCP-Contract"
+MCP_RUNTIME_CONTRACT_VALUE = "1"
 def _normalize_mcp_namespace_token(value: str) -> str:
@@ -133,70 +127,6 @@ def apply_mcp_operation_metadata(route: Any, component: Any) -> None:
     component.meta = meta
-def patch_mcp_runtime_output_validation(server: FastMCP) -> None:
-    """Disable SDK output validation at runtime without changing listed schemas.
-    MCP SDK validates tool outputs against ``outputSchema`` unconditionally in the
-    low-level ``call_tool`` handler. We patch the low-level lookup used only by that
-    validation path to return a cloned tool definition with ``outputSchema=None``.
-    ``tools/list`` responses are unaffected and keep the original schema intact.
-    """
-    lowlevel = getattr(server, "_mcp_server", None)
-    if lowlevel is None:
-        return
-    if getattr(lowlevel, "_nocfo_runtime_output_validation_patched", False):
-        return
-    original_get_cached_tool_definition = lowlevel._get_cached_tool_definition
-    async def _get_cached_tool_definition_without_output_schema(
-        tool_name: str,
-    ) -> mcp_types.Tool | None:
-        tool = await original_get_cached_tool_definition(tool_name)
-        if tool is None or tool.outputSchema is None:
-            return tool
-        return tool.model_copy(update={"outputSchema": None})
-    lowlevel._get_cached_tool_definition = (
-        _get_cached_tool_definition_without_output_schema
-    )
-    lowlevel._nocfo_runtime_output_validation_patched = True
-def patch_mcp_output_error_masking(server: FastMCP) -> None:
-    """Mask verbose output-validation errors and log full details server-side."""
-    lowlevel = getattr(server, "_mcp_server", None)
-    if lowlevel is None:
-        return
-    if getattr(lowlevel, "_nocfo_output_validation_error_mask_patched", False):
-        return
-    original_make_error_result = lowlevel._make_error_result
-    def _make_error_result_with_masking(error_message: str):
-        if isinstance(error_message, str) and error_message.startswith(
-            _OUTPUT_VALIDATION_ERROR_PREFIX
-        ):
-            request_id = f"req_{uuid4().hex[:24]}"
-            logger.error(
-                "MCP output validation failure request_id=%s detail=%s",
-                request_id,
-                error_message,
-            )
-            client_payload = json.dumps(
-                {
-                    "error": _GENERIC_TOOL_EXECUTION_ERROR,
-                    "request_id": request_id,
-                },
-                ensure_ascii=True,
-            )
-            return original_make_error_result(client_payload)
-        return original_make_error_result(error_message)
-    lowlevel._make_error_result = _make_error_result_with_masking
-    lowlevel._nocfo_output_validation_error_mask_patched = True
 def restore_openapi_output_schema(route: Any, component: Any) -> None:
     """Restore the real OpenAPI output schema on tools for agent-facing metadata.
@@ -204,11 +134,7 @@ def restore_openapi_output_schema(route: Any, component: Any) -> None:
     permissive fallback so that runtime responses are never rejected.  This
     function re-derives the accurate schema from the route and writes it back
     onto the tool so that ``tools/list`` still exposes precise type information
-    to the agent.
-    Runtime output validation bypass is handled separately in
-    :func:`patch_mcp_runtime_output_validation`, so the listed schema can remain
-    fully backend-authored (including enums and other constraints).
+    to the agent — without enforcing it at call time.
     """
     if not isinstance(component, Tool):
         return
@@ -233,6 +159,27 @@ def _get_server_instructions(openapi_spec: dict[str, Any]) -> str | None:
     return cleaned or None
+def _request_requires_mcp_runtime_contract_header(request: httpx.Request) -> bool:
+    path = str(request.url.path or "").strip()
+    return path.startswith("/v1/") and not path.startswith("/v1/mcp/")
+async def _inject_mcp_runtime_contract_header(request: httpx.Request) -> None:
+    if not _request_requires_mcp_runtime_contract_header(request):
+        return
+    request.headers.setdefault(
+        MCP_RUNTIME_CONTRACT_HEADER,
+        MCP_RUNTIME_CONTRACT_VALUE,
+    )
+def _client_event_hooks() -> dict[str, list[Any]]:
+    return {
+        "request": [_inject_mcp_runtime_contract_header],
+        "response": [capture_http_error_response],
+    }
 @dataclass(frozen=True)
 class MCPServerOptions:
     """MCP server configuration options."""
@@ -260,7 +207,7 @@ def _create_pat_client(
         base_url=config.base_url,
         headers={"Authorization": f"{AUTH_HEADER_SCHEME} {resolved_token}"},
         timeout=timeout_seconds,
-        event_hooks={"response": [capture_http_error_response]},
+        event_hooks=_client_event_hooks(),
     )
@@ -278,7 +225,7 @@ def _create_oauth_client(
             refresh_skew_seconds=refresh_skew_seconds,
         ),
         timeout=timeout_seconds,
-        event_hooks={"response": [capture_http_error_response]},
+        event_hooks=_client_event_hooks(),
     )
@@ -330,7 +277,7 @@ def create_server(
                 required_scopes=opts.required_scopes,
             )
-    server = FastMCP.from_openapi(
+    return FastMCP.from_openapi(
         openapi_spec=filtered_spec,
         client=client,
         name=opts.name,
@@ -341,9 +288,6 @@ def create_server(
         mcp_component_fn=component_mapper,
         validate_output=False,
     )
-    patch_mcp_runtime_output_validation(server)
-    patch_mcp_output_error_masking(server)
-    return server
 def run_server(