feat: Enable SSE transport for mcp service and update test fixtures

Changes: - Remove streamable-http transport override from mcp service in docker-compose.yml - Service now uses CLI default SSE transport on /sse endpoint - Add create_mcp_client_session_sse() helper for SSE connections - Update nc_mcp_client fixture to use SSE transport - Fix unpacking for SSE client (yields 2 values vs 3 for streamable-http) Testing: - All 4 smoke tests pass with SSE transport - 32/34 affected tests pass (2 skipped for vector sync) - OAuth services remain on streamable-http (unchanged) Note: SSE transport is being deprecated in favor of streamable-http. This enables minimal validation testing before deprecation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Merge pull request #299 from cbcoutinho/renovate/docker.io-library-mariadb-lts
2025-11-14 19:20:30 +01:00 · 2025-11-14 11:23:32 +01:00 · 2025-11-14 05:07:34 +00:00 · 2025-11-13 23:43:25 +01:00 · 2025-11-13 23:30:14 +01:00 · 2025-11-13 21:11:36 +00:00
10 changed files with 1323 additions and 19 deletions
@@ -85,4 +85,4 @@ jobs:
          NEXTCLOUD_USERNAME: "admin"
          NEXTCLOUD_PASSWORD: "admin"
        run: |
-          uv run pytest -v --log-cli-level=WARN --ignore=tests/manual
+          uv run pytest -v --log-cli-level=WARN -m smoke
@@ -1,3 +1,24 @@
+## v0.34.2 (2025-11-13)
+
+### Fix
+
+- Use NEXTCLOUD_OIDC_CLIENT_ID/SECRET env vars consistently
+
+## v0.34.1 (2025-11-13)
+
+### Fix
+
+- return all notes when search query is empty
+
+## v0.34.0 (2025-11-13)
+
+### Feat
+
+- Complete Phase 5 - Instrument all 93 MCP tools
+- Add instrumentation decorator and apply to notes tools (Phase 5)
+- Add OAuth token and database metrics (Phases 3-4)
+- Add metrics instrumentation for queue, health, and database operations
+
 ## v0.33.1 (2025-11-13)

 ### Fix
@@ -2,8 +2,8 @@ apiVersion: v2
 name: nextcloud-mcp-server
 description: A Helm chart for Nextcloud MCP Server - enables AI assistants to interact with Nextcloud
 type: application
-version: 0.33.1
-appVersion: "0.33.1"
+version: 0.34.2
+appVersion: "0.34.2"
 keywords:
  - nextcloud
  - mcp
@@ -3,7 +3,7 @@ services:
  # https://hub.docker.com/_/mariadb
  db:
    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
-    image: docker.io/library/mariadb:lts@sha256:404ebf26ed7a56fbab05c29f6f1e70188e5eadb51bba8cee8d355775776deb08
+    image: docker.io/library/mariadb:lts@sha256:6b848cb24fbbd87429917f6c4422ac53c343e85692eb0fef86553e99e4f422f3
    restart: always
    command: --transaction-isolation=READ-COMMITTED
    volumes:
@@ -69,7 +69,6 @@ services:

  mcp:
    build: .
-    command: ["--transport", "streamable-http"]
    restart: always
    depends_on:
      app:
@@ -156,7 +155,7 @@ services:
      - oauth-tokens:/app/data

  keycloak:
-    image: quay.io/keycloak/keycloak:26.4.4@sha256:c6459d5fae1b759f5d667ebdc6237ab3121379c3494e213898569014ede1846d
+    image: quay.io/keycloak/keycloak:26.4.5@sha256:653852bfdea2be6e958b9e90a976eff1c6de34edd55f2f679bdc48ef16bc528e
    command:
      - "start-dev"
      - "--import-realm"
@@ -507,9 +507,9 @@ async def setup_oauth_config():
    - External IdP mode: OIDC_DISCOVERY_URL points to external provider
      → External IdP for OAuth, Nextcloud user_oidc validates tokens and provides API access

-    Uses generic OIDC environment variables:
+    Uses OIDC environment variables:
    - OIDC_DISCOVERY_URL: OIDC discovery endpoint (optional, defaults to NEXTCLOUD_HOST)
-    - OIDC_CLIENT_ID / OIDC_CLIENT_SECRET: Static credentials (optional, uses DCR if not provided)
+    - NEXTCLOUD_OIDC_CLIENT_ID / NEXTCLOUD_OIDC_CLIENT_SECRET: Static credentials (optional, uses DCR if not provided)
    - NEXTCLOUD_OIDC_SCOPES: Requested OAuth scopes

    This is done synchronously before FastMCP initialization because FastMCP
@@ -633,19 +633,21 @@ async def setup_oauth_config():
            )

    # Load client credentials (static or dynamic registration)
-    client_id = os.getenv("OIDC_CLIENT_ID")
-    client_secret = os.getenv("OIDC_CLIENT_SECRET")
+    client_id = os.getenv("NEXTCLOUD_OIDC_CLIENT_ID")
+    client_secret = os.getenv("NEXTCLOUD_OIDC_CLIENT_SECRET")

    if client_id and client_secret:
        logger.info(f"Using static OIDC client credentials: {client_id}")
    elif registration_endpoint:
-        logger.info("OIDC_CLIENT_ID not set, attempting Dynamic Client Registration")
+        logger.info(
+            "NEXTCLOUD_OIDC_CLIENT_ID not set, attempting Dynamic Client Registration"
+        )
        client_id, client_secret = await load_oauth_client_credentials(
            nextcloud_host=nextcloud_host, registration_endpoint=registration_endpoint
        )
    else:
        raise ValueError(
-            "OIDC_CLIENT_ID and OIDC_CLIENT_SECRET environment variables are required "
+            "NEXTCLOUD_OIDC_CLIENT_ID and NEXTCLOUD_OIDC_CLIENT_SECRET environment variables are required "
            "when the OIDC provider does not support Dynamic Client Registration. "
            f"Discovery URL: {discovery_url}"
        )
@@ -288,8 +288,8 @@ def get_settings() -> Settings:
    return Settings(
        # OAuth/OIDC settings
        oidc_discovery_url=os.getenv("OIDC_DISCOVERY_URL"),
-        oidc_client_id=os.getenv("OIDC_CLIENT_ID"),
-        oidc_client_secret=os.getenv("OIDC_CLIENT_SECRET"),
+        oidc_client_id=os.getenv("NEXTCLOUD_OIDC_CLIENT_ID"),
+        oidc_client_secret=os.getenv("NEXTCLOUD_OIDC_CLIENT_SECRET"),
        oidc_issuer=os.getenv("OIDC_ISSUER"),
        # Nextcloud settings
        nextcloud_host=os.getenv("NEXTCLOUD_HOST"),
@@ -1,6 +1,6 @@
 [project]
 name = "nextcloud-mcp-server"
-version = "0.33.1"
+version = "0.34.2"
 description = "Model Context Protocol (MCP) server for Nextcloud integration - enables AI assistants to interact with Nextcloud data"
 authors = [
    {name = "Chris Coutinho", email = "chris@coutinho.io"}
@@ -9,6 +9,7 @@ import pytest
 from httpx import HTTPStatusError
 from mcp import ClientSession
 from mcp.client.session import RequestContext
+from mcp.client.sse import sse_client
 from mcp.client.streamable_http import streamablehttp_client
 from mcp.types import ElicitRequestParams, ElicitResult, ErrorData

@@ -165,6 +166,51 @@ async def create_mcp_client_session(
    logger.debug(f"{client_name} client session cleaned up successfully")


+async def create_mcp_client_session_sse(
+    url: str,
+    token: str | None = None,
+    client_name: str = "MCP",
+    elicitation_callback: Any = None,
+) -> AsyncGenerator[ClientSession, Any]:
+    """
+    Factory function to create an MCP client session using SSE transport.
+
+    Similar to create_mcp_client_session but uses SSE transport instead of streamable-http.
+    Uses native async context managers to ensure correct LIFO cleanup order.
+
+    Args:
+        url: MCP server URL (e.g., "http://localhost:8000/sse")
+        token: Optional OAuth access token for Bearer authentication
+        client_name: Client name for logging (e.g., "Basic MCP (SSE)")
+        elicitation_callback: Optional callback for handling elicitation requests
+
+    Yields:
+        Initialized MCP ClientSession
+
+    Note:
+        SSE transport is being deprecated in favor of streamable-http.
+        This function exists for compatibility testing only.
+    """
+    logger.info(f"Creating SSE client for {client_name}")
+
+    # Prepare headers with OAuth token if provided
+    headers = {"Authorization": f"Bearer {token}"} if token else None
+
+    # Use native async with - Python ensures LIFO cleanup
+    # Cleanup order will be: ClientSession.__aexit__ -> sse_client.__aexit__
+    # Note: sse_client yields only (read_stream, write_stream), not 3 values like streamablehttp_client
+    async with sse_client(url, headers=headers) as (read_stream, write_stream):
+        async with ClientSession(
+            read_stream, write_stream, elicitation_callback=elicitation_callback
+        ) as session:
+            await session.initialize()
+            logger.info(f"{client_name} client session initialized successfully")
+            yield session
+
+    # Cleanup happens automatically in LIFO order - no exception suppression needed
+    logger.debug(f"{client_name} client session cleaned up successfully")
+
+
@pytest.fixture(scope="session")
 async def nc_client(anyio_backend) -> AsyncGenerator[NextcloudClient, Any]:
    """
@@ -203,12 +249,14 @@ async def nc_client(anyio_backend) -> AsyncGenerator[NextcloudClient, Any]:
@pytest.fixture(scope="session")
 async def nc_mcp_client(anyio_backend) -> AsyncGenerator[ClientSession, Any]:
    """
-    Fixture to create an MCP client session for integration tests using streamable-http.
+    Fixture to create an MCP client session for integration tests using SSE transport.

    Uses anyio pytest plugin for proper async fixture handling.
+
+    Note: SSE transport is being deprecated. This fixture uses SSE for compatibility testing.
    """
-    async for session in create_mcp_client_session(
-        url="http://localhost:8000/mcp", client_name="Basic MCP"
+    async for session in create_mcp_client_session_sse(
+        url="http://localhost:8000/sse", client_name="Basic MCP (SSE)"
    ):
        yield session

@@ -1053,7 +1053,7 @@ wheels = [

 [[package]]
 name = "nextcloud-mcp-server"
-version = "0.33.1"
+version = "0.34.2"
 source = { editable = "." }
 dependencies = [
    { name = "aiosqlite" },
Author	SHA1	Message	Date
Chris Coutinho	00e72d24a6	feat: Enable SSE transport for mcp service and update test fixtures Changes: - Remove streamable-http transport override from mcp service in docker-compose.yml - Service now uses CLI default SSE transport on /sse endpoint - Add create_mcp_client_session_sse() helper for SSE connections - Update nc_mcp_client fixture to use SSE transport - Fix unpacking for SSE client (yields 2 values vs 3 for streamable-http) Testing: - All 4 smoke tests pass with SSE transport - 32/34 affected tests pass (2 skipped for vector sync) - OAuth services remain on streamable-http (unchanged) Note: SSE transport is being deprecated in favor of streamable-http. This enables minimal validation testing before deprecation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-14 19:20:30 +01:00
Chris Coutinho	dc78d92e5b	Merge pull request #299 from cbcoutinho/renovate/docker.io-library-mariadb-lts chore(deps): update docker.io/library/mariadb:lts docker digest to 6b848cb	2025-11-14 11:23:32 +01:00
renovate-bot-cbcoutinho[bot]	86891173b2	chore(deps): update docker.io/library/mariadb:lts docker digest to 6b848cb	2025-11-14 05:07:34 +00:00
Chris Coutinho	73b3d80026	Merge pull request #294 from cbcoutinho/feature/app_api docs: Add ADR-011 for hybrid OAuth + AppAPI deployment architecture	2025-11-13 23:43:25 +01:00
Chris Coutinho	26099d643d	docs: Update ADR-011 to rejected status with Context Agent validation After comprehensive research, the hybrid OAuth + AppAPI architecture is NOT being implemented due to fundamental architectural incompatibilities. Key updates: - Status: Proposed → Not Planned - Added validation from Nextcloud Context Agent project - Context Agent (official NC ExApp with MCP) faces IDENTICAL limitations - Proves constraints are architectural, not implementation-specific Context Agent findings: - ExApp with MCP server endpoint (~28 tools exposed) - Uses Task Processing API for confirmations (NOT MCP elicitation) - Works around AppAPI proxy limitations by changing protocol - MCP endpoint is secondary feature with documented constraints - Primary use: In-app Assistant integration, not external MCP clients Critical features impossible through AppAPI proxy: - ❌ MCP sampling (eliminates RAG/LLM features) - ❌ MCP elicitation (user prompts) - ❌ Real-time progress updates - ❌ Bidirectional streaming - Validated by Context Agent facing same limitations Decision rationale: - MCP requires multi-turn nested interactions - AppAPI provides stateless request/response proxy only - No implementation effort can bridge this fundamental gap - Would require complete AppAPI redesign (WebSocket, message routing) - Even official Nextcloud projects work around these limitations Alternative considered for future: - Register as Task Processing provider (different product) - Use Nextcloud Assistant UI (not external MCP clients) - Accept different capabilities (no sampling, custom flows) OAuth mode remains sole solution for external MCP client integration. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-13 23:30:14 +01:00
github-actions[bot]	56a5c63994	bump: version 0.34.1 → 0.34.2	2025-11-13 21:11:36 +00:00
Chris Coutinho	92c8e1e41d	Merge pull request #290 from cbcoutinho/renovate/quay.io-keycloak-keycloak-26.x chore(deps): update quay.io/keycloak/keycloak docker tag to v26.4.5	2025-11-13 22:11:09 +01:00
github-actions[bot]	dd12c957f6	bump: version 0.34.0 → 0.34.1	2025-11-13 21:10:16 +00:00
Chris Coutinho	74e2ab2440	Merge pull request #297 from cbcoutinho/fix/helm-oidc-env-vars fix: Use NEXTCLOUD_OIDC_CLIENT_ID/SECRET env vars consistently	2025-11-13 22:10:04 +01:00
Chris Coutinho	d124144424	Merge pull request #298 from cbcoutinho/fix/notes-search-empty-query fix: return all notes when search query is empty	2025-11-13 22:09:50 +01:00
Chris Coutinho	39259ef282	ci: Run smoke tests only in ci	2025-11-13 22:06:07 +01:00
Chris Coutinho	14a59fdff3	fix: Use NEXTCLOUD_OIDC_CLIENT_ID/SECRET env vars consistently Fixes #296 The application code was looking for OIDC_CLIENT_ID and OIDC_CLIENT_SECRET (without NEXTCLOUD_ prefix), but the Helm chart, documentation, and CLI all use NEXTCLOUD_OIDC_CLIENT_ID and NEXTCLOUD_OIDC_CLIENT_SECRET. This mismatch caused OAuth deployments via Helm to fail with crashloops because the credentials weren't being found. Changes: - app.py: Use NEXTCLOUD_OIDC_CLIENT_ID/SECRET in setup_oauth_config() - config.py: Use NEXTCLOUD_OIDC_CLIENT_ID/SECRET in get_settings() - Updated documentation comments and error messages This aligns with the documented naming convention where all Nextcloud-related environment variables use the NEXTCLOUD_ prefix. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-13 21:48:58 +01:00
github-actions[bot]	2f138e7539	bump: version 0.33.1 → 0.34.0	2025-11-13 16:15:29 +00:00
Chris Coutinho	2baacc0ae8	Merge pull request #295 from cbcoutinho/feat/complete-metrics-instrumentation feat: Add metrics instrumentation (phases 1-3)	2025-11-13 17:15:03 +01:00
Chris Coutinho	ff3123a190	docs: Add ADR-011 for hybrid OAuth + AppAPI deployment architecture This ADR documents the architectural decision to support both OAuth and AppAPI (ExApp) deployment modes in a single codebase with 90%+ code sharing. Key additions: - Comprehensive analysis of AppAPI limitations and challenges - Feature parity matrix comparing OAuth vs AppAPI modes - Resolution of critical open questions via research: * Non-browser client authentication (app passwords/OAuth) * Streaming transport compatibility (buffered, not real-time) * Callbacks/webhooks (MCP notifications not possible in AppAPI) - Detailed implementation plan with 4 phases (10 days) - Mode-aware architecture with abstraction layer Critical findings: - AppAPI mode does NOT support MCP sampling (RAG features) - No real-time progress updates (use Nextcloud notifications) - Buffered streaming only (Streamable HTTP works, WebSocket doesn't) - Requires app password support in AppAPI proxy Deployment mode selection: - OAuth: Multi-tenant, external clients, sampling/RAG, real-time updates - AppAPI: Single-tenant, simplified install, native UI, admin-controlled Related to investigation of ~/Software/app_api/ and ~/Software/nc_py_api/ for AppAPI integration patterns. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-13 13:10:21 +01:00
renovate-bot-cbcoutinho[bot]	2c37ad165e	chore(deps): update quay.io/keycloak/keycloak docker tag to v26.4.5	2025-11-12 17:09:23 +00:00