- Remove unused pytest import from test_stdio_config.py
- Strip file extension from base_command for Windows compatibility
(e.g., python.exe -> python) using os.path.splitext
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add an optional allowed_commands parameter to StdioTransport that
validates the command basename against an allowlist before spawning
a subprocess. This provides defense-in-depth against configuration-
driven command injection as MCP server discovery becomes more dynamic.
- DEFAULT_ALLOWED_COMMANDS includes common runtimes: python, python3,
node, npx, uvx, uv, deno, docker
- Validation checks os.path.basename(command) for cross-platform support
- Users can extend the allowlist, pass a custom set, or set
allowed_commands=None to disable the check entirely
- No breaking change: all currently documented MCP server examples use
commands in the default allowlist
- MCPServerStdio config model updated with allowed_commands field
- tool_resolver passes allowed_commands through to StdioTransport
Closes#5080
* fix: allow hyphenated tool names in MCP references like notion#get-page
The _SLUG_RE regex on BaseAgent rejected MCP tool references containing
hyphens (e.g. "notion#get-page") because the fragment pattern only
matched \w (word chars)
* fix: create fresh MCP client per tool invocation to prevent parallel call races
When the LLM dispatches parallel calls to MCP tools on the same server, the executor runs them concurrently via ThreadPoolExecutor. Previously, all tools from a server shared a single MCPClient instance, and even the same tool called twice would reuse one client. Since each thread creates its own asyncio event loop via asyncio.run(), concurrent connect/disconnect calls on the shared client caused anyio cancel-scope errors ("Attempted to exit cancel scope in a different task than it was entered in").
The fix introduces a client_factory pattern: MCPNativeTool now receives a zero-arg callable that produces a fresh MCPClient + transport on every
_run_async() invocation. This eliminates all shared mutable connection state between concurrent calls, whether to the same tool or different tools from the same server.
* test: ensure we can filter hyphenated MCP tool
- Enhanced the MCP tool execution in both synchronous and asynchronous contexts by utilizing for better event loop management.
- Updated error handling to provide clearer messages for connection issues and task cancellations.
- Added tests to validate MCP tool execution in both sync and async scenarios, ensuring robust functionality across different contexts.
* WIP transport support mcp
* refactor: streamline MCP tool loading and error handling
* linted
* Self type from typing with typing_extensions in MCP transport modules
* added tests for mcp setup
* added tests for mcp setup
* docs: enhance MCP overview with detailed integration examples and structured configurations
* feat: implement MCP event handling and logging in event listener and client
- Added MCP event types and handlers for connection and tool execution events.
- Enhanced MCPClient to emit events on connection status and tool execution.
- Updated ConsoleFormatter to handle MCP event logging.
- Introduced new MCP event types for better integration and monitoring.
