Skip to content

Releases: maximizeGPT/netsuite-saved-search-mcp

netsuite-saved-search-mcp v0.1.3 — audit-driven README follow-up

Choose a tag to compare

@mohltbot mohltbot released this 23 May 18:12

External audit identified this repo as the weakest portfolio asset and recommended a README rewrite as the single highest-leverage improvement. v0.1.2 landed the community-file + worked-transcript half of that ask. v0.1.3 finishes the rest, narrowly scoped to additions that close credibility gaps without overstating shipped functionality.

What's in this release

  • Real-data worked transcript. The "What an auditable agent run looks like" section now reproduces the claude-eval-harness anomaly_zero_activity_june case from runs/baseline-sonnet-4-6.json instead of an illustrative one. The prior block invented a row_ids field the tool doesn't return and attributed the Sep 2024 spike to the wrong account; the verified transcript matches the actual response shape and the figures in examples/walkthrough.md.
  • Standalone Python usage section. Surfaces that NetSuiteExport is importable directly without the MCP transport — useful for notebooks, batch scripts, pytest fixtures. Import path verified against src/.
  • Security boundary section. Documents NSMCP_ROOT enforcement, the _resolve_under_root realpath-comparison symlink-escape check (hyperlinked to the implementation), and the no-writes / no-network / scoped-stderr-logs guarantees. Complements SECURITY.md, which remains the vulnerability-reporting channel.
  • Three new Limitations items, grounded in src/:
    • detect_anomalies only recognises three period-label formats (Jan 2024 / January 2024 / 2024-01).
    • The parsed-export cache is unbounded — long-running sessions hold every parsed export resident.
    • Coverage is tested against three synthesized fixtures, not a sweep of real-world saved-search column layouts.
  • Stale __version__ fixed. src/netsuite_saved_search_mcp/__init__.py was pinned at 0.1.0 since v0.1.1; now tracks pyproject.toml.

What was dropped from the original audit brief

The brief proposed splitting the Tools table into "Implemented" vs "In progress" and adding placeholders like "MCP stdio wrapper lands in v0.2". On inspection that wrapper already ships (FastMCP server in server.py, console script in pyproject.toml, PyPI v0.1.1) and the eval-harness exercises it end-to-end. Shipping the split would have introduced false claims rather than closing a credibility gap, so that edit was dropped.

Validation

117 tests pass. mypy --strict and ruff check both clean. No code changes.

netsuite-saved-search-mcp v0.1.2 — polish pass

Choose a tag to compare

@mohltbot mohltbot released this 23 May 17:39

Polish pass — community files, badges, worked-example README section, fixtures documentation. No code or tool-behavior changes from v0.1.1.

Added

  • README badges row: CI / PyPI / GitHub release / MIT (alongside existing PyPI badge).
  • README "What an auditable agent run looks like" — condensed 4-turn worked example under the hero paragraph, showing the agent's tool calls and citable row IDs. The deeper `examples/walkthrough.md` is unchanged.
  • `CODE_OF_CONDUCT.md` (Contributor Covenant 2.1).
  • `CONTRIBUTING.md` — setup, three-command test loop, useful-bug-report shape (server log + sanitized fixture), code style.
  • `SECURITY.md` — supported versions, reporting via rayedwasif@hotmail.com. Path-traversal / NSMCP_ROOT escape / malformed-XML crashes in scope; deps and MCP protocol out of scope.
  • `.github/ISSUE_TEMPLATE/{bug_report.md, feature_request.md}` — bug template requires the MCP server log + sanitized fixture (forbids production exports).
  • `.github/PULL_REQUEST_TEMPLATE.md` — pytest / ruff / mypy / changelog / tool-table / new-tool-shape checklist.
  • `tests/fixtures/README.md` — documents what each of the three sanitized fixtures tests (clean GL / metadata-block / malformed-recovery), including the deterministic `SEED=0xC0FFEE` regeneration command.

The existing CI workflow (ruff + mypy + pytest in one job) was kept — already cleaner than splitting.

See CHANGELOG.md for full notes.

v0.1.1

Choose a tag to compare

@mohltbot mohltbot released this 19 May 23:18

Changed

  • get_parse_warnings now requires a file_path parameter (breaking change). Previous "most recent parse" semantics were ambiguous in long-running sessions. The tool now parses on demand if the file is not yet cached.

Added

  • examples/claude_desktop_config.json — minimal working Claude Desktop config
  • examples/walkthrough.md — end-to-end walkthrough using the sanitized fixtures
  • examples/README.md — index

v0.1.0

Choose a tag to compare

@mohltbot mohltbot released this 19 May 23:17

Initial release.

  • NetSuiteExport parser for NetSuite XML SpreadsheetML .xls exports
  • Seven MCP tools: list_exports, get_headers, query_export, aggregate_export, categorize_by_memo, detect_anomalies, get_parse_warnings
  • Pydantic discriminated-union predicate model
  • Stdio MCP server entrypoint
  • 115 tests, mypy strict, ruff clean