fix: enhance input format tolerance for __evmauth parameter #9
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add comprehensive JSON string format support for __evmauth parameter - Improve error handling with detailed troubleshooting messages - Enhanced debug logging with format detection and parsing details - Add 9 new test cases covering JSON string, object format, and edge cases - Support both web-based MCP clients (JSON strings) and Node.js clients (objects) - Better validation and error messages for malformed authentication data Resolves upstream issue radiustechsystems#4 for improved MCP client compatibility 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <[email protected]>
…techsystems#4 CRITICAL FIXES: - Eliminated ALL uses of 'any' type (4 instances removed) - Fixed TypeScript compilation error on line 316 - Implemented proper type guard isEVMAuthProof() without any casts - Added PROOF_MALFORMED error code for JSON parsing failures - Added JSON size limits (1MB) and pre-validation checks TYPE SAFETY IMPROVEMENTS: - Created comprehensive type guard for EVMAuthProof validation - Replaced all type assertions with proper type narrowing - Fixed test to use 'unknown' instead of 'any' for invalid data - Proper error handling with RadiusError exceptions ENHANCED ERROR HANDLING: - Different error codes for different failure modes - PROOF_MISSING for no auth provided - PROOF_MALFORMED for invalid JSON or oversized payloads - SIGNER_MISMATCH for invalid wallet addresses - Detailed debug logging without exposing sensitive data TEST IMPROVEMENTS: - Added 3 new edge case tests (49 total, up from 46) - Tests for oversized JSON payloads - Tests for null/undefined fields - Tests for array vs object JSON - Fixed test expectations to match new error codes All tests passing, TypeScript strict mode compliant, zero 'any' types. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Enhances input format tolerance for the
__evmauthparameter to support both JSON string and object formats, improving compatibility across different MCP client implementations.Resolves #4
Changes
Core Implementation
extractProof()method with comprehensive type guardisEVMAuthProof()anytype assertionsError Handling
PROOF_MALFORMEDerror code for invalid JSON structuresRadiusErrorinstancesTypeScript Compliance
anytype usage in production code (4 instances removed)Test Coverage
Testing
Client Compatibility
Performance & Security