fix(mcp): reject mcp_server timeout_ms = 0#676
Conversation
📝 WalkthroughWalkthroughAdds OpenAPI documentation for ChangesMCP Server OpenAPI docs and timeout_ms validation
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 4 | ❌ 2❌ Failed checks (2 inconclusive)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@crates/aisix-admin/src/openapi.rs`:
- Around line 2458-2461: Declare the new “MCP Servers” tag in the top-level
OpenAPI document tags list so the operations using that tag have a shared root
definition. Update the document root in openapi.rs where the global tags are
assembled, and ensure the tag entry for "MCP Servers" is added alongside the
existing tag definitions used by the MCP server endpoints referenced by the
MCP-related handlers.
- Around line 4049-4050: The 413-response coverage in
openapi_documents_admin_json_body_limit_rejections is missing the new MCP write
routes, so extend the existing admin JSON body limit rejection expectations to
include both POST and PUT for /admin/v1/mcp_servers and
/admin/v1/mcp_servers/{id}. Update the route coverage in the openapi.rs
test/data associated with openapi_documents_admin_json_body_limit_rejections so
these MCP write paths are asserted alongside the other admin write endpoints.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: d920c55e-770a-4efe-8aa7-fbb5ab3739c7
📒 Files selected for processing (4)
crates/aisix-admin/src/openapi.rscrates/aisix-core/src/models/mcp_server.rscrates/aisix-core/src/models/schema.rsschemas/resources/mcp_server.schema.json
`timeout_ms = 0` maps to a zero-duration per-operation deadline: every upstream op times out instantly and the server is silently dropped from `tools/list`. Guard it at the schema layer with `range(min = 1)`, the same mechanism as the `length(min = 1)` guards on display_name/url — enforced by `validate_mcp_server` on BOTH the Admin write-path and the etcd loader. Regenerated mcp_server.schema.json (minimum 0 → 1) and added validation tests (zero rejected, positive accepted, omitted still valid). Closes #666.
253d4ec to
042087a
Compare
McpServer.timeout_msaccepts0, which maps to a zero-duration per-operation deadline: every upstream op then times out instantly and the server is silently dropped fromtools/list(graceful, logged, no crash).Fix
Guard it at the schema layer with
#[schemars(range(min = 1))]on thetimeout_msfield — the same mechanism as the existinglength(min = 1)guards ondisplay_name/url— sovalidate_mcp_serverenforces it on both the Admin write-path (mcp_servers_handlers) and the etcd loader (validate_and_parse). Regeneratedmcp_server.schema.json(minimum0 → 1) and added validation tests (zero rejected, positive accepted, omitted still valid).Behavior change (called out for review): a stored
mcp_serverwithtimeout_ms = 0is now rejected by the loader — butbuild_snapshotis infallible, so a rejected resource is skipped individually (bumpsschema_rejected) without aborting the snapshot or taking down healthy resources, exactly as an emptydisplay_namealready is.0was never a usable value (instant timeout), so this rejects a previously-silently-broken config rather than a working one.Scope note
This PR originally also carried the
mcp_serversAdmin OpenAPI reference (#663). That was implemented independently and merged first as #675 (a different mechanism — variant titles baked into the generated schema viatitle_single_value_enum_variants). This branch was rebased onto that work and now carries only thetimeout_msvalidation; the regenerated schema correctly combines #675's variant titles with this PR'sminimum: 1.Verification
cargo test -p aisix-core(incl. 3 new validation tests) +-p aisix-admin(19 openapi tests) green;cargo fmt --all -- --checkandcargo clippy --workspace --all-targets -- -D warningsclean;dump-schemaproduces zero drift.Closes #666.