4 Commits

Author	SHA1	Message	Date
Ryan Malloy	c9de63cf29	Security hardening + CalVer 2026.05.22 for first PyPI publish ... Margaret Hamilton pre-publish review found 5 blockers + 9 flags. All correctness/security issues fixed; H6 (connection pooling perf) deferred. caching.py — comprehensive hardening: - B3: base64.b64decode now uses validate=True (no silent mangling) - B4: MCP_ALLOW_LOCAL_FILES evaluated per request, not at import - B5: extension allowlist + 0o700 temp dir + 0o600 files + O_EXCL writes - B2+H5: MCP_MAX_UPLOAD_BYTES / MCP_MAX_DOWNLOAD_BYTES caps (50MB default), enforced pre-decode and during chunked downloads - H1: env var parsing strip()+lower(), truthy set {true,1,yes,on} - H3: UUID-based unique temp paths replace SHA-prefix collision risk - H7: ZIP magic bytes disambiguated via [Content_Types].xml peek - H8: stronger CSV heuristic (commas/tabs + UTF-8 + no NULs) - H9: specific exceptions in cache I/O with logged warnings - New: upload_cleanup_scope() context manager + ContextVar tracker decorators.py: - cleanup_temp_uploads decorator wraps tool methods, auto-cleans temp upload files on return OR exception (B1+H4) validation.py: - OfficeFileError.__init__ scrubs /tmp/mcp_office_uploads/ paths from messages so server paths never leak to HTTP callers (H2) mixins/{universal,word,excel}.py: - @cleanup_temp_uploads applied to all 19 tool methods that resolve files tests/test_security_hardening.py: - 24 new tests, one per Hamilton finding, prove fixes work and catch regressions. Including end-to-end: temp file created → exists during scope → gone after scope exit (success AND exception paths) pyproject.toml: - version 0.1.0 → 2026.05.22 (CalVer per CLAUDE.md convention) - URLs updated GitHub → git.supported.systems/MCP/mcwaddams - Belt-and-suspenders sdist exclude list (defends against future include-list edits accidentally shipping CLAUDE.md, .env, etc.)	2026-05-22 14:49:00 -06:00
Ryan Malloy	31948d6ffc	Rename package to mcwaddams ... Named for Milton Waddams, who was relocated to the basement with boxes of legacy documents. He handles the .doc and .xls files from 1997 that nobody else wants to touch. - Rename package from mcp-office-tools to mcwaddams - Update author to Ryan Malloy - Update all imports and references - Add Office Space themed README narrative - All 53 tests passing	2026-01-11 11:35:35 -07:00
Ryan Malloy	76c7a0b2d0	Add decorators for field defaults and error handling, fix Excel performance ... - Create @resolve_field_defaults decorator to handle Pydantic FieldInfo objects when tools are called directly (outside MCP framework) - Create @handle_office_errors decorator for consistent error wrapping - Apply decorators to Excel and Word mixins, removing ~100 lines of boilerplate code - Fix Excel formula extraction performance: load workbooks once before loop instead of per-cell (100x faster with calculated values) - Update test suite to use correct mock patch paths (patch where names are looked up, not where defined) - Add torture_test.py for real document validation	2026-01-10 23:51:30 -07:00
Ryan Malloy	b681cb030b	Initial commit: MCP Office Tools v0.1.0 ... - Comprehensive Microsoft Office document processing server - Support for Word (.docx, .doc), Excel (.xlsx, .xls), PowerPoint (.pptx, .ppt), CSV - 6 universal tools: extract_text, extract_images, extract_metadata, detect_office_format, analyze_document_health, get_supported_formats - Multi-library fallback system for robust processing - URL support with intelligent caching - Legacy Office format support (97-2003) - FastMCP integration with async architecture - Production ready with comprehensive documentation 🤖 Generated with Claude Code (claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-08-18 01:01:48 -06:00