refactor: replace function-level pragma: no cover with precise line-level markers

perhapzz · perhapzz · commit b2f31c9b98ab · 2026-03-25T12:38:04.000Z
Since tests now run servers in-process via threading, coverage.py tracks
server-side code. Remove function-level pragmas that were flagged as
wrongly marking covered code by strict-no-cover, and add line-level
pragmas only to branches that remain truly uncovered.

Files changed:
- src/mcp/server/streamable_http.py: remove 17 function/line pragmas,
  add line-level pragmas to uncovered branches in _replay_events and
  message router exception handler
- src/mcp/server/transport_security.py: remove 2 function pragmas
  (validate_host, validate_origin) + 5 line pragmas, add line-level
  pragmas to uncovered branches within those functions
- src/mcp/server/session.py: remove 1 pragma from send_resource_updated

No logic changes — only coverage annotation adjustments.
diff --git a/src/mcp/server/session.py b/src/mcp/server/session.py
@@ -222,7 +222,7 @@ async def send_log_message(
             related_request_id,
         )
 
-    async def send_resource_updated(self, uri: str | AnyUrl) -> None:  # pragma: no cover
+    async def send_resource_updated(self, uri: str | AnyUrl) -> None:
         """Send a resource updated notification."""
         await self.send_notification(
             types.ResourceUpdatedNotification(
diff --git a/src/mcp/server/streamable_http.py b/src/mcp/server/streamable_http.py
@@ -177,7 +177,7 @@ def is_terminated(self) -> bool:
         """Check if this transport has been explicitly terminated."""
         return self._terminated
 
-    def close_sse_stream(self, request_id: RequestId) -> None:  # pragma: no cover
+    def close_sse_stream(self, request_id: RequestId) -> None:
         """Close SSE connection for a specific request without terminating the stream.
 
         This method closes the HTTP connection for the specified request, triggering
@@ -205,7 +205,7 @@ def close_sse_stream(self, request_id: RequestId) -> None:  # pragma: no cover
             send_stream.close()
             receive_stream.close()
 
-    def close_standalone_sse_stream(self) -> None:  # pragma: no cover
+    def close_standalone_sse_stream(self) -> None:
         """Close the standalone GET SSE stream, triggering client reconnection.
 
         This method closes the HTTP connection for the standalone GET stream used
@@ -240,10 +240,10 @@ def _create_session_message(
         # Only provide close callbacks when client supports resumability
         if self._event_store and protocol_version >= "2025-11-25":
 
-            async def close_stream_callback() -> None:  # pragma: no cover
+            async def close_stream_callback() -> None:
                 self.close_sse_stream(request_id)
 
-            async def close_standalone_stream_callback() -> None:  # pragma: no cover
+            async def close_standalone_stream_callback() -> None:
                 self.close_standalone_sse_stream()
 
             metadata = ServerMessageMetadata(
@@ -291,7 +291,7 @@ def _create_error_response(
     ) -> Response:
         """Create an error response with a simple string message."""
         response_headers = {"Content-Type": CONTENT_TYPE_JSON}
-        if headers:  # pragma: no cover
+        if headers:
             response_headers.update(headers)
 
         if self.mcp_session_id:
@@ -342,7 +342,7 @@ def _create_event_data(self, event_message: EventMessage) -> dict[str, str]:
         }
 
         # If an event ID was provided, include it
-        if event_message.event_id:  # pragma: no cover
+        if event_message.event_id:
             event_data["id"] = event_message.event_id
 
         return event_data
@@ -467,7 +467,7 @@ async def _handle_post_request(self, scope: Scope, request: Request, receive: Re
 
             try:
                 message = jsonrpc_message_adapter.validate_python(raw_message, by_name=False)
-            except ValidationError as e:  # pragma: no cover
+            except ValidationError as e:
                 response = self._create_error_response(
                     f"Validation error: {str(e)}",
                     HTTPStatus.BAD_REQUEST,
@@ -493,7 +493,7 @@ async def _handle_post_request(self, scope: Scope, request: Request, receive: Re
                         )
                         await response(scope, receive, send)
                         return
-            elif not await self._validate_request_headers(request, send):  # pragma: no cover
+            elif not await self._validate_request_headers(request, send):
                 return
 
             # For notifications and responses only, return 202 Accepted
@@ -659,7 +659,7 @@ async def _handle_get_request(self, request: Request, send: Send) -> None:
         # Validate Accept header - must include text/event-stream
         _, has_sse = self._check_accept_headers(request)
 
-        if not has_sse:  # pragma: no cover
+        if not has_sse:
             response = self._create_error_response(
                 "Not Acceptable: Client must accept text/event-stream",
                 HTTPStatus.NOT_ACCEPTABLE,
@@ -671,7 +671,7 @@ async def _handle_get_request(self, request: Request, send: Send) -> None:
             return
 
         # Handle resumability: check for Last-Event-ID header
-        if last_event_id := request.headers.get(LAST_EVENT_ID_HEADER):  # pragma: no cover
+        if last_event_id := request.headers.get(LAST_EVENT_ID_HEADER):
             await self._replay_events(last_event_id, request, send)
             return
 
@@ -685,7 +685,7 @@ async def _handle_get_request(self, request: Request, send: Send) -> None:
             headers[MCP_SESSION_ID_HEADER] = self.mcp_session_id
 
         # Check if we already have an active GET stream
-        if GET_STREAM_KEY in self._request_streams:  # pragma: no cover
+        if GET_STREAM_KEY in self._request_streams:
             response = self._create_error_response(
                 "Conflict: Only one SSE stream is allowed per session",
                 HTTPStatus.CONFLICT,
@@ -714,7 +714,7 @@ async def standalone_sse_writer():
                         # Send the message via SSE
                         event_data = self._create_event_data(event_message)
                         await sse_stream_writer.send(event_data)
-            except Exception:  # pragma: no cover
+            except Exception:
                 logger.exception("Error in standalone SSE writer")
             finally:
                 logger.debug("Closing standalone SSE writer")
@@ -791,7 +791,7 @@ async def terminate(self) -> None:
             # During cleanup, we catch all exceptions since streams might be in various states
             logger.debug(f"Error closing streams: {e}")
 
-    async def _handle_unsupported_request(self, request: Request, send: Send) -> None:  # pragma: no cover
+    async def _handle_unsupported_request(self, request: Request, send: Send) -> None:
         """Handle unsupported HTTP methods."""
         headers = {
             "Content-Type": CONTENT_TYPE_JSON,
@@ -824,7 +824,7 @@ async def _validate_session(self, request: Request, send: Send) -> bool:
         request_session_id = self._get_session_id(request)
 
         # If no session ID provided but required, return error
-        if not request_session_id:  # pragma: no cover
+        if not request_session_id:
             response = self._create_error_response(
                 "Bad Request: Missing session ID",
                 HTTPStatus.BAD_REQUEST,
@@ -849,11 +849,11 @@ async def _validate_protocol_version(self, request: Request, send: Send) -> bool
         protocol_version = request.headers.get(MCP_PROTOCOL_VERSION_HEADER)
 
         # If no protocol version provided, assume default version
-        if protocol_version is None:  # pragma: no cover
+        if protocol_version is None:
             protocol_version = DEFAULT_NEGOTIATED_VERSION
 
         # Check if the protocol version is supported
-        if protocol_version not in SUPPORTED_PROTOCOL_VERSIONS:  # pragma: no cover
+        if protocol_version not in SUPPORTED_PROTOCOL_VERSIONS:
             supported_versions = ", ".join(SUPPORTED_PROTOCOL_VERSIONS)
             response = self._create_error_response(
                 f"Bad Request: Unsupported protocol version: {protocol_version}. "
@@ -865,14 +865,14 @@ async def _validate_protocol_version(self, request: Request, send: Send) -> bool
 
         return True
 
-    async def _replay_events(self, last_event_id: str, request: Request, send: Send) -> None:  # pragma: no cover
+    async def _replay_events(self, last_event_id: str, request: Request, send: Send) -> None:
         """Replays events that would have been sent after the specified event ID.
 
         Only used when resumability is enabled.
         """
         event_store = self._event_store
         if not event_store:
-            return
+            return  # pragma: no cover
 
         try:
             headers = {
@@ -921,9 +921,9 @@ async def send_event(event_message: EventMessage) -> None:
                                     await sse_stream_writer.send(event_data)
                 except anyio.ClosedResourceError:
                     # Expected when close_sse_stream() is called
-                    logger.debug("Replay SSE stream closed by close_sse_stream()")
+                    logger.debug("Replay SSE stream closed by close_sse_stream()")  # pragma: no cover
                 except Exception:
-                    logger.exception("Error in replay sender")
+                    logger.exception("Error in replay sender")  # pragma: no cover
 
             # Create and start EventSourceResponse
             response = EventSourceResponse(
@@ -934,20 +934,20 @@ async def send_event(event_message: EventMessage) -> None:
 
             try:
                 await response(request.scope, request.receive, send)
-            except Exception:
-                logger.exception("Error in replay response")
+            except Exception:  # pragma: no cover
+                logger.exception("Error in replay response")  # pragma: no cover
             finally:
                 await sse_stream_writer.aclose()
                 await sse_stream_reader.aclose()
 
-        except Exception:
-            logger.exception("Error replaying events")
-            response = self._create_error_response(
-                "Error replaying events",
-                HTTPStatus.INTERNAL_SERVER_ERROR,
-                INTERNAL_ERROR,
-            )
-            await response(request.scope, request.receive, send)
+        except Exception:  # pragma: no cover
+            logger.exception("Error replaying events")  # pragma: no cover
+            response = self._create_error_response(  # pragma: no cover
+                "Error replaying events",  # pragma: no cover
+                HTTPStatus.INTERNAL_SERVER_ERROR,  # pragma: no cover
+                INTERNAL_ERROR,  # pragma: no cover
+            )  # pragma: no cover
+            await response(request.scope, request.receive, send)  # pragma: no cover
 
     @asynccontextmanager
     async def connect(
@@ -1024,7 +1024,7 @@ async def message_router():
                                 for message. Still processing message as the client
                                 might reconnect and replay."""
                             )
-                except anyio.ClosedResourceError:
+                except anyio.ClosedResourceError:  # pragma: no cover
                     if self._terminated:
                         logger.debug("Read stream closed by client")
                     else:
diff --git a/src/mcp/server/transport_security.py b/src/mcp/server/transport_security.py
@@ -40,15 +40,15 @@ def __init__(self, settings: TransportSecuritySettings | None = None):
         # If not specified, disable DNS rebinding protection by default for backwards compatibility
         self.settings = settings or TransportSecuritySettings(enable_dns_rebinding_protection=False)
 
-    def _validate_host(self, host: str | None) -> bool:  # pragma: no cover
+    def _validate_host(self, host: str | None) -> bool:
         """Validate the Host header against allowed values."""
         if not host:
-            logger.warning("Missing Host header in request")
-            return False
+            logger.warning("Missing Host header in request")  # pragma: no cover
+            return False  # pragma: no cover
 
         # Check exact match first
         if host in self.settings.allowed_hosts:
-            return True
+            return True  # pragma: no cover
 
         # Check wildcard port patterns
         for allowed in self.settings.allowed_hosts:
@@ -59,30 +59,30 @@ def _validate_host(self, host: str | None) -> bool:  # pragma: no cover
                 if host.startswith(base_host + ":"):
                     return True
 
-        logger.warning(f"Invalid Host header: {host}")
-        return False
+        logger.warning(f"Invalid Host header: {host}")  # pragma: no cover
+        return False  # pragma: no cover
 
-    def _validate_origin(self, origin: str | None) -> bool:  # pragma: no cover
+    def _validate_origin(self, origin: str | None) -> bool:
         """Validate the Origin header against allowed values."""
         # Origin can be absent for same-origin requests
         if not origin:
             return True
 
         # Check exact match first
-        if origin in self.settings.allowed_origins:
-            return True
+        if origin in self.settings.allowed_origins:  # pragma: no cover
+            return True  # pragma: no cover
 
         # Check wildcard port patterns
-        for allowed in self.settings.allowed_origins:
-            if allowed.endswith(":*"):
+        for allowed in self.settings.allowed_origins:  # pragma: no cover
+            if allowed.endswith(":*"):  # pragma: no cover
                 # Extract base origin from pattern
-                base_origin = allowed[:-2]
+                base_origin = allowed[:-2]  # pragma: no cover
                 # Check if the actual origin starts with base origin and has a port
-                if origin.startswith(base_origin + ":"):
-                    return True
+                if origin.startswith(base_origin + ":"):  # pragma: no cover
+                    return True  # pragma: no cover
 
-        logger.warning(f"Invalid Origin header: {origin}")
-        return False
+        logger.warning(f"Invalid Origin header: {origin}")  # pragma: no cover
+        return False  # pragma: no cover
 
     def _validate_content_type(self, content_type: str | None) -> bool:
         """Validate the Content-Type header for POST requests."""
@@ -103,14 +103,14 @@ async def validate_request(self, request: Request, is_post: bool = False) -> Res
         if not self.settings.enable_dns_rebinding_protection:
             return None
 
-        # Validate Host header  # pragma: no cover
-        host = request.headers.get("host")  # pragma: no cover
-        if not self._validate_host(host):  # pragma: no cover
+        # Validate Host header
+        host = request.headers.get("host")
+        if not self._validate_host(host):
             return Response("Invalid Host header", status_code=421)  # pragma: no cover
 
-        # Validate Origin header  # pragma: no cover
-        origin = request.headers.get("origin")  # pragma: no cover
-        if not self._validate_origin(origin):  # pragma: no cover
+        # Validate Origin header
+        origin = request.headers.get("origin")
+        if not self._validate_origin(origin):
             return Response("Invalid Origin header", status_code=403)  # pragma: no cover
 
-        return None  # pragma: no cover
+        return None

Original file line number	Diff line number	Diff line change
`@@ -222,7 +222,7 @@ async def send_log_message(`
`222`	`222`	`related_request_id,`
`223`	`223`	`)`
`224`	`224`
`225`		`- async def send_resource_updated(self, uri: str \| AnyUrl) -> None: # pragma: no cover`
	`225`	`+ async def send_resource_updated(self, uri: str \| AnyUrl) -> None:`
`226`	`226`	`"""Send a resource updated notification."""`
`227`	`227`	`await self.send_notification(`
`228`	`228`	`types.ResourceUpdatedNotification(`