feat: production readiness — health checks, uv migration, middleware fixes#7
Open
BeArchiTek wants to merge 2 commits intoCloud-Temple:mainfrom
Open
feat: production readiness — health checks, uv migration, middleware fixes#7BeArchiTek wants to merge 2 commits intoCloud-Temple:mainfrom
BeArchiTek wants to merge 2 commits intoCloud-Temple:mainfrom
Conversation
Inspired by opsmill/infrahub-mcp#62, this adds production-readiness improvements to the MCP server: Middleware stack (new src/live_mem/middleware.py): - RequestIdMiddleware: UUID correlation ID per request (contextvars), exposed as X-Request-Id response header - MetricsMiddleware: per-path request counts, error rates, latency; /metrics endpoint in Prometheus and JSON formats - ResponseLimitMiddleware: truncates responses exceeding configurable limit (default 512 KB) with structured JSON error for JSON responses - AuditMiddleware: structured JSON audit trail (who, what, when) on a dedicated live_mem.audit logger Health endpoint: - /health now probes S3 connectivity and returns 503 with specific failure reason when S3 is unreachable (was always returning 200) Structured logging: - JSON log formatter for production log aggregation (ELK, Datadog) - LoggingMiddleware emits structured entries with request_id, client identity, method, path, status, latency Configuration: - Startup validation: port range, S3 all-or-nothing, URL format, LLM pair consistency, consolidation ranges, temperature bounds - Fail-fast with clear error messages on misconfiguration - New RESPONSE_MAX_BYTES setting Tool annotations: - All 38 MCP tools annotated with readOnlyHint, destructiveHint, and idempotentHint per MCP spec (ToolAnnotations) Docker: - Multi-stage build: builder installs deps, runtime copies only the venv — no pip/setuptools in production image - PYTHONDONTWRITEBYTECODE and PYTHONUNBUFFERED for container hygiene Tests: - 36 unit tests covering all new middleware, config validation
…ware fix - /health endpoint now probes both S3 and LLMaaS (was S3-only) - CLI health command uses HTTP /health directly instead of MCP protocol - Audit middleware moved before Auth to capture 403 rejections - Migrated from requirements.txt to pyproject.toml + uv.lock - Dockerfile uses uv sync --frozen with Docker layer caching - Added .mcp.json to .gitignore Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Supersedes #6 with additional fixes discovered during testing.
/healthendpoint now probes both S3 and LLMaaS (was S3-only), returnshealthy/degraded/unhealthywith per-service detailhealthcommand uses HTTP/healthdirectly instead of full MCP protocol handshake — faster, no auth neededrequirements.txttopyproject.toml+uv.lock— single source of truth for dependenciesuv sync --frozenwith two-step layer caching (deps layer cached separately from source).mcp.jsonto.gitignoreFrom #6 (unchanged)
X-Request-Idheader)/metricsin Prometheus + JSON formatreadOnlyHint,destructiveHint,idempotentHinton all 38 toolsTest plan
uv run python -m pytest tests/— 36/36 passingdocker compose build— multi-stage build withuv sync --frozencurl localhost:8080/health— returns S3 + LLMaaS statuscurl localhost:8080/metrics— Prometheus format outputX-Request-Idheader present on responsespython scripts/mcp_cli.py health— uses HTTP endpoint, shows both services