aminghadersohi opened a new pull request, #36013:
URL: https://github.com/apache/superset/pull/36013
### SUMMARY
This PR fixes two critical bugs and enhances documentation in the MCP
service:
1. **Flask App Context Error** - Fixes `health_check` tool failing in
deployment with "Working outside of application context" error
2. **Pydantic Warning** - Resolves warning about `schema` field shadowing
BaseModel attribute
3. **Auth Documentation** - Replaces TODO comments with production-ready
deployment guidance
**Context:**
The `health_check` tool was the only MCP tool that doesn't access Flask
functionality directly. In stateless HTTP mode, the `@mcp_auth_hook` decorator
attempted to access `current_app.config` without ensuring Flask app context was
active, causing failures in deployment environments while working fine locally.
### CHANGES
#### 1. Flask App Context Fix (`superset/mcp_service/auth.py`)
**Problem:**
- `health_check` tool failed in deployment with "Working outside of
application context"
- Root cause: `mcp_auth_hook` called `current_app.config` without active
Flask context
- Only affected tools that don't access Flask functionality in their
implementation
**Solution:**
```python
@functools.wraps(tool_func)
def wrapper(*args: Any, **kwargs: Any) -> Any:
from superset.mcp_service.flask_singleton import get_flask_app
app = get_flask_app()
# Explicitly push Flask app context for stateless_http mode
with app.app_context():
user = get_user_from_request()
g.user = user
# ... tool execution
```
**Impact:**
- Ensures all MCP tools have guaranteed Flask app context
- Critical for `stateless_http=True` mode in production
- Makes auth system more robust and predictable
#### 2. Pydantic Warning Fix (`superset/mcp_service/common/error_schemas.py`)
**Problem:**
```
UserWarning: Field name "schema" in "DatasetContext" shadows an attribute in
parent "BaseModel"
```
**Solution:**
```python
class DatasetContext(BaseModel):
model_config = {"populate_by_name": True}
schema_name: str | None = Field(None, alias="schema",
description="Schema name")
```
**Impact:**
- Eliminates Pydantic v2 warning
- Maintains backward compatibility (accepts both `schema` and `schema_name`)
- Follows Pydantic best practices
#### 3. Enhanced Auth Documentation (`superset/mcp_service/auth.py`)
**Changes:**
- Removed all TODO comments suggesting "future PR" work
- Added comprehensive deployment guidance with concrete examples
- Clarified hook pattern as production-ready extension point
- Provided actionable code examples for:
- JWT authentication integration
- Custom permission checks
- Audit logging implementation
- Rate limiting middleware
**Impact:**
- Deployers have clear guidance for production customization
- Emphasizes MCP auth is a flexible hook system, not incomplete code
- Reduces confusion about auth implementation status
### TESTING
✅ All 178 MCP service unit tests pass
✅ Pre-commit checks pass (mypy, ruff, pylint)
✅ No Pydantic warnings when importing MCP service
✅ Backward compatibility verified for `DatasetContext` usage
### BEFORE/AFTER
**Before:**
- `health_check` tool fails in deployment with Flask context error
- Pydantic warning appears on every MCP service import
- TODO comments suggest auth system is incomplete
**After:**
- All MCP tools work reliably in stateless HTTP mode
- No Pydantic warnings
- Clear production deployment guidance
### ADDITIONAL INFORMATION
- [ ] Has associated issue: N/A (bug fix)
- [ ] Required feature flags: None
- [x] Changes UI: No
- [ ] Includes DB Migration: No
- [ ] Introduces new feature or API: No
- [ ] Removes existing feature or API: No
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
