Add MCP surface fuzz pass to CI#675
Conversation
Co-authored-by: Cursor <cursoragent@cursor.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: cd720107fa
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
On the GitHub Linux runner this directory is created by the runner user with normal 0755 permissions, then mounted into princekrroshan01/mcp-fuzzer:v0.4.0; I checked that image's upstream Dockerfile and its runtime stage uses USER nonroot, while the fuzzer writes under --output-dir /output. That UID cannot create /output/sessions/..., so report generation logs errors and the Upload fuzz report step has no useful artifacts even when fuzzing ran. Make the host dir writable for the container, or run the container with the runner UID.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
@Agent-Hellboy took this for a spin against the real stackql/stackql-mcp image over streamable HTTP (not just the fixture) and it ran clean on the categories that matter - no crash, auth_bypass, injection_reflection, or error_leakage. Nice work.
One question on coverage: the published artifact (Docker, npm, PyPI, the Claude Desktop bundle) all run --mcp.server.type=stdio, so that's the transport almost everyone actually uses, and it's also where your memory_growth detection kicks in since the fuzzer supervises the spawned process there. The PR only exercises streamable HTTP. Do you plan to add a stdio pass? For a Go server that's the more interesting transport to fuzz, and it would line the PR up with how the server actually ships.
2 participants
Summary
bash scripts/fuzz-mcp-surface.shto boot a streamable HTTP MCP fixture and run mcp-fuzzer against the canonical StackQL tool surfacescripts/fuzz_mcp_fixture/usespkg/mcp_serverinread_onlymode with representative tool responses (no cloud credentials)mcp-fuzzworkflow that uploadsfuzz-output/and pinsprincekrroshan01/mcp-fuzzer:v0.4.0docs/mcp-fuzz.mdThe pass exercises MCP tool registration, query-tool argument handling, and streamable HTTP transport in
pkg/mcp_server. It is a smoke-level check, not a replacement for robot tests against a fullstackql mcpdeployment with provider mocks.Evidence
Local verification (2026-06-19):
go build ./scripts/fuzz_mcp_fixture/— OKdocker pull princekrroshan01/mcp-fuzzer:v0.4.0— OKMCP_FUZZ_RUNS=2 MCP_FUZZ_TIMEOUT=25 bash scripts/fuzz-mcp-surface.sh— OKhttp://127.0.0.1:19992(streamable HTTP)--fail-if-no-toolspassed)fuzz-output/findings.jsonTest plan
mcp-fuzzjob green on this PRChecklist variations
pkg/mcp_server, not a change to query execution behavior covered by existing robot suites.