fast MCP server: debug & config namespaces, external-source playback, OpenClaw/Hermes presets (v0.7.1)

[trudenboy]

What does this implement/fix?

FastMCP Server provider → v0.7.1

Updates the existing fastmcp_server plugin provider from v0.3.35 (current
dev) to v0.7.1, landing two off-by-default capability namespaces, an
onboarding convenience for the Connect Wizard, and richer now-playing state for
external "Connect"-style sources. A default installation sees no new tool
surface — every new tool is gated behind a permission ConfigEntry that
ships disabled, so operators opt in per capability.

Source: trudenboy/ma-provider-mcp · tag v0.7.1

debug namespace — introspection & troubleshooting (was v0.4.0)

Twelve read-mostly tools for diagnosing a running Music Assistant instance over
MCP, behind five off-by-default flags (Debug: providers, Debug: inspect,
Debug: events, Debug: logs, Debug: reload):

• Topology / health — debug_list_providers, debug_health_summary,
  debug_list_package_versions, debug_list_webserver_routes.
• Inspection — debug_inspect_player, debug_inspect_queue,
  debug_inspect_provider, debug_inspect_provider_config.
• Events — debug_recent_events, debug_event_buffer_stats, backed by a
  bounded in-memory ring buffer (capacity configurable, default off).
• Logs — debug_tail_log, reading only files under MA's own
  storage_path (no arbitrary filesystem access).
• Lifecycle — debug_reload_provider (the one mutating tool in this
  namespace, gated by its own flag).

Supporting internals live under debug/: a ring event buffer, a depth- and
cycle-protected object inspector (back-reference skip-list to avoid serialising
the whole object graph), and a storage-scoped log reader.

Robustness refinements (v0.7.1): the log-scan tools (debug_tail_log and the
error count inside debug_health_summary) now run their synchronous file I/O
off the event loop; debug_health_summary honours the Debug: logs gate
before reading any log file; reload serialisation is per-runtime rather than
process-global; and the object inspector's byte-budget accounting no longer
round-trips every value through json.dumps.

config namespace — view & edit settings (v0.5.0)

Fourteen tools to read and write MA core, provider, and player configuration
over MCP, behind five off-by-default flags — four capability flags
(Config: read settings, Config: edit provider settings,
Config: edit core settings, Config: edit player settings) plus an
orthogonal Config: allow writing secret values gate:

• Read — config_list_targets, config_get_core, config_get_provider,
  config_get_player, config_get_entries, config_get_dsp. SECURE_STRING
  values are masked by MA's own serialiser before they leave the process.
• Stage a single value — config_set_core_value,
  config_set_provider_value, config_set_player_value (validate + diff,
  no persistence).
• Persist — config_save_core, config_save_provider,
  config_save_player, config_save_dsp. Writes delegate to MA's atomic save
  primitives (validate → encrypt via to_raw → persist → reload, with
  rollback) — the provider never hand-rolls encryption or persistence.
• Provider actions — config_trigger_provider_action.

Writes are validated against each ConfigEntry (type coercion, explicit range,
per-member options) before they reach MA, and an optional elicitation
confirmation gate (require_confirmation, default on) prompts before any
mutation. Secret-valued keys are rejected atomically unless the dedicated
secret flag is enabled — that flag is re-evaluated per request, so toggling it
takes effect without a provider reload.

External / Connect-source now-playing in briefs (v0.7.0 / v0.7.1)

When a player streams from an external "Connect"-style source (Spotify Connect,
AirPlay, Yandex Ynison), MA streams the audio out-of-band, so the player's own
playback_state stays idle while audio is actually playing. The player and
queue query tools now treat the active queue as the source of truth for
playback state — matching what MA's own interface shows:

• players_list_players / players_get_player (and the player:// resource)
  report playing / paused from the active queue instead of a misleading
  idle.
• A new external_source field carries the controlling provider's instance id,
  so a client can tell which provider is driving playback (and distinguish
  several instances of the same provider). It is null for normal,
  self-driven playback.
• The currently playing item shows the real track title rather than the source
  wrapper name, in both player and queue views.

This is an enhancement to existing query tools — no new tools and no new
permission flags; it is gated by the same player/queue query permissions
that already exist.

Connect Wizard — OpenClaw & Hermes presets (v0.6.0)

The Connect Wizard's client catalogue gains two entries — OpenClaw and
Hermes (Nous Research) — alongside the existing clients (Claude Code /
Desktop, Cursor, Windsurf, VS Code, ChatGPT, Codex, Gemini, Cline, Zed). For
each, the wizard mints a per-client long-lived token and renders a
ready-to-paste config snippet pointing at the server's streamable-HTTP endpoint
with an Authorization: Bearer header — an OpenClaw openclaw mcp set …
command and a Hermes ~/.hermes/config.yaml block respectively. This is a
pure onboarding convenience: no new tools, no new permission flags, no
runtime/transport changes — the snippets target the same endpoint and auth
the wizard already wires for every other client.

Related issue (if applicable):

• N/A

Types of changes

• Bugfix (non-breaking change which fixes an issue) — bugfix
• New feature (non-breaking change which adds functionality) — new-feature
• Enhancement to an existing feature — enhancement
• New music/player/metadata/plugin provider — new-provider
• Breaking change (fix or feature that would cause existing functionality to not work as expected) — breaking-change
• Refactor (no behaviour change) — refactor
• Documentation only — documentation
• Maintenance / chore — maintenance
• CI / workflow change — ci
• Dependencies bump — dependencies

Checklist

• The code change is tested and works locally.
• pre-commit run --all-files passes.
• pytest passes, and tests have been added/updated under tests/ where applicable.
• For changes to shared models, the companion PR in music-assistant/models is linked.
• For changes affecting the UI, the companion PR in music-assistant/frontend is linked.
• I have read and complied with the project's AI Policy for any AI-assisted contributions.

[MarvinSchenkel]

Two problem-level findings inline. Suggestions from my console review (event_buffer docstring, health_summary reading logs when DEBUG_LOGS off, module-vs-instance lock scope, json.dumps in _State.charge) are not posted here.