The uv installation section mentioned using uvx but didn't show the
actual command, unlike the PIP section which shows both install and run
commands. This adds the missing `uvx mcp-server-time` command.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fixes high-severity qs DoS vulnerability (GHSA-6rw7-vpxm-498p).
Remaining moderate-severity issues are in dev dependencies
(esbuild/vite/vitest) and require a breaking vitest v2->v4 upgrade.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The upstream main added simulate-research-query and async tools that
use server.experimental.tasks.registerToolTask. Update mock servers
to include this API.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Removed ~29 tests that were adding noise rather than coverage:
- Registration boilerplate tests (16): redundant with registrations.test.ts
- Redundant role/type checks (3): consolidated into behavioral tests
- "Should not throw" tests (6): consolidated into single lifecycle test
- Constant identity tests (2): provided no safety net
- expect(true).toBe(true) test (1): replaced with actual assertion
- Weak capability test (1): removed, handler check already exists
Strengthened remaining tests:
- Resource templates test now verifies specific resource names
- File resources test now asserts registerResource was called
Test count: 124 → 95 (29 removed)
Coverage unchanged at ~71%
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The project uses Vitest, not Jest. Replace jest.fn() with vi.fn()
to fix the ReferenceError in the relative path resolution test.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add comprehensive test coverage for the fetch server:
- TestGetRobotsTxtUrl: 6 tests for URL parsing
- TestExtractContentFromHtml: 3 tests for HTML-to-markdown conversion
- TestCheckMayAutonomouslyFetchUrl: 5 tests for robots.txt handling
- TestFetchUrl: 6 tests for URL fetching with various scenarios
Total: 20 tests covering:
- URL parsing and robots.txt URL generation
- HTML content extraction and markdown conversion
- robots.txt permission checking (401, 403, 404, allow/disallow)
- HTTP response handling (success, errors, raw mode)
- Proxy support
Also adds pytest and pytest-asyncio as dev dependencies.
On macOS, /tmp is a symlink to /private/tmp. When users specify /tmp
as an allowed directory, the server was resolving it to /private/tmp
during startup but then rejecting paths like /tmp/file.txt because
they dont start with /private/tmp.
This fix stores BOTH the original normalized path AND the resolved
path in allowedDirectories, so users can access files through either
form. For example, with /tmp as allowed directory, both /tmp/file.txt
and /private/tmp/file.txt will now be accepted.
Fixes#3253
"Everything Server crashes when multiple clients reconnect"
* In index.ts
- added a variable to hold the initialize timeout
- store the timeout in the oninitialized handler
- clear the timeout in the cleanup callback
* In roots.ts
- In the catch block of syncRoots, log the error to the console via .error rather than attempting to send to the client because the most probable case here is that we don't have a connection.
"Everything Server crashes when multiple clients reconnect"
* In index.ts
- added a variable to hold the initialize timeout
- store the timeout in the oninitialized handler
- clear the timeout in the cleanup callback
* In roots.ts
- In the catch block of syncRoots, log the error to the console via .error rather than attempting to send to the client because the most probable case here is that we don't have a connection.
* In simulate-research-query.ts
- remove redundant local variable in getTask
* Everywhere else, prettier.
- Use params.task instead of params._meta.task for task metadata
- Remove pollInterval from task requests (only available on result)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
move_file deletes the source file, which is a destructive operation.
Updated annotations and README documentation to reflect this.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Previously, the server would crash if any configured directory was
unavailable (e.g., unmounted external drive). Now it:
- Filters out inaccessible directories with a warning
- Continues operating with remaining accessible directories
- Only fails if NO directories are accessible
Fixes#2815
Implement graceful degradation for elicitation on HTTP transport:
- STDIO: Full elicitation works via sendRequest
- HTTP: Catches elicitation failure, uses default interpretation
- Task completes successfully on both transports
simulate-research-query now uses try-catch around sendRequest and
includes explanatory message when elicitation is skipped on HTTP.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Update documentation to reflect that simulate-research-query now sends
elicitation requests directly from the background task instead of using
the tasks/result side-channel approach.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Instead of waiting for the client to call tasks/result to trigger
elicitation, the server now sends elicitation/create directly from
the background process using sendRequest. This simplifies the flow:
- Server sends elicitation proactively when clarification is needed
- Client receives and handles it via existing elicitation handler
- Task resumes and completes after receiving the response
- Client's polling sees completed status
This approach avoids requiring the client to detect input_required
status and call tasks/result as a side-channel.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
