feat(api): auto-populate REST tool schemas from OpenAPI specs#3054
Closed
feat(api): auto-populate REST tool schemas from OpenAPI specs#3054
Conversation
) * feat(infra): add zero-config TLS for nginx via Docker Compose profile Add a new `--profile tls` Docker Compose profile that enables HTTPS with zero configuration. Certificates are auto-generated on first run or users can provide their own CA-signed certificates. Features: - One command TLS: `make compose-tls` starts with HTTPS on port 8443 - Auto-generates self-signed certs if ./certs/ is empty - Custom certs: place cert.pem/key.pem in ./certs/ before starting - Optional HTTP->HTTPS redirect via `make compose-tls-https` - Environment variable NGINX_FORCE_HTTPS=true for redirect mode - Works alongside other profiles (monitoring, benchmark) New files: - infra/nginx/nginx-tls.conf: TLS-enabled nginx configuration - infra/nginx/docker-entrypoint.sh: Handles NGINX_FORCE_HTTPS env var New Makefile targets: - compose-tls: Start with HTTP:8080 + HTTPS:8443 - compose-tls-https: Force HTTPS redirect (HTTP->HTTPS) - compose-tls-down: Stop TLS stack - compose-tls-logs: Tail TLS service logs - compose-tls-ps: Show TLS stack status Docker Compose additions: - cert_init service: Auto-generates certs using alpine/openssl - nginx_tls service: TLS-enabled nginx reverse proxy Documentation: - Updated tls-configuration.md with Quick Start section - Updated compose.md with TLS section - Added to deployment navigation - Updated README.md quick start Closes #2571 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix(nginx): use smart port detection for HTTPS redirect Fix hard-coded :8443 port in HTTPS redirect that broke internal container-to-container calls. Problem: - External access via port 8080 correctly redirected to :8443 - Internal container calls (no port) also redirected to :8443 - But nginx_tls only listens on 443 internally, so internal redirects failed Solution: Add a map directive that detects request origin based on Host header: - Requests with :8080 in Host → redirect to :8443 (external) - Requests without port → redirect without port, defaults to 443 (internal) Tested: - External: curl http://localhost:8080/health → https://localhost:8443/health ✓ - Internal: curl http://nginx_tls/health → https://nginx_tls/health (443) ✓ Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
) * fix: resolve LLM admin router db session and add favicon redirect - Fix LLM admin router endpoints that failed with 500 errors due to db session being None from RBAC middleware (intentionally closed to prevent idle-in-transaction). Added explicit db: Session = Depends(get_db) to all 11 affected endpoints. - Add /favicon.ico redirect to /static/favicon.ico for browser compatibility (browsers request favicon at root path). - Update README.md Running section with clear table documenting the three running modes (make dev, make serve, docker-compose) with their respective ports, servers, and databases. Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix(llm-admin): pass kwargs to fetch_provider_models for permission check The require_permission decorator only searches kwargs for user context. sync_provider_models was calling fetch_provider_models with positional args, causing the decorator to raise 401 Unauthorized. Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* feat(testing): add JMeter performance testing baseline Add comprehensive JMeter test plans for industry-standard performance baseline measurements and CI/CD integration. Test Plans (10 .jmx files): - rest_api_baseline: REST API endpoints (1,000 RPS, 10min) - mcp_jsonrpc_baseline: MCP JSON-RPC protocol (1,000 RPS, 15min) - mcp_test_servers_baseline: Direct MCP server testing (2,000 RPS) - load_test: Production load simulation (4,000 RPS, 30min) - stress_test: Progressive stress to breaking point (10,000 RPS) - spike_test: Traffic spike recovery (1K→10K→1K) - soak_test: 24-hour memory leak detection (2,000 RPS) - sse_streaming_baseline: SSE connection stability (1,000 conn) - websocket_baseline: WebSocket performance (500 conn) - admin_ui_baseline: Admin UI user simulation (50 users) Infrastructure: - 12 Makefile targets for running tests and generating reports - Properties files for production and CI environments - CSV test data for parameterized testing - Performance SLAs documentation (P50/P95/P99 latencies) Closes #2541 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix(testing): improve JMeter testing setup and fix test issues - Add jmeter-install target to download JMeter 5.6.3 locally - Add jmeter-ui target to launch JMeter GUI - Add jmeter-check to verify JMeter 5.x+ (required for -e -o flags) - Add jmeter-clean target to clean results directory - Fix jmeter-report to handle empty results gracefully - Fix load_test.jmx JEXL3 thread count expressions - Fix admin_ui_baseline.jmx HTMX endpoint paths - Add HTTPS/TLS testing documentation and configuration - Add .jmeter/ to .gitignore for local installation Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix(testing): fix JMeter JWT auth and add linter fixes - Fix JMETER_TOKEN generation: use python3 instead of python - Add JMETER_JWT_SECRET with default value (my-test-key) - Add encoding headers and fix import formatting from linter Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * feat(testing): add jmeter-quick target for fast test verification Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
- Add .envrc for direnv support - Remove 14+ duplicate/redundant patterns - Reorganize with clear section comments - Add missing patterns (.ica.env, pip-log.txt, pip-delete-this-directory.txt) Signed-off-by: Adnan Vahora <adnanvahora114@gmail.com>
* feat(plugins): add TOON encoder plugin for token-efficient responses Add a tool_post_invoke plugin that converts JSON tool results to TOON (Token-Oriented Object Notation) format, achieving 30-70% token reduction. Features: - Pure Python TOON encoder/decoder per spec v3.0 - Configurable size thresholds and tool filtering - Format markers for downstream parsing - Graceful error handling with skip_on_error fallback - Columnar format for homogeneous object arrays Closes #2574 Signed-off-by: Joe Stein <joe.stein@sscinc.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * lint Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * docs(toon): document alternative delimiter limitation Add documentation about tab/pipe delimiter limitation in columnar array headers. The TOON spec v3.0 allows alternative delimiters, which our regex matches but decoder doesn't parse correctly (always splits on commas). Document this as a known decoder limitation. Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * feat(toon): support tab/pipe delimiters in columnar arrays Add support for alternative delimiters (tab, pipe) in columnar array headers per TOON spec v3.0. The decoder now detects the delimiter from the header and uses it consistently for parsing row values. - Add _detect_delimiter() function to identify delimiter from header - Update _decode_columnar_array() to accept and use delimiter parameter - Update _split_row_values() to split on configurable delimiter - Add tests for pipe and tab delimiter decoding - Remove limitation from README (now fully supported) Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix(toon): remove unused import and variable - Remove unused Union import (F401) - Remove unused ind variable in _encode_array (F841) Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix(toon): prefix unused parameters with underscore Silence vulture warnings by prefixing intentionally unused parameters: - _as_root in _encode_array and _encode_object (for API consistency) - _expected_count in _split_row_values (for potential validation) - _context in tool_post_invoke (required by plugin interface) Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix(admin): return disabled plugin details in View Details get_plugin_by_name() only checked the registry for enabled plugins, causing "Not Found" errors when clicking View Details on disabled plugins. Now falls back to checking config.plugins for disabled plugins, matching the behavior of get_all_plugins(). Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Joe Stein <joe.stein@sscinc.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
- allow overriding the python runtime for external plugins - reset plugin registry before re-init to avoid stale entries - normalize resource/service tag lists to strings Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
…2605) Add 409 to allowed response codes for state change endpoints in the Locust load test. Under high concurrency, 409 Conflict is expected behavior due to optimistic locking when multiple users try to toggle the same entity's state simultaneously. Updated endpoints: - set_server_state() - /servers/[id]/state - set_tool_state() - /tools/[id]/state - set_resource_state() - /resources/[id]/state - set_prompt_state() - /prompts/[id]/state - set_gateway_state() - /gateways/[id]/state Closes #2566 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* test: expand coverage unit tests and plan Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * chore: remove local test plan from repo Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* docs: rationalize README and move detailed content to docs - Reduce README from 2,502 to 960 lines (-62%) - Add Quick Links section linking to pinned issues (#2502, #2503, #2504) - Move environment variables to docs/docs/manage/configuration.md - Create docs/docs/manage/troubleshooting.md with detailed guides - Add VS Code Dev Container section to developer-onboarding.md - Use <details> collapsibles for advanced Docker/Podman/PostgreSQL content - Streamline Configuration section to essential variables only - Update version reference from v0.9.0 to 1.0.0-BETA-2 - Verify all 15 ToC anchors and 17 external doc links Closes #2365 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * chore(docs): bump documentation dependency versions - mkdocs-git-revision-date-localized-plugin: 1.5.0 → 1.5.1 - mkdocs-include-markdown-plugin: 7.2.0 → 7.2.1 - pathspec: 1.0.3 → 1.0.4 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix(docs): add missing blank lines before tables in index.md MkDocs requires blank lines between bold headers and tables for proper rendering. Fixed SSO configuration sections. Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * docs: streamline docs landing page and fix broken links - Replace verbose docs/docs/index.md with streamlined content matching README - Convert GitHub-flavored <details> to MkDocs ??? admonitions - Use relative links for internal navigation - Fix broken #configuration-env-or-env-vars anchors in: - docs/docs/development/index.md - docs/docs/manage/securing.md - Reduce docs landing page from 2,603 to 678 lines (-74%) Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Add is_active field support through the complete request pipeline: - Schemas: Added is_active to TokenCreateRequest (bool, default=True) and TokenUpdateRequest (Optional[bool], default=None) - Service: Modified create_token() and update_token() methods to accept and use is_active parameter instead of hardcoding - Router: Updated all 3 token endpoints (create, update, create_team) to pass is_active=request.is_active - Tests: Added explicit coverage for is_active=False on create and update, including toggle and reactivation scenarios Backward compatible: default values maintain existing behavior for clients not sending the field. Closes #2573 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* feat(testing): add Batch 1 & 2 load test user classes for extended API coverage Add new Locust user classes to improve API endpoint coverage: Batch 1 - High Priority: - VersionMetaUser: /version, /health/security - ExportImportUser: /export, /import/status, /import/cleanup - A2AFullCRUDUser: A2A agent CRUD operations Batch 2 - Extended APIs: - ResourcesExtendedUser: /resources/templates/list, /resources/[id]/info - ServerExtendedUser: /servers/[id]/prompts Removed (caused instability): - GatewayFullCRUDUser: Gateway CRUD triggers slow MCP network calls - TagsExtendedUser: App bug with json_extract on PostgreSQL (#2607) - AdvancedProtocolUser: Complex payload validation issues Disabled (app bug): - /export/selective: Server object missing is_active attribute (#2606) Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * feat(testing): add Batch 3 load test user classes (TokensUser, RBACUser) Add TokensUser and RBACUser classes for improved API coverage: - TokensUser: GET /tokens endpoint for token listing - RBACUser: GET /rbac/roles, /rbac/my/roles, /rbac/my/permissions, /rbac/permissions/available endpoints TeamsUser was removed due to app bug #2608 (current_user_ctx["db"] returns None causing 500 errors on /teams endpoint). Closes #2608 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * feat(testing): add Batch 4 load test user classes (AuthUser, OAuthUser) Add authentication and OAuth user classes for improved API coverage: - AuthUser: GET /auth/email/events, /auth/email/admin/events, /auth/email/admin/users endpoints - OAuthUser: GET /oauth/registered-clients endpoint SSO endpoints were not added as they return 404 (not available). Write operations (login, register) were skipped intentionally. Total unique endpoints now tested: 99 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * feat(testing): add Batch 5 load test user classes (LogSearchUser, MetricsUser, ObservabilityUser) Add logging, metrics, and observability user classes for improved API coverage: - LogSearchUser: GET /api/logs/security-events, /api/logs/audit-trails, /api/logs/performance-metrics endpoints - MetricsUser: GET /metrics, /api/metrics/stats, /api/metrics/config, /metrics/prometheus endpoints - ObservabilityUser: GET /admin/observability/tools/usage, /admin/observability/tools/performance, /admin/observability/metrics/top-volume endpoints Total unique endpoints now tested: 108 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * feat(testing): add Batch 6 load test user classes (LLMUser, ReverseProxyUser) Add LLM and reverse proxy user classes for final API coverage: - LLMUser: GET /llm/gateway/models, /llmchat/gateway/models, /admin/llm/provider-configs, /admin/llm/provider-defaults endpoints - ReverseProxyUser: GET /reverse-proxy/sessions endpoint Toolops and well-known endpoints were not added (404 - not available). Cancellation endpoints skipped (require valid request IDs). Total unique endpoints now tested: 113 All 6 batches complete. Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
…in (#2587) - New main entry point: scripts/contextforge-setup.sh - Modular library structure: scripts/lib/common.sh, debian.sh, rhel.sh - Removes old scripts/rocky-contextforge-setup-script.sh - Renames scripts/ubuntu-contextforge-setup-script.sh to lib/common.sh - Adds --skip-docker-login flag and DOCKER_* env var support - Adds Docker Compose deployment documentation Signed-off-by: Jonathan Springer <jps@s390x.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* test: expand rpc and admin coverage Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * chore: drop ignored todo from repo Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Add onkeydown handlers to HTML elements (div and span) that have onclick handlers to support keyboard users. This enables Tab navigation to interactive elements on Overview, MCP Registry and Plugins pages. The implementation: - Adds a handleKeydown() utility function in admin.js that triggers callbacks on Enter or Space key presses - Adds role="button", tabindex="0", and onkeydown attributes to interactive elements - Includes event.preventDefault() to stop default browser behavior Closes #2167 Signed-off-by: Marek Dano <mk.dano@gmail.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Fixes #2329 Updates tag filtering in TagService.get_entities_by_tag() to use the cross-database compatible json_contains_tag_expr helper instead of the raw json_extract LIKE query that only worked with string arrays. Changes: - Replace func.json_extract(tags, "$").LIKE query with json_contains_tag_expr which supports both legacy string tags and new dict-format tags - Update PostgreSQL implementation to use table_valued() pattern for idiomatic SQLAlchemy handling of jsonb_array_elements (elem.c.value) - Update unit tests to mock database dialect for json_contains_tag_expr - Improve test mocking to use patch.object context manager - Fix docstring to reflect new implementation (was "JSON LIKE queries") - Add comprehensive tests for dict-format tags [{id, label}] - Add rigorous PostgreSQL SQL compilation tests with regex validation - Document design decision: DB filters by 'id' only (TagValidator ensures id is always present; label is for display only) The json_contains_tag_expr helper handles both formats: - Legacy: ["tag1", "tag2"] - Dict format: [{"id": "tag1", "label": "Tag 1"}, ...] PostgreSQL implementation uses table_valued() for explicit column reference: - func.jsonb_array_elements(...).table_valued("value").alias("elem") - elem.c.value.op("->>")("id") for proper column access Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
#2620) - Add tests for RegistryCache (cache entry expiry, stats, invalidation) - Add tests for SecurityHeadersMiddleware (HSTS, CORS, CSP, X-Frame-Options) - Add tests for ValidationMiddleware (path traversal, parameter validation) - Add tests for auth router (login, get_db, LoginRequest model) - Expand metrics_maintenance router tests (cleanup, rollup, stats endpoints) - Add tests for admin error handlers (server add/edit error paths) - Add tests for main.py gateway error handlers (connection, conflict, validation) Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
…rvices (#2585) * namespace prompt names and resource URIs by gateway ID, ensuring uniqueness Signed-off-by: Keval Mahajan mahajankeval23@gmail.com * linting Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Keval Mahajan mahajankeval23@gmail.com Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Remove unused import of PromptNotFoundError from test_authorization_access.py. The import was flagged by ruff linter (F401) as it was never used in the file. Fixes #2382 Signed-off-by: Jonathan Fulton <jonathan@jonathanfulton.com>
) Backticks are commonly used in tool descriptions for: - Inline code examples: `{app="foo"}` - JSON examples: `{"streams": 5}` - Parameter references: `labelName` This is standard Markdown/documentation formatting and poses no security risk. The remaining forbidden patterns still protect against command injection. Fixes #2576 Signed-off-by: Jonathan Fulton <jonathan@jonathanfulton.com>
The default asyncio subprocess buffer limit (64KB) is too small for tools that return large responses (e.g., GitHub PR search results). This causes LimitOverrunError when the response exceeds the buffer size. Increase the buffer limit to 16MB to handle large tool responses reliably. Fixes #2591 Signed-off-by: Jonathan Fulton <jonathan@jonathanfulton.com>
Previously, exceptions in tool invocation were caught and an empty list was returned, hiding error details from clients. Now errors are re-raised to let the MCP SDK properly convert them to JSON-RPC error responses. This ensures clients see actual error messages (e.g., '401 Unauthorized') instead of empty responses. Fixes #2570 Signed-off-by: Jonathan Fulton <jonathan@jonathanfulton.com>
The json_default function was defined but never called in the code. It only appeared in docstring examples but was never used. Removing dead code to reduce maintenance burden. Fixes #2372 Signed-off-by: Jonathan Fulton <jonathan@jonathanfulton.com>
Fix ADR numbering to use next available number (038) instead of conflicting 029. Update format to match existing ADR conventions with proper metadata fields (Date, Deciders, Status). Added to ADR index. Signed-off-by: MRSKYWAY <sujyot.kamble1114@gmail.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Fixes: #1938 This commit addresses an issue where admin metrics were empty during benchmark tests shorter than one hour because they relied on hourly rollup jobs. The metrics query service is updated to use a three-source aggregation: 1. Historical rollups (for data older than the retention period) 2. Raw metrics for completed hours within the retention period 3. Raw metrics from the current, incomplete hour This ensures that metrics are always up-to-date, even before the hourly rollup job runs, providing immediate visibility and preventing expensive raw table scans during short-lived tests. Test improvements: - Fix flaky test at hour boundary (race condition) - Remove unused patch import - Add tests for three-source merge behavior Signed-off-by: Gabriel Costa <gabrielcg@proton.me>
* fix: prevent ReDoS in SSTI validation patterns
Replace regex-based SSTI detection with a linear-time manual parser
to eliminate ReDoS vulnerability while improving bypass resistance.
Changes:
- Add _iter_template_expressions() parser that correctly handles:
- Quoted strings (single and double quotes)
- Escaped characters within strings
- Nested delimiters inside quotes (e.g., "}}" in strings)
- Continues scanning after unterminated expressions (fail-closed)
- Replace _SSTI_PATTERNS regex list with:
- _SSTI_DANGEROUS_SUBSTRINGS tuple for keyword detection
- _SSTI_DANGEROUS_OPERATORS tuple for arithmetic in {{ }} and {% %}
- _SSTI_SIMPLE_TEMPLATE_PREFIXES for ${, #{, %{ expressions
- Add _has_simple_template_expression() with O(n) linear scan using rfind
- Fix type annotation for validate_parameter_length()
- Block dynamic attribute access bypasses:
- |attr filter for dynamic attribute access (with whitespace normalization)
- |selectattr, |sort, |map filters (can take attribute names)
- getattr function
- ~ operator for string concatenation (dunder name construction)
- [ bracket notation for dynamic access
- % operator for string formatting (e.g., '%c' % 95)
- attribute= parameter (blocks map/selectattr/sort attribute access)
- All escape sequences: \x, \u, \N{, \0-\7 (octal)
- Apply operator checks to both {{ }} and {% %} blocks
- Normalize whitespace around | and = before checking
Performance:
- O(n) linear scanning eliminates catastrophic backtracking
- _has_simple_template_expression uses rfind for O(n) instead of O(n²)
Security:
- Proper quote handling blocks bypasses like {{ "}}" ~ self.__class__ }}
- Escaped quote handling blocks {{ "a\"}}b" ~ self }} bypasses
- Blocks dynamic construction bypasses via string concatenation
- Blocks all escape sequence bypasses (hex, unicode, octal)
- Blocks whitespace-based bypasses around | and =
- Blocks % formatting bypasses (e.g., '%c%c' % (95,95))
- Fail-closed: continues scanning after unterminated expressions
Tests:
- Add comprehensive SSTI bypass test cases
- Add pytest.mark.timeout(30) for deterministic ReDoS detection
- Add pathological input tests for ReDoS prevention verification
Closes #2366
Co-authored-by: Shoumi <shoumimukherjee@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* lint
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* fix: enforce true fail-closed on unterminated template expressions
- Raise ValueError immediately on unterminated {{ or {% expressions
- Eliminates O(n²) rescan path, restoring O(n) worst-case performance
- Use consistent error message with other validation failures
- Add regression test for unterminated expression rejection
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* fix: add proper Raises section to docstring for darglint
Move ValueError documentation to proper Raises: section format.
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
---------
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
…#2569) Implement strict per-tool timeout enforcement for all transports (REST, SSE, StreamableHTTP, A2A) and enhance the CircuitBreakerPlugin with half-open states, retry headers, and granular configuration. Changes: - Wrap all tool invocations in asyncio.wait_for with effective_timeout - Add per-tool timeout_ms support (ms to seconds conversion) - Add half-open state for circuit breaker recovery testing - Add half_open_in_flight flag to prevent concurrent probe requests - Add retry_after_seconds in violation response for rate limiting - Add tool_timeout_total and circuit_breaker_open_total Prometheus metrics - Add cb_timeout_failure context flag for timeout detection in plugins - Add tool_overrides for per-tool circuit breaker configuration - Handle both asyncio.TimeoutError and httpx.TimeoutException - Log actual elapsed time instead of configured timeout Fixes applied during review: - Fix _is_error() to detect camelCase isError from model_dump(by_alias=True) - Fix half-open probe guard: only check when st.half_open is True - Add stale-probe timeout to prevent permanent wedge if plugin blocks - Add timeout enforcement to A2A tool invocations - Call tool_post_invoke on exceptions so circuit breaker tracks failures - Add ToolTimeoutError subclass to distinguish timeouts from other errors - Only skip post_invoke for ToolTimeoutError (not all ToolInvocationError) - Set error_message and span attributes for ToolTimeoutError observability - Update README to document isError camelCase support Timeout precedence: 1. Per-tool timeout_ms (if set and non-zero) 2. Global TOOL_TIMEOUT setting (default: 60s) Closes #2078 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
…ervers (#2629) * chore(mcp-servers): update dependencies across Python, Go, and Rust servers Update all MCP server dependencies to their latest versions: Python servers (20 servers): - numpy: 2.4.1 → 2.4.2 - orjson: 3.11.5 → 3.11.6 - openai: 2.15.0 → 2.16.0 - mcp: 1.25.0 → 1.26.0 - sentence-transformers: 5.2.0 → 5.2.2 - anthropic: 0.76.0 → 0.77.0 - boto3/botocore: 1.42.34 → 1.42.39 - And various other minor updates Go servers (5 servers): - mcp-go: 0.32.0 → 0.43.2 - spf13/cast: 1.7.1 → 1.10.0 - gopsutil/v3: 3.23.12 → 3.24.5 - golang.org/x/sys: 0.15.0 → 0.40.0 Rust servers (2 servers): - Updated Cargo.lock with latest compatible versions Bug fixes: - mcp_eval_server: Add missing core dependencies (aiohttp, jinja2, psutil) that were incorrectly placed in optional dependency groups - url_to_markdown_server: Fix broken entry point that referenced non-existent server.py module Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * chore(mcp-servers): add missing .gitignore files for Go servers Add .gitignore files for benchmark-server and pandoc-server to ignore compiled binaries and common build artifacts. Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* test: expand jmeter coverage and silence prefs warning Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Improve jmeter testing Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * refactor: centralize jmeter rest and mcp mixes --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Rakhi Dutta <rakhibiswas@yahoo.com>
Signed-off-by: Rakhi Dutta <rakhibiswas@yahoo.com>
Signed-off-by: Rakhi Dutta <rakhibiswas@yahoo.com>
Signed-off-by: Rakhi Dutta <rakhibiswas@yahoo.com>
Signed-off-by: Rakhi Dutta <rakhibiswas@yahoo.com>
Signed-off-by: Rakhi Dutta <rakhibiswas@yahoo.com>
Signed-off-by: Rakhi Dutta <rakhibiswas@yahoo.com>
Signed-off-by: Rakhi Dutta <rakhibiswas@yahoo.com>
rakdutta
force-pushed
the
issue_2784_REST_TOOL_INPUT_SCHEMA
branch
from
53b8683 to
57b4652
Compare
Signed-off-by: Rakhi Dutta <rakhibiswas@yahoo.com>
Member
|
Reopened as #3167. CI/CD will re-run on the new PR. You are still credited as the author. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
closes #2784
Summary
Implements automatic
input_schemaandoutput_schemapopulation for REST tools by fetching and parsing OpenAPI specifications, eliminating manual schema definition and ensuring API contract consistency.Changes
mcpgateway/services/openapi_service.py): Core logic for fetching OpenAPI specs and extracting schemas with SSRF protectionmcpgateway/admin.py): Single endpointPOST /admin/tools/generate-schemas-from-openapifor schema generationmcpgateway/static/admin.js,mcpgateway/templates/admin.html): Interactive schema population with "Fetch Schemas from OpenAPI Spec" button in both Create and Edit tool formsmcpgateway/schemas.py): EnhancedToolCreateandToolUpdatevalidators to extract base_url/path_template from URL and set default empty input_schema for REST toolsKey Features
httpx.AsyncClientTechnical Details
POST /admin/tools/generate-schemas-from-openapiHow to Test Frontend Integration
make devhttp://localhost:8000/adminhttp://localhost:8100/calculate)Testing
All tests passing with comprehensive coverage of: