MCP/mcaxl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mcaxl/pyproject.toml
Ryan Malloy 0691ba8c46 2026.04.27.1: same-day post-release PII scrub 
The original 2026.04.27 was published-then-deleted from PyPI within
hours after a stricter audit (against the unpacked sdist, not just
curated source paths) found cluster-fingerprint content that the
pre-publish grep had missed. This release supersedes the deleted one;
no functional differences.

Issues found in 2026.04.27 that this fixes:

1. docs/query-patterns/sip-trunk-report.md — "Live result snapshot"
   section (38 lines) contained the live cluster's actual SIP trunk
   inventory: real hostnames (exp-c-p.binghammemorial.org), real
   internal IPs (172.20.6.99, .104, .105, .114, .120, .222, plus
   172.20.2.22, 172.20.14.105, 172.24.10.10), real trunk-name +
   description rows. Section removed entirely. The query-pattern doc
   itself still ships — schema/SQL guidance is generic and useful.
   One inline FQDN example (`exp-c-p.binghammemorial.org`) replaced
   with `exp-c-p.example.com`. Status line that named the specific
   maintenance release (`Validated against CUCM 15.0.1.12900-234 on
   2026-04-25.`) genericized to `Validated against CUCM 15.`

2. .mcp.json shipping in sdist with `/home/rpm/bingham/axl` as the
   `--directory` argument. Local filesystem path = hostname leak.
   Added to `[tool.hatch.build.targets.sdist] exclude`. File stays
   in the source repo for development; no longer ships.

3. pyproject.toml comment about the audit workflow ironically
   contained the literal word "bingham" as the example grep token.
   Rewritten to use "site-specific tokens" generically.

Audit verification (against the unpacked sdist this time):
  tar -xzf dist/mcaxl-2026.4.27.1.tar.gz -C /tmp/sdist-inspect
  grep -rnEi 'bingham|binghammemorial|10\.[0-9]+\.[0-9]+\.[0-9]+|
              172\.(1[6-9]|2[0-9]|3[01])\.[0-9]+\.[0-9]+|
              192\.168\.[0-9]+\.[0-9]+|SupportedSystems|CCX-AXL|
              CER-AXL|CUC-AXL|TabSync|variphy|15\.0\.1\.12900|
              production cluster|/home/rpm|cucm-pub\.bingham'
       /tmp/sdist-inspect/
  → returns empty (verified)

Tests still 155/155.

Lesson encoded for next time: the pre-publish audit MUST run against
the unpacked sdist, not just the four explicitly-named paths in the
python.md rule (src/, tests/, README.md, pyproject.toml, .env.example).
The sdist also pulls in docs/, top-level dotfiles, and uv.lock.
CHANGELOG.md spells this out in the post-release note for next time.
2026-04-27 13:07:38 -06:00

89 lines
2.8 KiB
TOML
Raw Blame History

[project]
name = "mcaxl"
version = "2026.04.27.1"
description = "Read-only MCP server for Cisco Unified Communications Manager (CUCM) — AXL SOAP API + RisPort70 registration state — purpose-built for LLM-driven dial-plan and configuration auditing."
authors = [{name = "Ryan Malloy", email = "ryan@supported.systems"}]
readme = "README.md"
license = {text = "MIT"}
requires-python = ">=3.11"
keywords = [
"mcp", "cisco", "cucm", "axl", "risport",
"voip", "sip", "audit", "telephony",
]
classifiers = [
"Development Status :: 4 - Beta",
"Environment :: Console",
"Intended Audience :: System Administrators",
"Intended Audience :: Telecommunications Industry",
"License :: OSI Approved :: MIT License",
"Operating System :: OS Independent",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: 3.12",
"Programming Language :: Python :: 3.13",
"Topic :: Communications :: Telephony",
"Topic :: System :: Networking :: Monitoring",
]
dependencies = [
"fastmcp>=3.2",
"zeep>=4.3",
"platformdirs>=4.9",
"numpy>=1.26",
"python-dotenv>=1.0",
]
[project.optional-dependencies]
test = [
"pytest>=8.0",
"pytest-asyncio>=0.24",
]
[project.scripts]
mcaxl = "mcaxl.server:main"
[project.urls]
Homepage = "https://git.supported.systems/mcp/mcaxl"
Source = "https://git.supported.systems/mcp/mcaxl"
Issues = "https://git.supported.systems/mcp/mcaxl/issues"
Changelog = "https://git.supported.systems/mcp/mcaxl/src/branch/main/CHANGELOG.md"
[build-system]
requires = ["hatchling"]
build-backend = "hatchling.build"
[tool.hatch.build.targets.wheel]
packages = ["src/mcaxl"]
[tool.hatch.build.targets.sdist]
# Keep the published source distribution focused on what's needed to
# build / install / run. Excluded files exist for local development only.
#
# IMPORTANT: this list is the last line of defense for PII leakage.
# `tests/` contains real cluster fixtures; `.mcp.json` contains a
# local filesystem path; `audits/` contains cluster-specific findings.
# Pre-publish workflow: extract the sdist to /tmp and grep for any
# site-specific tokens (your org name, internal IP ranges, hostnames)
# across the full unpacked tree — MUST return empty before publish.
exclude = [
"CLAUDE.md", # operator-private project context for Claude Code
".env", # never ship credentials
".env.local",
".mcp.json", # contains local filesystem path; dev-only artifact
"axlsqltoolkit.zip", # Cisco-licensed; do not redistribute
"audits/", # cluster-specific audit reports
"tests/", # tests live in source repo, not the sdist
".pytest_cache/",
".ruff_cache/",
"dist/",
"build/",
]
[tool.ruff]
line-length = 100
target-version = "py311"
[tool.pytest.ini_options]
testpaths = ["tests"]
asyncio_mode = "auto"
Reference in New Issue View Git Blame Copy Permalink