Skip to content

Recovery mcp v2#303

Open
gsharini wants to merge 3 commits into
oracle:mainfrom
gsharini:recovery_mcp_v2
Open

Recovery mcp v2#303
gsharini wants to merge 3 commits into
oracle:mainfrom
gsharini:recovery_mcp_v2

Conversation

@gsharini

@gsharini gsharini commented Jun 2, 2026

Copy link
Copy Markdown
Member

Description

This change expands the Recovery MCP server’s read-oriented Recovery Service coverage.

Summary of change:

  • Adds restore discovery support via list_restore.
  • Adds child-compartment traversal support to list/summarize flows so compartment-scoped queries can aggregate across the subtree when requested.
  • Makes retention-lock and redo-shipping fields explicit in responses for protected database reads.

Motivation and context:

  • The branch adds better visibility into restore activity and related database inventory for Recovery MCP users.

Dependencies required for this change:

  • No new package or module dependencies were added in this branch.
  • This change continues to rely on the existing OCI Python SDK and the repo’s existing test environment.

Fixes #

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • [] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

Validated with targeted pytest coverage for the two Recovery MCP test modules changed by this branch.

Repro:
ORACLE_MCP_LOG_DIR=/private/tmp/oci-recovery-mcp-logs pytest src/oci-recovery-mcp-server/oracle/oci_recovery_mcp_server/tests/test_recovery_database_tools.py src/oci-recovery-mcp-server/oracle/oci_recovery_mcp_server/tests/test_recovery_tools.py

  • test_recovery_database_tools.py
  • test_recovery_tools.py

Test Configuration:

  • Firmware version: N/A
  • Hardware: Local macOS development machine
  • Toolchain: Python 3.13.5, pytest 9.0.2
  • SDK: Existing repo environment / OCI Python SDK

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@oracle-contributor-agreement oracle-contributor-agreement Bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Jun 2, 2026
@krisrice

Copy link
Copy Markdown
Member

Automated review result: needs security/manual review.

Reason:

  • This PR changes the OCI Recovery MCP server surface by adding restore/work-request listing behavior and model mapping changes in a database recovery control-plane server. New backend access in a high-privilege recovery domain requires manual validation.

Manual review should verify:

  • Server-side authorization and least-privilege scope.
  • Parameter validation and bounded output/pagination.
  • Secret/customer-data redaction in logs, errors, and returned content.
  • Tests for auth failure, validation failure, side effects, and redaction where applicable.

No automated approval or merge was performed.

@gsharini

gsharini commented Jun 25, 2026

Copy link
Copy Markdown
Member Author

Can someone please review and approve this PR?

This change only adds read/list behavior for Recovery MCP restore/work-request visibility. It does not initiate restore/recovery operations or introduce mutating actions.

I did a pass against the automated review checklist:

  • Auth still goes through the existing OCI client/auth paths, with OCI IAM enforcing access to compartments/resources.
  • Returned restore data is narrowed through the WorkRequest model, not raw SDK objects.
  • list_restore filters work requests to restore operations only and excludes unrelated work-request types.
  • Pagination is handled through OCI page tokens, with support for caller-provided limit/page.
  • Logging uses the existing structured redaction helper for secret-like keys such as token, secret, private key, client secret, etc.
  • Tests cover restore filtering, empty/non-restore results, pagination behavior, auth path wiring, and redaction helper behavior.

The main review ask is to confirm whether the existing read-only behavior, OCI IAM enforcement, pagination handling, and redaction coverage are sufficient for approval, or if you want additional bounds/validation before merge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

OCA Verified All contributors have signed the Oracle Contributor Agreement.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants