fix(mcp_oauth): raise RuntimeError instead of asserting OAuth port is set

``tools/mcp_oauth.py`` relied on ``assert _oauth_port is not None`` to guard the module-level port set by ``build_oauth_auth``. Python's ``-O`` / ``-OO`` optimization flags strip ``assert`` statements entirely, so a deployment that runs ``python -O -m hermes ...`` silently loses the check: ``_oauth_port`` stays ``None`` and the failure surfaces much later as an obscure ``int()`` or ``http.server.HTTPServer((host, None))`` TypeError rather than the intended "OAuth callback port not set" signal. Replace with an explicit ``if … raise RuntimeError(...)`` so the invariant is preserved regardless of the interpreter's optimization level. Docstring updated to document the new exception. Found during a proactive audit of ``assert`` statements in non-test code paths.
2026-04-25 00:51:20 +00:00 · 2026-04-18 15:04:32 +08:00 · 2026-04-18 15:04:32 +08:00 · 15050fd965
commit 15050fd965
parent 5fa2f4258a
1 changed files with 8 additions and 1 deletions
--- a/tools/mcp_oauth.py
+++ b/tools/mcp_oauth.py
@ -365,8 +365,15 @@ async def _wait_for_callback() -> tuple[str, str | None]:
    Raises:
        OAuthNonInteractiveError: If the callback times out (no user present
            to complete the browser auth).
+        RuntimeError: If ``_oauth_port`` has not been set, which would indicate
+            that ``build_oauth_auth`` was skipped — the asserting form below
+            was a silent bug when running Python with ``-O``/``-OO``.
    """
-    assert _oauth_port is not None, "OAuth callback port not set"
+    if _oauth_port is None:
+        raise RuntimeError(
+            "OAuth callback port not set — build_oauth_auth must be called "
+            "before _wait_for_oauth_callback"
+        )

    # The callback server is already running (started in build_oauth_auth).
    # We just need to poll for the result.