Releases: sdirishguy/mcp_server_project
Releases · sdirishguy/mcp_server_project
v0.1.0 – Refactor: audit API, CI, pre-commit
### Highlights
- New audit logging API (AuditEventType, AuditLogger.log_event)
- Legacy audit API removed; compatibility shims are gone
- CI hardened: least-privilege permissions, concurrency cancelation, pip caching, Python 3.12/3.13 matrix, optional pre-commit on CI
- Pre-commit with Ruff (format + lint)
- Login handler migrated to the new audit API
- Tests: 53 passing, 21 intentionally skipped (follow-up planned)
Breaking Changes
Removed legacy audit API:
- AuditEvent dataclass
- event_action= kwargs
- AuditEventType.AUTHENTICATION / AuditEventType.AUTHORIZATION aliases
Use the new API going forward:
Success example
await audit_logger.log_event(
AuditEventType.LOGIN,
actor=user_id_or_name,
context={"success": True, "ip": request.client.host},
)
Failure example
await audit_logger.log_event(
AuditEventType.LOGIN,
actor=username,
context={"success": False, "reason": "invalid_credentials"},
)
### Migration Guide (from legacy audit calls)
1. Search & remove legacy usage
- AuditEvent( … )
- event_action=...
- AuditEventType.AUTHENTICATION / AuditEventType.AUTHORIZATION
2. Replace with
await audit_logger.log_event(AuditEventType.LOGIN, actor=..., context={...})
…choose the appropriate AuditEventType for your operation (LOGIN, LOGOUT, ADAPTER_CREATE, TOOL_EXECUTE, HTTP_REQUEST, HTTP_RESPONSE, ERROR).
3. No more shims
- All compatibility shims were deleted in this release; legacy construction will raise errors.
CI & Developer Experience
-
GitHub Actions
- Least-privilege permissions: contents: read
- concurrency to cancel in-progress runs on new pushes
- Pip caching with dependency keys
- Matrix: Python 3.12 and 3.13 (fail-fast: false)
- Env defaults:
- ANYIO_BACKEND=asyncio • PYTHONDONTWRITEBYTECODE=1 • PIP_DISABLE_PIP_VERSION_CHECK=1
-
Pre-commit
- .pre-commit-config.yaml with ruff (lint) and ruff-format
- Local setup:
pip install pre-commit
pre-commit install
# optional: run on all files once
pre-commit run --all-files
Test Status
- 53 passing, 21 skipped
- Skipped tests are intentionally deferred (env-dependent or legacy scenarios). A follow-up issue will track un-skipping or documenting them.
Changes (Summary)
Added
- New audit logging API (AuditEventType, AuditLogger.log_event)
- Hardened CI workflow (lint/type-check/tests, caching, concurrency, least-privilege)
Changed
- Login flow migrated to the new audit API
- Pre-commit hooks introduced (ruff + ruff-format)
Removed
- Legacy audit API shims, AuditEvent dataclass, event_action kwargs
- AuditEventType.AUTHENTICATION / AUTHORIZATION enum aliases
Operational Notes
- Ensure JWT_SECRET is non-default in CI/prod.
- Security headers (including HSTS) are sent by the app; use HTTPS in prod.
- Consider protecting main with required checks (Ruff lint/format, Mypy, Pytest).
Next Steps (planned follow-ups)
- RBAC enforcement on all protected routes (403 + audit AUTHZ events)
- Audit coverage across adapters/tools (create/execute with request IDs in context)
- CacheManager integration (L1 GET caching in REST adapter + hit/miss metrics)
- Unskip tests or document remaining skips; make fixtures hermetic where feasible
- Docs refresh (README, env vars, auth, CI badges, ADR for audit/authz)