diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index c7f2b61..4a6f346 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -3,6 +3,11 @@ name: Publish to PyPI on: workflow_dispatch: +# Deny-by-default at workflow level; each job opts into exactly what it needs. +# Flagged by CodeQL `actions/missing-workflow-permissions`. +permissions: + contents: read + concurrency: group: deploy cancel-in-progress: false diff --git a/.github/workflows/setup.yml b/.github/workflows/setup.yml index 31e213e..c704018 100644 --- a/.github/workflows/setup.yml +++ b/.github/workflows/setup.yml @@ -4,6 +4,10 @@ on: push: branches: [main] +# Deny-by-default at workflow level; the `setup` job opts into `issues: write` only. +permissions: + contents: read + jobs: setup: if: github.run_number == 1 diff --git a/README.ko.md b/README.ko.md index 9452354..e8c7691 100644 --- a/README.ko.md +++ b/README.ko.md @@ -27,7 +27,6 @@ MCP 서버를 만들고, 원클릭 배포. 시크릿 불필요. - **MCP 3대 프리미티브** — Tools, Resources, Prompts 예제 전부 포함 - **Safety Annotations** — 모든 도구에 readOnly/destructive/idempotent 힌트 - **검증된 Prompt** — pydantic `@validate_call`로 핸들러 실행 전 인자 검증 -- **응답 헬퍼** — `ok()`, `err()`로 일관된 응답 - **CI** — gitleaks, ruff, 라이선스 검증, pytest (3.11/3.12/3.13) - **CD** — OIDC trusted publishing으로 PyPI 배포 (시크릿 불필요) - **Dependabot** — 의존성 + GitHub Actions 자동 업데이트 diff --git a/README.md b/README.md index 2d1083c..6592ddf 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,6 @@ Build your MCP server. One-click publish. Zero secrets needed. - **All three MCP primitives** — Tools, Resources, and Prompts with working examples - **Safety Annotations** — readOnly/destructive/idempotent hints on every tool - **Validated Prompts** — pydantic `@validate_call` rejects bad args before the handler runs -- **Response Helpers** — `ok()` and `err()` for consistent tool responses - **Config** — Environment variable parsing pattern - **CI** — gitleaks, ruff, license compliance, pytest (3.11/3.12/3.13) - **CD** — OIDC trusted publishing to PyPI (zero secrets needed) diff --git a/src/my_mcp_server/server.py b/src/my_mcp_server/server.py index 178ac2c..3735b9d 100644 --- a/src/my_mcp_server/server.py +++ b/src/my_mcp_server/server.py @@ -34,23 +34,8 @@ # --------------------------------------------------------------------------- -# Helpers — use ok() and err() for consistent tool responses -# --------------------------------------------------------------------------- - - -def ok(data: str | dict[str, object]) -> dict[str, object]: - """Return a successful tool response.""" - text = data if isinstance(data, str) else str(data) - return {"content": [{"type": "text", "text": text}]} - - -def err(message: str) -> dict[str, object]: - """Return an error tool response.""" - return {"content": [{"type": "text", "text": message}], "isError": True} - - -# --------------------------------------------------------------------------- -# Tools — add your own in tools/ and import here +# Tools — FastMCP wraps return values automatically (return value for success, +# raise for errors). Add your own in tools/ and import here. # ---------------------------------------------------------------------------