Merge pull request #2 from cloudera/dev #3
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Release v1.0.0: Initial public release with security enhancements
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Public Release
This release represents the initial stable version of the Cloudera ML MCP Server with comprehensive security fixes, testing infrastructure, and public repository setup.
🔒 Security Enhancements (Critical)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Fixed critical security vulnerability affecting 46 functions:
Replaced subprocess.run() calls with secure requests library
API keys no longer exposed in process lists (ps/top)
All HTTP calls now use secure header-based authentication
Added 30-second timeouts to prevent hanging requests
Impact: Eliminated API key exposure vulnerability across entire codebase
Files affected:
All create_* functions (7 files)
All delete_* functions (10 files)
All update_* functions (10 files)
All get_* functions (9 files)
All list_* functions (8 files)
All stop_/restart_ functions (4 files)
🧪 Testing Infrastructure
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Added comprehensive test suite for CI/CD:
test_all_functions.py: 11 unit tests covering all 47+ MCP tools
test_cml_mcp_client.py: FastMCP integration tests
Security vulnerability detection tests
Function signature validation tests
Response structure validation tests
Error handling tests
CI/CD Automation
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Added GitHub Actions workflow:
Automated testing on all PRs
Security scanning
Multi-version Python testing (3.10, 3.11, 3.12)
Automated PyPI publishing on release tags
Features
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
47+ MCP tools for Cloudera ML operations:
Project management (list, create, update, delete)
Job orchestration (create, run, monitor, stop)
Model lifecycle (build, deploy, manage)
Experiment tracking (create, log, query)
Application management (create, start, stop, restart)
File operations (upload, download, list, delete)
Protocols supported:
FastMCP-based HTTP server(experimental)
FastMCP-based stdio server(recommended)
Dependencies
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Core dependencies:
fastmcp>=2.11.0 (MCP protocol implementation)
requests>=2.28.0 (secure HTTP client)
python-dotenv>=1.0.0 (configuration management)
fastapi>=0.115.0 (HTTP server)
pyjwt>=2.8.0 (OAuth 2.1 support)
Ready For
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Production deployment
CI/CD pipeline integration
Public contributions
Security audits
Docker/Claude Desktop integration
License: Apache-2.0
Repository: https://github.com/cloudera/CML_MCP_Server