fix(quarantine): expose output schema in tool diff endpoint (MCP-2085)#638
Merged
Conversation
The tool-quarantine change-detection hash covers description, input schema,
and output schema, but GET /api/v1/servers/{id}/tools/{tool}/diff only
returned the description and input schema. When an upstream evolved only its
output schema (e.g. Google sqladmin adding a "POSTGRES_20" enum value), the
visible description was byte-identical, so the flagged tool looked like a
phantom rug-pull false positive.
Add previous_output_schema / current_output_schema (already stored on the
ToolApprovalRecord) to the diff response so an operator can see exactly what
changed before approving. Document the field in docs/api/rest-api.md and add
a regression test for an output-schema-only change.
Note: change-detection itself is correct — the upstream schema genuinely
changed. This deliberately does NOT weaken the rug-pull hash (no
auto-approval of additive enum widenings); the fix is transparency, not
relaxing security.
Related #634
Related MCP-2085
Deploying mcpproxy-docs with
|
| Latest commit: |
d141891
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://ac9a68f6.mcpproxy-docs.pages.dev |
| Branch Preview URL: | https://fix-mcp-2085-tool-diff-outpu.mcpproxy-docs.pages.dev |
|
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
📦 Build ArtifactsWorkflow Run: View Run Available Artifacts
How to DownloadOption 1: GitHub Web UI (easiest)
Option 2: GitHub CLI gh run download 27401232135 --repo smart-mcp-proxy/mcpproxy-go
|
Dumbris
added a commit
that referenced
this pull request
Jun 12, 2026
…UI (#639) The tool-quarantine approval UI flagged a tool as "changed" whenever its description, input schema, OR output schema hash differed from the approved version, but rendered only the description diff. A schema-only change was therefore an invisible phantom diff — the operator saw a "changed" badge with no visible reason. Render up to three labeled before/after sections (Description, Input Schema, Output Schema), each shown only when that field actually changed, consuming the previous_output_schema / current_output_schema fields the diff endpoint now exposes (PR #638). Schema bodies are pretty-printed before the word-diff so additive changes (e.g. a new enum value) read clearly. Backend keeps rug-pull detection strict; this change is transparency only. Diff-section selection is extracted into computeToolDiffSections (utils/toolDiff) with a vitest covering the output-schema-only case. Related MCP-2096, MCP-2085
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes the backend half of MCP-2085. The tool-quarantine change-detection hash covers
description + inputSchema + outputSchema(internal/runtime/tool_quarantine.go), butGET /api/v1/servers/{id}/tools/{tool}/diffonly returnedprevious_description/current_descriptionandprevious_schema/current_schema. It omitted the output-schema fields entirely, even though they already exist onToolApprovalRecordand are part of the hash.Consequence: when an upstream evolves only its output schema — e.g. Google
sqladminadding"POSTGRES_20"to a database-version enum — the description and input schema stay byte-identical, so the diff the operator sees is empty. Thechangedflag then reads as a phantom rug-pull false positive and erodes trust in the feature.Change
internal/httpapi/server.go—handleGetToolDiffnow also returnsprevious_output_schema/current_output_schema.docs/api/rest-api.md— document the two new response fields.internal/httpapi/tool_quarantine_test.go— regression testTestHandleGetToolDiff_OutputSchemaOnlyChange(thecreate_backupcase: identical desc + input schema, output schema gainsPOSTGRES_20), plus assertions on the existing test that input-schema fields are surfaced.Design decision (Part 1 of the issue)
The issue offered options including auto-approving "additive enum widenings". I deliberately did not weaken the rug-pull hash:
POSTGRES_20enum)", the operator can approve in one click with full context.So the backend fix is transparency, not relaxing security.
Out of scope (delegated)
The frontend rendering half —
frontend/src/views/ServerDetail.vueshowing three diff sections (Description / Input Schema / Output Schema) and the option-(b) batch "schema updated on N tools" review — is a separate lane and tracked as a child issue for the Frontend engineer. This PR is the enabling backend change it depends on.Verification
go test ./internal/httpapi/ -race✅go test ./internal/runtime/ -run TestCalculateToolApprovalHash_Stability✅ (hash canary unchanged)go build ./cmd/mcpproxy✅./scripts/run-linter.sh→ 0 issues ✅Related #634
Related MCP-2085