core/php-mcp
8
0
Fork 0
Code Issues 31 Pull requests Projects Releases Packages Wiki Activity Actions
17 commits 4 branches 0 tags 399 KiB
Commit graph

7 commits

Author SHA1 Message Date
darbs-claude
dfd712845d docs(phase-0): add environment assessment findings and update TODO
Some checks failed
CI / PHP 8.2 (pull_request) Failing after 1s
Details
CI / PHP 8.4 (pull_request) Failing after 1s
Details
CI / PHP 8.3 (pull_request) Failing after 1s
Details
CI / Assets (pull_request) Failing after 1s
Details 
- Add FINDINGS.md with full Phase 0 assessment:
  - Composer install blocked by missing private host-uk/core package
  - Test baseline inventory (10 test files, 6 coverage gaps identified)
  - Architecture review: event-driven registration, defence-in-depth SQL
    validation, workspace tenant isolation, tier-based resource limits
  - Security observations with severity ratings
  - Phased work recommendations (Phase 1-4)
- Update TODO.md with Phase 0 environment blockers and Phase 1 critical
  architecture tasks (tool extraction from monolithic command, missing
  QueryDatabase/AuditLogService tests, empty integration test suite)

Closes #1

Co-Authored-By: Clotho <clotho@lthn.ai>
 2026-02-21 00:37:35 +00:00
Snider
7e881f6565 test(mcp): add comprehensive Quota System tests (P2-016) 
Add extensive Pest tests for the MCP quota system covering:
- Usage recording and tracking (tool calls, tokens)
- Quota enforcement per tier (free, starter, pro, business, enterprise)
- Token quota enforcement independently of tool calls
- Detailed quota check responses with reasons
- Remaining quota calculation
- Quota reset and monthly period management
- Usage history retrieval
- Quota HTTP headers (X-MCP-Quota-*)
- Quota limits retrieval and caching
- CheckMcpQuota middleware (429 responses, headers injection)
- Workspace-scoped quotas (isolation, independent limits)
- McpUsageQuota model (scopes, accessors, static methods)
- Edge cases (concurrent requests, cache invalidation, month boundaries)
- Cache management (performance caching, invalidation)

Replaces basic test coverage with ~100 test cases for thorough validation.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 19:48:21 +00:00
Snider
64ce1ee324 test(mcp): add comprehensive Tool Analytics tests (P2-015) 
Add Pest tests for ToolAnalyticsService covering:
- Usage tracking (recording successful/failed executions)
- ToolStats DTO calculations and formatting
- Error rate calculations
- Daily trend aggregation
- Reporting functions (popular tools, error-prone tools, workspace stats)
- Tool combination tracking within sessions
- Date range filtering
- ToolMetric model methods and scopes

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 19:44:32 +00:00
Snider
ac7fe0ea7a test(mcp): add comprehensive Workspace Context tests (P2-014) 
Add extensive Pest tests for workspace context security covering:
- WorkspaceContext resolution from headers and authentication
- Automatic workspace scoping for queries
- MissingWorkspaceContextException handling
- Workspace boundary enforcement
- Cross-workspace data isolation and query prevention
- Context injection via middleware
- Edge cases including concurrent contexts and request isolation

Also update Pest.php to include src/Mcp/Tests/Unit directory.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 19:39:24 +00:00
Snider
41b8568d5c test(mcp): add comprehensive SQL Query Validator tests (P2-013) 
Add Pest tests for SqlQueryValidator covering:
- Allowed SELECT statements with WHERE, ORDER BY, LIMIT
- Blocked data modification (INSERT, UPDATE, DELETE, TRUNCATE)
- Blocked schema changes (DROP, ALTER, CREATE, RENAME)
- Blocked permissions/admin (GRANT, REVOKE, FLUSH, KILL, SET)
- Blocked execution (EXECUTE, PREPARE, CALL, DEALLOCATE)
- Blocked file operations (INTO OUTFILE/DUMPFILE, LOAD_FILE/DATA)
- SQL injection prevention: UNION attacks, stacked queries,
  time-based (SLEEP/BENCHMARK), encoding (hex/CHAR), subqueries,
  system table access, comment obfuscation
- Query structure validation and whitelist configuration
- Exception details and edge cases

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 19:38:40 +00:00
Snider
e536e4586f feat(mcp): add query security features (P1-007, P1-008, P1-009) 
- P1-007: Tier-based query result size limits with truncation warnings
- P1-008: Per-tier query timeout enforcement (MySQL/PostgreSQL/SQLite)
- P1-009: Comprehensive audit logging for all query attempts

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 13:15:39 +00:00
Snider
afb3dacd98 monorepo sepration 2026-01-26 20:57:41 +00:00