Skip to content

fix: skip arg whitelist for handlers accepting **kwargs (#572)#684

Merged
bensig merged 2 commits intoMemPalace:developfrom
jphein:fix/kwargs-var-keyword
Apr 12, 2026
Merged

fix: skip arg whitelist for handlers accepting **kwargs (#572)#684
bensig merged 2 commits intoMemPalace:developfrom
jphein:fix/kwargs-var-keyword

Conversation

@jphein
Copy link
Copy Markdown
Contributor

@jphein jphein commented Apr 12, 2026

Summary

  • The schema-based argument filter (from Security hardening: input validation, argument whitelisting, concurrency & WAL fixes #647) strips all kwargs not declared in `input_schema`. This breaks handlers that accept `**kwargs` for pass-through to backends.
  • Add `inspect.Parameter.VAR_KEYWORD` check before filtering — handlers with `**kwargs` receive all arguments unfiltered, while handlers with explicit parameters still get the security whitelist.

Per @bensig's feedback on #626: "needs a VAR_KEYWORD check before filtering."

Files changed

  • `mempalace/mcp_server.py` — `handle_request()` tools/call dispatch

Test plan

  • 49 MCP server tests pass
  • Verify tool calls with unexpected args (e.g., `top_k`) still succeed
  • Verify handlers with `**kwargs` receive all arguments

🤖 Generated with Claude Code

Copilot AI review requested due to automatic review settings April 12, 2026 07:08
Copilot AI reviewed Apr 12, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates MCP tool-call dispatch to avoid schema-based argument filtering when the target handler declares **kwargs, enabling pass-through handlers to receive unexpected/extra arguments (per #572/#626 context) while keeping whitelisting for handlers with explicit parameters.

Changes:

  • Detects whether a tool handler accepts **kwargs via inspect.signature().
  • Skips schema-property argument filtering when **kwargs is present on the handler.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

mempalace/mcp_server.py Outdated
Comment on lines +1353 to +1363
# Skip filtering for handlers that accept **kwargs — they intentionally
# handle arbitrary arguments (e.g., pass-through to ChromaDB).
import inspect
handler = TOOLS[tool_name]["handler"]
sig = inspect.signature(handler)
accepts_var_keyword = any(
p.kind == inspect.Parameter.VAR_KEYWORD for p in sig.parameters.values()
)
schema_props = TOOLS[tool_name]["input_schema"].get("properties", {})
tool_args = {k: v for k, v in tool_args.items() if k in schema_props}
if not accepts_var_keyword:
tool_args = {k: v for k, v in tool_args.items() if k in schema_props}
Copy link
Copy Markdown
Contributor Author

@jphein jphein Apr 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed — wrapped inspect.signature() in try/except, defaults to filtering on failure (safe fallback). On the explicit opt-in flag: keeping signature-based detection for now since no current handlers use **kwargs and adding a per-tool flag would be over-engineering. If a handler is added with **kwargs in the future, the inspect check catches it automatically. 7096540

@jphein @claude
fix: skip arg whitelist for handlers accepting **kwargs (MemPalace#572)
5374e8c 
The schema-based argument filter (from MemPalace#647) strips all kwargs not
declared in input_schema. This breaks handlers that accept **kwargs
for pass-through to ChromaDB or other backends.

Add inspect.Parameter.VAR_KEYWORD check before filtering — handlers
with **kwargs receive all arguments unfiltered.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jphein jphein force-pushed the fix/kwargs-var-keyword branch from 2b67734 to 5374e8c Compare April 12, 2026 07:20
@jphein @claude
fix: guard inspect.signature failure, default to filtering
7096540 
Wrap inspect.signature() in try/except — on failure, default to
filtering (safe fallback). Addresses Copilot feedback on fragility.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
bensig
bensig approved these changes Apr 12, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@bensig bensig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code review + security audit clean.

@bensig bensig merged commit 862a07b into MemPalace:develop Apr 12, 2026
6 checks passed
jphein added a commit to jphein/mempalace that referenced this pull request Apr 12, 2026
@jphein @claude
docs: update PR table — MemPalace#682/MemPalace#683/MemPalace#684 mer…
ee45216 
…ged, add MemPalace#681, bump test count to 715

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@bensig bensig bensig approved these changes

@milla-jovovich milla-jovovich Awaiting requested review from milla-jovovich milla-jovovich is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jphein @bensig