Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions tests/test_api_mcp.py
Original file line number Diff line number Diff line change
Expand Up @@ -2464,6 +2464,27 @@ def test_mcp_submit_work_proof_rejects_invalid_bounty_selectors(
_assert_invalid_tool_arguments_envelope(response.json(), request_id=request_id)


def test_mcp_submit_work_proof_rejects_control_padded_format(sqlite_url: str) -> None:
create_schema(sqlite_url)
with session_scope(sqlite_url) as session:
ensure_genesis(session)

client = TestClient(create_app(database_url=sqlite_url, webhook_secret="secret"))

response = client.post(
"/mcp",
json={
"jsonrpc": "2.0",
"id": 37,
"method": "tools/call",
"params": {"name": "submit_work_proof", "arguments": {"format": "\u0085json"}},
},
)

assert response.status_code == 200
_assert_invalid_tool_arguments_envelope(response.json(), request_id=37)
Comment on lines +2484 to +2485

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Assert the field-level validation payload too.

Line 2485 only checks the legacy -32602 envelope, so this test still passes if submit_work_proof fails for some other invalid-arguments path. Please also assert the safe error.data payload for tool="submit_work_proof", field="format", and the control-character message so the regression stays tied to this guard.

Suggested tightening
     assert response.status_code == 200
-    _assert_invalid_tool_arguments_envelope(response.json(), request_id=37)
+    response_json = response.json()
+    _assert_invalid_tool_arguments_envelope(response_json, request_id=37)
+    error = response_json["error"]
+    assert isinstance(error, dict)
+    data = error["data"]
+    assert isinstance(data, dict)
+    assert data["tool"] == "submit_work_proof"
+    assert data["field"] == "format"
+    assert data["message"] == "format must not contain control characters"

As per coding guidelines, "Add or update tests for changed behavior." As per path instructions, "Focus on whether tests prove the changed behavior and include negative, replay, boundary, or regression cases where relevant."

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
assert response.status_code == 200
_assert_invalid_tool_arguments_envelope(response.json(), request_id=37)
assert response.status_code == 200
response_json = response.json()
_assert_invalid_tool_arguments_envelope(response_json, request_id=37)
error = response_json["error"]
assert isinstance(error, dict)
data = error["data"]
assert isinstance(data, dict)
assert data["tool"] == "submit_work_proof"
assert data["field"] == "format"
assert data["message"] == "format must not contain control characters"

Sources: Coding guidelines, Path instructions



@pytest.mark.parametrize(
("arguments", "request_id"),
[
Expand Down
Loading