mcaxl

MCP/mcaxl

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ryan Malloy	82d8fbe563	SQL validator: ignore string literals; CSS impact: add primary + 7 more Two defects found during live-cluster audit shakedown. 1. SQL validator false-positives on string literals The forbidden-keyword check tokenized the entire query, including contents of single-quoted string literals. CSS names like 'Call Forward-CSS', DN descriptions containing 'DELETE', or partition names with 'INSERT' all tripped the validator even though the SQL itself was clean read-only. Found while running impact analysis on "Call Forward-CSS". Fix: strip string literals (single-quoted, with '' as escape) into whitespace before the forbidden-keyword tokenization. The cleaned query returned to the caller still contains the literals — they're only invisible to the analysis pass. 7 new tests covering: words inside literals (Call/Drop/Delete/etc.), escaped quotes, multiple literals, and the critical case where a forbidden keyword appears immediately after a literal. 2. CSS impact analysis missed primary device CSS + 7 other refs Running route_devices_using_css("E911CSS") returned total=0 even though E911CSS is configured in the cluster. Root cause: our enumeration covered device.fkcallingsearchspace_{reroute,restrict, refer,rdntransform} but not the primary device.fkcallingsearchspace itself — the column the GUI sets when assigning a CSS to a phone. The simple unsuffixed name didn't match our earlier "%css%" schema filter (the actual column spells out "callingsearchspace"). Added 8 new reference categories: device_primary_css — the big one device_cgpn_unknown_css — calling-party-unknown line_monitoring_css — devicenumplanmap monitoring CSS gateway_h323_called_xform_css — H.323 gateway transform gateway_sip_called_xform_css — SIP trunk transform huntpilot_max_wait_css — hunt pilot queue handling huntpilot_no_agent_css — hunt pilot queue handling huntpilot_queue_full_css — hunt pilot queue handling Re-running on live cluster: Internal-CSS: 146 -> 163 refs (16 new device_primary_css matches) Call Forward-CSS: previously rejected by validator -> 150 refs E911CSS: still 0 — high-confidence orphan finding now	2026-04-25 20:50:57 -06:00
Ryan Malloy	8b3da9d729	Initial mcp-cucm-axl Read-only MCP server for Cisco Unified CM 15 AXL — built for LLM-driven cluster auditing, with a particular focus on the Route Plan Report: partitions, calling search spaces, route patterns, translation patterns, called/calling party transformations, and digit-discard instructions. Pairs intentionally with the sibling mcp-cisco-docs server (live cluster state + vendor docs in one LLM context). Architecture: - zeep SOAP client to CUCM AXL - WSDL bootstrap from Cisco's axlsqltoolkit.zip (auto-extract on first launch; zip is gitignored, vendor-licensed) - SQLite response cache at ~/.cache/mcp-cucm-axl/responses/ - Schema-grounded prompts that pull chunks from the sibling cisco-docs index (docs_loader.py) Read-only by structural guarantee — never registers AXL write methods (no executeSQLUpdate, no add/update/remove/apply/reset/restart tools). SQL queries also client-side validated (sql_validator.py) to begin with SELECT or WITH. Tools exposed: Foundational: axl_version, axl_sql, axl_list_tables, axl_describe_table, cache_stats, cache_clear Route plan: route_partitions, route_calling_search_spaces, route_patterns, route_inspect_pattern, route_lists_and_groups, route_translation_chain, route_digit_discard_instructions Prompts (schema-grounded): route_plan_overview, investigate_pattern, audit_routing, cucm_sql_help Tests cover cache, docs_loader, normalize, sql_validator, wildcard.	2026-04-25 20:29:18 -06:00

Author

SHA1

Message

Date

Ryan Malloy

82d8fbe563

SQL validator: ignore string literals; CSS impact: add primary + 7 more

Two defects found during live-cluster audit shakedown.

1. SQL validator false-positives on string literals
   The forbidden-keyword check tokenized the entire query, including
   contents of single-quoted string literals. CSS names like
   'Call Forward-CSS', DN descriptions containing 'DELETE', or partition
   names with 'INSERT' all tripped the validator even though the SQL
   itself was clean read-only. Found while running impact analysis on
   "Call Forward-CSS".

   Fix: strip string literals (single-quoted, with '' as escape) into
   whitespace before the forbidden-keyword tokenization. The cleaned
   query returned to the caller still contains the literals — they're
   only invisible to the analysis pass.

   7 new tests covering: words inside literals (Call/Drop/Delete/etc.),
   escaped quotes, multiple literals, and the critical case where a
   forbidden keyword appears immediately after a literal.

2. CSS impact analysis missed primary device CSS + 7 other refs
   Running route_devices_using_css("E911CSS") returned total=0 even
   though E911CSS is configured in the cluster. Root cause: our
   enumeration covered device.fkcallingsearchspace_{reroute,restrict,
   refer,rdntransform} but not the primary device.fkcallingsearchspace
   itself — the column the GUI sets when assigning a CSS to a phone.
   The simple unsuffixed name didn't match our earlier "%css%" schema
   filter (the actual column spells out "callingsearchspace").

   Added 8 new reference categories:
     device_primary_css                — the big one
     device_cgpn_unknown_css           — calling-party-unknown
     line_monitoring_css               — devicenumplanmap monitoring CSS
     gateway_h323_called_xform_css     — H.323 gateway transform
     gateway_sip_called_xform_css      — SIP trunk transform
     huntpilot_max_wait_css            — hunt pilot queue handling
     huntpilot_no_agent_css            — hunt pilot queue handling
     huntpilot_queue_full_css          — hunt pilot queue handling

   Re-running on live cluster:
     Internal-CSS:     146 -> 163 refs (16 new device_primary_css matches)
     Call Forward-CSS: previously rejected by validator -> 150 refs
     E911CSS:          still 0 — high-confidence orphan finding now

2026-04-25 20:50:57 -06:00

Ryan Malloy

8b3da9d729

Initial mcp-cucm-axl

Read-only MCP server for Cisco Unified CM 15 AXL — built for LLM-driven
cluster auditing, with a particular focus on the Route Plan Report:
partitions, calling search spaces, route patterns, translation patterns,
called/calling party transformations, and digit-discard instructions.

Pairs intentionally with the sibling mcp-cisco-docs server (live
cluster state + vendor docs in one LLM context).

Architecture:
  - zeep SOAP client to CUCM AXL
  - WSDL bootstrap from Cisco's axlsqltoolkit.zip (auto-extract on
    first launch; zip is gitignored, vendor-licensed)
  - SQLite response cache at ~/.cache/mcp-cucm-axl/responses/
  - Schema-grounded prompts that pull chunks from the sibling
    cisco-docs index (docs_loader.py)

Read-only by structural guarantee — never registers AXL write methods
(no executeSQLUpdate, no add*/update*/remove*/apply*/reset*/restart*
tools). SQL queries also client-side validated (sql_validator.py) to
begin with SELECT or WITH.

Tools exposed:
  Foundational: axl_version, axl_sql, axl_list_tables,
                axl_describe_table, cache_stats, cache_clear
  Route plan:   route_partitions, route_calling_search_spaces,
                route_patterns, route_inspect_pattern,
                route_lists_and_groups, route_translation_chain,
                route_digit_discard_instructions

Prompts (schema-grounded):
  route_plan_overview, investigate_pattern, audit_routing,
  cucm_sql_help

Tests cover cache, docs_loader, normalize, sql_validator, wildcard.

2026-04-25 20:29:18 -06:00

2 Commits