fix(mcp): prevent get_bank from creating banks#2393
Open
Sanderhoff-alt wants to merge 1 commit into
Open
Conversation
Treat the get_bank MCP tool as read-only by looking up bank profiles without auto-creation in both single-bank and multi-bank modes. Add regression coverage for missing banks so get_bank returns a not-found error instead of creating the bank.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
get_banktool as read-only.create_if_missing=Falsein both single-bank and multi-bank MCP modes.Why
get_bankis a read tool: it returns bank metadata such as name, disposition, and mission. Before this change, it calledget_bank_profile()with the default behavior, which can create a missing bank as a side effect.That makes a read-only MCP call mutate persistent state when a client passes a stale or mistyped bank id. It also makes lifecycle and authorization semantics harder to reason about, because
get_bankeffectively becomes a hidden create path.Creation should stay on explicit write/create surfaces such as
create_bank. This change keepsget_bankread-only while preserving its existing response shape for successful reads.Test
uv run pytest tests/test_mcp_tools.py::TestTagsAndBankTools -qgit diff --check