From 4085309a38b992d83802643019eecf0829f645b8 Mon Sep 17 00:00:00 2001 From: Mihai Criveti Date: Sun, 19 Oct 2025 10:56:00 +0100 Subject: [PATCH] Update CHANGELOG and README Signed-off-by: Mihai Criveti --- CHANGELOG.md | 62 ++++++++++++++++++++++++++++++------ charts/mcp-stack/values.yaml | 14 ++++++++ 2 files changed, 67 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f03844530..13d376517 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ --- -## [0.9.0] - 2025-10-18 - REST Passthrough, Multi-Tenancy Fixes & Platform Enhancements +## [0.9.0] - 2025-11-04 [WIP] - REST Passthrough, Multi-Tenancy Fixes & Platform Enhancements ### Overview @@ -76,16 +76,18 @@ This release delivers **REST API Passthrough Capabilities**, **API & UI Paginati - API endpoint: `GET /admin/support-bundle/generate?log_lines=1000` - Admin UI: "Download Support Bundle" button in Diagnostics tab - Automatic sanitization of secrets (passwords, tokens, API keys) -* **LLM Chat Interface** (#1202, #1200) - Built-in MCP client with LLM chat service for virtual servers +* **LLM Chat Interface** (#1202, #1200, #1236) - Built-in MCP client with LLM chat service for virtual servers - Agent-enabled tool orchestration with MCP protocol integration - - Session consistency using Redis for persistent conversations + - **Redis-based session consistency** (#1236) for multi-worker distributed environments + - Concurrent user management with worker coordination and session isolation + - Prevents race conditions via Redis locks and TTLs - Direct testing of virtual servers and tools from the Admin UI * **System Statistics in Metrics** (#1228, #1232) - Comprehensive system monitoring in metrics page - CPU, memory, disk usage, and network statistics - Process information and resource consumption - System health indicators for production monitoring * **Performance Testing Framework** (#1203, #1204, #1226) - Load testing and benchmarking capabilities - - Production-scale load data generator for multi-tenant testing (#1225) + - Production-scale load data generator for multi-tenant testing (#1225, #1226) - Benchmark MCP server for performance analysis (#1219, #1220, #1221) - Fixed TokenUsageLog SQLite bug in load testing framework * **Metrics Export Enhancement** (#1218) - Export all metrics data for external analysis and integration @@ -160,6 +162,19 @@ This release delivers **REST API Passthrough Capabilities**, **API & UI Paginati * **Bandit Security Scan** (#1244) - Fixed all bandit security warnings * **Test Warnings & Mypy Issues** (#1268) - Fixed test warnings and mypy type issues +#### **๐Ÿงช Test Reliability & Quality Improvements** (#1281, #1283, #1284) +* **Gateway Test Stability** (#1281) - Fixed gateway test failures and eliminated warnings + - Integrated pytest-httpx for cleaner HTTP mocking (eliminated manual mock complexity) + - Eliminated RuntimeWarnings from improper async context manager mocking + - Added url-normalize library for consistent URL normalization + - Reduced test file complexity by 388 lines (942 โ†’ 554 lines) + - Consolidated validation tests into parameterized test cases +* **Logger Test Reliability** (#1283, #1284) - Resolved intermittent logger capture failures + - Scoped logger configuration to specific loggers to prevent inter-test conflicts (#1283) + - Fixed email verification logic error in auth.py (email_verified_at vs is_email_verified) (#1283) + - Fixed caplog logger name specification for reliable debug message capture (#1284) + - Added proper type hints and improved type safety across test suite + #### **๐Ÿณ Container & Deployment Fixes** * **Gateway Registration on MacOS** (#625) - Fixed gateway registration and tool invocation on MacOS * **Non-root Container Users** (#1231) - Added non-root user to scratch Go containers @@ -167,7 +182,23 @@ This release delivers **REST API Passthrough Capabilities**, **API & UI Paginati ### Changed -#### **๐Ÿ“Š Database Schema** (#1273) +#### **๐Ÿ—„๏ธ Database Schema & Multi-Tenancy Enhancements** (#1246, #1273) + +**Scoped Uniqueness for Multi-Tenant Resources** (#1246): +* **Enforced team-scoped uniqueness constraints** for improved multi-tenancy isolation + - Prompts: unique within `(team_id, owner_email, name)` - prevents naming conflicts across teams + - Resources: unique within `(team_id, owner_email, uri)` - ensures URI uniqueness per team/owner + - A2A Agents: unique within `(team_id, owner_email, slug)` - team-scoped agent identifiers + - Dropped legacy single-column unique constraints (name, uri) for multi-tenant compatibility +* **ID-Based Resource Endpoints** (#1184) - All prompt and resource endpoints now use unique IDs for lookup + - Prevents naming conflicts across teams and owners + - Enhanced API security and consistency + - Migration compatible with SQLite, MySQL, and PostgreSQL +* **Enhanced Prompt Editing** (#1180) - Prompt edit form now correctly includes team_id in form data +* **Plugin Hook Updates** - PromptPrehookPayload and PromptPosthookPayload now use prompt_id instead of name +* **Resource Content Schema** - ResourceContent now includes id field for unique identification + +**REST Passthrough Configuration** (#1273): * **New Tool Columns** - Added 9 new columns to tools table via Alembic migration `8a2934be50c0`: - `base_url` - Base URL for REST passthrough - `path_template` - Path template for URL construction @@ -189,10 +220,16 @@ This release delivers **REST API Passthrough Capabilities**, **API & UI Paginati * **OAUTH_DEFAULT_TIMEOUT** - New configuration for OAuth provider timeouts * **Environment Variables** - Comprehensive cleanup and documentation updates -#### **๐Ÿงน Code Quality Improvements** (#1233) -* **CONTRIBUTING.md Cleanup** - Simplified contribution guidelines -* **Lint-smart Makefile Fix** - Fixed syntax error in lint-smart target -* **Plugin Linting** - Comprehensive linting across all plugins with automated fixes +#### **๐Ÿงน Code Quality & Developer Experience Improvements** (#1271, #1233) +* **Consolidated Linting Configuration** (#1271) - Single source of truth for all Python linting tools + - Migrated ruff and interrogate configs from separate files into pyproject.toml + - Enhanced ruff with import sorting checks (I) and docstring presence checks (D1) + - Unified pre-commit hooks to match CI/CD pipeline enforcement + - Reduced configuration sprawl: removed `.ruff.toml` and `.interrogaterc` + - Better IDE integration with comprehensive real-time linting +* **CONTRIBUTING.md Cleanup** (#1233) - Simplified contribution guidelines +* **Lint-smart Makefile Fix** (#1233) - Fixed syntax error in lint-smart target +* **Plugin Linting** (#1240) - Comprehensive linting across all plugins with automated fixes * **Deprecation Removal** - Removed all deprecated Pydantic v1 patterns ### Security @@ -228,6 +265,10 @@ This release delivers **REST API Passthrough Capabilities**, **API & UI Paginati - Closes #969 - Backend Multi-Tenancy Issues - Critical bugs and missing features - Closes #959 - Unable to Re-add Team Member Due to Unique Constraint - Closes #958 - Incomplete Visibility Implementation +- Closes #945 - Scoped uniqueness for prompts, resources, and A2A agents +- Closes #1180 - Prompt editing to include team_id in form data +- Closes #1184 - Prompt and resource endpoints to use unique IDs instead of name/URI +- Closes #1222 - Already addressed as part of #945 - Closes #1248 - RBAC Vulnerability: Unauthorized Access to Resource Status Toggling - Closes #1209 - Finalize RBAC/ABAC implementation for Ownership Checks on Public Resources @@ -257,6 +298,9 @@ This release delivers **REST API Passthrough Capabilities**, **API & UI Paginati - Closes #1219 - Benchmark MCP Server for Load Testing and Performance Analysis - Closes #1203 - Performance Testing & Benchmarking Framework +**Code Quality & Developer Experience:** +- Closes #1271 - Consolidated linting configuration in pyproject.toml + **Plugin Framework:** - Closes #1196 - Plugin client server mTLS support - Closes #1137 - Add missing hooks to OPA plugin diff --git a/charts/mcp-stack/values.yaml b/charts/mcp-stack/values.yaml index 2f1adccc0..d5f176a1f 100644 --- a/charts/mcp-stack/values.yaml +++ b/charts/mcp-stack/values.yaml @@ -207,6 +207,7 @@ mcpContextForge: LOG_LEVEL: INFO # DEBUG, INFO, WARNING, ERROR, CRITICAL LOG_FORMAT: json # json or text format LOG_TO_FILE: "false" # enable file logging + LOG_REQUESTS: "false" # enable request payload logging with sensitive data masking LOG_FILEMODE: "a+" # file write mode (append/overwrite) LOG_FILE: "" # log filename when file logging enabled LOG_FOLDER: "" # directory for log files @@ -330,6 +331,19 @@ mcpContextForge: VALIDATION_MAX_METHOD_LENGTH: "128" # maximum method name length VALIDATION_MAX_REQUESTS_PER_MINUTE: "60" # rate limiting: max requests per minute + # โ”€ Pagination Configuration โ”€ + PAGINATION_DEFAULT_PAGE_SIZE: "50" # default number of items per page for paginated endpoints + PAGINATION_MAX_PAGE_SIZE: "500" # maximum allowed items per page (prevents abuse) + PAGINATION_MIN_PAGE_SIZE: "1" # minimum items per page + PAGINATION_CURSOR_THRESHOLD: "10000" # threshold for switching from offset to cursor-based pagination + PAGINATION_CURSOR_ENABLED: "true" # enable cursor-based pagination globally + PAGINATION_DEFAULT_SORT_FIELD: "created_at" # default sort field for paginated queries + PAGINATION_DEFAULT_SORT_ORDER: "desc" # default sort order for paginated queries (asc/desc) + PAGINATION_MAX_OFFSET: "100000" # maximum offset allowed for offset-based pagination + PAGINATION_COUNT_CACHE_TTL: "300" # cache pagination counts for performance (seconds) + PAGINATION_INCLUDE_LINKS: "true" # enable pagination links in API responses + PAGINATION_BASE_URL: "" # base URL for pagination links (defaults to request URL if empty) + #################################################################### # SENSITIVE SETTINGS # Rendered into an Opaque Secret. NO $(VAR) expansion here.