From 7818c982caecb4a89cb7760e888956ddca655552 Mon Sep 17 00:00:00 2001 From: Hillary Sanders Date: Sun, 18 May 2025 23:14:16 -0400 Subject: [PATCH 1/6] Removes the use_temp_dir arg, turns into a USE_TEMP_DIR arg (default False for STDIO) - also improves example in the example sse client --- app.json | 4 ++++ example_clients/test_sse.py | 10 ++++++++-- src/code_execution.py | 14 ++++---------- src/config.py | 1 + 4 files changed, 17 insertions(+), 12 deletions(-) diff --git a/app.json b/app.json index 8e567fd..f07e071 100644 --- a/app.json +++ b/app.json @@ -15,6 +15,10 @@ "STDIO_MODE_ONLY": { "description": "Only allow tool requests via STDIO mode?", "value": "false" + }, + "USE_TEMP_DIR": { + "description": "If True, gems are installed in an isolated temporary directory and will not affect or reuse the user's ~/.gem folder. Not a secure sandbox.", + "value": "false" } }, "formation": [ diff --git a/example_clients/test_sse.py b/example_clients/test_sse.py index 0b531d8..6149707 100644 --- a/example_clients/test_sse.py +++ b/example_clients/test_sse.py @@ -32,8 +32,14 @@ def mcp(method_name, args=None): Examples: python example_clients/test_sse.py mcp list_tools - python example_clients/test_sse.py mcp call_tool --args '{"name": "fetch_webpage_and_markdownify", "arguments": {"url": "https://example.com"}}' - """ + + python example_clients/test_sse.py mcp call_tool --args '{ + "name": "code_exec_ruby", + "arguments": { + "code": "puts Array.new(100) { rand(1..100) }.join(\", \")", + "packages": [""] + } + }' | jq """ result = asyncio.run(run(method_name, args)) print(json.dumps(result.model_dump(), indent=2)) diff --git a/src/code_execution.py b/src/code_execution.py index 2d0a75b..1bb59b0 100644 --- a/src/code_execution.py +++ b/src/code_execution.py @@ -4,6 +4,8 @@ import tempfile from typing import Annotated, Optional, List, Dict, Any from pydantic import Field +# local: +from src import config def run_command(cmd: List[str], env: Optional[Dict[str, str]] = None) -> Dict[str, Any]: """Executes a command using subprocess and returns output and errors.""" @@ -108,15 +110,7 @@ def code_exec_ruby( packages: Annotated[ Optional[List[str]], Field(description="Optional list of gem names to install before execution.") - ] = None, - use_temp_dir: Annotated[ - bool, - Field(description=( - "If True, code and dependencies are run in a temporary working directory. " - "Gems are installed in an isolated directory and will not affect or reuse the user's ~/.gem folder. " - "Not a secure sandbox." - )) - ] = False + ] = None ) -> Dict[str, Any]: """Executes a Ruby code snippet with optional gem dependencies. @@ -132,7 +126,7 @@ def code_exec_ruby( - 'stdout': Captured standard output. - 'stderr': Captured standard error or install failure messages. """ - if use_temp_dir: + if config.USE_TEMP_DIR: return run_in_tempdir(code, packages) # Otherwise, you can rely on pre-installed shared packages, if they exist: diff --git a/src/config.py b/src/config.py index 01b1341..31cbcec 100644 --- a/src/config.py +++ b/src/config.py @@ -17,6 +17,7 @@ def get_env_variable(var_name, required=True): PORT = int(os.environ.get('PORT', 8000)) WEB_CONCURRENCY = int(os.environ.get('WEB_CONCURRENCY', 1)) STDIO_MODE_ONLY = os.getenv("STDIO_MODE_ONLY", "false").lower() == "true" +USE_TEMP_DIR = os.getenv("USE_TEMP_DIR", "false").lower() == "true" # Local or Not: is_one_off_dyno = os.getenv("DYNO") is not None From c54851e066e8b0c789a752a91bd31f3a547aac4c Mon Sep 17 00:00:00 2001 From: Joanne Yeung Date: Wed, 21 May 2025 10:48:44 -0600 Subject: [PATCH 2/6] Add dependabot --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..6a7695c --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" From 8a0e8fdc22a4765ba3004c53514124b82ad32199 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 May 2025 20:01:27 +0000 Subject: [PATCH 3/6] Bump uvicorn from 0.34.0 to 0.34.2 Bumps [uvicorn](https://github.com/encode/uvicorn) from 0.34.0 to 0.34.2. - [Release notes](https://github.com/encode/uvicorn/releases) - [Changelog](https://github.com/encode/uvicorn/blob/master/docs/release-notes.md) - [Commits](https://github.com/encode/uvicorn/compare/0.34.0...0.34.2) --- updated-dependencies: - dependency-name: uvicorn dependency-version: 0.34.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index e25f121..10c1fde 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ mcp==1.7.1 fastapi==0.115.12 -uvicorn==0.34.0 +uvicorn==0.34.2 python-dotenv==1.1.0 mando==0.8.2 From c5c02870db4b1963b512009f5c348824c45f1648 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Jun 2025 08:22:47 +0000 Subject: [PATCH 4/6] Bump uvicorn from 0.34.2 to 0.34.3 Bumps [uvicorn](https://github.com/encode/uvicorn) from 0.34.2 to 0.34.3. - [Release notes](https://github.com/encode/uvicorn/releases) - [Changelog](https://github.com/encode/uvicorn/blob/master/docs/release-notes.md) - [Commits](https://github.com/encode/uvicorn/compare/0.34.2...0.34.3) --- updated-dependencies: - dependency-name: uvicorn dependency-version: 0.34.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 10c1fde..1f20def 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ mcp==1.7.1 fastapi==0.115.12 -uvicorn==0.34.2 +uvicorn==0.34.3 python-dotenv==1.1.0 mando==0.8.2 From 13a2707ad4b9f03dc0f9b408be09defab6cedba9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Jun 2025 20:13:22 +0000 Subject: [PATCH 5/6] Bump mcp from 1.7.1 to 1.9.2 Bumps [mcp](https://github.com/modelcontextprotocol/python-sdk) from 1.7.1 to 1.9.2. - [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases) - [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md) - [Commits](https://github.com/modelcontextprotocol/python-sdk/compare/v1.7.1...v1.9.2) --- updated-dependencies: - dependency-name: mcp dependency-version: 1.9.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 1f20def..dd4a33b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -mcp==1.7.1 +mcp==1.9.2 fastapi==0.115.12 uvicorn==0.34.3 python-dotenv==1.1.0 From 4332d2c24aac75ddfbd987a73edf590444a7d48e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Jun 2025 08:33:06 +0000 Subject: [PATCH 6/6] Bump mcp from 1.9.2 to 1.9.3 Bumps [mcp](https://github.com/modelcontextprotocol/python-sdk) from 1.9.2 to 1.9.3. - [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases) - [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md) - [Commits](https://github.com/modelcontextprotocol/python-sdk/compare/v1.9.2...v1.9.3) --- updated-dependencies: - dependency-name: mcp dependency-version: 1.9.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index dd4a33b..8d0cd93 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -mcp==1.9.2 +mcp==1.9.3 fastapi==0.115.12 uvicorn==0.34.3 python-dotenv==1.1.0