Skip to content

fix(mcp-proxy): record pre-approval deny evidence#47

Merged
oleg-bk merged 1 commit into
mainfrom
codex/mcp-proxy-preapproval-deny-evidence
Jun 2, 2026
Merged

fix(mcp-proxy): record pre-approval deny evidence#47
oleg-bk merged 1 commit into
mainfrom
codex/mcp-proxy-preapproval-deny-evidence

Conversation

@oleg-bk
Copy link
Copy Markdown
Contributor

@oleg-bk oleg-bk commented Jun 2, 2026
edited
Loading

Summary

  • persist terminal blocked evidence for unknown-tool denies before approval
  • persist terminal blocked evidence for schema-deny invalid arguments before approval
  • keep JSON-RPC deny responses unchanged while adding evidence records

Scope

  • In scope: MCP Proxy passthrough pre-classification deny evidence and focused passthrough tests.
  • Out of scope: approval retry loop implementation, git/fetch policy, filesystem path rules, TrapDoor expansion, backend/private/control-plane/secrets, release/version bump.
  • Public/private boundary: public SDK MCP Proxy package only; no backend/private logic added.

Product-Path Acceptance

  • Product-path gate: pass
  • Artifact fingerprint: branch codex/mcp-proxy-preapproval-deny-evidence, commit ad1577b, base aabc009
  • Positive path: not applicable; this is deny-evidence behavior.
  • Negative path: unknown tool and schema-invalid calls deny before approval with no approval URL/pending approval.
  • Evidence path: each covered deny writes exactly one terminal blocked evidence record with reason/status/count assertions.
  • Old-state / migration behavior: old evidence DB chain recovery not touched; remains a separate issue.
  • Remaining unverified: live Console retest against combined Dev A + Dev B artifact.

Type-specific gate:

  • Evidence path: record/event status + reason + count + privacy check
  • Hard deny path: blocked -> no approval URL / pending approval -> target not reached

Validation

  • PYTHONPATH=../..:. python3 -m pytest tests/test_mcp_proxy_passthrough.py::test_unknown_tool_hard_deny_writes_terminal_blocked_evidence tests/test_mcp_proxy_passthrough.py::test_schema_deny_writes_terminal_blocked_evidence -q -> 2 passed
  • PYTHONPATH=../..:. python3 -m pytest tests/test_mcp_proxy_passthrough.py tests/test_mcp_proxy_tool_surface.py tests/test_mcp_proxy_evidence.py tests/test_mcp_proxy_passthrough_concurrent.py -q -> 142 passed, 1 skipped
  • After rebase onto aabc009: PYTHONPATH=../..:. python3 -m pytest tests/test_mcp_proxy_passthrough.py::test_unknown_tool_hard_deny_writes_terminal_blocked_evidence tests/test_mcp_proxy_passthrough.py::test_schema_deny_writes_terminal_blocked_evidence -q -> 2 passed
  • CI: initial matrix passed after rerunning one macOS 3.11 flaky concurrency timeout; post-rebase CI pending.
  • git diff --check / git diff --cached --check -> passed

Release / Claim Notes

  • Claims this PR supports: unknown-tool and schema-deny paths now create terminal blocked evidence records on the covered local product path.
  • Claims this PR does not support: old evidence DB chain recovery, release readiness by itself.

Implemented with assistance from Codex.

@oleg-bk
fix(mcp-proxy): record pre-approval deny evidence
ad1577b 
Persist terminal blocked evidence for unknown-tool and schema-deny paths before approval while keeping the deny responses unchanged.

Add product-path regression coverage for evidence count, terminal deny reason, and raw-argument privacy.

Implemented with assistance from Codex.
@oleg-bk oleg-bk force-pushed the codex/mcp-proxy-preapproval-deny-evidence branch from e1547f9 to ad1577b Compare June 2, 2026 11:24
@oleg-bk oleg-bk marked this pull request as ready for review June 2, 2026 11:33
@oleg-bk oleg-bk merged commit 88cddfa into main Jun 2, 2026
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@oleg-bk