fix(git): add missing argument injection guards
Extends existing startswith("-") input validation to git_show, git_create_branch, git_log, and git_branch, preventing user-supplied values from being interpreted as CLI flags by GitPython's subprocess calls to git.
feat(time): add tool annotations
Adds MCP ToolAnnotations to both time server tools (get_current_time, convert_time). Both are read-only, non-destructive, idempotent, and closed-world.
Fixes#3574
feat(sequential-thinking): add tool annotations
Adds MCP ToolAnnotations (readOnlyHint, destructiveHint, idempotentHint, openWorldHint) to the sequential-thinking tool, bringing it in line with the annotation pattern established by the filesystem server.
Fixes#3403
fix(fetch): handle malformed input without crashing
Changes `raise_exceptions=True` to `raise_exceptions=False` in the fetch server's `Server.run()` call, preventing the server from crashing on malformed JSON-RPC input. This aligns with the SDK's intended default behavior and is consistent with other reference servers.
Fixes#3359
The uv installation section mentioned using uvx but didn't show the
actual command, unlike the PIP section which shows both install and run
commands. This adds the missing `uvx mcp-server-time` command.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fixes high-severity qs DoS vulnerability (GHSA-6rw7-vpxm-498p).
Remaining moderate-severity issues are in dev dependencies
(esbuild/vite/vitest) and require a breaking vitest v2->v4 upgrade.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Previously, `openNodes` and `searchNodes` only returned relations where
BOTH endpoints were in the result set (using `&&`). This silently
dropped all relations to/from nodes outside the set — making it
impossible to discover a node's connections without calling `read_graph`
and filtering the entire dataset client-side.
Changed the filter from `&&` to `||` so that any relation with at least
one endpoint in the result set is included. This matches the expected
graph-query semantics: when you open a node, you should see all its
edges, not just edges to other opened nodes.
Fixes#3137
Tests updated and new cases added covering:
- Outgoing relations to nodes not in the open set
- Incoming relations from nodes not in the open set
- Relations connected to a single opened node
- searchNodes returning outgoing relations to unmatched entities
Co-authored-by: Cursor <cursoragent@cursor.com>
The upstream main added simulate-research-query and async tools that
use server.experimental.tasks.registerToolTask. Update mock servers
to include this API.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Removed ~29 tests that were adding noise rather than coverage:
- Registration boilerplate tests (16): redundant with registrations.test.ts
- Redundant role/type checks (3): consolidated into behavioral tests
- "Should not throw" tests (6): consolidated into single lifecycle test
- Constant identity tests (2): provided no safety net
- expect(true).toBe(true) test (1): replaced with actual assertion
- Weak capability test (1): removed, handler check already exists
Strengthened remaining tests:
- Resource templates test now verifies specific resource names
- File resources test now asserts registerResource was called
Test count: 124 → 95 (29 removed)
Coverage unchanged at ~71%
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The httpx library renamed 'proxies' to 'proxy' in version 0.28.0.
This updates the fetch server to use the new parameter name and
removes the version cap on httpx.
Fixes#3287
The project uses Vitest, not Jest. Replace jest.fn() with vi.fn()
to fix the ReferenceError in the relative path resolution test.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add comprehensive test coverage for the fetch server:
- TestGetRobotsTxtUrl: 6 tests for URL parsing
- TestExtractContentFromHtml: 3 tests for HTML-to-markdown conversion
- TestCheckMayAutonomouslyFetchUrl: 5 tests for robots.txt handling
- TestFetchUrl: 6 tests for URL fetching with various scenarios
Total: 20 tests covering:
- URL parsing and robots.txt URL generation
- HTML content extraction and markdown conversion
- robots.txt permission checking (401, 403, 404, allow/disallow)
- HTTP response handling (success, errors, raw mode)
- Proxy support
Also adds pytest and pytest-asyncio as dev dependencies.
On macOS, /tmp is a symlink to /private/tmp. When users specify /tmp
as an allowed directory, the server was resolving it to /private/tmp
during startup but then rejecting paths like /tmp/file.txt because
they dont start with /private/tmp.
This fix stores BOTH the original normalized path AND the resolved
path in allowedDirectories, so users can access files through either
form. For example, with /tmp as allowed directory, both /tmp/file.txt
and /private/tmp/file.txt will now be accepted.
Fixes#3253
When a tool like `gzip-file-as-resource` is called multiple times with the
same output name (especially the default `README.md.gz`), the server would
throw "Resource already registered" because the SDK doesn't allow
registering duplicate URIs.
This fix:
- Tracks registered resources by URI in a module-level Map
- Before registering a new resource, checks if the URI already exists
- If it does, removes the old resource using the SDK's `remove()` method
- Then registers the new resource with fresh content
This allows tools to be called repeatedly with the same parameters without
errors, which is important for LLM agents that may retry tool calls.
Found using Bellwether (https://bellwether.sh), an MCP server validation tool.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
"Everything Server crashes when multiple clients reconnect"
* In index.ts
- added a variable to hold the initialize timeout
- store the timeout in the oninitialized handler
- clear the timeout in the cleanup callback
* In roots.ts
- In the catch block of syncRoots, log the error to the console via .error rather than attempting to send to the client because the most probable case here is that we don't have a connection.
"Everything Server crashes when multiple clients reconnect"
* In index.ts
- added a variable to hold the initialize timeout
- store the timeout in the oninitialized handler
- clear the timeout in the cleanup callback
* In roots.ts
- In the catch block of syncRoots, log the error to the console via .error rather than attempting to send to the client because the most probable case here is that we don't have a connection.
* In simulate-research-query.ts
- remove redundant local variable in getTask
* Everywhere else, prettier.
- Use params.task instead of params._meta.task for task metadata
- Remove pollInterval from task requests (only available on result)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
