feat(scenarios/server): cover the two untested SEP-2243 server param-presence requirements#325
Open
rinaldofesta wants to merge 1 commit into
Conversation
…presence requirements The traceability manifest reported exactly two declared-but-untested SEP-2243 requirements: sep-2243-server-not-expect-null and sep-2243-server-reject-missing-required. This adds both to HttpCustomHeaderServerValidationScenario. - not-expect-null: with an optional x-mcp-header parameter absent from the body, a conformant client omits its Mcp-Param header, so the server MUST accept the request (it must not require the header). - reject-missing-required: omitting a required parameter entirely MUST make the server reject with a JSON-RPC error. Both IDs are also added to the declared-check set so they are emitted (SKIPPED) when the server under test exposes no x-mcp-header tool, keeping the emitted-ID set stable for the manifest. Regenerates src/seps/traceability.json against the recorded source (typescript-sdk@258f1a04a5d3): the two requirements flip untested -> tested (sep-2243 summary 18->20 tested, 2->0 untested); no other rows change. typecheck + eslint + unit tests pass. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
The SEP traceability manifest reported exactly two declared-but-untested requirements across the whole repo, both in SEP-2243 (custom
Mcp-Param-*headers):sep-2243-server-not-expect-null— "Parameter value is null or omitted: Server MUST NOT expect the header."sep-2243-server-reject-missing-required— "Required parameter is omitted: Server MUST reject with JSON-RPC error."This PR implements both as server checks in
HttpCustomHeaderServerValidationScenario:x-mcp-headerparameter absent from the body, a conformant client omits the correspondingMcp-Param-*header, so the server must accept the request rather than requiring the header. Skips (still emitting the ID) when the server under test exposes no optional annotated parameter.Both IDs are added to
CUSTOM_HEADER_SERVER_DECLARED_CHECK_IDS, so they are also emitted (SKIPPED) on the no-x-mcp-header-tool path, keeping the emitted-ID set stable for the manifest.Traceability
src/seps/traceability.jsonis regenerated against the recorded source (typescript-sdk@258f1a04a5d3): the two rows flipuntested → tested(SEP-2243 summary 18→20 tested, 2→0 untested) and no other rows change. After this PR the manifest reports 0 untested requirements across all SEPs.Validation
npm run check(tsgo typecheck + eslint + prettier) clean;npx vitest run src/traceability src/scenarios/server/all-scenarios.test.ts→ 56 passing.npm run traceability -- --checkreports the on-disk manifest up to date.Coverage note
Like the four existing custom-header checks, these two exercise their full request/response logic only against a server that exposes an
x-mcp-headertool. The current reference server (everythingServerattypescript-sdk@258f1a04a5d3) exposes none, so all six custom-header checks — including these two — are emitted asSKIPPEDagainst it (verified). They flip the manifest rows totestedvia emission (the manifest joins on emitted IDs regardless of status), exactly as the existing checks do. The acceptance/rejection logic runs against servers that do definex-mcp-headertools, and falls back toSKIPPEDwhen a tool lacks an optional (resp. required) parameter.Drafted with the help of a coding agent (Claude Code) and reviewed by the author locally.