Skip to content

fix(mcp): strict dry-run command validation (#55)#24

Merged
chenliuyun merged 2 commits intomainfrom
fix/2.6.3-strict-dryrun-command-validation
Apr 21, 2026
Merged

fix(mcp): strict dry-run command validation (#55)#24
chenliuyun merged 2 commits intomainfrom
fix/2.6.3-strict-dryrun-command-validation

Conversation

@chenliuyun
Copy link
Copy Markdown
Collaborator

@chenliuyun chenliuyun commented Apr 21, 2026

Summary

  • Replace lenient validateCommand in send_command dry-run with direct findCatalogEntry lookup
  • When catalog has a definitive match with builtin commands, strictly reject unknown command names
  • Reject commands sent to read-only sensors (e.g. Meter) with a clear error
  • Pass through gracefully for uncataloged device types (can't validate what we don't know)

Fixes #55 (v2.6.2 fix was insufficient — validateCommand silently returned ok:true for ambiguous/missing catalog matches).

Test plan

  • Bogus command on cataloged device (Color Bulb, Bot) → rejected with unknown-command
  • Case-wrong command (e.g. turnon) → accepted (case-normalized)
  • Uncataloged device type → passes through (graceful degrade)
  • Read-only sensor (Meter) → rejected with read-only-device
  • Error hint includes list of supported commands
  • Full test suite: 1000/1001 pass (1 pre-existing flaky events test)

chenliuyun added 2 commits April 21, 2026 12:03
fix(mcp): strict dry-run command validation bypassing lenient validat…
b797056 
…eCommand (#55)

Replace validateCommand call in send_command dry-run with direct catalog
lookup. When findCatalogEntry returns a definitive match with builtin
commands, reject unknown command names. Also reject commands on read-only
sensors. Pass through gracefully for uncataloged device types.
docs: update dry-run descriptions to reflect stricter command validation
a0c8094 
README and agent-guide now document that dry-run validates command names
against the catalog and rejects commands on read-only sensors.
@chenliuyun chenliuyun merged commit b01f8b4 into main Apr 21, 2026
4 checks passed
@chenliuyun chenliuyun deleted the fix/2.6.3-strict-dryrun-command-validation branch April 21, 2026 04:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chenliuyun