PyPI - paraview-mcp-python - Versions diffs - 0.1.0__tar.gz → 0.1.1__tar.gz - Mend

paraview-mcp-python 0.1.0tar.gz → 0.1.1tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

{paraview_mcp_python-0.1.0 → paraview_mcp_python-0.1.1}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: paraview-mcp-python
-Version: 0.1.0
+Version: 0.1.1
 Summary: MCP server for controlling ParaView via AI assistants
 Project-URL: Homepage, https://github.com/djeada/paraview-mcp-server
 Project-URL: Repository, https://github.com/djeada/paraview-mcp-server
@@ -259,10 +259,10 @@ Async jobs run in a separate headless `pvpython` process via `HeadlessPvpythonEx
 ---
-## Safety model
+## Python execution trust model
-- **Blocked modules** — scripts cannot import `subprocess`, `shutil`, `socket`, `ctypes`,
-  `multiprocessing`, `webbrowser`, or several network-facing stdlib modules.
+- **Trusted local execution** — `paraview_python_exec` can run arbitrary Python available to `pvpython`,
+  including imports and full `paraview.simple` workflows.
 - **Output bounding** — stdout/stderr capped at **50 KB**.
 - **Cooperative timeout** — default 30 seconds per script execution.
 - **Script path validation** — optionally restrict execution to approved root directories.
@@ -312,7 +312,7 @@ paraview-mcp-server/
 │   ├── __init__.py
 │   ├── server.py                # TCP socket bridge server
 │   ├── command_handler.py       # Command registry + paraview.simple handlers (27 commands)
-│   └── execution.py             # python.execute helper with safety controls
+│   └── execution.py             # trusted local python.execute helper
 ├── scripts/
 │   ├── start_paraview_bridge.py
 │   ├── paraview_bridge_request.py
@@ -329,7 +329,7 @@ paraview-mcp-server/
 └── tests/
     ├── test_server.py           # 31 tools, connection, headless, async jobs
     ├── test_protocol.py         # Wire encoding, fake bridge integration
-    └── test_command_handler.py  # All 27 handlers + safety controls
+    └── test_command_handler.py  # All 27 handlers + execution controls
 ```
 ---

{paraview_mcp_python-0.1.0 → paraview_mcp_python-0.1.1}/README.md RENAMED Viewed

@@ -226,10 +226,10 @@ Async jobs run in a separate headless `pvpython` process via `HeadlessPvpythonEx
 ---
-## Safety model
+## Python execution trust model
-- **Blocked modules** — scripts cannot import `subprocess`, `shutil`, `socket`, `ctypes`,
-  `multiprocessing`, `webbrowser`, or several network-facing stdlib modules.
+- **Trusted local execution** — `paraview_python_exec` can run arbitrary Python available to `pvpython`,
+  including imports and full `paraview.simple` workflows.
 - **Output bounding** — stdout/stderr capped at **50 KB**.
 - **Cooperative timeout** — default 30 seconds per script execution.
 - **Script path validation** — optionally restrict execution to approved root directories.
@@ -279,7 +279,7 @@ paraview-mcp-server/
 │   ├── __init__.py
 │   ├── server.py                # TCP socket bridge server
 │   ├── command_handler.py       # Command registry + paraview.simple handlers (27 commands)
-│   └── execution.py             # python.execute helper with safety controls
+│   └── execution.py             # trusted local python.execute helper
 ├── scripts/
 │   ├── start_paraview_bridge.py
 │   ├── paraview_bridge_request.py
@@ -296,7 +296,7 @@ paraview-mcp-server/
 └── tests/
     ├── test_server.py           # 31 tools, connection, headless, async jobs
     ├── test_protocol.py         # Wire encoding, fake bridge integration
-    └── test_command_handler.py  # All 27 handlers + safety controls
+    └── test_command_handler.py  # All 27 handlers + execution controls
 ```
 ---

{paraview_mcp_python-0.1.0 → paraview_mcp_python-0.1.1}/bridge/execution.py RENAMED Viewed

@@ -1,9 +1,7 @@
 """Python script execution helper for the ParaView bridge.
-Safety controls
----------------
-- **Blocked-module import hook** prevents scripts from importing dangerous
-  standard-library modules (``subprocess``, ``shutil``, ``socket``, …).
+Execution controls
+------------------
 - **Output bounding** caps stdout/stderr at 50 KB.
 - **Timeout** (cooperative) — the caller can supply ``timeout_seconds``.
 - **Script-path execution** reads the script from disk, validating that it
@@ -12,12 +10,9 @@ Safety controls
 from __future__ import annotations
-import importlib.abc
-import importlib.machinery
 import io
 import json
 import os
-import sys
 import threading
 import time
 import traceback
@@ -27,20 +22,6 @@ from typing import Any
 MAX_OUTPUT_SIZE = 50_000
-BLOCKED_MODULES: set[str] = {
-    "subprocess",
-    "shutil",
-    "socket",
-    "ctypes",
-    "multiprocessing",
-    "webbrowser",
-    "http.server",
-    "xmlrpc.server",
-    "ftplib",
-    "smtplib",
-    "telnetlib",
-}
 # Optionally set via bridge config; empty list → no restriction.
 APPROVED_SCRIPT_ROOTS: list[str] = []
@@ -50,60 +31,6 @@ ALLOW_INLINE_CODE: bool = True
 DEFAULT_TIMEOUT_SECONDS: float = 30.0
-# ---------------------------------------------------------------------------
-# Import hook that blocks dangerous modules during script execution
-# ---------------------------------------------------------------------------
-class _BlockedImportFinder(importlib.abc.MetaPathFinder):
-    """Raises ``ImportError`` for modules in the *blocked* set."""
-    _active = False
-    _blocked: set[str] = set()
-    def find_module(self, fullname: str, path=None):
-        """Return *self* if the module should be blocked, ``None`` otherwise (legacy hook)."""
-        if self._active and fullname in self._blocked:
-            return self
-        return None
-    def find_spec(self, fullname: str, path=None, target=None):
-        """Raise ``ImportError`` for blocked modules (modern import hook)."""
-        if self._active and fullname in self._blocked:
-            raise ImportError(f"Module {fullname!r} is blocked during ParaView MCP script execution")
-        return None
-    def load_module(self, fullname: str):
-        raise ImportError(f"Module {fullname!r} is blocked during ParaView MCP script execution")
-_BLOCKER = _BlockedImportFinder()
-def _install_import_blocker() -> dict[str, Any]:
-    """Activate the blocker and hide already-imported blocked modules.
-    Returns a dict of hidden modules that must be restored later.
-    """
-    _BLOCKER._blocked = BLOCKED_MODULES
-    _BLOCKER._active = True
-    if _BLOCKER not in sys.meta_path:
-        sys.meta_path.insert(0, _BLOCKER)
-    # Temporarily remove blocked modules from sys.modules so `import X`
-    # falls through to the meta-path hooks instead of hitting the cache.
-    hidden: dict[str, Any] = {}
-    for mod_name in BLOCKED_MODULES:
-        if mod_name in sys.modules:
-            hidden[mod_name] = sys.modules.pop(mod_name)
-    return hidden
-def _remove_import_blocker(hidden: dict[str, Any]) -> None:
-    _BLOCKER._active = False
-    # Restore previously-imported modules.
-    sys.modules.update(hidden)
 # ---------------------------------------------------------------------------
 # Helpers
 # ---------------------------------------------------------------------------
@@ -199,14 +126,11 @@ def execute_code(
     assert isinstance(code, str)
     def _run() -> None:
-        hidden = _install_import_blocker()
         try:
             with redirect_stdout(stdout_buf), redirect_stderr(stderr_buf):
                 exec(compile(code, "<paraview-mcp-script>", "exec"), namespace)  # noqa: S102
         except Exception as exc:
             result_holder["error"] = "".join(traceback.format_exception(type(exc), exc, exc.__traceback__))
-        finally:
-            _remove_import_blocker(hidden)
     thread = threading.Thread(target=_run, daemon=True)
     thread.start()

{paraview_mcp_python-0.1.0 → paraview_mcp_python-0.1.1}/docs/architecture.md RENAMED Viewed

@@ -68,7 +68,7 @@ Alternative headless transport (no bridge required):
 |---|---|
 | `server.py` | Threaded TCP socket server, newline-delimited JSON framing |
 | `command_handler.py` | Command registry mapping 27 command names to `paraview.simple` calls |
-| `execution.py` | `execute_code()` — exec-based Python execution with safety controls (blocked modules, timeout, output cap, script path validation) |
+| `execution.py` | `execute_code()` — trusted local Python execution with timeout, output cap, and optional script path validation |
 | `__init__.py` | Package marker |
 ---
@@ -283,7 +283,7 @@ paraview-mcp-server/
 │   ├── __init__.py
 │   ├── server.py                # TCP bridge server
 │   ├── command_handler.py       # 27-command registry
-│   └── execution.py             # python.execute with safety controls
+│   └── execution.py             # trusted local python.execute helper
 ├── scripts/
 │   ├── start_paraview_bridge.py
 │   ├── paraview_bridge_request.py

{paraview_mcp_python-0.1.0 → paraview_mcp_python-0.1.1}/docs/python-execute-design.md RENAMED Viewed

@@ -63,13 +63,13 @@ Headless transport adds:
 ---
-## Safety model
+## Python Execution Trust Model
-### Blocked modules
+### Trusted local execution
-The following modules are blocked during script execution:
-subprocess, shutil, socket, ctypes, multiprocessing, webbrowser,
-http.server, xmlrpc.server, ftplib, smtplib, telnetlib.
+Bridge scripts run inside the local `pvpython` process and may import normal
+Python modules. This is intentional: `paraview_python_exec` is the escape hatch
+for full ParaView automation when the fixed MCP tool set is too small.
 ### Output bounding
@@ -134,5 +134,5 @@ Use paraview_python_exec_async for long-running scripts:
 - Cancellation token (bridge transport) for cooperative cancellation
 - Script library registry for referencing scripts by name
-- Sandboxed execution beyond the blocked-module list
+- Optional sandboxed execution mode for deployments that need stricter isolation
 - Resource limits for memory usage per script

{paraview_mcp_python-0.1.0 → paraview_mcp_python-0.1.1}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 [project]
 name = "paraview-mcp-python"
-version = "0.1.0"
+version = "0.1.1"
 description = "MCP server for controlling ParaView via AI assistants"
 readme = "README.md"
 license = "MIT"

{paraview_mcp_python-0.1.0 → paraview_mcp_python-0.1.1}/tests/test_command_handler.py RENAMED Viewed

@@ -532,15 +532,16 @@ class TestPythonExecuteHandler:
         assert "timeout" in result["error"].lower()
-class TestExecutionSafety:
-    """Test the safety controls in bridge/execution.py."""
+class TestExecutionControls:
+    """Test the execution controls in bridge/execution.py."""
-    def test_blocked_module_import(self):
+    def test_standard_library_imports_are_allowed(self):
         from bridge.execution import execute_code
-        result = execute_code(code="import subprocess")
-        assert result["error"] is not None
-        assert "blocked" in result["error"].lower() or "subprocess" in result["error"]
+        result = execute_code(code="import subprocess\n__result__ = subprocess.__name__")
+        assert result["error"] is None
+        assert result["result"] == "subprocess"
     def test_output_capping(self):
         from bridge.execution import _cap_output