Merge pull request #30 from SemClone/fix/osslili-informational-output-parsing

fix: Handle osslili informational output in download_and_scan_package (v1.6.1)

Author: oscarvalenzuelab

CHANGELOG.md

@@ -7,6 +7,43 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.6.1] - 2025-01-13
+
+### Fixed
+
+#### download_and_scan_package: Handle osslili Informational Output
+
+**Problem:**
+The `download_and_scan_package` tool was failing with JSON parsing errors when osslili outputs informational messages before JSON output. osslili now prefixes output with messages like:
+```
+ℹ Processing local path: package.tar.gz
+```
+
+This caused `json.loads()` to fail with "Expecting value: line 1 column 1 (char 0)"
+
+**Root Cause:**
+Line 2026 in server.py attempted to parse osslili stdout directly as JSON without stripping informational messages.
+
+**Solution:**
+Added preprocessing to find the first `{` character and parse JSON from that position, effectively stripping any informational messages before the JSON payload.
+
+**Changes:**
+- mcp_semclone/server.py:
+  * Added informational message stripping before JSON parsing (lines 2026-2031)
+  * Finds first `{` in output and parses from there
+  * Preserves backward compatibility with osslili versions that don't output messages
+
+**Installation Note:**
+When using pipx, ensure `purl2src` is installed with console scripts enabled:
+```bash
+pipx inject mcp-semclone purl2src --include-apps --force
+```
+
+**Impact:**
+- Tool now works correctly with latest osslili versions
+- All 7 tests passing
+- Fixes download failures reported in the field
+
 ## [1.6.0] - 2025-01-13
 
 ### Added

examples/strands-agent-ollama/requirements.txt

@@ -2,7 +2,7 @@
 # Python 3.10+ required
 
 # MCP server with SEMCL.ONE compliance tools
-mcp-semclone>=1.6.0
+mcp-semclone>=1.6.1
 
 # MCP SDK for connecting to MCP servers
 mcp>=1.0.0

mcp_semclone/__init__.py

@@ -1,5 +1,5 @@
 """MCP SEMCL.ONE - Model Context Protocol server for OSS compliance."""
 
-__version__ = "1.6.0"
+__version__ = "1.6.1"
 __author__ = "Oscar Valenzuela B."
 __email__ = "oscar.valenzuela.b@gmail.com"

mcp_semclone/server.py

@@ -2023,7 +2023,12 @@ async def download_and_scan_package(
                         ])
 
                         if osslili_result.returncode == 0 and osslili_result.stdout:
-                            osslili_data = json.loads(osslili_result.stdout)
+                            # Strip informational messages (e.g., "ℹ Processing local path...")
+                            osslili_output = osslili_result.stdout
+                            json_start = osslili_output.find('{')
+                            if json_start != -1:
+                                osslili_output = osslili_output[json_start:]
+                            osslili_data = json.loads(osslili_output)
 
                             # Extract licenses from osslili
                             if osslili_data.get("components"):

pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "mcp-semclone"
-version = "1.6.0"
+version = "1.6.1"
 description = "Model Context Protocol server for SEMCL.ONE OSS compliance toolchain"
 readme = "README.md"
 requires-python = ">=3.10"