Releases: maximizeGPT/netsuite-saved-search-mcp
Release list
netsuite-saved-search-mcp v0.1.3 — audit-driven README follow-up
External audit identified this repo as the weakest portfolio asset and recommended a README rewrite as the single highest-leverage improvement. v0.1.2 landed the community-file + worked-transcript half of that ask. v0.1.3 finishes the rest, narrowly scoped to additions that close credibility gaps without overstating shipped functionality.
What's in this release
- Real-data worked transcript. The "What an auditable agent run looks like" section now reproduces the
claude-eval-harnessanomaly_zero_activity_junecase fromruns/baseline-sonnet-4-6.jsoninstead of an illustrative one. The prior block invented arow_idsfield the tool doesn't return and attributed the Sep 2024 spike to the wrong account; the verified transcript matches the actual response shape and the figures inexamples/walkthrough.md. - Standalone Python usage section. Surfaces that
NetSuiteExportis importable directly without the MCP transport — useful for notebooks, batch scripts, pytest fixtures. Import path verified againstsrc/. - Security boundary section. Documents
NSMCP_ROOTenforcement, the_resolve_under_rootrealpath-comparison symlink-escape check (hyperlinked to the implementation), and the no-writes / no-network / scoped-stderr-logs guarantees. ComplementsSECURITY.md, which remains the vulnerability-reporting channel. - Three new Limitations items, grounded in
src/:detect_anomaliesonly recognises three period-label formats (Jan 2024/January 2024/2024-01).- The parsed-export cache is unbounded — long-running sessions hold every parsed export resident.
- Coverage is tested against three synthesized fixtures, not a sweep of real-world saved-search column layouts.
- Stale
__version__fixed.src/netsuite_saved_search_mcp/__init__.pywas pinned at0.1.0since v0.1.1; now trackspyproject.toml.
What was dropped from the original audit brief
The brief proposed splitting the Tools table into "Implemented" vs "In progress" and adding placeholders like "MCP stdio wrapper lands in v0.2". On inspection that wrapper already ships (FastMCP server in server.py, console script in pyproject.toml, PyPI v0.1.1) and the eval-harness exercises it end-to-end. Shipping the split would have introduced false claims rather than closing a credibility gap, so that edit was dropped.
Validation
117 tests pass. mypy --strict and ruff check both clean. No code changes.
netsuite-saved-search-mcp v0.1.2 — polish pass
Polish pass — community files, badges, worked-example README section, fixtures documentation. No code or tool-behavior changes from v0.1.1.
Added
- README badges row: CI / PyPI / GitHub release / MIT (alongside existing PyPI badge).
- README "What an auditable agent run looks like" — condensed 4-turn worked example under the hero paragraph, showing the agent's tool calls and citable row IDs. The deeper `examples/walkthrough.md` is unchanged.
- `CODE_OF_CONDUCT.md` (Contributor Covenant 2.1).
- `CONTRIBUTING.md` — setup, three-command test loop, useful-bug-report shape (server log + sanitized fixture), code style.
- `SECURITY.md` — supported versions, reporting via rayedwasif@hotmail.com. Path-traversal / NSMCP_ROOT escape / malformed-XML crashes in scope; deps and MCP protocol out of scope.
- `.github/ISSUE_TEMPLATE/{bug_report.md, feature_request.md}` — bug template requires the MCP server log + sanitized fixture (forbids production exports).
- `.github/PULL_REQUEST_TEMPLATE.md` — pytest / ruff / mypy / changelog / tool-table / new-tool-shape checklist.
- `tests/fixtures/README.md` — documents what each of the three sanitized fixtures tests (clean GL / metadata-block / malformed-recovery), including the deterministic `SEED=0xC0FFEE` regeneration command.
The existing CI workflow (ruff + mypy + pytest in one job) was kept — already cleaner than splitting.
See CHANGELOG.md for full notes.
v0.1.1
Changed
get_parse_warningsnow requires afile_pathparameter (breaking change). Previous "most recent parse" semantics were ambiguous in long-running sessions. The tool now parses on demand if the file is not yet cached.
Added
examples/claude_desktop_config.json— minimal working Claude Desktop configexamples/walkthrough.md— end-to-end walkthrough using the sanitized fixturesexamples/README.md— index
v0.1.0
Initial release.
- NetSuiteExport parser for NetSuite XML SpreadsheetML .xls exports
- Seven MCP tools: list_exports, get_headers, query_export, aggregate_export, categorize_by_memo, detect_anomalies, get_parse_warnings
- Pydantic discriminated-union predicate model
- Stdio MCP server entrypoint
- 115 tests, mypy strict, ruff clean