second-opinion-mcp 0.3.6__tar.gz → 0.3.8__tar.gz

{second_opinion_mcp-0.3.6 → second_opinion_mcp-0.3.8}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: second-opinion-mcp
-Version: 0.3.6
+Version: 0.3.8
 Summary: Multi-model AI analysis for Claude - get second opinions from DeepSeek, Kimi, and OpenRouter
 Project-URL: Homepage, https://github.com/MarvinFS/second-opinion-mcp
 Project-URL: Repository, https://github.com/MarvinFS/second-opinion-mcp
@@ -31,8 +31,10 @@ Requires-Dist: questionary>=2.0.0
 Requires-Dist: tenacity>=8.2.0
 Provides-Extra: dev
 Requires-Dist: build; extra == 'dev'
+Requires-Dist: pre-commit>=3.6.0; extra == 'dev'
 Requires-Dist: pytest-asyncio>=0.23; extra == 'dev'
 Requires-Dist: pytest>=8.0; extra == 'dev'
+Requires-Dist: ruff>=0.3.0; extra == 'dev'
 Requires-Dist: twine; extra == 'dev'
 Description-Content-Type: text/markdown
 

{second_opinion_mcp-0.3.6 → second_opinion_mcp-0.3.8}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "second-opinion-mcp"
-version = "0.3.6"
+version = "0.3.8"
 description = "Multi-model AI analysis for Claude - get second opinions from DeepSeek, Kimi, and OpenRouter"
 requires-python = ">=3.10"
 readme = "README.md"
@@ -36,6 +36,8 @@ dev = [
     "pytest-asyncio>=0.23",
     "build",
     "twine",
+    "pre-commit>=3.6.0",
+    "ruff>=0.3.0",
 ]
 
 [project.urls]

{second_opinion_mcp-0.3.6 → second_opinion_mcp-0.3.8}/src/second_opinion_mcp/__init__.py

@@ -1,6 +1,6 @@
 """Second Opinion MCP Server - Multi-model AI analysis for Claude."""
 
-__version__ = "0.3.6"
+__version__ = "0.3.8"
 __author__ = "MarvinFS"
 
 from second_opinion_mcp.server import mcp, second_opinion, challenge, code_review, consensus, review_synthesis

{second_opinion_mcp-0.3.6 → second_opinion_mcp-0.3.8}/src/second_opinion_mcp/cli.py

@@ -3,6 +3,17 @@
 import sys
 import platform
 import os
+import getpass
+
+# Patch getpass to support KEYRING_CRYPTFILE_PASSWORD env var for non-interactive use.
+_original_getpass = getpass.getpass
+def _patched_getpass(prompt="", stream=None):
+    """Return password from env var if set, otherwise prompt interactively."""
+    pwd = os.environ.get('KEYRING_CRYPTFILE_PASSWORD', '')
+    if pwd:
+        return pwd
+    return _original_getpass(prompt, stream)
+getpass.getpass = _patched_getpass
 
 try:
     import questionary
@@ -11,8 +22,8 @@ except ImportError:
     print("Error: questionary not installed. Run: pip install questionary")
     sys.exit(1)
 
-import keyring
-from keyring.errors import NoKeyringError
+import keyring  # noqa: E402
+from keyring.errors import NoKeyringError  # noqa: E402
 
 # Provider configurations
 PROVIDERS = {
@@ -145,12 +156,12 @@ def print_keyring_setup_instructions():
         if install_method == "pipx":
             print("For Linux (pipx installation detected), run:")
             print()
-            print("  # Install the encrypted file backend into the pipx environment")
-            print("  pipx inject second-opinion-mcp keyrings.alt")
+            print("  # Install encrypted keyring backend with crypto support")
+            print("  pipx inject second-opinion-mcp keyrings.alt pycryptodome")
         else:
             print("For Linux, install the encrypted file backend:")
             print()
-            print("  pip install keyrings.alt")
+            print("  pip install keyrings.alt pycryptodome")
         print()
         print("  # Create the keyring config")
         print("  mkdir -p ~/.local/share/python_keyring")
@@ -159,6 +170,9 @@ def print_keyring_setup_instructions():
         print("  default-keyring=keyrings.alt.file.EncryptedKeyring")
         print("  EOF")
         print()
+        print("  # Set encryption password (add to .bashrc or .profile for persistence)")
+        print("  export KEYRING_CRYPTFILE_PASSWORD='your-secure-password-here'")
+        print()
         print("Alternative for desktop Linux (GNOME/KDE):")
         print("  sudo apt install gnome-keyring  # or kde-wallet")
         if install_method == "pipx":
@@ -206,19 +220,23 @@ def print_manual_setup_instructions(providers: list[str] | None = None, existing
     system = platform.system()
 
     if system == "Linux":
-        print("Step 1: Install keyrings.alt backend (if not done):")
+        print("Step 1: Install encrypted keyring backend (if not done):")
         print()
         if install_method == "pipx":
-            print("  pipx inject second-opinion-mcp keyrings.alt")
+            print("  pipx inject second-opinion-mcp keyrings.alt pycryptodome")
         else:
-            print("  pip install keyrings.alt")
+            print("  pip install keyrings.alt pycryptodome")
         print("  mkdir -p ~/.local/share/python_keyring")
         print("  cat > ~/.local/share/python_keyring/keyringrc.cfg << 'EOF'")
         print("  [backend]")
         print("  default-keyring=keyrings.alt.file.EncryptedKeyring")
         print("  EOF")
         print()
-        print("Step 2: Store API keys (at least 2 required):")
+        print("Step 2: Set encryption password:")
+        print()
+        print("  export KEYRING_CRYPTFILE_PASSWORD='your-secure-password-here'")
+        print()
+        print("Step 3: Store API keys (at least 2 required):")
         print()
     else:
         print("IMPORTANT: You must configure at least 2 providers for the")
@@ -326,22 +344,30 @@ def validate_api_key(provider: str, key: str) -> tuple[bool, str]:
     return True, ""
 
 
-def get_registration_command(selected_providers: list[str]) -> str:
+def get_registration_command(selected_providers: list[str], include_keyring_password: bool = False) -> str:
     """Generate the registration command for Claude Code CLI."""
     providers_env = ",".join(selected_providers)
-    return f'claude mcp add -s user second-opinion -e SECOND_OPINION_PROVIDERS="{providers_env}" -- second-opinion-mcp'
+    cmd = f'claude mcp add -s user second-opinion -e SECOND_OPINION_PROVIDERS="{providers_env}"'
+    if include_keyring_password:
+        cmd += ' -e KEYRING_CRYPTFILE_PASSWORD="your-keyring-password"'
+    cmd += ' -- second-opinion-mcp'
+    return cmd
 
 
-def get_desktop_config(selected_providers: list[str]) -> str:
+def get_desktop_config(selected_providers: list[str], include_keyring_password: bool = False) -> str:
     """Generate Claude Desktop configuration JSON."""
     providers_env = ",".join(selected_providers)
 
+    env_section = f'"SECOND_OPINION_PROVIDERS": "{providers_env}"'
+    if include_keyring_password:
+        env_section += ',\n        "KEYRING_CRYPTFILE_PASSWORD": "your-keyring-password"'
+
     return f'''{{
   "mcpServers": {{
     "second-opinion": {{
       "command": "second-opinion-mcp",
       "env": {{
-        "SECOND_OPINION_PROVIDERS": "{providers_env}"
+        {env_section}
       }}
     }}
   }}
@@ -351,16 +377,22 @@ def get_desktop_config(selected_providers: list[str]) -> str:
 def print_client_instructions(configured_providers: list[str]):
     """Print setup instructions for all supported MCP clients."""
     providers_env = ",".join(configured_providers)
+    is_linux = platform.system() == "Linux"
 
     print()
     print("=" * 60)
     print("  Client Setup Instructions")
     print("=" * 60)
 
+    if is_linux:
+        print()
+        print("NOTE: On Linux, include KEYRING_CRYPTFILE_PASSWORD in environment")
+        print("      to enable encrypted keyring access.")
+
     # Claude Code CLI
     print()
     print("CLAUDE CODE CLI:")
-    print(f"  claude mcp add -s user second-opinion -e SECOND_OPINION_PROVIDERS=\"{providers_env}\" -- second-opinion-mcp")
+    print(f"  {get_registration_command(configured_providers, include_keyring_password=is_linux)}")
 
     # Claude Desktop
     print()
@@ -373,7 +405,7 @@ def print_client_instructions(configured_providers: list[str]):
     else:
         print("  Location: ~/.config/Claude/claude_desktop_config.json")
     print()
-    print(get_desktop_config(configured_providers))
+    print(get_desktop_config(configured_providers, include_keyring_password=is_linux))
 
     # OpenClaw / Other MCP clients
     print()

{second_opinion_mcp-0.3.6 → second_opinion_mcp-0.3.8}/src/second_opinion_mcp/server.py

@@ -6,6 +6,7 @@ Secrets via keyring (no env var exposure).
 """
 import asyncio
 import atexit
+import getpass
 import os
 import re
 import time
@@ -14,12 +15,23 @@ from datetime import datetime
 from pathlib import Path
 from typing import Literal
 
-import httpx
-import keyring
-from openai import AsyncOpenAI, APIError, RateLimitError, APITimeoutError, APIConnectionError
-from mcp.server.fastmcp import FastMCP
-from tenacity import retry, stop_after_attempt, wait_exponential, retry_if_exception_type
-import logging
+# Patch getpass to support KEYRING_CRYPTFILE_PASSWORD env var for non-interactive use.
+# This enables EncryptedKeyring to work in server/headless environments.
+_original_getpass = getpass.getpass
+def _patched_getpass(prompt="", stream=None):
+    """Return password from env var if set, otherwise prompt interactively."""
+    pwd = os.environ.get('KEYRING_CRYPTFILE_PASSWORD', '')
+    if pwd:
+        return pwd
+    return _original_getpass(prompt, stream)
+getpass.getpass = _patched_getpass
+
+import httpx  # noqa: E402
+import keyring  # noqa: E402
+from openai import AsyncOpenAI, APIError, RateLimitError, APITimeoutError, APIConnectionError  # noqa: E402
+from mcp.server.fastmcp import FastMCP  # noqa: E402
+from tenacity import retry, stop_after_attempt, wait_exponential, retry_if_exception_type  # noqa: E402
+import logging  # noqa: E402
 
 # Library logging pattern: NullHandler by default, host app configures
 logger = logging.getLogger("second-opinion")
@@ -37,15 +49,27 @@ def _check_keyring_security() -> None:
 
     Detects PlaintextKeyring and NullKeyring which store credentials insecurely.
     Set SECOND_OPINION_STRICT_KEYRING=1 to fail on insecure backends in production.
+
+    For Linux servers without a desktop keyring, use EncryptedKeyring with
+    KEYRING_CRYPTFILE_PASSWORD environment variable for non-interactive decryption.
     """
     backend_name = str(type(keyring.get_keyring()))
     insecure_backends = ('PlaintextKeyring', 'NullKeyring', 'Null')
+
     if any(name in backend_name for name in insecure_backends):
+        # Check if user can switch to EncryptedKeyring
+        hint = ""
+        if 'PlaintextKeyring' in backend_name:
+            hint = (
+                " Hint: Set KEYRING_CRYPTFILE_PASSWORD env var to enable "
+                "EncryptedKeyring for non-interactive use."
+            )
+
         logger.warning(
             "SECURITY WARNING: Using insecure keyring backend (%s). "
             "API keys may be stored in plaintext. For production, use "
-            "a secure backend or set SECOND_OPINION_STRICT_KEYRING=1 to fail.",
-            backend_name
+            "a secure backend or set SECOND_OPINION_STRICT_KEYRING=1 to fail.%s",
+            backend_name, hint
         )
         if os.environ.get("SECOND_OPINION_STRICT_KEYRING"):
             raise RuntimeError(
@@ -1210,7 +1234,7 @@ async def consensus(
     _, err_a = _validate_provider(provider_a)
     _, err_b = _validate_provider(provider_b)
     if err_a and err_b:
-        return f"Error: No providers available for consensus debate. Enable deepseek or moonshot."
+        return "Error: No providers available for consensus debate. Enable deepseek or moonshot."
 
     output_parts = [f"## Debate: {topic}\n"]
 
@@ -1411,7 +1435,7 @@ async def review_synthesis(
     # Check for critical failures
     errors = [p for p, r in reviews.items() if r.startswith("Error:")]
     if len(errors) == len(providers_used):
-        return f"Error: All code reviews failed.\n\n" + "\n\n".join(
+        return "Error: All code reviews failed.\n\n" + "\n\n".join(
             f"**{p}:** {reviews[p]}" for p in providers_used
         )