fix(mcp): return raw body on 2xx decode failure from generated client#96
Merged
Conversation
X-Api-Key on the MCP endpoint is for client authentication (checked against --auth-token), not for forwarding the Seerr API key. The Seerr API key is always read from the application config (seerr.api_key). Remove SeerrAPIKeyMiddleware, which incorrectly extracted X-Api-Key from incoming requests and injected it as the Seerr API key. Replace the bearer-only auth middleware with MCPAuthMiddleware, which accepts the configured auth token via Authorization: Bearer, X-Api-Key header, or ?api_key= query parameter (when --allow-api-key-query-param is set). Clients configured with no auth token no longer receive spurious 401s.
Overseerr requires a seasons field for tv requests. The MCP tool was missing this parameter, causing a server-side crash when the API tried to filter an undefined seasons array.
Cover movie requests (no seasons), tv with "all", tv with specific season numbers, and invalid season input producing a tool error.
The generated UserSettings model uses DisallowUnknownFields() but Overseerr returns extra fields (id, pgpKey, notification settings) not in the OpenAPI spec. This caused request_create and other tools to surface a false tool error even though the HTTP call succeeded. Add marshalResult() which falls back to the raw response body when Execute() returns a *GenericOpenAPIError on a 2xx response. Apply it to all request and user handlers that embed User/UserSettings in their response.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The generated
UserSettingsmodel usesDisallowUnknownFields()but Overseerr returns extra fields (id,pgpKey, push notification fields,notificationTypes) not present in the OpenAPI spec. Any MCP tool that calls an endpoint whose response embeds aUserobject (with nestedUserSettings) would fail withjson: unknown field "id"even though the HTTP call succeeded and the resource was created/modified.Discovered while using
request_createto request Dororo — the TV show was queued in Sonarr but the MCP client received an error.Changes
marshalResult(res, httpResp, err)helper incmd/mcp/mcp.go: whenExecute()returns a*GenericOpenAPIErroron a 2xx response, the raw body is returned instead of treating it as a tool failuremarshalResultto all request handlers (request_create,request_get,request_list,request_approve,request_decline,request_retry) and user handlers (users_list,users_get,users_update,users_quota) that embedUser/UserSettingsin their responseTest plan
go test -v ./...passesgo fmt ./...produces no diffgo buildsucceedsNew tests in
tests/mcp_marshal_result_test.go:TestMCPRequestCreateFallbackOnDecodeError— 201 response withsettings.id(unknown field) returns success with correctid/statusin bodyTestMCPRequestCreateRealErrorStillFails— 400 response is still surfaced as a tool errorChecklist
--help, comments)