Skip to content

Commit 14bbdbf

Browse files
vishal-balaclaude
andcommitted
refactor(mcp): drop dead description override and harden auth scope read (RAAE-1605)
Address review on list_indexes.py: - Remove the `tool_list_indexes_description` override: that setting does not exist on MCPSettings (only tool_search/upsert_description do), so the getattr branch was always None and never fired. Pass the default description constant directly. - Read the read scope as `auth_config.read_scope` (a typed field on MCPAuthConfig) instead of a silent `getattr(..., "read_scope", None)`. The old form would fail open — silently yielding None and skipping auth enforcement — if the field were ever renamed; direct access fails loud. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent 55c4d16 commit 14bbdbf

1 file changed

Lines changed: 5 additions & 6 deletions

File tree

redisvl/mcp/tools/list_indexes.py

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -78,15 +78,14 @@ def list_indexes(server: "RedisVLMCPServer") -> dict[str, Any]:
7878

7979
def register_list_indexes_tool(server: "RedisVLMCPServer") -> None:
8080
"""Register the always-available, read-only `list-indexes` MCP tool."""
81-
description = (
82-
getattr(server.mcp_settings, "tool_list_indexes_description", None)
83-
or DEFAULT_LIST_INDEXES_DESCRIPTION
84-
)
8581

8682
async def list_indexes_tool():
8783
"""FastMCP wrapper for the `list-indexes` tool."""
88-
read_scope = getattr(getattr(server, "auth_config", None), "read_scope", None)
84+
auth_config = getattr(server, "auth_config", None)
85+
read_scope = auth_config.read_scope if auth_config is not None else None
8986
ensure_tool_scope(server, read_scope)
9087
return list_indexes(server)
9188

92-
server.tool(name="list-indexes", description=description)(list_indexes_tool)
89+
server.tool(name="list-indexes", description=DEFAULT_LIST_INDEXES_DESCRIPTION)(
90+
list_indexes_tool
91+
)

0 commit comments

Comments
 (0)