From 15050fd965d5c9c1c21b557870a46def2068e365 Mon Sep 17 00:00:00 2001 From: Alexazhu Date: Sat, 18 Apr 2026 15:04:32 +0800 Subject: [PATCH] fix(mcp_oauth): raise RuntimeError instead of asserting OAuth port is set MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ``tools/mcp_oauth.py`` relied on ``assert _oauth_port is not None`` to guard the module-level port set by ``build_oauth_auth``. Python's ``-O`` / ``-OO`` optimization flags strip ``assert`` statements entirely, so a deployment that runs ``python -O -m hermes ...`` silently loses the check: ``_oauth_port`` stays ``None`` and the failure surfaces much later as an obscure ``int()`` or ``http.server.HTTPServer((host, None))`` TypeError rather than the intended "OAuth callback port not set" signal. Replace with an explicit ``if … raise RuntimeError(...)`` so the invariant is preserved regardless of the interpreter's optimization level. Docstring updated to document the new exception. Found during a proactive audit of ``assert`` statements in non-test code paths. --- tools/mcp_oauth.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tools/mcp_oauth.py b/tools/mcp_oauth.py index a0ec9dc0e..fd655bf3d 100644 --- a/tools/mcp_oauth.py +++ b/tools/mcp_oauth.py @@ -365,8 +365,15 @@ async def _wait_for_callback() -> tuple[str, str | None]: Raises: OAuthNonInteractiveError: If the callback times out (no user present to complete the browser auth). + RuntimeError: If ``_oauth_port`` has not been set, which would indicate + that ``build_oauth_auth`` was skipped — the asserting form below + was a silent bug when running Python with ``-O``/``-OO``. """ - assert _oauth_port is not None, "OAuth callback port not set" + if _oauth_port is None: + raise RuntimeError( + "OAuth callback port not set — build_oauth_auth must be called " + "before _wait_for_oauth_callback" + ) # The callback server is already running (started in build_oauth_auth). # We just need to poll for the result.