Add safe-execution wrapper for hosted MCP deployments#91
Merged
Conversation
Adds process_improve.tool_safety with input-size validation, wall-clock timeouts via a ProcessPoolExecutor, per-subprocess memory caps (RLIMIT_AS), and structured error types (ToolInputTooLargeError, ToolTimeoutError, ToolMemoryExceededError). The stdio MCP server keeps the fast in-process path by default; hosted callers can opt in via PROCESS_IMPROVE_MCP_SAFE_MODE=1 or by calling safe_execute_tool_call directly. Prepares the registry to be exposed over an untrusted HTTP transport (e.g. from the agentic-doe backend) without letting a single large fit_pca request OOM the server or block the event loop. Bumps version to 1.4.0 (new feature).
CI on macos-latest/3.13 failed because Apple's Accelerate framework (used by numpy) is not fork-safe, and Python 3.13 emits a DeprecationWarning for fork() in multi-threaded parents. Restrict the fork preference to Linux and fall back to the platform default (spawn) elsewhere. The in-file @tool_spec registrations the subprocess tests rely on only survive fork, so the subprocess test class is skipped on non-Linux. The input-validation tests (which don't touch the pool) still run on every platform.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a safety layer around the tool registry so the MCP server can be exposed over untrusted transports (public HTTP, hosted services like factori.al) without letting a single
fit_pca(n_components=10000)call OOM the server or block the event loop.Companion PR in
kgdunn/agentic-doewires the hosted backend through this safe wrapper.What changed
process_improve/tool_safety.py:validate_input()— rejects oversized arrays (cells, string length, depth) and over-large scalar params (n_components,max_outliers_to_detect,n_iter, ...) before any subprocess work.safe_execute_tool_call()— runs the tool in aProcessPoolExecutorwith:PROCESS_IMPROVE_TOOL_TIMEOUT)RLIMIT_AScap (default 1024 MB, envPROCESS_IMPROVE_MAX_MEMORY_MB) applied after heavy imports so pyDOE3's orthogonal-array tables don't eat the per-call budget.ToolInputInvalidError,ToolInputTooLargeError,ToolTimeoutError,ToolMemoryExceededError— all carry a JSON-serialisable.to_dict().forkmultiprocessing context where available so the worker inherits the parent's tool registry and imported numpy.process_improve/mcp_server.py— opt-in safe mode viaPROCESS_IMPROVE_MCP_SAFE_MODE=1. Local stdio users keep the fast in-process path.process_improve/tool_spec.py— re-exports the safety API for discoverability.1.3.3 → 1.4.0(new feature perCLAUDE.mdversioning rules).Test plan
tests/test_tool_safety.py(14 tests) — validator unit tests + subprocess integration (happy path, timeout, memory cap, unknown tool). All pass.pytest tests/test_tool_spec.py tests/test_tool_safety.py— 66 passed.ruff check .— clean.python -c "from process_improve.mcp_server import _register_all_tools; _register_all_tools()"— 31 tools register.https://claude.ai/code/session_01EokDs8NGnpFhCshdaxEnA2