Elgato_dark/unraid-mcp
1
0
Fork 0
mirror of https://github.com/jmagar/unraid-mcp synced 2026-04-21 13:37:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
291 commits 8 branches 2 tags 2.4 MiB
Commit graph

20 commits

Author SHA1 Message Date
Jacob Magar
454f346036 chore: sync working tree updates 2026-04-15 19:13:31 -04:00
Jacob Magar
a0d23b8661 feat(rl3u.4): add gitleaks secret scan to CI; fix scripts/ → bin/ 
- Add gitleaks/gitleaks-action@v2 job (full history scan, fetch-depth: 0)
- Fix docker-security steps to reference bin/ (scripts/ dir removed)
 2026-04-05 20:43:54 -04:00
Jacob Magar
0d2c3ec045 fix: update all stale scripts/ references to bin/ 
Sweep remaining references to the old scripts/ directory that were
missed when scripts/ was renamed to bin/ in 1.3.6.

Fixes active config (ci.yml, .pre-commit-config.yaml, Justfile) and
documentation (CHECKLIST, INVENTORY, MARKETPLACE, SCRIPTS, REPO).

hooks/scripts/ and skills/unraid/scripts/ are intentional and unchanged.
 2026-04-05 19:23:27 -04:00
Jacob Magar
7aff6c9db4 fix(ci): continue-on-error for integration tests (unraid not reachable from GH Actions) 2026-04-05 12:10:48 -04:00
Jacob Magar
ec0f4c4178 fix(ci): use env vars in step if-condition (secrets.* invalid in if per GH security policy) 2026-04-05 12:05:10 -04:00
Jacob Magar
9f894333eb fix(ci): move secrets gate to step-level if (secrets ctx invalid at job level) 2026-04-05 12:00:26 -04:00
Jacob Magar
7518120101 fix(ci): restore secrets gate with single-line if (multiline >- caused parse failure) 2026-04-05 11:56:17 -04:00
Jacob Magar
1c6a9d737a fix(ci): remove invalid secrets context from job-level if condition 2026-04-05 11:52:02 -04:00
Jacob Magar
94b11ff982 fix(ci): use image digest for Trivy scan instead of full SHA tag 2026-04-05 11:48:49 -04:00
Jacob Magar
3619d3db88 chore: update manifests, ci, pyproject, and tests 2026-04-05 10:01:20 -04:00
Jacob Magar
c39b05277c fix(ci): add missing .dockerignore entries, replace uv audit with uvx pip-audit, upgrade trivy-action 2026-04-05 08:17:11 -04:00
Jacob Magar
abe15add91 test(ci): consolidate to canonical test_live.sh — all modes, merged from gold-standard test-http.sh 
- Rewrites tests/test_live.sh with direct JSON-RPC approach (mcp_post, assert_jq) from gold-standard test-http.sh — eliminates mcporter HTTP dependency
- Adds --mode http|docker|stdio|all flag (default: all); docker mode builds image, polls health 30×/1s, always tears down; stdio mode launches via uvx
- Merges all Phase 1–4b coverage from test-http.sh: middleware endpoints, auth enforcement, MCP protocol handshake, 45+ non-destructive tool calls, guard bypass tests
- Expands tool coverage from test-tools.sh: system/*, customization/*, oidc/*, rclone/*, plugin/*, live/* subactions
- Keeps --skip-auth, --skip-tools, --verbose flags for compatibility
- Deletes tests/mcporter/test-http.sh and tests/mcporter/test-tools.sh (merged)
- Replaces e2e job in ci.yml with mcp-integration job using canonical test_live.sh
 2026-04-04 18:37:46 -04:00
Jacob Magar
9c3975387b ci: add docker-security job (check-no-baked-env, check-docker-security) 2026-04-04 07:36:52 -04:00
Jacob Magar
c9ead7a867 feat: add MCP registry publishing via DNS auth (tv.tootie/unraid-mcp) 2026-04-04 03:26:24 -04:00
Jacob Magar
82e21a5fa7 ci: add e2e HTTP auth job, fix version-sync to check all 4 manifests 
New `e2e` CI job builds the Docker image, starts it with a known bearer
token (DISABLE_HTTP_AUTH=false), waits for /health, then runs test-http.sh
Phases 1-3 (middleware + auth enforcement + MCP protocol) with --skip-tools.
This proves bearer auth works end-to-end on every push without needing real
Unraid credentials.

Also adds --skip-tools flag to test-http.sh for CI use, and expands the
version-sync check to validate all four manifest files (pyproject.toml,
.claude-plugin/plugin.json, .codex-plugin/plugin.json, gemini-extension.json).
 2026-04-03 22:46:49 -04:00
Jacob Magar
1ff2268fe2 ci: add package registry publish workflow (tag-triggered) 2026-04-03 02:19:27 -04:00
Jacob Magar
a06892182f security: pin actions to SHA, add Trivy scan, SBOM/provenance, pin uv 2026-04-03 01:28:36 -04:00
Jacob Magar
dd14ba8c4e ci: add ghcr.io Docker image build workflow 
Build and push multi-arch (amd64/arm64) images on push to main and tags.
 2026-04-02 22:30:32 -04:00
Jacob Magar
e548f6e6c9 refactor: remove Docker and HTTP transport support, fix hypothesis cache directory 2026-03-24 19:22:27 -04:00
Jacob Magar
2b777be927 fix(security): path traversal, timing-safe auth, stale credential bindings 
Security:
- Remove /mnt/ from _ALLOWED_LOG_PREFIXES to prevent Unraid share exposure
- Add early .. detection for disk/logs and live/log_tail path validation
- Add /boot/ prefix restriction for flash_backup source_path
- Use hmac.compare_digest for timing-safe API key verification in server.py
- Gate include_traceback on DEBUG log level (no tracebacks in production)

Correctness:
- Re-raise CredentialsNotConfiguredError in health check instead of swallowing
- Fix ups_device query (remove non-existent nominalPower/currentPower fields)

Best practices (BP-01, BP-05, BP-06):
- Add # noqa: ASYNC109 to timeout params in _handle_live and unraid()
- Fix start_array* → start_array in docstring (not in ARRAY_DESTRUCTIVE)
- Remove from __future__ import annotations from snapshot.py
- Replace import-time UNRAID_API_KEY/URL bindings with _settings.ATTR pattern
  in manager.py, snapshot.py, utils.py, diagnostics.py — fixes stale binding
  after apply_runtime_config() post-elicitation (BP-05)

CI/CD:
- Add .github/workflows/ci.yml (5-job pipeline: lint, typecheck, test, version-sync, audit)
- Add fail_under = 80 to [tool.coverage.report]
- Add version sync check to scripts/validate-marketplace.sh

Documentation:
- Sync plugin.json version 1.1.1 → 1.1.2 with pyproject.toml
- Update CLAUDE.md: 3 tools, system domain count 18, scripts comment fix
- Update README.md: 3 tools, security notes
- Update docs/AUTHENTICATION.md: H1 title fix
- Add UNRAID_CREDENTIALS_DIR to .env.example

Bump: 1.1.1 → 1.1.2

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-03-23 11:37:05 -04:00