Skip to content

Commit bc9e726

Browse files
gagikgagik
committed
chore: bump mcp SDK, refactor tool arguments
This bumps the SDK to the latest versions which patches some security issues. This also simplifies our typing and structure of our arguments so we can have a more consistant and simpler to reason about API across tools.
1 parent e12068a commit bc9e726

File tree

15 files changed

+132
-104
lines changed

15 files changed

+132
-104
lines changed

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -115,7 +115,7 @@
115115
"vitest": "^3.2.4"
116116
},
117117
"dependencies": {
118-
"@modelcontextprotocol/sdk": "^1.22.0",
118+
"@modelcontextprotocol/sdk": "^1.24.2",
119119
"@mongodb-js/device-id": "^0.3.1",
120120
"@mongodb-js/devtools-proxy-support": "^0.5.3",
121121
"@mongosh/arg-parser": "^3.19.0",

pnpm-lock.yaml

Lines changed: 14 additions & 11 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/elicitation.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
import type { ElicitRequest } from "@modelcontextprotocol/sdk/types.js";
1+
import type { ElicitRequestFormParams } from "@modelcontextprotocol/sdk/types.js";
22
import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
33

44
export class Elicitation {
@@ -37,7 +37,7 @@ export class Elicitation {
3737
* The schema for the confirmation question.
3838
* TODO: In the future would be good to use Zod 4's toJSONSchema() to generate the schema.
3939
*/
40-
public static CONFIRMATION_SCHEMA: ElicitRequest["params"]["requestedSchema"] = {
40+
public static CONFIRMATION_SCHEMA: ElicitRequestFormParams["requestedSchema"] = {
4141
type: "object",
4242
properties: {
4343
confirmation: {

src/tools/atlas/atlasTool.ts

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,3 @@
1-
import type { ToolCallback } from "@modelcontextprotocol/sdk/server/mcp.js";
21
import type { AtlasMetadata } from "../../telemetry/types.js";
32
import { ToolBase, type ToolArgs, type ToolCategory } from "../tool.js";
43
import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
@@ -83,17 +82,15 @@ For more information on Atlas API access roles, visit: https://www.mongodb.com/d
8382
* @returns The tool metadata
8483
*/
8584
protected resolveTelemetryMetadata(
86-
result: CallToolResult,
87-
...args: Parameters<ToolCallback<typeof this.argsShape>>
85+
args: ToolArgs<typeof this.argsShape>,
86+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
87+
{ result }: { result: CallToolResult }
8888
): AtlasMetadata {
8989
const toolMetadata: AtlasMetadata = {};
90-
if (!args.length) {
91-
return toolMetadata;
92-
}
9390

9491
// Create a typed parser for the exact shape we expect
9592
const argsShape = z.object(this.argsShape);
96-
const parsedResult = argsShape.safeParse(args[0]);
93+
const parsedResult = argsShape.safeParse(args);
9794

9895
if (!parsedResult.success) {
9996
this.session.logger.debug({

src/tools/atlas/connect/connectCluster.ts

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,6 @@ import type { AtlasClusterConnectionInfo } from "../../../common/connectionManag
99
import { getDefaultRoleFromConfig } from "../../../common/atlas/roles.js";
1010
import { AtlasArgs } from "../../args.js";
1111
import type { ConnectionMetadata } from "../../../telemetry/types.js";
12-
import type { ToolCallback } from "@modelcontextprotocol/sdk/server/mcp.js";
1312

1413
const addedIpAccessListMessage =
1514
"Note: Your current IP address has been added to the Atlas project's IP access list to enable secure connection.";
@@ -33,9 +32,7 @@ export class ConnectClusterTool extends AtlasToolBase {
3332
public name = "atlas-connect-cluster";
3433
protected description = "Connect to MongoDB Atlas cluster";
3534
static operationType: OperationType = "connect";
36-
protected argsShape = {
37-
...ConnectClusterArgs,
38-
};
35+
protected argsShape = ConnectClusterArgs;
3936

4037
private queryConnection(
4138
projectId: string,
@@ -321,10 +318,10 @@ export class ConnectClusterTool extends AtlasToolBase {
321318
}
322319

323320
protected override resolveTelemetryMetadata(
324-
result: CallToolResult,
325-
...args: Parameters<ToolCallback<typeof this.argsShape>>
321+
args: ToolArgs<typeof this.argsShape>,
322+
{ result }: { result: CallToolResult }
326323
): ConnectionMetadata {
327-
const parentMetadata = super.resolveTelemetryMetadata(result, ...args);
324+
const parentMetadata = super.resolveTelemetryMetadata(args, { result });
328325
const connectionMetadata = this.getConnectionInfoMetadata();
329326
if (connectionMetadata && connectionMetadata.project_id !== undefined) {
330327
// delete the project_id from the parent metadata to avoid duplication

src/tools/atlas/read/getPerformanceAdvisor.ts

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
import { z } from "zod";
22
import { AtlasToolBase } from "../atlasTool.js";
3-
import type { CallToolResult, ServerNotification, ServerRequest } from "@modelcontextprotocol/sdk/types.js";
3+
import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
44
import type { OperationType, ToolArgs } from "../../tool.js";
55
import { formatUntrustedData } from "../../tool.js";
66
import {
@@ -13,7 +13,6 @@ import {
1313
SLOW_QUERY_LOGS_COPY,
1414
} from "../../../common/atlas/performanceAdvisorUtils.js";
1515
import { AtlasArgs } from "../../args.js";
16-
import type { RequestHandlerExtra } from "@modelcontextprotocol/sdk/shared/protocol.js";
1716
import type { PerfAdvisorToolMetadata } from "../../../telemetry/types.js";
1817

1918
const PerformanceAdvisorOperationType = z.enum([
@@ -134,12 +133,11 @@ export class GetPerformanceAdvisorTool extends AtlasToolBase {
134133
}
135134

136135
protected override resolveTelemetryMetadata(
137-
result: CallToolResult,
138136
args: ToolArgs<typeof this.argsShape>,
139-
extra: RequestHandlerExtra<ServerRequest, ServerNotification>
137+
{ result }: { result: CallToolResult }
140138
): PerfAdvisorToolMetadata {
141139
return {
142-
...super.resolveTelemetryMetadata(result, args, extra),
140+
...super.resolveTelemetryMetadata(args, { result }),
143141
operations: args.operations,
144142
};
145143
}

src/tools/atlasLocal/atlasLocalTool.ts

Lines changed: 13 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
2-
import type { ToolArgs, ToolCategory } from "../tool.js";
2+
import type { ToolArgs, ToolCategory, ToolExecutionContext } from "../tool.js";
33
import { ToolBase } from "../tool.js";
4-
import type { ToolCallback } from "@modelcontextprotocol/sdk/server/mcp.js";
54
import type { Client } from "@mongodb-js/atlas-local";
65
import { LogId } from "../../common/logger.js";
76
import type { ConnectionMetadata } from "../../telemetry/types.js";
@@ -15,7 +14,11 @@ export abstract class AtlasLocalToolBase extends ToolBase {
1514
return this.session.atlasLocalClient !== undefined && super.verifyAllowed();
1615
}
1716

18-
protected async execute(...args: Parameters<ToolCallback<typeof this.argsShape>>): Promise<CallToolResult> {
17+
protected async execute(
18+
args: ToolArgs<typeof this.argsShape>,
19+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
20+
_context: ToolExecutionContext
21+
): Promise<CallToolResult> {
1922
const client = this.session.atlasLocalClient;
2023

2124
// If the client is not found, throw an error
@@ -38,7 +41,7 @@ please log a ticket here: https://github.com/mongodb-js/mongodb-mcp-server/issue
3841
};
3942
}
4043

41-
return this.executeWithAtlasLocalClient(client, ...args);
44+
return this.executeWithAtlasLocalClient(args, { client });
4245
}
4346

4447
private async lookupDeploymentId(client: Client, containerId: string): Promise<string | undefined> {
@@ -72,8 +75,8 @@ please log a ticket here: https://github.com/mongodb-js/mongodb-mcp-server/issue
7275
}
7376

7477
protected abstract executeWithAtlasLocalClient(
75-
client: Client,
76-
...args: Parameters<ToolCallback<typeof this.argsShape>>
78+
args: ToolArgs<typeof this.argsShape>,
79+
context: { client: Client }
7780
): Promise<CallToolResult>;
7881

7982
protected handleError(
@@ -119,7 +122,10 @@ please log a ticket here: https://github.com/mongodb-js/mongodb-mcp-server/issue
119122
return super.handleError(error, args);
120123
}
121124

122-
protected resolveTelemetryMetadata(result: CallToolResult): ConnectionMetadata {
125+
protected resolveTelemetryMetadata(
126+
_args: ToolArgs<typeof this.argsShape>,
127+
{ result }: { result: CallToolResult }
128+
): ConnectionMetadata {
123129
const toolMetadata: ConnectionMetadata = {};
124130

125131
// Atlas Local tools set the deployment ID in the result metadata for telemetry

src/tools/atlasLocal/connect/connectDeployment.ts

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,8 @@ export class ConnectDeploymentTool extends AtlasLocalToolBase {
1414
};
1515

1616
protected async executeWithAtlasLocalClient(
17-
client: Client,
18-
{ deploymentName }: ToolArgs<typeof this.argsShape>
17+
{ deploymentName }: ToolArgs<typeof this.argsShape>,
18+
{ client }: { client: Client }
1919
): Promise<CallToolResult> {
2020
// Get the connection string for the deployment
2121
const connectionString = await client.getConnectionString(deploymentName);
@@ -36,7 +36,10 @@ export class ConnectDeploymentTool extends AtlasLocalToolBase {
3636
};
3737
}
3838

39-
protected override resolveTelemetryMetadata(result: CallToolResult): ConnectionMetadata {
40-
return { ...super.resolveTelemetryMetadata(result), ...this.getConnectionInfoMetadata() };
39+
protected override resolveTelemetryMetadata(
40+
args: ToolArgs<typeof this.argsShape>,
41+
{ result }: { result: CallToolResult }
42+
): ConnectionMetadata {
43+
return { ...super.resolveTelemetryMetadata(args, { result }), ...this.getConnectionInfoMetadata() };
4144
}
4245
}

src/tools/atlasLocal/create/createDeployment.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,8 +13,8 @@ export class CreateDeploymentTool extends AtlasLocalToolBase {
1313
};
1414

1515
protected async executeWithAtlasLocalClient(
16-
client: Client,
17-
{ deploymentName }: ToolArgs<typeof this.argsShape>
16+
{ deploymentName }: ToolArgs<typeof this.argsShape>,
17+
{ client }: { client: Client }
1818
): Promise<CallToolResult> {
1919
const deploymentOptions: CreateDeploymentOptions = {
2020
name: deploymentName,

src/tools/atlasLocal/delete/deleteDeployment.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,8 +13,8 @@ export class DeleteDeploymentTool extends AtlasLocalToolBase {
1313
};
1414

1515
protected async executeWithAtlasLocalClient(
16-
client: Client,
17-
{ deploymentName }: ToolArgs<typeof this.argsShape>
16+
{ deploymentName }: ToolArgs<typeof this.argsShape>,
17+
{ client }: { client: Client }
1818
): Promise<CallToolResult> {
1919
// Lookup telemetry metadata
2020
// We need to lookup the telemetry metadata before deleting the deployment

0 commit comments

Comments
 (0)