Launch parallel agents simultaneously

[jmagar]

Generated by 9 parallel specialized agents reviewing the entire codebase:

• SECURITY_REVIEW.md: 21 security vulnerabilities identified (3 critical)
• ERROR_HANDLING_REVIEW.md: Comprehensive error handling patterns analysis
• ERROR_HANDLING_SUMMARY.txt: Executive summary of error handling findings
• ARCHITECTURE_REVIEW.md: 19 architectural consistency issues
• TEST_COVERAGE_ANALYSIS.md: Complete test coverage gap analysis (0% → 85% roadmap)
• TEST_COVERAGE_SUMMARY.md: Executive summary of testing needs
• TESTING_QUICK_REFERENCE.md: Developer guide for test implementation
• PERFORMANCE_REVIEW.md: Performance optimization opportunities

Key findings:

• 4 critical blockers (shell injection, path traversal, no graceful shutdown, zero tests)
• Overall score: 82/100 - production-ready with critical fixes needed
• Total effort: 4-6 weeks to address all issues

These reports provide a complete roadmap for production deployment.

Summary by CodeRabbit

• Documentation
  • Added extensive architecture, security, performance, testing, metrics, rollback, and health/metrics guides.
• Reliability
  • Timeouts and guarded flows for long-running operations with clearer timeout reporting.
• Security
  • Stronger config validation, stricter SSH host-key behavior, and safer command/argument handling.
• Logging
  • Log rotation now retains backups and emits richer error diagnostics.
• Observability
  • In-process metrics, Prometheus/JSON endpoints, and operation-tracking utilities.
• Rollback
  • Migration rollback manager plus public rollback/status APIs.
• Testing
  • Large suite of new unit and integration tests and test fixtures.
• User-facing
  • More consistent, formatted responses and richer container/stack diagnostics.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds extensive documentation and tests; introduces metrics, operation-tracking, health/metrics resources, migration rollback manager, Pydantic security validators, widespread asyncio timeouts and improved error handling/logging, SSH/rsync escaping and host-key policy updates, and graceful server shutdown orchestration.

Changes

Cohort / File(s)	Summary
Project reviews & reports ARCHITECTURE_REVIEW.md, ERROR_HANDLING_REVIEW.md, ERROR_HANDLING_SUMMARY.txt, PERFORMANCE_REVIEW.md, SECURITY_REVIEW.md, TESTING_QUICK_REFERENCE.md, TEST_COVERAGE_ANALYSIS.md, TEST_COVERAGE_SUMMARY.md, TEST_SUITE_SUMMARY.md, TEST_EXPANSION_SUMMARY.md	Added long-form review and guidance documents covering architecture, error handling, performance, security, testing, coverage, and test-suite summaries with findings and remediation roadmaps.
Docs: health/metrics & rollout HEALTH_METRICS_IMPLEMENTATION.md, METRICS.md, MIGRATION_ROLLBACK_IMPLEMENTATION.md	New specification and implementation documents for health/metrics endpoints, metrics config, and migration rollback design.
Metrics & operation tracking code docker_mcp/core/metrics.py, docker_mcp/core/operation_tracking.py, config/hosts.example.yml	New MetricsCollector, Prometheus exporter, operation-tracking decorator/context/OperationTracker, and example metrics config fields.
Health & metrics resources docker_mcp/resources/health.py, docker_mcp/resources/__init__.py	New HealthCheckResource, MetricsResource, MetricsJSONResource and package exports for health/metrics endpoints.
Migration rollback system docker_mcp/core/migration/rollback.py, docker_mcp/core/migration/__init__.py, docker_mcp/services/stack/migration_executor.py, docker_mcp/services/stack/migration_orchestrator.py, docker_mcp/services/stack_service.py	New MigrationRollbackManager, related models, integration into executor/orchestrator/service, public rollback APIs, and re-exports.
Config validation & metrics field docker_mcp/core/config_loader.py	Added Pydantic field validators validate_path and validate_ssh_key, new MetricsConfig model, and config load/apply wiring for metrics; YAML/env expansion updates and hosts write behavior.
SSH constants & docs docker_mcp/constants.py, docker_mcp/utils.py	SSH host-key policy changed to StrictHostKeyChecking=accept-new and doc examples updated.
SSH / rsync / containerized rsync / compose / backup docker_mcp/core/transfer/rsync.py, docker_mcp/core/transfer/containerized_rsync.py, docker_mcp/core/compose_manager.py, docker_mcp/core/backup.py, docker_mcp/services/stack/network.py	Hardened SSH/rsync invocations: list-based ssh option construction, use of shlex.quote/shlex.join, host-key policy accept-new, and remote shell flag changed from -lc to -c in some commands.
Docker context & client creation docker_mcp/core/docker_context.py	Added asyncio timeouts (30–60s), offloaded blocking Docker SDK calls via asyncio.to_thread, JSON parsing robustness, SSH URL fallback iterations, caching and stricter error handling.
Server lifecycle & graceful shutdown docker_mcp/server.py	Added signal handlers, shutdown coordination state, register_shutdown_handlers, cleanup_server, ShutdownMonitor integration, metrics init hooks, and conditional health/metrics resource wiring.
Logging rotation docker_mcp/core/logging_config.py	RotatingFileHandler now retains backups (backupCount=5) instead of truncating; docstring adjusted.
Service-level timeouts, richer responses & safety docker_mcp/services/container.py, docker_mcp/services/host.py, docker_mcp/services/stack/migration_executor.py, docker_mcp/core/migration/manager.py, docker_mcp/services/config.py, docker_mcp/services/cleanup.py, docker_mcp/services/stack/risk_assessment.py, docker_mcp/services/stack/operations.py	Added per-call asyncio.timeout guards, TimeoutError handling, richer structured responses/formatters, safety checks, rollback integration, and refactored discovery/import/cleanup flows.
Tools: containers & logs docker_mcp/tools/containers.py, docker_mcp/tools/logs.py, docker_mcp/tools/stacks.py	New server-side optimized container lookup helper; replaced broad list-scans with targeted lookups; timeout-guarded log retrieval/stream setup and remote compose write/deploy timeouts.
Resources: docker errors docker_mcp/resources/docker.py	Broadened and standardized exception handling with explicit error_type fields and consistent unexpected-error payloads across resource endpoints.
Migration manager changes docker_mcp/core/migration/manager.py	Added timeouts to container-verify and data-transfer flows; transfer wrapped with a 2-hour timeout and structured failure reporting.
Archive & transfer timeouts docker_mcp/core/transfer/archive.py, docker_mcp/core/migration/verification.py	Added large-operation timeouts and TimeoutError handling for archive creation/verification/extraction and migration verification/inventory steps.
Cleanup & disk usage hardening docker_mcp/services/cleanup.py	Reworked cleanup dispatch into leveled operations with asyncio timeouts, guarded disk-usage checks, improved parsing and recommendations, and richer outputs.
Config discovery & SSH import docker_mcp/services/config.py	Added timeout-wrapped discovery/import flows, early host validation, and structured discovery/import result formatting.
Tests & fixtures tests/*, tests/unit/*, tests/integration/*, tests/conftest.py, tests/README.md	Large addition of unit and integration tests, comprehensive conftest.py with fixtures, many concrete unit tests (models, config, context, exceptions, parameters, settings) and multiple integration suites.
Docs: test references and summaries TESTING_QUICK_REFERENCE.md, TEST_COVERAGE_ANALYSIS.md, TEST_COVERAGE_SUMMARY.md, TEST_SUITE_SUMMARY.md, TEST_EXPANSION_SUMMARY.md, tests/README.md	New/expanded test guidance, coverage analysis, quick-reference, and suite summaries.
Models: container/stack metadata docker_mcp/models/container.py	Added fields to ContainerInfo (labels, env, volumes, networks) and StackInfo.metadata.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant Client as API/CLI
    participant Server as docker_mcp.server
    participant Service as Service Layer
    participant Context as core.docker_context
    participant Metrics as MetricsCollector
    participant Docker as Remote Docker/SSH

    Client->>Server: request
    Server->>Metrics: record operation start
    Server->>Service: dispatch operation
    Service->>Context: ensure_context / get_client (timeboxed)
    Context->>Docker: ping/version (via asyncio.to_thread)
    alt Docker reachable
        Docker-->>Context: ok
        Context-->>Service: client
        Service->>Metrics: record success/duration
        Service-->>Server: structured result
    else timeout / error
        Context-->>Service: error / None
        Service->>Metrics: record error
        Service-->>Server: structured error (error_type, message)
    end
    Server->>Client: response
    Note over Server: SIGINT/SIGTERM -> register_shutdown_handlers -> cleanup_server -> close contexts -> flush metrics

Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120+ minutes

• Areas needing extra attention:
  • docker_mcp/core/docker_context.py — thread offloading, timeouts, SSH URL fallback logic, caching correctness.
  • docker_mcp/server.py — signal handling, shutdown coordination, concurrency and cleanup correctness.
  • core migration rollback modules (core/migration/rollback.py, migration_executor/orchestrator) — rollback action ordering, state consistency, timeouts and new public APIs.
  • docker_mcp/core/config_loader.py — filesystem permission/ownership checks and path-validation cross-platform assumptions.
  • rsync/containerized_rsync/compose_manager/backup — quoting/escaping, nested SSH invocation correctness, and effects of remote-shell flag change.
  • tests/conftest.py and large test additions — fixture correctness, mocking scopes, long-running test stubs and integration coverage.

Possibly related PRs

• feat: Complete Phase 3 code cleanup with centralized utilities and constants #9 — overlaps SSH utilities and SSH_NO_HOST_CHECK constant and related SSH/rsync handling.
• refactor: Remove cache manager and consolidate Docker services #11 — overlaps docker_context timeouts, client creation changes, and logging/metrics wiring.
• fix: Comprehensive linting and type error refactoring across codebase #13 — touches migration manager/transfer logic and may overlap migration transfer/timeout changes.

Poem

🐇 I hop through code with careful paws and cheer,

I stitch in timeouts and keep the keys near.
Metrics hum softly, health checks sing true,
Rollbacks stand ready if storms come through.
A nibble, a test, and the burrow's secure. 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title 'Launch parallel agents simultaneously' describes the process/mechanism of the PR itself but does not accurately summarize the substantive changes made to the codebase (security reviews, error handling analysis, test coverage roadmaps, and production-readiness assessments).	Revise the title to reflect the actual changes, such as 'Add comprehensive code reviews and testing roadmaps' or 'Generate initial security, architecture, and test coverage assessments' to clearly communicate the deliverables to reviewers.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 93.01% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch claude/parallel-agent-dispatch-011CUyN2Ch6n3xQLphWG4yMd

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull Request Overview

This PR adds comprehensive analysis and review documentation for the Docker-MCP project, including test coverage analysis, security review, performance review, error handling review, and architecture review documents.

• Adds 6 new documentation files totaling over 4,500 lines of analysis
• Provides detailed roadmaps for test implementation (0% → 85% coverage target)
• Documents 21 security vulnerabilities across critical, high, medium, and low severity
• Identifies performance optimization opportunities across N+1 patterns, async operations, and caching

Reviewed Changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
TEST_COVERAGE_SUMMARY.md	Executive summary of test coverage status showing 0% coverage and roadmap to 85%
TEST_COVERAGE_ANALYSIS.md	Comprehensive 1476-line detailed analysis of untested code paths and test requirements
TESTING_QUICK_REFERENCE.md	Quick reference guide for implementing tests with fixtures and patterns
SECURITY_REVIEW.md	Security audit identifying 21 vulnerabilities including shell injection and path traversal
PERFORMANCE_REVIEW.md	Performance analysis identifying N+1 patterns, blocking operations, and optimization opportunities
ERROR_HANDLING_SUMMARY.txt	Summary of error handling review with grade B+ and action plan
ERROR_HANDLING_REVIEW.md	Comprehensive error handling analysis covering async timeouts, resource cleanup, and recovery
ARCHITECTURE_REVIEW.md	Architecture assessment against CLAUDE.md specifications with 85/100 score

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 20

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e5f3a20 and 42345f8.

📒 Files selected for processing (8)

• ARCHITECTURE_REVIEW.md (1 hunks)
• ERROR_HANDLING_REVIEW.md (1 hunks)
• ERROR_HANDLING_SUMMARY.txt (1 hunks)
• PERFORMANCE_REVIEW.md (1 hunks)
• SECURITY_REVIEW.md (1 hunks)
• TESTING_QUICK_REFERENCE.md (1 hunks)
• TEST_COVERAGE_ANALYSIS.md (1 hunks)
• TEST_COVERAGE_SUMMARY.md (1 hunks)

🧰 Additional context used

🪛 LanguageTool

ERROR_HANDLING_SUMMARY.txt

[uncategorized] ~24-~24: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...types Fix Effort: Medium (2-3 days) HIGH PRIORITY ISSUES: --------------------- 4. MISSI...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[uncategorized] ~42-~42: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...s constants Fix Effort: Low (1 day) MEDIUM PRIORITY ISSUES: ----------------------- 7. SIL...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[style] ~50-~50: You can shorten this phrase to improve clarity and avoid wordiness.
Context: ...g Fix Effort: Low-Medium (1-2 days) AREAS THAT ARE WELL-DESIGNED: ------------------------------ ✓ Exce...

(NNS_THAT_ARE_JJ)

TESTING_QUICK_REFERENCE.md

[uncategorized] ~264-~264: The official name of this software platform is spelled with a capital “H”.
Context: ...## 🚀 CI/CD Integration (Later) Update .github/workflows/docker-build.yml: ```yaml te...

(GITHUB)

ERROR_HANDLING_REVIEW.md

[style] ~387-~387: To elevate your writing, try using a synonym here.
Context: ...er service methods - Makes error chains hard to follow Recommendation: For ser...

(HARD_TO)

---

[uncategorized] ~671-~671: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...) --- ## 10. SUMMARY OF FINDINGS ### High Priority Issues (Address Immediately) 1. **asyn...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[uncategorized] ~688-~688: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ... - Files: 15+ - Effort: Medium ### Medium Priority Issues 4. **Missing resource cleanup i...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[uncategorized] ~705-~705: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ior - Files: 5 - Effort: Low ### Low Priority Issues 7. Inconsistent log levels ...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

PERFORMANCE_REVIEW.md

[style] ~26-~26: Consider an alternative to strengthen your wording.
Context: ...t exists. This is redundant - the cache can be trusted. Current Approach: - Cache hit → ...

(CAN_BE_TRUSTED)

---

[grammar] ~168-~168: Ensure spelling is correct
Context: ...ion ``` Current Cost: - Best case: 500ms + immediate success = ~500ms - Worst ca...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

---

[uncategorized] ~175-~175: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...times instead of exponential backoff 3. Full stack list fetch just to verify presence **O...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

TEST_COVERAGE_ANALYSIS.md

[style] ~1196-~1196: As an alternative to the over-used intensifier ‘very’, consider replacing this phrase.
Context: ...- [ ] Cleanup with low disk space - [ ] Very large cleanup operation ### 9.7 Transfer Edg...

(EN_WEAK_ADJECTIVE)

---

[uncategorized] ~1351-~1351: The official name of this software platform is spelled with a capital “H”.
Context: ...13.1 GitHub Workflow Enhancement Add to .github/workflows/docker-build.yml: ```yaml ...

(GITHUB)

ARCHITECTURE_REVIEW.md

[uncategorized] ~201-~201: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...VERITY]** - No import linter in CI/CD - Low risk but worth monitoring - Recommendation: ...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[uncategorized] ~229-~229: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...IANT** | 19 | MEDIUM | --- ## TOP PRIORITY ACTIONS ### Critical (Do First): 1. **...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

SECURITY_REVIEW.md

[grammar] ~556-~556: Use a hyphen to join words.
Context: ...ts or Throttling) Issue: While rate limiting middleware exists, it may not b...

(QB_NEW_EN_HYPHEN)

🪛 markdownlint-cli2 (0.18.1)

TESTING_QUICK_REFERENCE.md

14-14: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

15-15: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

25-25: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

26-26: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

44-44: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

45-45: Tables should be surrounded by blank lines

(MD058, blanks-around-tables)

---

52-52: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

53-53: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

53-53: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

132-132: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

145-145: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

151-151: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

152-152: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

195-195: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

196-196: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

211-211: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

212-212: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

224-224: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

225-225: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

265-265: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

285-285: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

290-290: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

298-298: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

304-304: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

310-310: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

330-330: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

334-334: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

335-335: Bare URL used

(MD034, no-bare-urls)

---

336-336: Bare URL used

(MD034, no-bare-urls)

---

337-337: Bare URL used

(MD034, no-bare-urls)

ERROR_HANDLING_REVIEW.md

10-10: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

24-24: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

29-29: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

55-55: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

65-65: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

79-79: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

117-117: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

135-135: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

179-179: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

203-203: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

229-229: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

298-298: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

311-311: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

318-318: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

328-328: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

331-331: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

356-356: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

371-371: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

384-384: Trailing spaces
Expected: 0 or 2; Actual: 1

(MD009, no-trailing-spaces)

---

389-389: Trailing spaces
Expected: 0 or 2; Actual: 1

(MD009, no-trailing-spaces)

---

395-395: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

402-402: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

423-423: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

436-436: Trailing spaces
Expected: 0 or 2; Actual: 1

(MD009, no-trailing-spaces)

---

443-443: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

450-450: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

491-491: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

510-510: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

572-572: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

591-591: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

600-600: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

610-610: Trailing spaces
Expected: 0 or 2; Actual: 1

(MD009, no-trailing-spaces)

---

645-645: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

690-690: Ordered list item prefix
Expected: 1; Actual: 4; Style: 1/2/3

(MD029, ol-prefix)

---

695-695: Ordered list item prefix
Expected: 2; Actual: 5; Style: 1/2/3

(MD029, ol-prefix)

---

700-700: Ordered list item prefix
Expected: 3; Actual: 6; Style: 1/2/3

(MD029, ol-prefix)

---

707-707: Ordered list item prefix
Expected: 1; Actual: 7; Style: 1/2/3

(MD029, ol-prefix)

---

712-712: Ordered list item prefix
Expected: 2; Actual: 8; Style: 1/2/3

(MD029, ol-prefix)

---

727-727: Trailing spaces
Expected: 0 or 2; Actual: 3

(MD009, no-trailing-spaces)

---

733-733: Ordered list item prefix
Expected: 1; Actual: 3; Style: 1/2/3

(MD029, ol-prefix)

---

737-737: Ordered list item prefix
Expected: 2; Actual: 4; Style: 1/2/3

(MD029, ol-prefix)

---

741-741: Ordered list item prefix
Expected: 3; Actual: 5; Style: 1/2/3

(MD029, ol-prefix)

---

746-746: Ordered list item prefix
Expected: 1; Actual: 6; Style: 1/2/3

(MD029, ol-prefix)

---

750-750: Ordered list item prefix
Expected: 2; Actual: 7; Style: 1/2/3

(MD029, ol-prefix)

---

770-770: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

TEST_COVERAGE_SUMMARY.md

7-7: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

204-204: Strong style
Expected: asterisk; Actual: underscore

(MD050, strong-style)

---

204-204: Strong style
Expected: asterisk; Actual: underscore

(MD050, strong-style)

---

231-231: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

236-236: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

237-237: Ordered list item prefix
Expected: 1; Actual: 4; Style: 1/2/3

(MD029, ol-prefix)

---

238-238: Ordered list item prefix
Expected: 2; Actual: 5; Style: 1/2/3

(MD029, ol-prefix)

---

239-239: Ordered list item prefix
Expected: 3; Actual: 6; Style: 1/2/3

(MD029, ol-prefix)

---

241-241: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

242-242: Ordered list item prefix
Expected: 1; Actual: 7; Style: 1/2/3

(MD029, ol-prefix)

---

243-243: Ordered list item prefix
Expected: 2; Actual: 8; Style: 1/2/3

(MD029, ol-prefix)

---

244-244: Ordered list item prefix
Expected: 3; Actual: 9; Style: 1/2/3

(MD029, ol-prefix)

---

260-260: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

265-265: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

SECURITY_REVIEW.md

3-3: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

10-10: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

17-17: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

35-35: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

45-45: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

52-52: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

67-67: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

74-74: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

93-93: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

112-112: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

119-119: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

133-133: Trailing spaces
Expected: 0 or 2; Actual: 1

(MD009, no-trailing-spaces)

---

134-134: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

145-145: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

152-152: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

169-169: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

188-188: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

195-195: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

201-201: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

213-213: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

227-227: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

238-238: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

247-247: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

261-261: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

268-268: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

284-284: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

312-312: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

319-319: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

339-339: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

361-361: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

368-368: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

390-390: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

415-415: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

422-422: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

435-435: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

447-447: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

454-454: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

478-478: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

485-485: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

496-496: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

504-504: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

511-511: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

528-528: Trailing spaces
Expected: 0 or 2; Actual: 1

(MD009, no-trailing-spaces)

---

534-534: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

551-551: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

565-565: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

574-574: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

586-586: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

594-594: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

604-604: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

611-611: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

619-619: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

631-631: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

638-638: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

650-650: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

657-657: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

🔇 Additional comments (2)

TEST_COVERAGE_ANALYSIS.md (1)

1-50: Exceptionally thorough test coverage gap analysis with realistic phased roadmap.

The executive summary effectively communicates the critical baseline (0% coverage despite pytest infrastructure in place) and the scale required (460+ tests, 96-118 hours). The identification of 58 Python files and breakdown into Tier 1 (CRITICAL), Tier 2 (HIGH), Tier 3 (MEDIUM) priorities is well-structured.

However, verify the 85% coverage target's origin:

• Line 8 references "per CLAUDE.md" but CLAUDE.md is not provided in this review context. Confirm this requirement is documented and non-negotiable, as 460+ tests is a substantial commitment.
• The effort estimate (96-118 hours = 2-3 weeks full-time) assumes no external blockers; add risk factors if team expertise varies.

PERFORMANCE_REVIEW.md (1)

150-200: Algorithm optimization examples are clear, but sequential baseline timing needs validation.

Section 3.1 (post-deployment stack verification) identifies a clear inefficiency: fixed retry count + fixed sleep = predictable but suboptimal latency. The exponential backoff recommendation is sound.

However, validate the timing assumptions:

• Line 168: "Best case: 500ms + immediate success = ~500ms" - assumes stack is immediately visible after deployment, which depends on Docker daemon sync speed. In practice, you might always wait 1+ seconds before first check. Is 500ms realistic?
• Line 169-170: "Worst case: 0.5s + 1s×4 retries = ~4.5s" - assumes all 5 retries fail, which suggests deployment took >5.5 seconds. Is this expected, or does timeout trigger first?

Recommendation: Add a note specifying the Docker daemon visibility delay assumption and whether real-world testing confirms the 4.5s worst-case timing.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Solid architecture assessment with clear priorities, but severity calibration needs review.

The review effectively identifies 19 findings across 10 architectural dimensions and provides an actionable top-3 priority list (Issues #3, #9, #13). The summary table (lines 211-225) is well-organized and the verdict (85/100, "production-ready") is appropriately balanced.

However, severity ratings warrant recalibration:

1. Issue Improve filesystem sync reliability with intelligent verification #3 (CRITICAL): Marked CRITICAL but described as "StackService.handle_action() not found/incomplete." This is a consistency issue (some services implement it, this one doesn't) rather than a blocker. If it's truly critical, the system wouldn't work today; if it does work, the severity should be HIGH not CRITICAL. Clarify: Does the server fail to route StackService operations, or does it fall back gracefully?

2. Overall score (85/100) vs. issues: With 3 critical + 7 high-severity findings, a score of 85 seems optimistic. Consider whether this reflects "current production readiness" (acceptable for deployment with known issues) vs. "ideal state" (where issues would need fixing first).

🤖 Prompt for AI Agents

In ARCHITECTURE_REVIEW.md around lines 1-50, the reviewer flags that Issue #3 is
labelled CRITICAL but the description indicates a consistency/incompleteness
problem (StackService.handle_action missing) rather than an outright
system-blocking failure; verify whether the server currently fails to route
StackService operations or whether a graceful fallback exists, then update Issue
#3's severity to HIGH if routing still works or keep CRITICAL only if you can
demonstrate complete system failure, and reflect that change in the summary
table (around lines 211-225) and overall score rationale so the severity and
final score align with observed runtime behavior.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Exception groups and TaskGroup recommendations are forward-looking but not blockers.

Section 7 (Async Patterns) recommends modernizing to Python 3.11+ features:

• Issue Type Safety Improvements and Migration Enhancements #12: exception groups (except* (DockerCommandError, ...) as eg:)
• Issue fix: Resolve MCP resource URI template parameter extraction issue #14: TaskGroup instead of asyncio.gather()

These are stylistic/modernization improvements, not correctness issues. The current code using gather() works fine. If included in the action plan, clarify priority: Are these Phase 1 (must fix) or Phase 3+ (polish)?

Recommendation: Move Issues #12 and #14 to "Phase 3: Polish" or explicitly defer them with a note like "Defer until codebase upgrades to Python 3.11+ minimum."

🤖 Prompt for AI Agents

In ARCHITECTURE_REVIEW.md around lines 20 to 60, the Async Patterns
recommendations (Issue #12 exception groups and Issue #14 TaskGroup) are
currently listed without clear prioritization; update the document to move these
two items into "Phase 3: Polish" (or equivalent) and add a short deferment note
stating they should be implemented only after the codebase upgrades to Python
3.11+ (or specify the minimum runtime), and adjust the action plan/priorities to
mark them as optional/polish rather than Phase 1 must-fix items.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Key strengths section is valuable but lacks supporting evidence.

Section 9 highlights 5 strengths (consolidated tool architecture, service delegation, type safety, async patterns, configuration management). These are stated without quantification:

• "3 tools vs 27 individual decorators (2.6x token efficiency)" - this is excellent evidence and should be in this section (currently only at line 250)
• "Clean service delegation" - what metrics demonstrate this? (e.g., average service LOC, imports per service?)
• "Excellent use of Pydantic v2" - where in code does this stand out?

Recommendation: Add 1-2 sentences per strength with concrete evidence from the codebase (file references, metrics, or code snippets).

🤖 Prompt for AI Agents

In ARCHITECTURE_REVIEW.md around lines 248 to 276, the "Key Strengths" bullets
lack supporting evidence; update each strength with 1–2 concise supporting
sentences citing concrete code references or metrics: keep the existing "3 tools
vs 27 individual decorators (2.6x token efficiency)" line and move it here, add
a reference for "Clean service delegation" (e.g., average LOC or number of
imports per service and point to server.py and services/*), cite specific files
or examples for "Type Safety" (e.g., models/params.py and usages of Pydantic v2
enums), point to exact async patterns and files for "Modern Async" (e.g., use of
asyncio.to_thread() in X and subprocess handling in Y), and reference the
configuration fallback hierarchy file(s) for "Configuration Management"; ensure
each added sentence is one line, factual, and includes file paths or simple
metrics.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Excellent structured exception handling analysis with specific, actionable recommendations.

The assessment is thorough and well-grounded in the codebase. Key strengths:

• Clear problem/solution patterns with code examples (e.g., "CURRENT (BAD)" vs "RECOMMENDED (GOOD)")
• Specific severity grades and effort estimates
• Concrete file locations and line numbers enabling immediate remediation

Minor improvements:

1. Quantify exception handler scope: Line 62 states "many catch blocks use generic Exception" but Issue Add SSH connection pool for efficient remote command execution #1.2 later claims "15+ places" (lines 58-61). Provide exact count or a representative sample to validate scope.
2. Markdown formatting: Fenced code blocks at lines 29, 65, 79, 117, 135, 179, etc. should be surrounded by blank lines (currently flagged by markdownlint-cli2 MD031).
3. Async context manager options: Resource cleanup discussion (Section 3) focuses on AsyncExitStack but doesn't mention asyncio.nullcontext() for simpler cases, which may reduce implementation burden.

🧰 Tools

🪛 markdownlint-cli2 (0.18.1)

10-10: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

24-24: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

29-29: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

55-55: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

65-65: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

79-79: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

🤖 Prompt for AI Agents

In ERROR_HANDLING_REVIEW.md around lines 1 to 100, the review's minor
suggestions need to be applied: (1) quantify the scope of generic Exception
handlers by replacing "15+ places" with an exact count or list of representative
file/line examples (e.g., pick 5-8 concrete locations from the earlier section)
to validate the claim; (2) fix markdown linting by ensuring fenced code blocks
are surrounded by blank lines throughout the file (insert a blank line before
and after each triple-backtick block referenced at lines 29, 65, 79, 117, 135,
179, etc.); (3) expand the resource-cleanup note to mention
asyncio.nullcontext() as a lightweight alternative to AsyncExitStack for simpler
async cleanup cases and add one-sentence guidance on when to prefer it.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Summary and recommendations are clear, but priority ordering needs refinement.

The prioritized findings (Section 10) and action plan (Sections 11-13) effectively communicate next steps. However:

1. Phase interdependencies unclear: Phase 1 lists both asyncio timeout work and migration rollback as co-equal priorities, but timeout enforcement may be a prerequisite for safe rollback testing. Clarify the dependency chain.
2. Testing recommendations lack specifics: Section 13 lists high-level test categories (Timeout Testing, Cleanup Testing, etc.) but doesn't show expected behavior assertions or mock scenarios. Refer to TEST_COVERAGE_ANALYSIS.md for concrete test cases (e.g., lines 68-78).
3. Code review checklist could be sharper: The checklist at lines 118-127 is good, but mixing implementation checklist items (all async operations have timeout) with architectural concerns (error responses use RFC 7807) dilutes focus. Consider splitting into "Implementation Checklist" (tactical) and "Architecture Review Checklist" (strategic).

🧰 Tools

🪛 LanguageTool

[uncategorized] ~671-~671: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...) --- ## 10. SUMMARY OF FINDINGS ### High Priority Issues (Address Immediately) 1. **asyn...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[uncategorized] ~688-~688: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ... - Files: 15+ - Effort: Medium ### Medium Priority Issues 4. **Missing resource cleanup i...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[uncategorized] ~705-~705: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ior - Files: 5 - Effort: Low ### Low Priority Issues 7. Inconsistent log levels ...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

🪛 markdownlint-cli2 (0.18.1)

690-690: Ordered list item prefix
Expected: 1; Actual: 4; Style: 1/2/3

(MD029, ol-prefix)

---

695-695: Ordered list item prefix
Expected: 2; Actual: 5; Style: 1/2/3

(MD029, ol-prefix)

---

700-700: Ordered list item prefix
Expected: 3; Actual: 6; Style: 1/2/3

(MD029, ol-prefix)

---

707-707: Ordered list item prefix
Expected: 1; Actual: 7; Style: 1/2/3

(MD029, ol-prefix)

---

712-712: Ordered list item prefix
Expected: 2; Actual: 8; Style: 1/2/3

(MD029, ol-prefix)

---

727-727: Trailing spaces
Expected: 0 or 2; Actual: 3

(MD009, no-trailing-spaces)

---

733-733: Ordered list item prefix
Expected: 1; Actual: 3; Style: 1/2/3

(MD029, ol-prefix)

---

737-737: Ordered list item prefix
Expected: 2; Actual: 4; Style: 1/2/3

(MD029, ol-prefix)

---

741-741: Ordered list item prefix
Expected: 3; Actual: 5; Style: 1/2/3

(MD029, ol-prefix)

---

746-746: Ordered list item prefix
Expected: 1; Actual: 6; Style: 1/2/3

(MD029, ol-prefix)

---

750-750: Ordered list item prefix
Expected: 2; Actual: 7; Style: 1/2/3

(MD029, ol-prefix)

---

770-770: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents

In ERROR_HANDLING_REVIEW.md around lines 670–781, clarify the Phase 1 dependency
chain by making asyncio timeout enforcement a prerequisite step before migration
rollback work (reorder or annotate Phase 1 to run timeouts first, then
rollback), expand the Testing Recommendations to include specific expected
assertions and mock scenarios referencing TEST_COVERAGE_ANALYSIS.md lines 68–78
(e.g., assert operation aborts after timeout X, verify cleanup calls executed,
simulate partial migration failure and assert rollback), and split the Code
Review Checklist into two focused lists—"Implementation Checklist" for tactical
items (timeouts, specific exception types, resource cleanup, timeout constants)
and "Architecture Review Checklist" for strategic items (RFC 7807 error format,
rollback guarantees)—updating checklist line numbers accordingly.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Effective executive summary, but success criteria section prematurely marks items complete.

The summary effectively communicates the gap (0% → 85%) and scope (460 tests, 96-118 hours) in scannable format. Metrics, tier breakdown, and roadmap are clear.

However, the "Success Criteria" section (lines 305-314) marks several items as completed (e.g., line 306: [x] Identified all untested code), which contradicts the context that this is a proposal/roadmap document. These should either:

1. Be presented as proposed success criteria with all items unchecked: [ ], or
2. Be split into "Analysis Complete" (checked items) and "Implementation Roadmap" (unchecked items).

Current presentation (mixed checked/unchecked) is confusing for readers deciding whether to approve or execute the plan.

🧰 Tools

🪛 markdownlint-cli2 (0.18.1)

7-7: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

🤖 Prompt for AI Agents

In TEST_COVERAGE_SUMMARY.md around lines 1-50 (note: the reviewer points to the
Success Criteria at ~305-314), the "Success Criteria" list mixes checked and
unchecked items which contradicts the document's proposed/roadmap status; update
that section so items are either all presented as proposed (use unchecked boxes
"[ ]" for each criterion) or split into two clear sub-sections "Analysis
Complete" (only genuinely completed items checked) and "Implementation Roadmap"
(all remaining criteria unchecked), ensuring each list item clearly reflects its
true state and adjusting any summary sentence that implies completion.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Test organization and roadmap are pragmatic, but Phase 1 timeline needs validation.

The 5-phase roadmap (120 hours over ~3 weeks) assumes:

• Continuous 8-hour work days
• No context switching or review cycles
• Reusable fixture infrastructure from Phase 1

The Phase 1 timeline (16-20 hours for 120 tests) is ~8-10 minutes per test, which is reasonable for setup-heavy configuration/model tests but may be optimistic for integration tests with Docker/SSH mocking.

Recommendation: Add a risk buffer or contingency line item in the roadmap summary (e.g., "Planning buffer: +20% for review cycles, debugging, and tool setup").

🤖 Prompt for AI Agents

In TEST_COVERAGE_SUMMARY.md around lines 90 to 120, the Phase 1 timeline is
optimistic and omits a contingency for reviews, context switching, and setup;
update the Implementation Roadmap to explicitly state assumptions (workday
length, no context switching), add a "Planning buffer: +20%" line item (or
equivalent contingency percentage) to the Phase 1 summary, and adjust the Phase
1 hours and total timeline to reflect the buffer and note that integration tests
may require more time than unit/config tests.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Excellent quick-reference format with practical examples and clear priority ordering.

The document effectively frontloads the critical status (zero tests) and provides immediate actionable steps (quick start commands, first test template). The risk-level breakdown (lines 45-50, table format) and module-specific coverage targets (lines 52-65) are immediately useful for developers.

Recommendations for improvement:

1. Quick start commands (lines 15-22): Add expected output indicators or success messages. Currently unclear if the pytest tests/ -v command will pass or identify missing tests (which is the point, but make this explicit).

2. Path references (line 331): Change hardcoded /home/user/docker-mcp/pyproject.toml to relative path or use instructions like "in your project root" to avoid path-specific documentation.

3. Pro Tips section (lines 341-349): Convert style guidance into actionable patterns with examples, e.g., "Use test_<noun>_<behavior>_<expectation>() naming for clarity" instead of just "Descriptive names."

🧰 Tools

🪛 markdownlint-cli2 (0.18.1)

14-14: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

15-15: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

25-25: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

26-26: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

44-44: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

45-45: Tables should be surrounded by blank lines

(MD058, blanks-around-tables)

🤖 Prompt for AI Agents

In TESTING_QUICK_REFERENCE.md around lines 1-50, enhance the Quick Start section
by appending expected outputs or success/failure indicators for each command
(e.g., what running pytest will report when no tests exist vs when tests pass)
and a short note clarifying the intent of running pytest here; replace any
hardcoded absolute paths elsewhere in the doc with relative paths or the phrase
"in your project root" (update references like /home/user/... to be portable);
and convert the Pro Tips into concrete, actionable patterns with examples (e.g.,
show a recommended test naming convention such as
test_<noun>_<behavior>_<expectation> and a short example test) so readers get
direct, copy-pastable guidance.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Mock patterns are solid, but async fixture lifecycle deserves clarification.

The common mock patterns (Docker client, subprocess, async) are well-illustrated. However:

1. Async context manager mocking (lines 224-231): Example shows @patch("docker_mcp.services.container.asyncio.to_thread") but doesn't show how the mock return value is awaited in the test. Add a complete example showing the test calling await service.some_operation() and the mock's expected behavior.

2. Fixture scope not specified (conftest examples, lines 74-98): Pytest-asyncio fixtures have different scoping rules. Should mock_docker_client be @pytest.fixture(scope="function") or @pytest.fixture(scope="module")? Forgetting to specify scope can cause test pollution. Document default scope choice and rationale.

3. Over-mocking warning (lines 931-945): Great example of what NOT to do. Consider adding an inverse example: "DO mock external dependencies (Docker SDK, SSH), DON'T mock internal methods unless absolutely necessary."

🧰 Tools

🪛 markdownlint-cli2 (0.18.1)

151-151: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

152-152: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Implementation checklist and phase breakdown are clear, but resource requirements need buffering.

The 5-phase roadmap (120 hours over ~3 weeks) with specific deliverables per phase is excellent project planning. However:

1. Phase 1 (16-20 hours for 120 tests): This assumes 8-10 minutes per test, which works for config/model tests but may slip for fixture-heavy or parametrized tests. Add buffer or caveat.

2. External dependencies in Phase 1: conftest.py creation assumes consensus on fixture naming, scoping, and organization. If team hasn't worked with pytest-asyncio before, add ~2-4 hours for "pytest ecosystem onboarding."

3. Success criteria for each phase: Each phase lists hours, test count, and coverage target, but doesn't define "done" criteria beyond coverage percentage. For example, Phase 1 "done" should include "conftest.py reviewed and merged" + "at least 120 passing tests" + "coverage report generated."

🧰 Tools

🪛 markdownlint-cli2 (0.18.1)

285-285: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

290-290: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

298-298: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

304-304: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

310-310: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

🤖 Prompt for AI Agents

In TESTING_QUICK_REFERENCE.md around lines 282 to 315, the implementation
checklist/phase breakdown lacks buffers for effort estimates, explicit
onboarding time for pytest/pytest-asyncio and fixture consensus, and clear
"done" criteria per phase; update the checklist to (1) add a small buffer to
each phase estimate (e.g., +15–25%) or a note that estimates are optimistic, (2)
add a 2–4 hour onboarding item under Phase 1 for pytest ecosystem and fixture
conventions, and (3) add explicit success criteria for each phase such as
"conftest.py reviewed and merged", "specified number of tests passing (e.g.,
120) on CI", and "coverage report generated and meeting target" so reviewers
know when a phase is complete.

[coderabbitai]

Actionable comments posted: 6

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

docker_mcp/services/container.py (1)

7-20: Import asyncio before using asyncio.timeout

Multiple methods call asyncio.timeout, but the module isn’t imported, so the first call will raise NameError: name 'asyncio' is not defined. Please add the import.

-from datetime import UTC, datetime
-from typing import TYPE_CHECKING, Any
+import asyncio
+from datetime import UTC, datetime
+from typing import TYPE_CHECKING, Any

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 42345f8 and 0d718eb.

📒 Files selected for processing (18)

• SECURITY_VALIDATION_RESULTS.md (1 hunks)
• docker_mcp/constants.py (1 hunks)
• docker_mcp/core/backup.py (3 hunks)
• docker_mcp/core/compose_manager.py (1 hunks)
• docker_mcp/core/config_loader.py (6 hunks)
• docker_mcp/core/docker_context.py (3 hunks)
• docker_mcp/core/logging_config.py (4 hunks)
• docker_mcp/core/migration/manager.py (2 hunks)
• docker_mcp/core/transfer/containerized_rsync.py (2 hunks)
• docker_mcp/core/transfer/rsync.py (1 hunks)
• docker_mcp/resources/docker.py (10 hunks)
• docker_mcp/server.py (20 hunks)
• docker_mcp/services/container.py (3 hunks)
• docker_mcp/services/host.py (1 hunks)
• docker_mcp/services/stack/migration_executor.py (3 hunks)
• docker_mcp/services/stack/network.py (2 hunks)
• docker_mcp/tools/containers.py (4 hunks)
• docker_mcp/utils.py (1 hunks)

🧰 Additional context used

📓 Path-based instructions (6)

docker_mcp/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

docker_mcp/**/*.py: Validate Docker commands against an explicit allowlist (ALLOWED_DOCKER_COMMANDS) before execution
Execute subprocess calls only after validation, always with explicit timeouts, and annotate legitimate calls with # nosec B603
Build SSH commands with secure options (StrictHostKeyChecking=no, UserKnownHostsFile=/dev/null, LogLevel=ERROR, ConnectTimeout, ServerAliveInterval) and support identity_file
Use modern Python 3.11+ async exception patterns: asyncio.timeout, exception groups (except*), and asyncio.TaskGroup for batching
Validate host IDs before operations and provide clear error messages when hosts are not found
Use Python 3.11+ union syntax (e.g., str | None) and avoid Optional/Union legacy syntax
Use TypeAlias for complex recurring types (Python 3.12+)
Pydantic models should use Field(default_factory=...) for mutable defaults
Use structured logging with structlog and include contextual fields (e.g., host_id, operation)
All I/O operations must be async (use async/await)

docker_mcp/**/*.py: Target Python 3.11+ with type hints on public interfaces and async pathways
Route subprocess access through established helpers in docker_mcp/core and docker_mcp/services

Files:

• docker_mcp/core/docker_context.py
• docker_mcp/core/migration/manager.py
• docker_mcp/core/transfer/rsync.py
• docker_mcp/resources/docker.py
• docker_mcp/server.py
• docker_mcp/tools/containers.py
• docker_mcp/core/logging_config.py
• docker_mcp/services/stack/network.py
• docker_mcp/services/stack/migration_executor.py
• docker_mcp/services/container.py
• docker_mcp/core/backup.py
• docker_mcp/constants.py
• docker_mcp/services/host.py
• docker_mcp/core/compose_manager.py
• docker_mcp/utils.py
• docker_mcp/core/transfer/containerized_rsync.py
• docker_mcp/core/config_loader.py

docker_mcp/core/**/*.py

📄 CodeRabbit inference engine (docker_mcp/core/CLAUDE.md)

docker_mcp/core/**/*.py: Define configuration using Pydantic BaseSettings with explicit environment variable aliases and model_config env_file ".env" and extra="ignore"
Use an async context manager (asynccontextmanager + AsyncExitStack) for Docker operations with timeout (asyncio.timeout) and guaranteed cleanup
Protect shared caches with asyncio.Lock when checking/updating context caches
Create Docker contexts with retry and exponential backoff; on failure, handle ExceptionGroup using except* for DockerContextError and SSHConnectionError
Use asyncio.TaskGroup for concurrent creation of multiple Docker contexts and collect results per host
Track resources in operation context and clean them up in reverse order, supporting both sync close() and async aclose()/close()
Log cleanup errors with structlog using async-friendly logging (e.g., logger.awarning) without failing the cleanup loop
Construct SSH URLs as ssh://user@hostname and append :port only when port != 22
When invoking docker/ssh via subprocess.run, execute in a thread executor to avoid blocking and annotate the call with "# nosec B603"
Compose file path resolution should first use an explicit compose_path if provided, else fall back to auto-discovery
Implement hot reload by watching config file changes (e.g., with awatch) and invoking an async reload callback with the new config
When importing SSH config entries, skip wildcard names (* or ?), require a hostname, default user to "root", and tag hosts as ["imported", "ssh-config"]
Ensure all core exceptions inherit from DockerMCPError with specific subclasses for contexts and configuration (DockerContextError, ConfigurationError)

Files:

• docker_mcp/core/docker_context.py
• docker_mcp/core/migration/manager.py
• docker_mcp/core/transfer/rsync.py
• docker_mcp/core/logging_config.py
• docker_mcp/core/backup.py
• docker_mcp/core/compose_manager.py
• docker_mcp/core/transfer/containerized_rsync.py
• docker_mcp/core/config_loader.py

**/*.py

📄 CodeRabbit inference engine (AGENTS.md)

**/*.py: Enforce 100-character maximum line length (Ruff)
Use double quotes for strings (Ruff)
Use space indentation (no tabs) (Ruff)
Use snake_case for module, function, and variable names
Use PascalCase for class names
Use UPPER_SNAKE for constants

Files:

• docker_mcp/core/docker_context.py
• docker_mcp/core/migration/manager.py
• docker_mcp/core/transfer/rsync.py
• docker_mcp/resources/docker.py
• docker_mcp/server.py
• docker_mcp/tools/containers.py
• docker_mcp/core/logging_config.py
• docker_mcp/services/stack/network.py
• docker_mcp/services/stack/migration_executor.py
• docker_mcp/services/container.py
• docker_mcp/core/backup.py
• docker_mcp/constants.py
• docker_mcp/services/host.py
• docker_mcp/core/compose_manager.py
• docker_mcp/utils.py
• docker_mcp/core/transfer/containerized_rsync.py
• docker_mcp/core/config_loader.py

docker_mcp/core/transfer/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

Implement new transfer methods by subclassing BaseTransfer and providing transfer(...), validate_requirements(...), and get_transfer_type()

Files:

• docker_mcp/core/transfer/rsync.py
• docker_mcp/core/transfer/containerized_rsync.py

docker_mcp/tools/**/*.py

📄 CodeRabbit inference engine (docker_mcp/tools/CLAUDE.md)

docker_mcp/tools/**/*.py: Use DockerContextManager for executing Docker CLI commands instead of ad-hoc subprocess calls
Standardize success responses to include: success=True, message, host_id, resource identifiers (e.g., container_id), data, timestamp (ISO)
Standardize error responses to include: success=False, error message, host_id, relevant resource identifiers, timestamp (ISO)
Ensure all responses include consistent fields: success (bool), timestamp (ISO), host_id, and relevant resource identifiers (container_id, stack_name, etc.)
Automatically parse JSON-output Docker commands (inspect, version, info) and return parsed JSON; otherwise wrap stdout under output
Use Docker context for container operations; use SSH for stack operations requiring remote filesystem access
Validate stack names: regex ^[a-zA-Z0-9][a-zA-Z0-9_-]$, length <= 63, and disallow reserved names {docker, compose, system, network, volume}
Validate action parameters against explicit allowlists and return structured errors for invalid actions
Use Python 3.11+ async error-handling patterns: asyncio.timeout, exception groups (except), and TaskGroup for batch operations
Manage resources with AsyncExitStack and async context managers (e.g., connections, locks) for complex operations
Process JSON line outputs robustly: iterate lines, json.loads per line, warn on JSONDecodeError
Enrich base Docker listings with additional inspect-derived details (e.g., volumes, networks, compose_project)
Use Pydantic models for validation/serialization and return model_dump() for API responses
Implement parsing helpers: percentage strings to float, size strings to bytes, and port summaries formatted as host→container
Use structured logging (structlog) to log start, completion, and failures with contextual fields (host_id, container_id, action, duration, error)
Validate Docker commands against an allowed command set before execution; reject disallowed or empty commands
Use SSH security options for automation: Strict...

Files:

• docker_mcp/tools/containers.py

docker_mcp/services/**/*.py

📄 CodeRabbit inference engine (docker_mcp/services/CLAUDE.md)

docker_mcp/services/**/*.py: Use Pydantic v2 models for input validation in services (BaseModel, Field, field_validator, ValidationError, ValidationInfo)
Validate host_id with regex ^[a-zA-Z0-9_-]+$ and length bounds (1–64)
Validate container_id with length bounds (1–128)
Constrain action to Literal["start","stop","restart","pause","unpause","remove"]
Constrain timeout to 1–300 seconds with a default of 30
Use field_validator with ValidationInfo context to ensure host exists in configuration when validating host_id
Validate stack_name with regex ^[a-zA-Z0-9][a-zA-Z0-9_-]$, length ≤ 63, and reject reserved names {docker, compose, system, network, volume}
Allow environment dict but scan keys for sensitive patterns (password|secret|token|key); warn instead of blocking
Catch Pydantic ValidationError and return structured validation errors in ToolResult
Provide decorator-based validation (e.g., @validate_host_exists, @validate_container_id) for common checks
Use TypeGuard functions (e.g., is_docker_host_config) to strengthen runtime type checks
Use a ValidationResult class (result pattern) to aggregate validation outcomes and errors
Perform parallel async validations with asyncio.gather and aggregate results before constructing request models
Use async context managers for operations (ServiceOperationContext, docker_operation_context) with logging, timeouts, and cleanup
Use batch_operation_context to track progress for batch operations and always log completion stats
Use an async ConnectionPool with reference counting via asynccontextmanager for connection reuse and cleanup
Use modern exception handling: asyncio.timeout, except for grouped Docker errors, structured logging, and consistent ToolResult error payloads with context
Use structured logging (structlog) with contextual fields (host_id, operation, ids, duration, error) for info and error events
Services store a reference to DockerMCPConfig and expose helper accessors like get_host_config

Reuse existing permis...

Files:

• docker_mcp/services/stack/network.py
• docker_mcp/services/stack/migration_executor.py
• docker_mcp/services/container.py
• docker_mcp/services/host.py

🧬 Code graph analysis (8)

docker_mcp/core/docker_context.py (1)

docker_mcp/core/exceptions.py (1)

• DockerContextError (12-13)

docker_mcp/core/migration/manager.py (3)

docker_mcp/core/transfer/base.py (2)

• build_ssh_cmd (64-83)
• transfer (21-41)

docker_mcp/core/transfer/containerized_rsync.py (1)

• transfer (300-412)

docker_mcp/core/transfer/rsync.py (1)

• transfer (69-186)

docker_mcp/resources/docker.py (1)

docker_mcp/core/exceptions.py (2)

• DockerCommandError (8-9)
• DockerContextError (12-13)

docker_mcp/server.py (3)

docker_mcp/core/exceptions.py (2)

• DockerCommandError (8-9)
• DockerContextError (12-13)

docker_mcp/core/logging_config.py (1)

• get_server_logger (133-135)

docker_mcp/core/file_watcher.py (1)

• stop_hot_reload (149-152)

docker_mcp/tools/containers.py (2)

docker_mcp/core/error_response.py (2)

• DockerMCPErrorResponse (38-269)
• generic_error (260-269)

docker_mcp/tools/logs.py (1)

• _build_error_response (170-216)

docker_mcp/services/stack/migration_executor.py (2)

docker_mcp/core/compose_manager.py (1)

• get_compose_file_path (522-567)

docker_mcp/utils.py (1)

• build_ssh_command (19-69)

docker_mcp/services/container.py (3)

docker_mcp/utils.py (1)

• validate_host (72-97)

docker_mcp/server.py (3)

• list_containers (1326-1330)
• manage_container (1414-1420)
• pull_image (1422-1424)

docker_mcp/tools/containers.py (3)

• list_containers (52-203)
• manage_container (806-893)
• pull_image (895-956)

docker_mcp/core/config_loader.py (2)

docker_mcp/core/transfer/containerized_rsync.py (1)

• transfer (300-412)

docker_mcp/core/transfer/rsync.py (1)

• transfer (69-186)

🪛 markdownlint-cli2 (0.18.1)

SECURITY_VALIDATION_RESULTS.md

12-12: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

15-15: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

18-18: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

97-97: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

100-100: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

107-107: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

207-207: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

215-215: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

217-217: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

226-226: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

232-232: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

238-238: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

247-247: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

256-256: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

266-266: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

272-272: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

278-278: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

🪛 Ruff (0.14.3)

docker_mcp/core/docker_context.py

95-95: Avoid specifying long messages outside the exception class

(TRY003)

---

121-121: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

121-121: Avoid specifying long messages outside the exception class

(TRY003)

---

309-309: Consider moving this statement to an else block

(TRY300)

---

323-323: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

323-323: Logging statement uses f-string

(G004)

---

343-343: Consider moving this statement to an else block

(TRY300)

---

344-344: Do not catch blind exception: Exception

(BLE001)

---

349-349: Abstract raise to an inner function

(TRY301)

---

349-349: Avoid specifying long messages outside the exception class

(TRY003)

---

373-375: Abstract raise to an inner function

(TRY301)

---

373-375: Create your own exception

(TRY002)

---

373-375: Avoid specifying long messages outside the exception class

(TRY003)

---

382-382: Logging statement uses f-string

(G004)

---

385-385: Logging statement uses f-string

(G004)

---

386-386: Consider moving this statement to an else block

(TRY300)

---

388-388: Do not catch blind exception: Exception

(BLE001)

---

390-390: Logging statement uses f-string

(G004)

---

397-397: Logging statement uses f-string

(G004)

---

402-402: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

402-402: Logging statement uses f-string

(G004)

docker_mcp/core/migration/manager.py

89-89: Consider [*ssh_cmd, compose_cmd] instead of concatenation

Replace with [*ssh_cmd, compose_cmd]

(RUF005)

---

100-100: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

100-100: Avoid specifying long messages outside the exception class

(TRY003)

---

288-288: Do not catch blind exception: Exception

(BLE001)

docker_mcp/core/transfer/rsync.py

123-123: Consider ["rsync", *rsync_opts] instead of concatenation

Replace with ["rsync", *rsync_opts]

(RUF005)

docker_mcp/resources/docker.py

107-107: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

110-110: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

116-121: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

124-124: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

130-130: Do not catch blind exception: Exception

(BLE001)

---

132-137: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

140-140: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

195-200: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

209-209: Do not catch blind exception: Exception

(BLE001)

---

211-216: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

287-287: Do not catch blind exception: Exception

(BLE001)

---

289-295: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

386-391: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

400-400: Do not catch blind exception: Exception

(BLE001)

---

402-407: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

585-585: Do not catch blind exception: Exception

(BLE001)

---

587-593: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

docker_mcp/server.py

951-951: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1067-1067: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

1175-1175: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

1287-1287: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

1383-1389: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1397-1397: Do not catch blind exception: Exception

(BLE001)

---

1399-1405: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1408-1408: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

1539-1539: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1543-1547: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1557-1557: Unused function argument: frame

(ARG001)

---

1604-1604: Async function definition with a timeout parameter

(ASYNC109)

---

1621-1621: Do not catch blind exception: Exception

(BLE001)

---

1630-1630: Do not catch blind exception: Exception

(BLE001)

---

1644-1644: Logging statement uses f-string

(G004)

---

1646-1646: Do not catch blind exception: Exception

(BLE001)

---

1647-1647: Logging statement uses f-string

(G004)

---

1652-1655: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1656-1656: Do not catch blind exception: Exception

(BLE001)

---

1657-1657: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1853-1853: Logging statement uses f-string

(G004)

---

1860-1860: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1873-1873: Do not catch blind exception: Exception

(BLE001)

---

1875-1875: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1895-1895: Missing return type annotation for private function monitor_shutdown

Add return type annotation: None

(ANN202)

---

1922-1922: Logging .exception(...) should be used instead of .error(..., exc_info=True)

(G201)

---

1927-1927: Logging .exception(...) should be used instead of .error(..., exc_info=True)

(G201)

---

1954-1954: Do not catch blind exception: Exception

(BLE001)

---

1960-1960: Logging .exception(...) should be used instead of .error(..., exc_info=True)

(G201)

docker_mcp/tools/containers.py

448-454: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

456-456: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

1028-1028: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1031-1036: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1040-1040: Do not catch blind exception: Exception

(BLE001)

---

1042-1047: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

docker_mcp/services/stack/migration_executor.py

62-62: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

73-73: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

82-83: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

140-144: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

422-422: datetime.datetime.now() called without a tz argument

(DTZ005)

---

423-427: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

docker_mcp/services/container.py

233-233: Undefined name asyncio

(F821)

---

280-280: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

830-830: Undefined name asyncio

(F821)

---

876-877: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

914-914: Undefined name asyncio

(F821)

---

946-946: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

docker_mcp/services/host.py

525-525: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

535-535: Do not catch blind exception: Exception

(BLE001)

---

536-536: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

docker_mcp/core/config_loader.py

63-65: Avoid specifying long messages outside the exception class

(TRY003)

---

69-69: Avoid specifying long messages outside the exception class

(TRY003)

---

74-76: Avoid specifying long messages outside the exception class

(TRY003)

---

108-108: Avoid specifying long messages outside the exception class

(TRY003)

---

112-112: Avoid specifying long messages outside the exception class

(TRY003)

---

124-128: Avoid specifying long messages outside the exception class

(TRY003)

---

133-135: Avoid specifying long messages outside the exception class

(TRY003)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build-and-push

🔇 Additional comments (9)

docker_mcp/core/compose_manager.py (1)

420-424: LGTM! Security improvement for SSH host key verification.

The change from StrictHostKeyChecking=no to accept-new improves security by verifying known hosts while still allowing automation for new hosts. The explanatory comment clearly documents the security intent.

docker_mcp/constants.py (1)

4-7: LGTM! Centralized security improvement with clear documentation.

The update to accept-new strikes a good balance between security (prevents MITM on known hosts) and automation (allows new hosts without manual approval). The multi-line comment clearly explains the security posture and automation requirements.

docker_mcp/utils.py (1)

39-39: LGTM! Documentation updated to reflect the new SSH policy.

The docstring example now accurately reflects the accept-new policy used by the underlying constant.

docker_mcp/core/logging_config.py (1)

51-51: LGTM! Improved log retention for debugging.

Increasing backupCount from 0 to 5 provides valuable log history for debugging and issue investigation, which is essential for production systems. The same pattern is correctly applied to both the server and middleware handlers.

docker_mcp/core/config_loader.py (2)

33-78: Path validation logic looks good but consider Windows path edge case.

The path validation correctly:

• Blocks path traversal with ..
• Enforces absolute paths
• Restricts to safe characters

However, the regex ^[a-zA-Z0-9/_.\-]+$ and the absolute path check startswith("/") assume Unix-like systems. While Docker MCP appears to target Linux hosts (based on SSH usage), consider whether the configuration itself could run on Windows (where paths like C:\... would be rejected).

If Docker MCP server can run on Windows, this validator may reject valid local config file paths. Verify whether this is intentional (i.e., only remote Unix paths are stored in these fields).

---

80-137: SSH key validation is thorough and security-focused.

The validator correctly implements multiple security checks:

• File existence and type validation
• Permission validation (blocks group/other access)
• Ownership validation (must be owned by current user)

One minor consideration: Line 131 uses os.getuid() which is Unix-specific and will fail on Windows. Since Docker MCP targets SSH-based Linux hosts, this is likely acceptable, but it creates a platform dependency.

Confirm that Docker MCP server is intended to run only on Unix-like systems, as os.getuid() will raise AttributeError on Windows.

docker_mcp/core/backup.py (1)

86-86: LGTM! Using non-login shell improves predictability.

Changing from -lc to -c removes login shell behavior, which is appropriate for automation. Non-login shells are faster and avoid potential side effects from profile scripts. The same pattern is correctly applied at lines 128 and 184.

docker_mcp/core/transfer/containerized_rsync.py (2)

233-236: LGTM! Consistent SSH security policy update.

The change to accept-new aligns with the codebase-wide security improvement and includes a clear explanatory comment.

---

289-292: LGTM! Robust argument escaping improves security.

Using shlex.quote() for all command arguments prevents shell injection vulnerabilities. This is a critical security improvement, especially for the dynamically constructed rsync command that includes user-controlled paths.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Guard context creation with host-scoped locks

When two coroutines call ensure_context for the same host_id, they both miss _context_cache, both inspect the context, and both try to create it. The second docker context create fails with “context … already exists”, so we bubble a DockerContextError even though the context is live. The core guidelines ask us to protect shared caches with an asyncio.Lock, and the new timeout wrapper increases the chance of overlapping work. Please serialise cache access per host (and mirror it for _client_cache) so parallel operations can’t collide.

Apply this diff as a starting point:

@@
-        self._context_cache: dict[str, str] = {}
-        self._client_cache: dict[str, docker.DockerClient] = {}
+        self._context_cache: dict[str, str] = {}
+        self._context_locks: dict[str, asyncio.Lock] = {}
+        self._client_cache: dict[str, docker.DockerClient] = {}
+        self._client_locks: dict[str, asyncio.Lock] = {}
@@
-                if host_id in self._context_cache:
-                    context_name = self._context_cache[host_id]
-                    if await self._context_exists(context_name):
-                        return context_name
-                    else:
-                        # Context was deleted, remove from cache
-                        del self._context_cache[host_id]
+                lock = self._context_locks.setdefault(host_id, asyncio.Lock())
+                async with lock:
+                    if host_id in self._context_cache:
+                        context_name = self._context_cache[host_id]
+                        if await self._context_exists(context_name):
+                            return context_name
+                        del self._context_cache[host_id]
@@
-                if await self._context_exists(context_name):
+                if await self._context_exists(context_name):
                     logger.debug("Docker context exists", context_name=context_name)
                     self._context_cache[host_id] = context_name
                     return context_name

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In docker_mcp/core/docker_context.py around lines 98 to 119, concurrent calls to
ensure_context can race: both miss _context_cache and both create the same
Docker context, causing errors. Introduce a host-scoped asyncio.Lock map (e.g.
self._host_locks: Dict[host_id, asyncio.Lock]) and acquire the per-host lock
around all operations that read/update _context_cache and create the context
(wrap the cache check, existence check, create call, and cache assignment in an
"async with lock" block). Mirror the same per-host locking strategy for
_client_cache access. Ensure locks are created lazily and never block unrelated
hosts, and release automatically by using async context managers so parallel
operations for different hosts remain concurrent but same-host operations are
serialized.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Convert subprocess timeouts into MigrationError

If subprocess.run(..., timeout=300) hits the limit, it raises subprocess.TimeoutExpired, not TimeoutError. We currently fall out of the try block with an uncaught TimeoutExpired, so callers see a raw subprocess exception instead of the intended MigrationError. Please wrap both TimeoutExpired and the asyncio timeout in the same handler so we consistently surface a MigrationError.

Suggested patch:

-        except TimeoutError:
-            raise MigrationError(f"Container verification timed out after 360 seconds for stack {stack_name}")
+        except (subprocess.TimeoutExpired, TimeoutError) as exc:
+            raise MigrationError(
+                f"Container verification timed out after 360 seconds for stack {stack_name}"
+            ) from exc

🧰 Tools

🪛 Ruff (0.14.3)

89-89: Consider [*ssh_cmd, compose_cmd] instead of concatenation

Replace with [*ssh_cmd, compose_cmd]

(RUF005)

---

100-100: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

100-100: Avoid specifying long messages outside the exception class

(TRY003)

🤖 Prompt for AI Agents

In docker_mcp/core/migration/manager.py around lines 82 to 101, the code only
handles the asyncio timeout but not the subprocess.run timeout, so
subprocess.run(..., timeout=300) can raise subprocess.TimeoutExpired and leak a
raw exception; update the exception handling to catch both
subprocess.TimeoutExpired and the asyncio timeout (asyncio.TimeoutError or
built-in TimeoutError as used) in the same except block and raise a
MigrationError instead (include the original exception message or chain with
"from e" for context) so callers consistently receive a MigrationError on any
timeout.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Restore required SSH hardening flags

The rebuilt SSH probe now omits the mandated options (UserKnownHostsFile=/dev/null, LogLevel=ERROR, ServerAliveInterval=…). Without them we regress the security posture called out in our guidelines (keys land in the operator’s known_hosts, verbose banners leak, we lose keepalives). Please reinstate the full option set before shipping. As per coding guidelines

Apply this diff:

         ssh_cmd = [
             "ssh",
             "-o",
             "BatchMode=yes",
             "-o",
             "ConnectTimeout=10",
             "-o",
             "StrictHostKeyChecking=accept-new",
+            "-o",
+            "UserKnownHostsFile=/dev/null",
+            "-o",
+            "LogLevel=ERROR",
+            "-o",
+            "ServerAliveInterval=15",
         ]

🤖 Prompt for AI Agents

In docker_mcp/services/host.py around lines 429-444, the ssh_cmd builder dropped
mandated hardening flags; restore the full option set by adding "-o",
"UserKnownHostsFile=/dev/null", "-o", "LogLevel=ERROR", and keepalive settings
such as "-o", "ServerAliveInterval=60" and "-o", "ServerAliveCountMax=3" to the
ssh_cmd list (placed alongside the existing "-o" options) so keys aren't written
to operator known_hosts, verbose banners are suppressed, and connections are
kept alive; preserve existing port and identity_file handling.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Mark timed-out steps as failed so progress consumers get the terminal state

Line 421 exits on timeout without calling update_progress, leaving current_step stuck at "in_progress" and never firing the progress callback with the failure payload. Any dashboard or automation listening to the callback will happily assume the migration is still running even though we just returned overall_success=False.

Please mark the active step as failed (and thereby trigger the callback) before returning. For example:

         return success, migration_context

-        except TimeoutError:
+        except TimeoutError:
+            current_step = migration_context.get("current_step", {}).get("name")
+            if current_step:
+                update_progress(
+                    current_step,
+                    "failed",
+                    {"error": "Migration timed out after 30 minutes"},
+                )
             migration_context["errors"].append("Migration timed out after 30 minutes")
             migration_context["overall_success"] = False
             migration_context["end_time"] = datetime.now().isoformat()

🧰 Tools

🪛 Ruff (0.14.3)

422-422: datetime.datetime.now() called without a tz argument

(DTZ005)

---

423-427: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

🤖 Prompt for AI Agents

In docker_mcp/services/stack/migration_executor.py around lines 419 to 428, on
TimeoutError the code returns without updating progress; set the active step to
failed and call the progress updater before returning so consumers get the
terminal state. Specifically, modify the TimeoutError handler to mark
migration_context["current_step"]["status"]="failed" (and set
migration_context["current_step"]["end_time"]=datetime.now().isoformat() if
present), append the timeout error to migration_context["errors"] and
migration_context["overall_success"]=False as already done, then call the
existing update_progress method (self.update_progress(migration_context) or the
local function used elsewhere) to emit the failure payload, and only then set
migration_context["end_time"] and return False, migration_context.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Consider using SSH_NO_HOST_CHECK constant for consistency.

While the security improvement is good, this hardcodes the SSH option inline. For consistency and maintainability, consider using SSH_NO_HOST_CHECK from docker_mcp.constants instead of hardcoding the option here and at Line 404-405.

Apply this diff to use the constant:

+from ...constants import SSH_NO_HOST_CHECK
+
 # ...
-                        # Security: accept-new allows new hosts but verifies known hosts (prevents MITM)
-                        ssh_e = ["ssh", "-o", "StrictHostKeyChecking=accept-new", "-o", "UserKnownHostsFile=/dev/null"]
+                        ssh_e = ["ssh", "-o", SSH_NO_HOST_CHECK, "-o", "UserKnownHostsFile=/dev/null"]

Apply the same pattern at Line 404-405 in measure_network_bandwidth.

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In docker_mcp/services/stack/network.py around lines 144-145, replace the
hardcoded SSH options list with the SSH_NO_HOST_CHECK constant imported from
docker_mcp.constants; similarly update the options used at lines 404-405 inside
measure_network_bandwidth to use the same constant. Ensure you add or verify the
import: from docker_mcp.constants import SSH_NO_HOST_CHECK, then assign ssh_e =
SSH_NO_HOST_CHECK (or extend/compose with any additional flags if needed) and
apply the same replacement at the two lines in measure_network_bandwidth so both
sites use the shared constant for consistency and maintainability.

[coderabbitai]

Actionable comments posted: 14

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

docker_mcp/services/stack/risk_assessment.py (1)

408-434: Mitigation plan omits documented risk factors

generate_mitigation_plan only adds steps for LARGE_DATASET and DATABASE_FILES, yet its docstring (and the risk assessment pipeline) promises guidance for LONG_DOWNTIME and PERSISTENT_SERVICES. When those flags are raised, the plan returns empty sections, so the “cumulative strategies” feature never materializes. Please extend the dispatcher so that each risk factor you emit (especially LONG_DOWNTIME and PERSISTENT_SERVICES) populates the appropriate pre/during/post/contingency actions.

docker_mcp/services/stack/migration_executor.py (1)

1003-1010: Use real host IDs when calling StackTools

StackTools.manage_stack expects the configured host ID, but you’re passing source_host.hostname.replace(".", "_"). For most deployments the hostname and config key diverge (e.g., host id prod-db vs. hostname prod-db.example.com), so this lookup fails and every stack action now returns “host not found.” Please thread the actual host IDs through this method (and the related deploy/verify paths) instead of synthesizing them from the hostname.

♻️ Duplicate comments (2)

docker_mcp/services/stack/migration_executor.py (1)

571-588: Still need to mark timeout as a failed step

This is the same gap flagged earlier: on timeout you exit without calling update_progress, so observers keep seeing the last step stuck in "in_progress" even though the migration has ended. Please update the active step to "failed" (and emit the callback) before returning.

docker_mcp/services/container.py (1)

241-276: Stop reporting success when list_containers failed.
ContainerTools.list_containers returns success=False (plus an error) on connection/permission failures, but this branch still forces a happy-path summary with "success": True, masking the outage exactly as flagged before. Please short-circuit when success is false and surface the upstream error instead of formatting a table.

-                # Create clean, professional summary
-                containers = result["containers"]
-                pagination = result["pagination"]
+                success = result.get("success", True)
+                if not success:
+                    error_msg = result.get("error") or "Failed to list containers"
+                    formatted_text = f"❌ {error_msg}"
+                    return ToolResult(
+                        content=[TextContent(type="text", text=formatted_text)],
+                        structured_content={
+                            "success": False,
+                            "error": error_msg,
+                            HOST_ID: host_id,
+                            "containers": result.get("containers", []),
+                            "pagination": result.get("pagination", {}),
+                            "formatted_output": formatted_text,
+                        },
+                    )
+
+                # Create clean, professional summary
+                containers = result["containers"]
+                pagination = result["pagination"]

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Handle SSH key ownership check on non-POSIX systems.

os.getuid() is unavailable on Windows, so this block raises an AttributeError as soon as a config with identity_file is loaded on that platform. That means the validator now hard-breaks every Windows operator, which is a regression versus the previous behaviour. Please gate the ownership check behind an hasattr(os, "getuid") guard (or provide an equivalent platform-specific implementation) so the validator still enforces ownership on POSIX while remaining functional elsewhere.

Apply this diff to make the validator cross-platform:

-        current_uid = os.getuid()
-        if file_stat.st_uid != current_uid:
-            raise ValueError(
-                f"SSH identity file '{v}' is not owned by current user (uid={current_uid})"
-            )
+        if hasattr(os, "getuid"):
+            current_uid = os.getuid()
+            if file_stat.st_uid != current_uid:
+                raise ValueError(
+                    f"SSH identity file '{v}' is not owned by current user (uid={current_uid})"
+                )

🧰 Tools

🪛 Ruff (0.14.4)

133-135: Avoid specifying long messages outside the exception class

(TRY003)

🤖 Prompt for AI Agents

In docker_mcp/core/config_loader.py around lines 131 to 135, the call to
os.getuid() will raise on Windows (non-POSIX) and must be guarded; update the
ownership check to first detect POSIX support (e.g., if hasattr(os, "getuid") or
os.name != "nt") and only then perform file_stat.st_uid != os.getuid() and raise
the ValueError; on platforms without getuid simply skip the ownership validation
so the validator stays functional on Windows while still enforcing ownership on
POSIX.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Clean up import annotations and sort exports.

The rollback module exports are correct, but static analysis has identified minor cleanup opportunities.

Apply these improvements:

-from .rollback import (  # noqa: F401
+from .rollback import (
     MigrationCheckpoint,
     MigrationRollbackContext,
     MigrationRollbackManager,
     MigrationStep,
     MigrationStepState,
     RollbackAction,
     RollbackError,
 )
-from .verification import MigrationVerifier  # noqa: F401
-from .volume_parser import VolumeParser  # noqa: F401
+from .verification import MigrationVerifier
+from .volume_parser import VolumeParser

 __all__ = [
-    "MigrationManager",
     "MigrationError",
+    "MigrationCheckpoint",
     "MigrationManager",
-    "MigrationVerifier",
-    "VolumeParser",
-    "MigrationRollbackManager",
     "MigrationRollbackContext",
-    "MigrationCheckpoint",
+    "MigrationRollbackManager",
     "MigrationStep",
     "MigrationStepState",
+    "MigrationVerifier",
     "RollbackAction",
     "RollbackError",
+    "VolumeParser",
 ]

The noqa directives appear unnecessary, and sorting __all__ alphabetically improves maintainability.

🧰 Tools

🪛 Ruff (0.14.4)

5-5: Unused noqa directive (non-enabled: F401)

Remove unused noqa directive

(RUF100)

---

14-14: Unused noqa directive (non-enabled: F401)

Remove unused noqa directive

(RUF100)

---

15-15: Unused noqa directive (non-enabled: F401)

Remove unused noqa directive

(RUF100)

---

17-29: __all__ is not sorted

Apply an isort-style sorting to __all__

(RUF022)

🤖 Prompt for AI Agents

In docker_mcp/core/migration/__init__.py around lines 5 to 29, remove the
unnecessary "# noqa: F401" annotations from the import lines and reorder the
entries in the __all__ list into alphabetical order (ensuring every name still
matches the imported/exported symbols); update the import lines to be plain
imports and replace the current __all__ with an alphabetically sorted list of
the exported names so static analysis and maintainability are improved.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Manual rollback overshoots the requested target step.

When a caller asks to roll back to target_step, we only want to undo the steps that occurred after it. The current >= target_index filter also includes rollback actions that belong to target_step itself (e.g., STOP_SOURCE), so the manual rollback reverts the very step the caller requested to keep—effectively rolling back further than requested. Please change the filter to > so we only include later steps.

Apply this diff to respect the target step boundary:

-            filtered_actions = [
-                action for action in context.rollback_actions
-                if step_order.index(action.step) >= target_index
-            ]
+            filtered_actions = [
+                action for action in context.rollback_actions
+                if step_order.index(action.step) > target_index
+            ]

🤖 Prompt for AI Agents

In docker_mcp/core/migration/rollback.py around lines 541 to 544, the list
comprehension that builds filtered_actions currently uses "if
step_order.index(action.step) >= target_index" which includes actions belonging
to the requested target_step; change the comparison to ">" so it only selects
actions whose step index is strictly greater than target_index (i.e., actions
that occurred after the target step), preventing the manual rollback from
undoing the requested target step itself.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Rollback verification reports success even when containers stay down.

docker compose ps --format json returns '[]' when nothing is running. Because this check only tests len(result.stdout.strip()) > 0, '[]' is treated as “true”, so we mark rollback verification as successful even though every expected container is still offline. That defeats the point of the verification step and can leave the cluster dark with a green status. Please parse the JSON output and assert that each expected container is present and running.

Apply this diff to validate the actual container state:

-            # Check if expected containers are running
-            # This is a simplified check - production would parse JSON
-            return len(expected_containers) > 0 and len(result.stdout.strip()) > 0
+            try:
+                containers = json.loads(result.stdout or "[]")
+            except json.JSONDecodeError:
+                return False
+
+            running_ids = {
+                (item.get("ID") or "")[:12]
+                for item in containers
+                if item.get("State") == "running"
+            }
+            expected_ids = {cid[:12] for cid in expected_containers}
+            return bool(expected_ids) and expected_ids.issubset(running_ids)

Add this import near the top of the file:

import json

🤖 Prompt for AI Agents

In docker_mcp/core/migration/rollback.py around lines 765 to 768, the current
check treats any non-empty stdout (including '[]') as success; change it to
parse result.stdout as JSON (add `import json` near the top of the file),
iterate the returned container entries and verify that each name in
expected_containers is present and has a running status (e.g.,
container["State"] or container["Status"] indicates running depending on compose
output); return True only if all expected containers are found and marked
running, otherwise return False and include a helpful log/error for missing or
non-running containers.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Signals now no longer stop the server.
By replacing the SIGINT/SIGTERM handlers with one that only sets an event, we suppress the default KeyboardInterrupt/SystemExit, so FastMCP.run() keeps blocking and the shutdown thread can’t ever trigger cleanup. Please re-raise after setting the event (or delegate to the default handler) so the main loop exits and the existing shutdown path runs.

         _shutdown_event.set()
-
-    finally:
-        # Release lock after setting event
-        _shutdown_in_progress.release()
+        raise KeyboardInterrupt
+    finally:
+        # Release lock after setting event
+        _shutdown_in_progress.release()

🧰 Tools

🪛 Ruff (0.14.4)

1967-1967: Unused function argument: frame

(ARG001)

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Excellent test suite documentation with formatting improvements needed.

The test suite summary is comprehensive and provides excellent visibility into test coverage, patterns, and infrastructure. Similar to tests/README.md, markdown formatting should be improved.

Consider auto-fixing markdown issues:

npx markdownlint-cli2-fix TEST_SUITE_SUMMARY.md

🧰 Tools

🪛 markdownlint-cli2 (0.18.1)

19-19: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

20-20: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

20-20: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

240-240: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

247-247: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

253-253: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

258-258: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

263-263: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

267-267: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

273-273: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

274-274: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

278-278: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

279-279: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

283-283: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

284-284: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

288-288: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

289-289: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

294-294: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

295-295: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

302-302: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

309-309: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

316-316: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

324-324: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

325-325: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

337-337: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

338-338: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

350-350: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

351-351: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

361-361: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

368-368: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

375-375: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

382-382: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

390-390: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

400-400: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

410-410: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

411-411: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

418-418: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

419-419: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

426-426: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

427-427: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

434-434: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

435-435: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

445-445: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

454-454: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

🤖 Prompt for AI Agents

In TEST_SUITE_SUMMARY.md lines 1-500, the markdown has inconsistent formatting
(tables, code blocks, headings and inline code) that should be normalized; run a
markdown linter/formatter or manually fix by ensuring proper heading levels,
consistent fenced code blocks (```), proper table pipe alignment and blank lines
between sections, replace raw tree blocks with fenced code blocks, and correct
any nonstandard characters or spacing; you can auto-fix with npx
markdownlint-cli2-fix TEST_SUITE_SUMMARY.md and then review/commit the resulting
changes.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Comprehensive test documentation with minor formatting issues.

The test suite documentation is thorough and well-organized, covering all essential aspects of testing (structure, execution, fixtures, patterns). However, static analysis has identified markdown formatting issues that should be addressed for consistency.

The main formatting issues are:

• Missing blank lines around headings and code fences (MD022, MD031)
• Missing language specifier for the code fence at line 7 (MD040)

These are minor style issues that don't affect functionality but improve readability. Consider running markdownlint and auto-fixing these issues:

# Auto-fix markdown formatting
npx markdownlint-cli2-fix tests/README.md

🧰 Tools

🪛 markdownlint-cli2 (0.18.1)

7-7: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

24-24: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

25-25: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

29-29: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

30-30: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

34-34: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

35-35: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

39-39: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

40-40: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

46-46: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

47-47: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

51-51: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

52-52: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

82-82: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

90-90: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

98-98: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

106-106: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

114-114: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

121-121: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

129-129: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

130-130: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

141-141: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

142-142: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

151-151: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

152-152: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

161-161: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

162-162: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

173-173: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

180-180: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

187-187: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

192-192: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

197-197: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

203-203: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

204-204: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

212-212: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

213-213: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

221-221: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

222-222: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

234-234: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

253-253: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

254-254: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

259-259: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

260-260: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

265-265: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

266-266: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

🤖 Prompt for AI Agents

In tests/README.md lines 1-270: headings and code fences lack surrounding blank
lines and the first code fence at line ~7 is missing a language specifier; fix
by adding a blank line before and after each heading and every fenced code
block, update the first/few code fences to include an appropriate language tag
(e.g., bash or python) so markdownlint MD022/MD031/MD040 are satisfied, and
optionally run your markdown linter/auto-fixer to apply and verify fixes.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Fix the multi-variable expansion assertion

The check assert "$" not in expanded or "HOME" in expanded always passes when $HOME is left untouched because the substring "HOME" is still present. That means _expand_yaml_config can regress without this test ever failing. Tighten the assertion so the test actually verifies both substitutions occurred.

@@
-        assert "$" not in expanded or "HOME" in expanded
+        assert expanded == "path: /home/test/user/testuser/data"

🤖 Prompt for AI Agents

In tests/unit/test_config_loader.py around lines 555 to 560, the assertion
`assert "$" not in expanded or "HOME" in expanded` is too weak and can pass even
if variables weren't substituted; change the assertion to explicitly verify both
substitutions occurred (for example assert the expanded string equals the
expected fully substituted path, or assert that neither "$HOME" nor "$USER"
remain and that the result contains the expected values), ensuring the test
fails if either environment variable is not expanded.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Use builtin TimeoutError for Python 3.11+ compatibility.

Line 280 uses asyncio.TimeoutError which is deprecated in favor of the builtin TimeoutError in Python 3.11+.

As per coding guidelines targeting Python 3.11+:

     with patch.object(manager, "_run_docker_command") as mock_run:
-        mock_run.side_effect = asyncio.TimeoutError()
+        mock_run.side_effect = TimeoutError()

         with pytest.raises(DockerContextError) as exc_info:
             await manager._create_context("test-context", docker_host)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	@pytest.mark.unit
	@pytest.mark.asyncio
	async def test_create_context_timeout():
	"""Test context creation timeout handling."""
	docker_host = DockerHost(hostname="test.com", user="user")
	config = DockerMCPConfig(hosts={"test": docker_host})
	manager = DockerContextManager(config)
	with patch.object(manager, "_run_docker_command") as mock_run:
	mock_run.side_effect = asyncio.TimeoutError()
	with pytest.raises(DockerContextError) as exc_info:
	await manager._create_context("test-context", docker_host)
	assert "timed out" in str(exc_info.value).lower()
	@pytest.mark.unit
	@pytest.mark.asyncio
	async def test_create_context_timeout():
	"""Test context creation timeout handling."""
	docker_host = DockerHost(hostname="test.com", user="user")
	config = DockerMCPConfig(hosts={"test": docker_host})
	manager = DockerContextManager(config)
	with patch.object(manager, "_run_docker_command") as mock_run:
	mock_run.side_effect = TimeoutError()
	with pytest.raises(DockerContextError) as exc_info:
	await manager._create_context("test-context", docker_host)
	assert "timed out" in str(exc_info.value).lower()

🧰 Tools

🪛 Ruff (0.14.4)

280-280: Replace aliased errors with TimeoutError

Replace asyncio.TimeoutError with builtin TimeoutError

(UP041)

🤖 Prompt for AI Agents

In tests/unit/test_docker_context.py around lines 271 to 286, the test currently
uses asyncio.TimeoutError which is deprecated; replace uses of
asyncio.TimeoutError with the builtin TimeoutError (remove any reference to
asyncio for this exception) so the mock side_effect raises TimeoutError instead,
and ensure no unnecessary asyncio import is required for this test.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify timeout validation behavior.

The tests test_timeout_settings_negative_value and test_timeout_settings_zero_value show that negative and zero timeouts are accepted without validation errors. This could be problematic for production use.

Please verify whether timeouts should accept negative or zero values:

If timeouts should always be positive, consider adding Pydantic field validators:

@field_validator('docker_client_timeout', 'docker_cli_timeout', ...)
@classmethod
def validate_positive_timeout(cls, v: int) -> int:
    if v <= 0:
        raise ValueError("Timeout must be positive")
    return v

---

🏁 Script executed:

#!/bin/bash
# Check if timeout validation is enforced elsewhere in the codebase
rg -n "timeout.*[<>]=?\s*0" docker_mcp/ --type py -A 2 -B 2

# Check for timeout validation in settings or usage
ast-grep --pattern $'if $TIMEOUT <= 0:
  $$$'

Length of output: 0

---

---

🏁 Script executed:

```shell
#!/bin/bash
# Find and examine DockerTimeoutSettings class definition
fd -n "settings.py" --type f | head -5

Length of output: 230

---

🏁 Script executed:

#!/bin/bash
# Once we find settings.py, let's look for DockerTimeoutSettings class
rg -n "class DockerTimeoutSettings" --type py -A 30

Length of output: 1997

---

🏁 Script executed:

#!/bin/bash
# Search for actual timeout usage in Docker client initialization
rg -n "timeout" docker_mcp/ --type py -i | grep -i "client\|docker" | head -20

Length of output: 1661

---

---

🏁 Script executed:

#!/bin/bash
# Get the complete DockerTimeoutSettings class including any validators
rg -n "class DockerTimeoutSettings" --type py -A 50

Length of output: 3466

---

🏁 Script executed:

#!/bin/bash
# Search for field_validator or validators on timeout fields
rg -n "@field_validator|@validator" docker_mcp/core/settings.py --type py -B 2 -A 5

Length of output: 0

---

🏁 Script executed:

#!/bin/bash
# Find where DockerTimeoutSettings is instantiated and used
rg -n "DockerTimeoutSettings\(\)" docker_mcp/ --type py -B 2 -A 5

Length of output: 611

---

🏁 Script executed:

#!/bin/bash
# Search for timeout usage in Docker API calls
rg -n "timeout\s*=" docker_mcp/ --type py | grep -E "(docker|client|subprocess)" | head -15

Length of output: 1365

---

---

🏁 Script executed:

```shell
#!/bin/bash
# Find where timeout constants from settings are actually used
rg -n "DOCKER_CLIENT_TIMEOUT|DOCKER_CLI_TIMEOUT|SUBPROCESS_TIMEOUT|ARCHIVE_TIMEOUT|RSYNC_TIMEOUT|BACKUP_TIMEOUT|CONTAINER_PULL_TIMEOUT|CONTAINER_RUN_TIMEOUT" docker_mcp/ --type py -B 2 -A 2

Length of output: 10399

---

🏁 Script executed:

#!/bin/bash
# Check if Docker client is initialized with timeout
rg -n "docker\.APIClient\|Client\(" docker_mcp/ --type py -B 3 -A 3 | head -40

Length of output: 0

---

🏁 Script executed:

#!/bin/bash
# Look for subprocess or asyncio timeout usage with these constants
rg -n "proc\.communicate\|wait_for\|asyncio\." docker_mcp/ --type py -B 2 -A 2 | grep -i timeout | head -20

Length of output: 0

---

Add field validators to DockerTimeoutSettings to enforce positive timeout values.

The tests correctly show that DockerTimeoutSettings currently accepts negative and zero values without validation. However, this is problematic: these invalid values will cause runtime failures when passed to docker.DockerClient(timeout=...), subprocess.run(timeout=...), or asyncio.wait_for(timeout=...), all of which require positive timeout values.

Add Pydantic field validators to docker_mcp/core/settings.py to enforce that all timeout fields are positive (> 0) at instantiation time, preventing invalid configuration from reaching runtime:

@field_validator(
    'docker_client_timeout',
    'docker_cli_timeout',
    'subprocess_timeout',
    'archive_timeout',
    'rsync_timeout',
    'backup_timeout',
    'container_pull_timeout',
    'container_run_timeout',
    mode='after'
)
@classmethod
def validate_positive_timeout(cls, v: int) -> int:
    if v <= 0:
        raise ValueError("Timeout must be positive (> 0)")
    return v

🧰 Tools

🪛 Ruff (0.14.4)

152-152: Unused function argument: clean_env

(ARG001)

---

162-162: Unused function argument: clean_env

(ARG001)

🤖 Prompt for AI Agents

In docker_mcp/core/settings.py around where DockerTimeoutSettings is defined
(affects tests in tests/unit/test_settings.py lines 152-167), the timeout fields
currently accept zero or negative values; add a Pydantic field validator that
runs after parsing to ensure each timeout field is > 0 and raises ValueError
otherwise. Specifically, create a classmethod validator applied to all timeout
field names (docker_client_timeout, docker_cli_timeout, subprocess_timeout,
archive_timeout, rsync_timeout, backup_timeout, container_pull_timeout,
container_run_timeout) that checks if v <= 0 and raises ValueError("Timeout must
be positive (> 0)") and returns v when valid. Ensure the validator is decorated
with field_validator(..., mode='after') so invalid configs fail at instantiation
time.

[coderabbitai]

Actionable comments posted: 24

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (5)

docker_mcp/tools/stacks.py (2)

517-541: Prefer logger.exception in except blocks and preserve cause.

Improve diagnostics and keep the original traceback/cause in raised errors.

-        except subprocess.TimeoutExpired as e:
+        except subprocess.TimeoutExpired as e:
             duration = time.monotonic() - start_time
-            logger.error(
+            logger.exception(
                 "SSH compose operation timed out",
@@
-            raise DockerCommandError(f"Docker compose command timed out: {e}") from e
-        except Exception as e:
+            raise DockerCommandError(f"Docker compose command timed out: {e}") from e
+        except Exception as e:
             duration = time.monotonic() - start_time
-            logger.error(
+            logger.exception(
                 "SSH compose operation failed with exception",
@@
-            if isinstance(e, DockerCommandError):
-                raise
-            raise DockerCommandError(f"Failed to execute docker compose: {e}") from e
+            if not isinstance(e, DockerCommandError):
+                raise DockerCommandError(f"Failed to execute docker compose: {e}") from e
+            raise

---

551-563: Validate environment variable names to prevent malformed remote commands.

Only allow shell-safe env keys like [A-Za-z_][A-Za-z0-9_]* and reject/strip others.

     def _build_remote_command(
         self, project_directory: str, compose_cmd: list[str], environment: dict[str, str] | None
     ) -> str:
@@
-        if environment:
-            parts = [f"{k}={shlex.quote(v)}" for k, v in environment.items()]
+        if environment:
+            import re
+            valid_key = re.compile(r"^[A-Za-z_][A-Za-z0-9_]*$")
+            parts = [
+                f"{k}={shlex.quote(v)}"
+                for k, v in environment.items()
+                if valid_key.match(k)
+            ]
+            # Optionally: warn when keys are dropped
+            if len(parts) < len(environment):
+                logger.warning("Dropped invalid env var keys for compose exec", dropped=len(environment) - len(parts))
             env_prefix = " " + " ".join(parts)

docker_mcp/core/compose_manager.py (2)

341-372: Fix invalid try/except structure and unreachable code in write_compose_file.

logger.info/return are placed between except blocks, causing syntax/flow errors. Use else and chain exceptions.

Apply this diff:

@@
-        try:
-            # Create the compose file on the remote host using Docker contexts
-            # We'll use a temporary container to write the file
-            async with asyncio.timeout(30.0):
-                await self._create_compose_file_on_remote(
-                    host_id, stack_dir, compose_file_path, compose_content
-                )
-        except TimeoutError:
-            logger.error("Create compose file timed out", host_id=host_id, stack_name=stack_name)
-            raise DockerMCPError("Create compose file timed out after 30 seconds")
-
-            logger.info(
-                "Compose file written to remote host",
-                host_id=host_id,
-                stack_name=stack_name,
-                stack_directory=stack_dir,
-                compose_file=compose_file_path,
-            )
-
-            return compose_file_path
-
-        except Exception as e:
-            logger.error(
-                "Failed to write compose file to remote host",
-                host_id=host_id,
-                stack_name=stack_name,
-                error=str(e),
-            )
-            raise
+        try:
+            # Create the compose file on the remote host using Docker contexts
+            # We'll use a temporary container to write the file
+            async with asyncio.timeout(30.0):
+                await self._create_compose_file_on_remote(
+                    host_id, stack_dir, compose_file_path, compose_content
+                )
+        except TimeoutError as e:
+            logger.exception("Create compose file timed out", host_id=host_id, stack_name=stack_name)
+            raise DockerMCPError("Create compose file timed out after 30 seconds") from e
+        except Exception as e:
+            logger.exception(
+                "Failed to write compose file to remote host",
+                host_id=host_id,
+                stack_name=stack_name,
+                error=str(e),
+            )
+            raise
+        else:
+            logger.info(
+                "Compose file written to remote host",
+                host_id=host_id,
+                stack_name=stack_name,
+                stack_directory=stack_dir,
+                compose_file=compose_file_path,
+            )
+            return compose_file_path

---

430-441: Add SSH ConnectTimeout and ServerAliveInterval to scp options.

Improve resilience and align with SSH option guidance.

             scp_cmd.extend(
                 [
                     "-o",
                     "StrictHostKeyChecking=accept-new",
                     "-o",
                     "UserKnownHostsFile=/dev/null",
                     "-o",
-                    "LogLevel=ERROR",
+                    "LogLevel=ERROR",
+                    "-o",
+                    "ConnectTimeout=30",
+                    "-o",
+                    "ServerAliveInterval=15",
                 ]
             )

docker_mcp/services/stack/operations.py (1)

750-752: Fix the infinite recursion in _format_service_sections.

The helper immediately calls itself with the same arguments, so the first invocation will recurse forever and crash with a RecursionError. Replace the self-call with real formatting logic (or remove the helper) before shipping.

Apply this diff to implement the intended formatting while avoiding recursion:

 def _format_service_sections(self, lines: list[str], service_results: dict) -> None:
     """Format successful and failed services sections."""
-    self._format_service_sections(lines, service_results)
+    successful = service_results.get("successful_services") or []
+    if successful:
+        lines.append("\n🟢 Successful Services:")
+        lines.append("─" * 40)
+        for service in successful:
+            name = service.get("name", "unknown")
+            status = service.get("status", "running")
+            lines.append(f"  ✅ {name:<25} │ {status}")
+
+    failed = service_results.get("failed_services") or []
+    if failed:
+        lines.append("\n🔴 Failed Services:")
+        lines.append("─" * 40)
+        for service in failed:
+            name = service.get("name", "unknown")
+            status = service.get("status", "failed")
+            error = service.get("error")
+            lines.append(f"  ❌ {name:<25} │ {status}")
+            if error:
+                lines.append(f"     └─ Error: {error}")

♻️ Duplicate comments (2)

METRICS.md (1)

541-544: Replace hardcoded absolute path with relative repository path.

Use a relative reference so docs work across environments.

-See `/home/user/docker-mcp/docker_mcp/core/metrics.py` for complete API documentation.
+See `docker_mcp/core/metrics.py` for complete API documentation, or refer to the inline docstrings.

docker_mcp/server.py (1)

1959-1986: Signals still never break out of FastMCP.run().

We set the shutdown event but never propagate the signal, so the FastMCP loop keeps blocking and the cleanup path never runs—exactly the problem previously reported. Re-raise KeyboardInterrupt (or delegate to the prior handler) after setting the event so the main thread unwinds and _run_server can execute its shutdown logic.

Apply this diff to propagate the signal:

         _shutdown_event.set()
+        # Let the main thread exit FastMCP.run() so shutdown can proceed.
+        raise KeyboardInterrupt

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fc7f7b1 and 9903b18.

📒 Files selected for processing (19)

• HEALTH_METRICS_IMPLEMENTATION.md (1 hunks)
• METRICS.md (1 hunks)
• TEST_EXPANSION_SUMMARY.md (1 hunks)
• docker_mcp/core/compose_manager.py (3 hunks)
• docker_mcp/resources/__init__.py (2 hunks)
• docker_mcp/resources/health.py (1 hunks)
• docker_mcp/server.py (27 hunks)
• docker_mcp/services/stack/operations.py (9 hunks)
• docker_mcp/tools/containers.py (11 hunks)
• docker_mcp/tools/stacks.py (3 hunks)
• tests/integration/test_cleanup_service.py (1 hunks)
• tests/integration/test_container_service.py (1 hunks)
• tests/integration/test_health_checks.py (1 hunks)
• tests/integration/test_host_service.py (1 hunks)
• tests/integration/test_migration_executor.py (1 hunks)
• tests/integration/test_stack_service.py (1 hunks)
• tests/unit/test_compose_manager.py (1 hunks)
• tests/unit/test_error_handling.py (1 hunks)
• tests/unit/test_metrics.py (1 hunks)

🧰 Additional context used

📓 Path-based instructions (6)

tests/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

tests/**/*.py: Organize tests with pytest markers: @pytest.mark.unit, @pytest.mark.integration, @pytest.mark.slow; maintain ≥85% coverage
Async tests must use @pytest.mark.asyncio

tests/**/*.py: Use pytest markers such as @pytest.mark.integration, slow, and requires_docker to keep CI selectors meaningful
Prefer FastMCP in-memory clients for unit tests and mock external SSH/Docker interactions to stay deterministic

Files:

• tests/integration/test_container_service.py
• tests/integration/test_cleanup_service.py
• tests/integration/test_host_service.py
• tests/integration/test_health_checks.py
• tests/unit/test_metrics.py
• tests/integration/test_stack_service.py
• tests/unit/test_error_handling.py
• tests/unit/test_compose_manager.py
• tests/integration/test_migration_executor.py

**/*.py

📄 CodeRabbit inference engine (AGENTS.md)

**/*.py: Enforce 100-character maximum line length (Ruff)
Use double quotes for strings (Ruff)
Use space indentation (no tabs) (Ruff)
Use snake_case for module, function, and variable names
Use PascalCase for class names
Use UPPER_SNAKE for constants

Files:

• tests/integration/test_container_service.py
• tests/integration/test_cleanup_service.py
• tests/integration/test_host_service.py
• docker_mcp/tools/stacks.py
• tests/integration/test_health_checks.py
• docker_mcp/services/stack/operations.py
• docker_mcp/core/compose_manager.py
• docker_mcp/resources/__init__.py
• tests/unit/test_metrics.py
• tests/integration/test_stack_service.py
• tests/unit/test_error_handling.py
• docker_mcp/resources/health.py
• docker_mcp/server.py
• tests/unit/test_compose_manager.py
• tests/integration/test_migration_executor.py
• docker_mcp/tools/containers.py

docker_mcp/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

docker_mcp/**/*.py: Validate Docker commands against an explicit allowlist (ALLOWED_DOCKER_COMMANDS) before execution
Execute subprocess calls only after validation, always with explicit timeouts, and annotate legitimate calls with # nosec B603
Build SSH commands with secure options (StrictHostKeyChecking=no, UserKnownHostsFile=/dev/null, LogLevel=ERROR, ConnectTimeout, ServerAliveInterval) and support identity_file
Use modern Python 3.11+ async exception patterns: asyncio.timeout, exception groups (except*), and asyncio.TaskGroup for batching
Validate host IDs before operations and provide clear error messages when hosts are not found
Use Python 3.11+ union syntax (e.g., str | None) and avoid Optional/Union legacy syntax
Use TypeAlias for complex recurring types (Python 3.12+)
Pydantic models should use Field(default_factory=...) for mutable defaults
Use structured logging with structlog and include contextual fields (e.g., host_id, operation)
All I/O operations must be async (use async/await)

docker_mcp/**/*.py: Target Python 3.11+ with type hints on public interfaces and async pathways
Route subprocess access through established helpers in docker_mcp/core and docker_mcp/services

Files:

• docker_mcp/tools/stacks.py
• docker_mcp/services/stack/operations.py
• docker_mcp/core/compose_manager.py
• docker_mcp/resources/__init__.py
• docker_mcp/resources/health.py
• docker_mcp/server.py
• docker_mcp/tools/containers.py

docker_mcp/tools/**/*.py

📄 CodeRabbit inference engine (docker_mcp/tools/CLAUDE.md)

docker_mcp/tools/**/*.py: Use DockerContextManager for executing Docker CLI commands instead of ad-hoc subprocess calls
Standardize success responses to include: success=True, message, host_id, resource identifiers (e.g., container_id), data, timestamp (ISO)
Standardize error responses to include: success=False, error message, host_id, relevant resource identifiers, timestamp (ISO)
Ensure all responses include consistent fields: success (bool), timestamp (ISO), host_id, and relevant resource identifiers (container_id, stack_name, etc.)
Automatically parse JSON-output Docker commands (inspect, version, info) and return parsed JSON; otherwise wrap stdout under output
Use Docker context for container operations; use SSH for stack operations requiring remote filesystem access
Validate stack names: regex ^[a-zA-Z0-9][a-zA-Z0-9_-]$, length <= 63, and disallow reserved names {docker, compose, system, network, volume}
Validate action parameters against explicit allowlists and return structured errors for invalid actions
Use Python 3.11+ async error-handling patterns: asyncio.timeout, exception groups (except), and TaskGroup for batch operations
Manage resources with AsyncExitStack and async context managers (e.g., connections, locks) for complex operations
Process JSON line outputs robustly: iterate lines, json.loads per line, warn on JSONDecodeError
Enrich base Docker listings with additional inspect-derived details (e.g., volumes, networks, compose_project)
Use Pydantic models for validation/serialization and return model_dump() for API responses
Implement parsing helpers: percentage strings to float, size strings to bytes, and port summaries formatted as host→container
Use structured logging (structlog) to log start, completion, and failures with contextual fields (host_id, container_id, action, duration, error)
Validate Docker commands against an allowed command set before execution; reject disallowed or empty commands
Use SSH security options for automation: Strict...

Files:

• docker_mcp/tools/stacks.py
• docker_mcp/tools/containers.py

docker_mcp/services/**/*.py

📄 CodeRabbit inference engine (docker_mcp/services/CLAUDE.md)

docker_mcp/services/**/*.py: Use Pydantic v2 models for input validation in services (BaseModel, Field, field_validator, ValidationError, ValidationInfo)
Validate host_id with regex ^[a-zA-Z0-9_-]+$ and length bounds (1–64)
Validate container_id with length bounds (1–128)
Constrain action to Literal["start","stop","restart","pause","unpause","remove"]
Constrain timeout to 1–300 seconds with a default of 30
Use field_validator with ValidationInfo context to ensure host exists in configuration when validating host_id
Validate stack_name with regex ^[a-zA-Z0-9][a-zA-Z0-9_-]$, length ≤ 63, and reject reserved names {docker, compose, system, network, volume}
Allow environment dict but scan keys for sensitive patterns (password|secret|token|key); warn instead of blocking
Catch Pydantic ValidationError and return structured validation errors in ToolResult
Provide decorator-based validation (e.g., @validate_host_exists, @validate_container_id) for common checks
Use TypeGuard functions (e.g., is_docker_host_config) to strengthen runtime type checks
Use a ValidationResult class (result pattern) to aggregate validation outcomes and errors
Perform parallel async validations with asyncio.gather and aggregate results before constructing request models
Use async context managers for operations (ServiceOperationContext, docker_operation_context) with logging, timeouts, and cleanup
Use batch_operation_context to track progress for batch operations and always log completion stats
Use an async ConnectionPool with reference counting via asynccontextmanager for connection reuse and cleanup
Use modern exception handling: asyncio.timeout, except for grouped Docker errors, structured logging, and consistent ToolResult error payloads with context
Use structured logging (structlog) with contextual fields (host_id, operation, ids, duration, error) for info and error events
Services store a reference to DockerMCPConfig and expose helper accessors like get_host_config

Reuse existing permis...

Files:

• docker_mcp/services/stack/operations.py

docker_mcp/core/**/*.py

📄 CodeRabbit inference engine (docker_mcp/core/CLAUDE.md)

docker_mcp/core/**/*.py: Define configuration using Pydantic BaseSettings with explicit environment variable aliases and model_config env_file ".env" and extra="ignore"
Use an async context manager (asynccontextmanager + AsyncExitStack) for Docker operations with timeout (asyncio.timeout) and guaranteed cleanup
Protect shared caches with asyncio.Lock when checking/updating context caches
Create Docker contexts with retry and exponential backoff; on failure, handle ExceptionGroup using except* for DockerContextError and SSHConnectionError
Use asyncio.TaskGroup for concurrent creation of multiple Docker contexts and collect results per host
Track resources in operation context and clean them up in reverse order, supporting both sync close() and async aclose()/close()
Log cleanup errors with structlog using async-friendly logging (e.g., logger.awarning) without failing the cleanup loop
Construct SSH URLs as ssh://user@hostname and append :port only when port != 22
When invoking docker/ssh via subprocess.run, execute in a thread executor to avoid blocking and annotate the call with "# nosec B603"
Compose file path resolution should first use an explicit compose_path if provided, else fall back to auto-discovery
Implement hot reload by watching config file changes (e.g., with awatch) and invoking an async reload callback with the new config
When importing SSH config entries, skip wildcard names (* or ?), require a hostname, default user to "root", and tag hosts as ["imported", "ssh-config"]
Ensure all core exceptions inherit from DockerMCPError with specific subclasses for contexts and configuration (DockerContextError, ConfigurationError)

Files:

• docker_mcp/core/compose_manager.py

🧬 Code graph analysis (15)

tests/integration/test_container_service.py (5)

docker_mcp/services/container.py (2)

• ContainerService (25-1568)
• check_port_availability (1138-1178)

docker_mcp/tools/containers.py (6)

• ContainerTools (31-1440)
• list_containers (52-225)
• get_container_info (333-453)
• manage_container (1014-1101)
• pull_image (1103-1164)
• list_host_ports (1189-1258)

docker_mcp/models/enums.py (1)

• ContainerAction (26-36)

tests/conftest.py (2)

• docker_mcp_config (69-76)
• mock_docker_context_manager (227-239)

docker_mcp/server.py (5)

• list_containers (1728-1732)
• get_container_info (1734-1736)
• manage_container (1816-1822)
• pull_image (1824-1826)
• list_host_ports (1828-1831)

tests/integration/test_cleanup_service.py (2)

docker_mcp/services/cleanup.py (2)

• CleanupService (24-1176)
• docker_cleanup (62-182)

tests/conftest.py (1)

• docker_mcp_config (69-76)

tests/integration/test_host_service.py (3)

docker_mcp/services/host.py (5)

• HostService (25-2381)
• edit_docker_host (217-347)
• remove_docker_host (349-402)
• test_connection (404-545)
• discover_host_capabilities (547-610)

docker_mcp/models/enums.py (1)

• HostAction (12-23)

tests/conftest.py (4)

• docker_mcp_config (69-76)
• mock_docker_context_manager (227-239)
• minimal_config (80-86)
• multi_host_config (90-114)

docker_mcp/tools/stacks.py (2)

docker_mcp/core/compose_manager.py (1)

• write_compose_file (328-379)

docker_mcp/core/docker_context.py (1)

• execute_docker_command (162-203)

tests/integration/test_health_checks.py (1)

tests/conftest.py (1)

• docker_mcp_config (69-76)

docker_mcp/services/stack/operations.py (3)

docker_mcp/server.py (3)

• deploy_stack (1833-1845)
• list_stacks (1853-1855)
• manage_stack (1847-1851)

docker_mcp/tools/stacks.py (4)

• deploy_stack (33-116)
• list_stacks (118-226)
• manage_stack (654-692)
• get_stack_compose_content (930-1007)

docker_mcp/services/stack_service.py (3)

• deploy_stack (83-95)
• list_stacks (103-105)
• manage_stack (97-101)

docker_mcp/core/compose_manager.py (1)

docker_mcp/core/exceptions.py (1)

• DockerMCPError (4-5)

docker_mcp/resources/__init__.py (1)

docker_mcp/resources/health.py (3)

• HealthCheckResource (24-237)
• MetricsJSONResource (268-293)
• MetricsResource (240-265)

tests/integration/test_stack_service.py (4)

docker_mcp/services/stack_service.py (1)

• StackService (28-835)

docker_mcp/models/enums.py (1)

• ComposeAction (39-53)

tests/conftest.py (2)

• docker_mcp_config (69-76)
• mock_docker_context_manager (227-239)

docker_mcp/services/stack/operations.py (3)

• list_stacks (360-420)
• deploy_stack (133-236)
• manage_stack (238-310)

tests/unit/test_error_handling.py (1)

docker_mcp/core/exceptions.py (3)

• DockerMCPError (4-5)
• DockerContextError (12-13)
• DockerCommandError (8-9)

docker_mcp/resources/health.py (3)

docker_mcp/core/docker_context.py (2)

• DockerContextManager (67-406)
• ensure_context (90-121)

docker_mcp/services/host.py (2)

• HostService (25-2381)
• test_connection (404-545)

docker_mcp/core/metrics.py (3)

• get_metrics_collector (397-410)
• get_prometheus_metrics (303-370)
• get_metrics (214-247)

docker_mcp/server.py (5)

docker_mcp/core/exceptions.py (2)

• DockerCommandError (8-9)
• DockerContextError (12-13)

docker_mcp/core/file_watcher.py (2)

• HotReloadManager (132-238)
• stop_hot_reload (149-152)

docker_mcp/core/logging_config.py (1)

• get_server_logger (133-135)

docker_mcp/core/metrics.py (2)

• get_metrics_collector (397-410)
• initialize_metrics (413-427)

docker_mcp/resources/health.py (3)

• HealthCheckResource (24-237)
• MetricsJSONResource (268-293)
• MetricsResource (240-265)

tests/unit/test_compose_manager.py (4)

docker_mcp/core/compose_manager.py (12)

• ComposeManager (22-625)
• get_compose_path (29-66)
• discover_compose_locations (68-92)
• write_compose_file (328-379)
• get_compose_file_path (533-578)
• compose_file_exists (580-625)
• _create_empty_discovery_result (94-103)
• _create_error_result (309-318)
• _format_ports_from_dict (138-156)
• _extract_compose_info (215-237)
• _handle_single_location (285-293)
• _handle_multiple_locations (295-307)

docker_mcp/core/config_loader.py (2)

• DockerHost (19-137)
• DockerMCPConfig (186-195)

tests/conftest.py (3)

• docker_mcp_config (69-76)
• mock_docker_context_manager (227-239)
• minimal_config (80-86)

docker_mcp/tools/containers.py (1)

• _format_ports_from_dict (879-893)

tests/integration/test_migration_executor.py (1)

tests/conftest.py (1)

• docker_mcp_config (69-76)

docker_mcp/tools/containers.py (2)

docker_mcp/core/docker_context.py (1)

• get_client (329-406)

docker_mcp/core/error_response.py (4)

• DockerMCPErrorResponse (38-269)
• docker_context_error (173-182)
• container_not_found (204-213)
• generic_error (260-269)

🪛 markdownlint-cli2 (0.18.1)

HEALTH_METRICS_IMPLEMENTATION.md

9-9: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

20-20: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

21-21: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

32-32: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

33-33: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

46-46: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

47-47: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

63-63: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

64-64: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

77-77: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

78-78: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

94-94: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

95-95: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

103-103: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

104-104: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

117-117: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

118-118: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

128-128: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

129-129: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

138-138: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

139-139: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

148-148: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

149-149: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

158-158: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

159-159: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

159-159: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

170-170: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

175-175: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

179-179: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

211-211: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

212-212: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

212-212: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

217-217: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

218-218: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

218-218: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

224-224: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

234-234: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

239-239: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

245-245: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

251-251: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

260-260: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

266-266: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

272-272: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

278-278: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

286-286: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

302-302: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

303-303: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

307-307: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

308-308: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

319-319: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

320-320: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

324-324: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

325-325: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

METRICS.md

9-9: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

20-20: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

21-21: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

32-32: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

33-33: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

46-46: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

47-47: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

63-63: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

64-64: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

77-77: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

78-78: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

94-94: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

95-95: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

103-103: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

104-104: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

117-117: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

118-118: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

128-128: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

129-129: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

138-138: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

139-139: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

148-148: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

149-149: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

---

158-158: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

159-159: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

159-159: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

170-170: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

175-175: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

179-179: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

211-211: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

212-212: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

212-212: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

217-217: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

218-218: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

218-218: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

224-224: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

234-234: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

239-239: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

245-245: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

251-251: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

260-260: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

266-266: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

272-272: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

278-278: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

286-286: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

302-302: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

303-303: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

307-307: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

308-308: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

319-319: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

320-320: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

324-324: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

---

325-325: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

🪛 Ruff (0.14.4)

tests/integration/test_container_service.py

265-265: Replace aliased errors with TimeoutError

Replace asyncio.TimeoutError with builtin TimeoutError

(UP041)

tests/integration/test_cleanup_service.py

180-180: Replace aliased errors with TimeoutError

Replace asyncio.TimeoutError with builtin TimeoutError

(UP041)

tests/integration/test_host_service.py

47-47: Local variable mock_save is assigned to but never used

Remove assignment to unused variable mock_save

(F841)

---

254-254: Replace aliased errors with TimeoutError

Replace asyncio.TimeoutError with builtin TimeoutError

(UP041)

docker_mcp/tools/stacks.py

72-72: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

78-78: datetime.datetime.now() called without a tz argument

(DTZ005)

---

88-88: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

94-94: datetime.datetime.now() called without a tz argument

(DTZ005)

---

252-252: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

258-258: datetime.datetime.now() called without a tz argument

(DTZ005)

---

312-312: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

318-318: datetime.datetime.now() called without a tz argument

(DTZ005)

tests/integration/test_health_checks.py

21-21: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

26-26: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

31-31: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

36-36: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

41-41: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

docker_mcp/services/stack/operations.py

68-68: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

158-158: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

255-255: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

375-375: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

643-643: Do not catch blind exception: Exception

(BLE001)

---

685-685: Do not catch blind exception: Exception

(BLE001)

---

1033-1033: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

docker_mcp/core/compose_manager.py

345-345: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

346-346: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

346-346: Avoid specifying long messages outside the exception class

(TRY003)

---

359-359: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

360-360: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

360-360: Avoid specifying long messages outside the exception class

(TRY003)

tests/unit/test_metrics.py

21-21: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

26-26: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

31-31: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

36-36: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

46-46: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

51-51: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

56-56: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

61-61: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

71-71: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

76-76: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

81-81: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

86-86: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

96-96: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

101-101: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

106-106: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

111-111: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

tests/unit/test_error_handling.py

90-90: Missing return type annotation for private function slow_operation

Add return type annotation: None

(ANN202)

---

99-99: Missing return type annotation for private function operation_with_timeout

(ANN202)

---

103-103: Replace aliased errors with TimeoutError

Replace asyncio.TimeoutError with builtin TimeoutError

(UP041)

---

113-113: Missing return type annotation for private function nested_operation

Add return type annotation: None

(ANN202)

---

129-129: Missing return type annotation for private function failing_operation

Add return type annotation: Never

(ANN202)

---

130-130: Avoid specifying long messages outside the exception class

(TRY003)

---

132-132: Missing return type annotation for private function wrapper_operation

(ANN202)

---

141-141: Missing return type annotation for special method __aenter__

(ANN204)

---

144-144: Missing return type annotation for special method __aexit__

(ANN204)

---

147-147: Missing return type annotation for private function operation

Add return type annotation: Never

(ANN202)

---

148-148: Avoid specifying long messages outside the exception class

(TRY003)

---

150-150: Missing return type annotation for private function use_context

Add return type annotation: None

(ANN202)

---

159-159: Missing return type annotation for private function operation_with_multiple_errors

Add return type annotation: Never

(ANN202)

---

161-161: Avoid specifying long messages outside the exception class

(TRY003)

---

163-163: Avoid specifying long messages outside the exception class

(TRY003)

---

165-165: Avoid specifying long messages outside the exception class

(TRY003)

---

220-220: Missing return type annotation for private function flaky_operation

(ANN202)

---

224-224: Avoid specifying long messages outside the exception class

(TRY003)

---

243-243: Missing return type annotation for private function primary_operation

Add return type annotation: Never

(ANN202)

---

244-244: Avoid specifying long messages outside the exception class

(TRY003)

---

246-246: Missing return type annotation for private function fallback_operation

(ANN202)

---

249-249: Missing return type annotation for private function operation_with_fallback

(ANN202)

---

262-262: Missing return type annotation for private function batch_operation

(ANN202)

---

269-269: Abstract raise to an inner function

(TRY301)

---

269-269: Avoid specifying long messages outside the exception class

(TRY003)

---

304-304: Abstract raise to an inner function

(TRY301)

---

304-304: Avoid specifying long messages outside the exception class

(TRY003)

---

306-311: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

330-330: Replace aliased errors with TimeoutError

Replace asyncio.TimeoutError with builtin TimeoutError

(UP041)

---

331-334: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

403-403: Missing return type annotation for private function operation_with_cleanup

Add return type annotation: None

(ANN202)

---

405-405: Avoid specifying long messages outside the exception class

(TRY003)

---

417-417: Missing return type annotation for private function failing_task

Add return type annotation: Never

(ANN202)

---

418-418: Avoid specifying long messages outside the exception class

(TRY003)

---

435-435: Missing return type annotation for private function operation_requiring_init

(ANN202)

---

437-437: Avoid specifying long messages outside the exception class

(TRY003)

docker_mcp/resources/health.py

36-36: Missing return type annotation for special method __init__

Add return type annotation: None

(ANN204)

---

106-109: Consider moving this statement to an else block

(TRY300)

---

110-110: Do not catch blind exception: Exception

(BLE001)

---

113-113: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

135-138: Consider moving this statement to an else block

(TRY300)

---

139-139: Replace aliased errors with TimeoutError

Replace asyncio.TimeoutError with builtin TimeoutError

(UP041)

---

144-144: Do not catch blind exception: Exception

(BLE001)

---

147-147: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

150-150: Do not catch blind exception: Exception

(BLE001)

---

153-153: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

185-185: Replace aliased errors with TimeoutError

Replace asyncio.TimeoutError with builtin TimeoutError

(UP041)

---

190-190: Do not catch blind exception: Exception

(BLE001)

---

193-193: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

196-196: Do not catch blind exception: Exception

(BLE001)

---

199-199: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

218-221: Consider moving this statement to an else block

(TRY300)

---

222-222: Do not catch blind exception: Exception

(BLE001)

---

225-225: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

253-253: Missing return type annotation for special method __init__

Add return type annotation: None

(ANN204)

---

276-276: Missing return type annotation for special method __init__

Add return type annotation: None

(ANN204)

---

276-276: Boolean-typed positional argument in function definition

(FBT001)

---

276-276: Boolean default positional argument in function definition

(FBT002)

docker_mcp/server.py

1002-1002: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1206-1206: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

1421-1421: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

1689-1689: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

1785-1791: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1799-1799: Do not catch blind exception: Exception

(BLE001)

---

1801-1807: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1810-1810: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

1941-1941: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1945-1949: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1959-1959: Unused function argument: frame

(ARG001)

---

2006-2006: Async function definition with a timeout parameter

(ASYNC109)

---

2023-2023: Do not catch blind exception: Exception

(BLE001)

---

2032-2032: Do not catch blind exception: Exception

(BLE001)

---

2046-2046: Logging statement uses f-string

(G004)

---

2048-2048: Do not catch blind exception: Exception

(BLE001)

---

2049-2049: Logging statement uses f-string

(G004)

---

2054-2057: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

2058-2058: Do not catch blind exception: Exception

(BLE001)

---

2059-2059: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

2255-2255: Logging statement uses f-string

(G004)

---

2262-2262: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

2275-2275: Do not catch blind exception: Exception

(BLE001)

---

2277-2277: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

2297-2297: Missing return type annotation for private function monitor_shutdown

Add return type annotation: None

(ANN202)

---

2324-2324: Logging .exception(...) should be used instead of .error(..., exc_info=True)

(G201)

---

2329-2329: Logging .exception(...) should be used instead of .error(..., exc_info=True)

(G201)

---

2356-2356: Do not catch blind exception: Exception

(BLE001)

---

2362-2362: Logging .exception(...) should be used instead of .error(..., exc_info=True)

(G201)

tests/unit/test_compose_manager.py

172-172: Unused method argument: tmp_path

(ARG002)

---

204-204: pytest.raises(ValueError) is too broad, set the match parameter or use a more specific exception

(PT011)

---

232-232: Missing return type annotation for private function mock_file_exists

(ANN202)

---

232-232: Unused function argument: host_id

(ARG001)

---

248-248: Missing return type annotation for private function mock_file_exists

(ANN202)

---

248-248: Unused function argument: host_id

(ARG001)

---

351-351: Possible binding to all interfaces

(S104)

tests/integration/test_migration_executor.py

23-23: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

28-28: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

33-33: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

38-38: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

43-43: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

54-54: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

59-59: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

64-64: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

69-69: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

74-74: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

85-85: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

90-90: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

95-95: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

100-100: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

105-105: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

116-116: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

121-121: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

126-126: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

131-131: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

136-136: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

docker_mcp/tools/containers.py

72-72: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

253-253: Consider moving this statement to an else block

(TRY300)

---

309-313: Consider moving this statement to an else block

(TRY300)

---

315-315: Replace aliased errors with TimeoutError

Replace asyncio.TimeoutError with builtin TimeoutError

(UP041)

---

316-316: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

322-327: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

330-330: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

624-630: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

632-632: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

1236-1236: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1239-1244: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1248-1248: Do not catch blind exception: Exception

(BLE001)

---

1250-1255: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

🔇 Additional comments (21)

tests/integration/test_cleanup_service.py (4)

15-25: LGTM! Clean initialization test.

The test correctly validates that the service stores the provided config and follows the pytest marker conventions.

---

91-98: LGTM! Good negative test case.

This test correctly validates that invalid cleanup types are rejected without requiring subprocess mocking.

---

99-106: LGTM! Good error case validation.

This test correctly verifies that nonexistent hosts are rejected by the service's host validation logic.

---

161-174: Good error case test.

This test correctly simulates a command failure with a non-zero return code and stderr output.

Optional enhancement: Consider also asserting that result["error"] contains the expected error message from stderr.

tests/unit/test_error_handling.py (1)

301-319: No changes required—tests already follow the codebase logging convention.

The review comment suggests updating tests if the codebase standardizes on logger.exception(). However, the codebase consistently uses logger.error() for exception handling (17+ occurrences in production code, 2 in tests). The tests at lines 301–319 and 326–336 already correctly mock logger.error(), matching the production code pattern throughout docker_mcp/server.py and docker_mcp/tools/stacks.py.

Likely an incorrect or invalid review comment.

tests/integration/test_container_service.py (6)

19-31: LGTM!

The initialization test properly validates that ContainerService correctly stores dependencies and instantiates ContainerTools.

---

33-114: LGTM!

The list containers tests provide comprehensive coverage of success cases, error handling, pagination, and the all-containers flag.

---

116-153: LGTM!

The container info retrieval tests appropriately cover both successful retrieval and not-found scenarios, validating the structured response format.

---

155-224: LGTM!

The container management tests cover the primary lifecycle operations (start, stop, restart) and verify that force and timeout parameters are correctly forwarded to the underlying tools.

---

273-330: LGTM!

The port management tests effectively validate listing ports and checking availability, including proper conflict detection.

---

332-401: LGTM!

The action dispatcher tests provide solid coverage of routing logic, including validation of required parameters and handling of unknown actions.

docker_mcp/resources/__init__.py (1)

14-30: LGTM!

The additions correctly expose the new health and metrics resources (HealthCheckResource, MetricsResource, MetricsJSONResource) in the public API, maintaining consistency with the existing resource exports.

tests/integration/test_host_service.py (2)

17-248: LGTM!

The host service tests provide comprehensive coverage of CRUD operations, connection testing, and discovery, with proper mocking and validation of both success and failure paths.

---

261-354: LGTM!

The discovery and action dispatcher tests effectively validate capability detection and the routing of various host management actions.

tests/unit/test_compose_manager.py (7)

18-35: LGTM!

The initialization tests properly validate ComposeManager setup with both full and minimal configurations.

---

37-81: LGTM!

The compose path resolution tests cover configured paths, non-existent hosts, auto-discovery, and failure scenarios comprehensively.

---

83-165: LGTM!

The discovery tests provide solid coverage of scenarios with no containers, containers without compose labels, successful stack discovery, and error handling.

---

187-199: LGTM!

The write compose file error handling test properly validates exception propagation.

---

208-257: LGTM!

The compose file path resolution tests effectively validate the preference order for different compose file extensions (docker-compose.yml, .yaml, compose.yml, etc.).

---

259-310: LGTM!

The compose file existence tests properly validate both true/false cases and error handling, including graceful degradation on errors.

---

312-420: LGTM!

The helper method tests provide thorough coverage of discovery result creation, port formatting, compose info extraction, and location analysis for both single and multiple compose locations.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Use logger.exception and chain exceptions in timeout handlers.

Ensure traceback is preserved for both get_compose_path and create file timeouts.

-        except TimeoutError:
-            logger.error("Get compose path timed out", host_id=host_id)
-            raise DockerMCPError("Get compose path timed out after 15 seconds")
+        except TimeoutError as e:
+            logger.exception("Get compose path timed out", host_id=host_id)
+            raise DockerMCPError("Get compose path timed out after 15 seconds") from e

Also applies to: 359-360

🧰 Tools

🪛 Ruff (0.14.4)

345-345: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

346-346: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

346-346: Avoid specifying long messages outside the exception class

(TRY003)

🤖 Prompt for AI Agents

In docker_mcp/core/compose_manager.py around lines 342-347 (and similarly at
359-360), the timeout except blocks currently call logger.error and re-raise a
new DockerMCPError without preserving the original traceback; change the handler
to catch the TimeoutError as a variable (except TimeoutError as e:), call
logger.exception("Get compose path timed out", host_id=host_id) to log the
traceback, and re-raise the DockerMCPError chained to the original exception
using "raise DockerMCPError('Get compose path timed out after 15 seconds') from
e" (apply the same pattern to the other timeout block).

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Add timeout for get_client and switch to builtin TimeoutError; include host/timestamp in lookup errors.

Ensure client acquisition is bounded; standardize error fields.

-        try:
-            client = await self.context_manager.get_client(host_id)
+        try:
+            async with asyncio.timeout(30.0):
+                client = await self.context_manager.get_client(host_id)
@@
-        except asyncio.TimeoutError:
-            logger.error("Container lookup timed out", host_id=host_id, identifier=container_identifier)
+        except TimeoutError:
+            logger.exception("Container lookup timed out", host_id=host_id, identifier=container_identifier)
             return {
                 "success": False,
-                "error": "Container lookup timed out after 30 seconds",
+                "error": "Container lookup timed out after 30 seconds",
+                "host_id": host_id,
+                "timestamp": create_success_response()["timestamp"],
             }
-        except docker.errors.APIError as e:
-            logger.error(
+        except docker.errors.APIError as e:
+            logger.exception(
                 "Docker API error finding container",
@@
             return {
                 "success": False,
-                "error": f"Docker API error: {str(e)}",
+                "error": f"Docker API error: {str(e)}",
+                "host_id": host_id,
+                "timestamp": create_success_response()["timestamp"],
             }

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools

🪛 Ruff (0.14.4)

253-253: Consider moving this statement to an else block

(TRY300)

---

309-313: Consider moving this statement to an else block

(TRY300)

---

315-315: Replace aliased errors with TimeoutError

Replace asyncio.TimeoutError with builtin TimeoutError

(UP041)

---

316-316: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

🤖 Prompt for AI Agents

In docker_mcp/tools/containers.py around lines 242 to 321, add a timeout around
the client acquisition (e.g. wrap await self.context_manager.get_client(host_id)
in asyncio.timeout or asyncio.wait_for with the same 30s bound) so get_client
cannot hang; change the except that catches timeouts to catch the builtin
TimeoutError instead of asyncio.TimeoutError; and when returning lookup error
responses or logging container lookup timeouts include host and a timestamp
field (and/or host_id) in the returned error dict and logger calls to
standardize error fields (e.g. add "host": host_id and "timestamp": current UTC
ISO string to both logs and the error response objects).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Preserve suggestions/ambiguity in not-found responses.

Surface suggestions to callers instead of discarding them.

-            if not find_result.get("success"):
+            if not find_result.get("success"):
                 # Container not found - return helpful error with suggestions
-                error_msg = find_result.get("error", "Container not found")
-                suggestions = find_result.get("suggestions", [])
-
-                if suggestions:
-                    if find_result.get("ambiguous"):
-                        error_msg = f"{error_msg}. Did you mean one of: {', '.join(suggestions[:5])}?"
-                    else:
-                        error_msg = f"{error_msg}. Available containers: {', '.join(suggestions[:10])}"
-
-                return DockerMCPErrorResponse.container_not_found(host_id, container_id)
+                suggestions = find_result.get("suggestions", [])
+                ambiguous = find_result.get("ambiguous", False)
+                context = {"host_id": host_id, "container_id": container_id}
+                if suggestions:
+                    context["suggestions"] = suggestions[:10]
+                    context["ambiguous"] = ambiguous
+                return DockerMCPErrorResponse.generic_error(
+                    error_message=find_result.get("error", "Container not found"),
+                    context=context,
+                )

Replicate the same pattern in start_container, stop_container, restart_container, and get_container_stats for consistency. Based on coding guidelines.

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

docker_mcp/tools/containers.py around lines 353 to 369: the code builds an
error_msg with suggestions and ambiguity information but then discards those
details by returning DockerMCPErrorResponse.container_not_found(host_id,
container_id); update the return to pass through suggestions and the ambiguous
flag (e.g., DockerMCPErrorResponse.container_not_found(host_id, container_id,
message=error_msg, suggestions=suggestions,
ambiguous=find_result.get("ambiguous", False))) or adjust the
container_not_found factory to accept those params and include them in the
response payload; apply the same change in start_container, stop_container,
restart_container, and get_container_stats so callers receive suggestion lists
and ambiguity markers consistently.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Log exceptions with tracebacks; narrow broad Exception where possible.

Use logger.exception in error paths, and avoid catching bare Exception unless necessary.

-        except (DockerCommandError, DockerContextError) as e:
-            logger.error("Failed to list host ports", host_id=host_id, error=str(e), error_type=type(e).__name__)
+        except (DockerCommandError, DockerContextError) as e:
+            logger.exception("Failed to list host ports", host_id=host_id, error=str(e), error_type=type(e).__name__)
@@
-        except (docker.errors.APIError, ConnectionError, TimeoutError) as e:
-            logger.error(
+        except (docker.errors.APIError, ConnectionError, TimeoutError) as e:
+            logger.exception(
                 "Docker API or network error listing host ports",
@@
-        except Exception as e:
-            # Unexpected errors with detailed logging
-            logger.error(
+        except Exception as e:
+            # Unexpected errors with detailed logging
+            logger.exception(
                 "Unexpected error listing host ports",

🧰 Tools

🪛 Ruff (0.14.4)

1236-1236: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1239-1244: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1248-1248: Do not catch blind exception: Exception

(BLE001)

---

1250-1255: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

🤖 Prompt for AI Agents

In docker_mcp/tools/containers.py around lines 1235 to 1258, the current error
handlers use logger.error and catch a broad Exception; change these to log full
tracebacks and avoid swallowing unexpected errors: replace logger.error calls in
the Docker API/network and generic-except blocks with logger.exception (or
logger.error(..., exc_info=True)) so tracebacks are recorded, and narrow the
broad except Exception by catching more specific exception types if known (or
re-raise the exception after logging) instead of silently returning an error
response for all Exceptions.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Make timestamps timezone-aware and add error_type for timeouts.

Use a single helper to emit ISO UTC timestamps and include error_type to standardize timeout failures.

Apply helper and updates:

@@
-from datetime import datetime
+from datetime import datetime, timezone
@@
-logger = structlog.get_logger()
+logger = structlog.get_logger()
+
+def _now_iso() -> str:
+    return datetime.now(timezone.utc).isoformat()
@@
-                    "timestamp": datetime.now().isoformat(),
+                    "timestamp": _now_iso(),
+                    "error_type": "TimeoutError",
@@
-                    "timestamp": datetime.now().isoformat(),
+                    "timestamp": _now_iso(),
+                    "error_type": "TimeoutError",
@@
-                    "timestamp": datetime.now().isoformat(),
+                    "timestamp": _now_iso(),
+                    "error_type": "TimeoutError",
@@
-                    "timestamp": datetime.now().isoformat(),
+                    "timestamp": _now_iso(),
+                    "error_type": "TimeoutError",

Repeat replacing other datetime.now().isoformat() occurrences in this file with _now_iso(). As per coding guidelines.

Also applies to: 82-96, 248-259, 308-319

🧰 Tools

🪛 Ruff (0.14.4)

72-72: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

78-78: datetime.datetime.now() called without a tz argument

(DTZ005)

🤖 Prompt for AI Agents

docker_mcp/tools/stacks.py lines 66-79: the timeout handler is using naive
datetime.now().isoformat() and lacks an error_type; add a module-level helper
function _now_iso() that returns an ISO-formatted UTC timestamp (e.g.,
datetime.now(timezone.utc).isoformat()) and replace this
datetime.now().isoformat() with _now_iso(); also add an "error_type": "timeout"
field to the returned dict. Repeat the replacements for the other occurrences
mentioned (lines 82-96, 248-259, 308-319) so all timestamps use _now_iso() and
timeout handlers consistently include error_type "timeout".

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Remove unused parameter tmp_path.

The tmp_path fixture parameter on line 172 is not used in the test.

Apply this diff:

-    async def test_write_compose_file_success(self, docker_mcp_config, mock_docker_context_manager, tmp_path):
+    async def test_write_compose_file_success(self, docker_mcp_config, mock_docker_context_manager):
         """Test successful compose file writing."""

🧰 Tools

🪛 Ruff (0.14.4)

172-172: Unused method argument: tmp_path

(ARG002)

🤖 Prompt for AI Agents

In tests/unit/test_compose_manager.py around lines 167 to 186, the test function
test_write_compose_file_success declares an unused fixture parameter tmp_path;
remove tmp_path from the function signature so the test only accepts the
fixtures it uses (docker_mcp_config, mock_docker_context_manager), keeping the
rest of the test unchanged.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Add match parameter to pytest.raises for more specific error checking.

For better test precision, specify the expected error message pattern.

Apply this diff:

-        with pytest.raises(ValueError):
+        with pytest.raises(ValueError, match="not found"):
             await manager.write_compose_file("nonexistent-host", "mystack", "content")

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	async def test_write_compose_file_invalid_host(self, docker_mcp_config, mock_docker_context_manager):
	"""Test writing compose file for invalid host."""
	manager = ComposeManager(docker_mcp_config, mock_docker_context_manager)
	with pytest.raises(ValueError):
	await manager.write_compose_file("nonexistent-host", "mystack", "content")
	async def test_write_compose_file_invalid_host(self, docker_mcp_config, mock_docker_context_manager):
	"""Test writing compose file for invalid host."""
	manager = ComposeManager(docker_mcp_config, mock_docker_context_manager)
	with pytest.raises(ValueError, match="not found"):
	await manager.write_compose_file("nonexistent-host", "mystack", "content")

🧰 Tools

🪛 Ruff (0.14.4)

204-204: pytest.raises(ValueError) is too broad, set the match parameter or use a more specific exception

(PT011)

🤖 Prompt for AI Agents

In tests/unit/test_compose_manager.py around lines 200 to 206, the test uses
pytest.raises(ValueError) without verifying the error message; update the
context manager to include a match parameter that asserts the specific error
text (e.g. with a regex matching the ComposeManager's raised message for an
invalid host). Replace the line "with pytest.raises(ValueError):" with something
like "with pytest.raises(ValueError, match=r'<expected error regex>'):" using
the actual error string or pattern used by ComposeManager when a host is not
found, then keep the await call unchanged.

[coderabbitai]

Actionable comments posted: 15

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9903b18 and 1cbbdd3.

📒 Files selected for processing (8)

• docker_mcp/core/migration/verification.py (3 hunks)
• docker_mcp/core/transfer/archive.py (3 hunks)
• docker_mcp/services/stack/validation.py (5 hunks)
• tests/conftest.py (1 hunks)
• tests/integration/test_health_checks.py (1 hunks)
• tests/integration/test_migration_executor.py (1 hunks)
• tests/integration/test_stack_service.py (1 hunks)
• tests/unit/test_backup.py (1 hunks)

🧰 Additional context used

📓 Path-based instructions (7)

docker_mcp/core/transfer/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

Implement new transfer methods by subclassing BaseTransfer and providing transfer(...), validate_requirements(...), and get_transfer_type()

Files:

• docker_mcp/core/transfer/archive.py

docker_mcp/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

docker_mcp/**/*.py: Validate Docker commands against an explicit allowlist (ALLOWED_DOCKER_COMMANDS) before execution
Execute subprocess calls only after validation, always with explicit timeouts, and annotate legitimate calls with # nosec B603
Build SSH commands with secure options (StrictHostKeyChecking=no, UserKnownHostsFile=/dev/null, LogLevel=ERROR, ConnectTimeout, ServerAliveInterval) and support identity_file
Use modern Python 3.11+ async exception patterns: asyncio.timeout, exception groups (except*), and asyncio.TaskGroup for batching
Validate host IDs before operations and provide clear error messages when hosts are not found
Use Python 3.11+ union syntax (e.g., str | None) and avoid Optional/Union legacy syntax
Use TypeAlias for complex recurring types (Python 3.12+)
Pydantic models should use Field(default_factory=...) for mutable defaults
Use structured logging with structlog and include contextual fields (e.g., host_id, operation)
All I/O operations must be async (use async/await)

docker_mcp/**/*.py: Target Python 3.11+ with type hints on public interfaces and async pathways
Route subprocess access through established helpers in docker_mcp/core and docker_mcp/services

Files:

• docker_mcp/core/transfer/archive.py
• docker_mcp/core/migration/verification.py
• docker_mcp/services/stack/validation.py

docker_mcp/core/**/*.py

📄 CodeRabbit inference engine (docker_mcp/core/CLAUDE.md)

docker_mcp/core/**/*.py: Define configuration using Pydantic BaseSettings with explicit environment variable aliases and model_config env_file ".env" and extra="ignore"
Use an async context manager (asynccontextmanager + AsyncExitStack) for Docker operations with timeout (asyncio.timeout) and guaranteed cleanup
Protect shared caches with asyncio.Lock when checking/updating context caches
Create Docker contexts with retry and exponential backoff; on failure, handle ExceptionGroup using except* for DockerContextError and SSHConnectionError
Use asyncio.TaskGroup for concurrent creation of multiple Docker contexts and collect results per host
Track resources in operation context and clean them up in reverse order, supporting both sync close() and async aclose()/close()
Log cleanup errors with structlog using async-friendly logging (e.g., logger.awarning) without failing the cleanup loop
Construct SSH URLs as ssh://user@hostname and append :port only when port != 22
When invoking docker/ssh via subprocess.run, execute in a thread executor to avoid blocking and annotate the call with "# nosec B603"
Compose file path resolution should first use an explicit compose_path if provided, else fall back to auto-discovery
Implement hot reload by watching config file changes (e.g., with awatch) and invoking an async reload callback with the new config
When importing SSH config entries, skip wildcard names (* or ?), require a hostname, default user to "root", and tag hosts as ["imported", "ssh-config"]
Ensure all core exceptions inherit from DockerMCPError with specific subclasses for contexts and configuration (DockerContextError, ConfigurationError)

Files:

• docker_mcp/core/transfer/archive.py
• docker_mcp/core/migration/verification.py

**/*.py

📄 CodeRabbit inference engine (AGENTS.md)

**/*.py: Enforce 100-character maximum line length (Ruff)
Use double quotes for strings (Ruff)
Use space indentation (no tabs) (Ruff)
Use snake_case for module, function, and variable names
Use PascalCase for class names
Use UPPER_SNAKE for constants

Files:

• docker_mcp/core/transfer/archive.py
• docker_mcp/core/migration/verification.py
• tests/unit/test_backup.py
• tests/integration/test_health_checks.py
• docker_mcp/services/stack/validation.py
• tests/conftest.py
• tests/integration/test_stack_service.py
• tests/integration/test_migration_executor.py

tests/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

tests/**/*.py: Organize tests with pytest markers: @pytest.mark.unit, @pytest.mark.integration, @pytest.mark.slow; maintain ≥85% coverage
Async tests must use @pytest.mark.asyncio

tests/**/*.py: Use pytest markers such as @pytest.mark.integration, slow, and requires_docker to keep CI selectors meaningful
Prefer FastMCP in-memory clients for unit tests and mock external SSH/Docker interactions to stay deterministic

Files:

• tests/unit/test_backup.py
• tests/integration/test_health_checks.py
• tests/conftest.py
• tests/integration/test_stack_service.py
• tests/integration/test_migration_executor.py

docker_mcp/services/**/*.py

📄 CodeRabbit inference engine (docker_mcp/services/CLAUDE.md)

docker_mcp/services/**/*.py: Use Pydantic v2 models for input validation in services (BaseModel, Field, field_validator, ValidationError, ValidationInfo)
Validate host_id with regex ^[a-zA-Z0-9_-]+$ and length bounds (1–64)
Validate container_id with length bounds (1–128)
Constrain action to Literal["start","stop","restart","pause","unpause","remove"]
Constrain timeout to 1–300 seconds with a default of 30
Use field_validator with ValidationInfo context to ensure host exists in configuration when validating host_id
Validate stack_name with regex ^[a-zA-Z0-9][a-zA-Z0-9_-]$, length ≤ 63, and reject reserved names {docker, compose, system, network, volume}
Allow environment dict but scan keys for sensitive patterns (password|secret|token|key); warn instead of blocking
Catch Pydantic ValidationError and return structured validation errors in ToolResult
Provide decorator-based validation (e.g., @validate_host_exists, @validate_container_id) for common checks
Use TypeGuard functions (e.g., is_docker_host_config) to strengthen runtime type checks
Use a ValidationResult class (result pattern) to aggregate validation outcomes and errors
Perform parallel async validations with asyncio.gather and aggregate results before constructing request models
Use async context managers for operations (ServiceOperationContext, docker_operation_context) with logging, timeouts, and cleanup
Use batch_operation_context to track progress for batch operations and always log completion stats
Use an async ConnectionPool with reference counting via asynccontextmanager for connection reuse and cleanup
Use modern exception handling: asyncio.timeout, except for grouped Docker errors, structured logging, and consistent ToolResult error payloads with context
Use structured logging (structlog) with contextual fields (host_id, operation, ids, duration, error) for info and error events
Services store a reference to DockerMCPConfig and expose helper accessors like get_host_config

Reuse existing permis...

Files:

• docker_mcp/services/stack/validation.py

tests/conftest.py

📄 CodeRabbit inference engine (AGENTS.md)

Update shared fixtures in tests/conftest.py when introducing new services or configuration knobs

Files:

• tests/conftest.py

🧬 Code graph analysis (6)

tests/unit/test_backup.py (3)

docker_mcp/core/backup.py (5)

• BackupError (44-47)
• BackupInfo (24-41)
• BackupManager (50-339)
• backup_directory (58-242)
• restore_directory_backup (245-314)

docker_mcp/core/config_loader.py (1)

• DockerHost (19-137)

tests/conftest.py (1)

• docker_host (32-44)

tests/integration/test_health_checks.py (4)

docker_mcp/core/docker_context.py (2)

• DockerContextManager (67-406)
• ensure_context (90-121)

docker_mcp/resources/health.py (5)

• HealthCheckResource (24-237)
• fn (49-54)
• fn (262-265)
• fn (287-293)
• _perform_health_check (56-92)

docker_mcp/services/host.py (2)

• HostService (25-2381)
• test_connection (404-545)

tests/conftest.py (1)

• docker_mcp_config (69-76)

docker_mcp/services/stack/validation.py (2)

docker_mcp/utils.py (2)

• build_ssh_command (19-69)
• format_size (100-132)

docker_mcp/services/stack_service.py (1)

• check_port_conflicts (166-175)

tests/conftest.py (4)

docker_mcp/core/config_loader.py (4)

• DockerHost (19-137)
• DockerMCPConfig (186-195)
• ServerConfig (140-148)
• TransferConfig (151-163)

docker_mcp/core/docker_context.py (1)

• DockerContextManager (67-406)

docker_mcp/models/container.py (3)

• ContainerInfo (21-30)
• ContainerStats (33-46)
• StackInfo (59-72)

docker_mcp/models/enums.py (3)

• ComposeAction (39-53)
• ContainerAction (26-36)
• HostAction (12-23)

tests/integration/test_stack_service.py (4)

docker_mcp/services/stack_service.py (1)

• StackService (28-835)

docker_mcp/models/enums.py (1)

• ComposeAction (39-53)

tests/conftest.py (3)

• docker_mcp_config (69-76)
• mock_docker_context_manager (227-239)
• mock_logs_service (243-248)

docker_mcp/services/stack/operations.py (4)

• list_stacks (360-420)
• deploy_stack (133-236)
• manage_stack (238-310)
• get_stack_compose_file (1018-1077)

tests/integration/test_migration_executor.py (1)

docker_mcp/services/stack/migration_executor.py (6)

• validate_host_compatibility (150-213)
• retrieve_compose_file (96-148)
• execute_migration_with_progress (429-616)
• update_compose_for_target (1573-1600)
• deploy_stack_on_target (1221-1352)
• verify_deployment (1354-1419)

🪛 Ruff (0.14.4)

docker_mcp/core/transfer/archive.py

207-207: Avoid specifying long messages outside the exception class

(TRY003)

---

220-220: datetime.datetime.now() called without a tz argument

(DTZ005)

---

229-229: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

233-233: Consider [*ssh_cmd, remote_cmd] instead of concatenation

Replace with [*ssh_cmd, remote_cmd]

(RUF005)

---

253-253: Avoid specifying long messages outside the exception class

(TRY003)

---

257-262: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

263-263: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

263-263: Avoid specifying long messages outside the exception class

(TRY003)

---

263-263: f-string without any placeholders

Remove extraneous f prefix

(F541)

---

279-281: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

294-298: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

299-299: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

299-299: Avoid specifying long messages outside the exception class

(TRY003)

---

299-299: f-string without any placeholders

Remove extraneous f prefix

(F541)

---

321-323: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

345-350: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

351-351: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

351-351: Avoid specifying long messages outside the exception class

(TRY003)

---

351-351: f-string without any placeholders

Remove extraneous f prefix

(F541)

docker_mcp/core/migration/verification.py

68-72: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

73-73: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

73-73: Avoid specifying long messages outside the exception class

(TRY003)

---

73-73: f-string without any placeholders

Remove extraneous f prefix

(F541)

---

249-253: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

254-254: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

254-254: Avoid specifying long messages outside the exception class

(TRY003)

---

254-254: f-string without any placeholders

Remove extraneous f prefix

(F541)

---

572-576: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

577-577: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

577-577: Avoid specifying long messages outside the exception class

(TRY003)

---

577-577: f-string without any placeholders

Remove extraneous f prefix

(F541)

tests/unit/test_backup.py

35-35: Probable insecure usage of temporary file or directory: "/tmp/docker_mcp_backups/backup_test-stack_20250101_120000.tar.gz"

(S108)

---

391-391: Unpacked variable message is never used

Prefix it with an underscore or any other dummy variable pattern

(RUF059)

tests/integration/test_health_checks.py

101-101: Missing return type annotation for private function slow_operation

Add return type annotation: str

(ANN202)

docker_mcp/services/stack/validation.py

215-217: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

272-274: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

300-302: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

313-318: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

344-344: Do not catch blind exception: Exception

(BLE001)

---

363-368: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

527-529: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

540-545: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

564-564: Do not catch blind exception: Exception

(BLE001)

---

579-584: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

634-636: Avoid specifying long messages outside the exception class

(TRY003)

---

638-643: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

644-646: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

644-646: Avoid specifying long messages outside the exception class

(TRY003)

---

700-702: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

722-722: Do not catch blind exception: Exception

(BLE001)

---

733-735: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

746-751: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

770-770: Do not catch blind exception: Exception

(BLE001)

---

790-796: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

tests/conftest.py

6-6: Import from collections.abc instead: AsyncGenerator

Import from collections.abc

(UP035)

---

144-144: Possible binding to all interfaces

(S104)

---

295-295: Use datetime.UTC alias

Convert to datetime.UTC alias

(UP017)

---

324-324: Possible binding to all interfaces

(S104)

---

373-373: Unnecessary default type arguments

Remove default type arguments

(UP043)

tests/integration/test_migration_executor.py

27-27: Local variable source_host is assigned to but never used

Remove assignment to unused variable source_host

(F841)

---

28-28: Local variable target_host is assigned to but never used

Remove assignment to unused variable target_host

(F841)

---

58-58: Unpacked variable success is never used

Prefix it with an underscore or any other dummy variable pattern

(RUF059)

---

80-80: Unpacked variable path is never used

Prefix it with an underscore or any other dummy variable pattern

(RUF059)

---

108-108: Unpacked variable success is never used

Prefix it with an underscore or any other dummy variable pattern

(RUF059)

---

119-119: Local variable executor is assigned to but never used

Remove assignment to unused variable executor

(F841)

---

162-162: Unpacked variable success is never used

Prefix it with an underscore or any other dummy variable pattern

(RUF059)

---

308-308: Missing return type annotation for private function cleanup_action

Add return type annotation: None

(ANN202)

---

332-332: Local variable source_host is assigned to but never used

Remove assignment to unused variable source_host

(F841)

---

333-333: Local variable target_host is assigned to but never used

Remove assignment to unused variable target_host

(F841)

---

366-366: Missing return type annotation for private function restore_source

Add return type annotation: None

(ANN202)

---

401-401: Missing return type annotation for private function cleanup_target

Add return type annotation: None

(ANN202)

---

435-435: Missing return type annotation for private function rollback_action

Add return type annotation: None

(ANN202)

---

480-480: Unpacked variable success is never used

Prefix it with an underscore or any other dummy variable pattern

(RUF059)

---

502-502: Unpacked variable success is never used

Prefix it with an underscore or any other dummy variable pattern

(RUF059)

---

527-527: Unpacked variable success is never used

Prefix it with an underscore or any other dummy variable pattern

(RUF059)

---

549-549: Unpacked variable success is never used

Prefix it with an underscore or any other dummy variable pattern

(RUF059)

🔇 Additional comments (1)

tests/unit/test_backup.py (1)

1-42: LGTM! Well-structured test setup.

The imports and fixtures are appropriately configured for comprehensive async backup testing. The test_backup_info fixture provides realistic test data for restore and cleanup scenarios.

Note: The S108 warning on line 35 is a false positive—this is test data, not actual file creation.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Add timezone to datetime.now() call.

Using datetime.now() without a timezone argument can cause issues in distributed systems or when working across timezones. Use datetime.now(datetime.UTC) or datetime.now(timezone.utc) for consistency.

Apply this diff:

+                from datetime import timezone
+
                 # Create timestamped archive name
-                timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
+                timestamp = datetime.now(timezone.utc).strftime("%Y%m%d_%H%M%S")
                 archive_file = f"{temp_dir}/{archive_name}_{timestamp}.tar.gz"

🧰 Tools

🪛 Ruff (0.14.4)

220-220: datetime.datetime.now() called without a tz argument

(DTZ005)

🤖 Prompt for AI Agents

In docker_mcp/core/transfer/archive.py around line 220, the timestamp is created
with a naive datetime.now() call; change it to produce a timezone-aware UTC
timestamp by using datetime.now with timezone.utc and update imports to include
timezone (or reference datetime.timezone) so the timestamp is consistently
UTC-aware across environments.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Consider using iterable unpacking for list construction.

Static analysis suggests using iterable unpacking ([*list1, item] or [*list1, *list2]) instead of list concatenation for better readability and performance.

Example refactors:

 # Line 229
-tar_cmd = ["tar", "czf", archive_file, "-C", common_parent] + exclude_flags + relative_paths
+tar_cmd = ["tar", "czf", archive_file, "-C", common_parent, *exclude_flags, *relative_paths]

 # Line 233
-full_cmd = ssh_cmd + [remote_cmd]
+full_cmd = [*ssh_cmd, remote_cmd]

 # Lines 279-281
-verify_cmd = ssh_cmd + [
-    f"tar tzf {shlex.quote(archive_path)} > /dev/null 2>&1 && echo 'OK' || echo 'FAILED'"
-]
+verify_cmd = [
+    *ssh_cmd,
+    f"tar tzf {shlex.quote(archive_path)} > /dev/null 2>&1 && echo 'OK' || echo 'FAILED'"
+]

 # Lines 321-323
-extract_cmd = ssh_cmd + [
-    f"tar xzf {shlex.quote(archive_path)} -C {shlex.quote(extract_dir)}"
-]
+extract_cmd = [
+    *ssh_cmd,
+    f"tar xzf {shlex.quote(archive_path)} -C {shlex.quote(extract_dir)}"
+]

Also applies to: 233-233, 279-281, 321-323

🧰 Tools

🪛 Ruff (0.14.4)

229-229: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

🤖 Prompt for AI Agents

In docker_mcp/core/transfer/archive.py around lines 229, 233, 279-281, and
321-323, replace list concatenation when building command lists with iterable
unpacking for clarity and small performance gain; e.g., build tar_cmd and
similar lists by placing literal elements first and then unpacking the other
lists with *exclude_flags and *relative_paths (or the corresponding variable
names) instead of using + to join lists, ensuring order is preserved and code
reads ["tar", "czf", archive_file, "-C", common_parent, *exclude_flags,
*relative_paths] (and analogously for the other occurrences).

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Fix exception handling to follow best practices.

The timeout handler has three issues:

1. Use logger.exception() instead of logger.error() to automatically capture the traceback
2. Use raise ... from None to explicitly suppress the TimeoutError context since you're converting it to ArchiveError
3. Remove the f prefix from the error message string since it contains no placeholders

Apply this diff:

-        except TimeoutError:
-            logger.error(
+        except TimeoutError:
+            logger.exception(
                 "Archive creation timed out",
                 timeout_seconds=3600.0,
                 archive_name=archive_name,
                 volume_paths=volume_paths
             )
-            raise ArchiveError(f"Archive creation timed out after 3600 seconds")
+            raise ArchiveError("Archive creation timed out after 3600 seconds") from None

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	except TimeoutError:
	logger.error(
	"Archive creation timed out",
	timeout_seconds=3600.0,
	archive_name=archive_name,
	volume_paths=volume_paths
	)
	raise ArchiveError(f"Archive creation timed out after 3600 seconds")
	except TimeoutError:
	logger.exception(
	"Archive creation timed out",
	timeout_seconds=3600.0,
	archive_name=archive_name,
	volume_paths=volume_paths
	)
	raise ArchiveError("Archive creation timed out after 3600 seconds") from None

🧰 Tools

🪛 Ruff (0.14.4)

257-262: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

263-263: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

263-263: Avoid specifying long messages outside the exception class

(TRY003)

---

263-263: f-string without any placeholders

Remove extraneous f prefix

(F541)

🤖 Prompt for AI Agents

In docker_mcp/core/transfer/archive.py around lines 256 to 263, the TimeoutError
handler should use logger.exception(...) to capture the traceback, change the
raise to use "raise ArchiveError('Archive creation timed out after 3600
seconds') from None" to suppress the original TimeoutError context, and remove
the unnecessary f-string prefix from the error message; update the logger call
and the raise statement accordingly.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Fix exception handling to follow best practices.

Same issues as in create_archive:

1. Use logger.exception() instead of logger.error()
2. Use raise ... from None to suppress exception context
3. Remove unnecessary f prefix

Apply this diff:

         except TimeoutError:
-            logger.error(
+            logger.exception(
                 "Archive verification timed out",
                 timeout_seconds=300.0,
                 archive_path=archive_path
             )
-            raise ArchiveError(f"Archive verification timed out after 300 seconds")
+            raise ArchiveError("Archive verification timed out after 300 seconds") from None

🧰 Tools

🪛 Ruff (0.14.4)

294-298: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

299-299: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

299-299: Avoid specifying long messages outside the exception class

(TRY003)

---

299-299: f-string without any placeholders

Remove extraneous f prefix

(F541)

🤖 Prompt for AI Agents

In docker_mcp/core/transfer/archive.py around lines 293 to 299, replace the
current TimeoutError handler so it calls logger.exception(...) (to record
stack/exception info) instead of logger.error(...), remove the unnecessary
f-string prefix from the ArchiveError message, and re-raise the ArchiveError
using "raise ArchiveError('Archive verification timed out after 300 seconds')
from None" to suppress the original exception context.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Fix exception handling to follow best practices.

Same issues as in the other timeout handlers:

1. Use logger.exception() instead of logger.error()
2. Use raise ... from None to suppress exception context
3. Remove unnecessary f prefix

Apply this diff:

         except TimeoutError:
-            logger.error(
+            logger.exception(
                 "Archive extraction timed out",
                 timeout_seconds=3600.0,
                 archive_path=archive_path,
                 extract_dir=extract_dir
             )
-            raise ArchiveError(f"Archive extraction timed out after 3600 seconds")
+            raise ArchiveError("Archive extraction timed out after 3600 seconds") from None

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	except TimeoutError:
	logger.error(
	"Archive extraction timed out",
	timeout_seconds=3600.0,
	archive_path=archive_path,
	extract_dir=extract_dir
	)
	return False
	raise ArchiveError(f"Archive extraction timed out after 3600 seconds")
	except TimeoutError:
	logger.exception(
	"Archive extraction timed out",
	timeout_seconds=3600.0,
	archive_path=archive_path,
	extract_dir=extract_dir
	)
	raise ArchiveError("Archive extraction timed out after 3600 seconds") from None

🧰 Tools

🪛 Ruff (0.14.4)

345-350: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

351-351: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

351-351: Avoid specifying long messages outside the exception class

(TRY003)

---

351-351: f-string without any placeholders

Remove extraneous f prefix

(F541)

🤖 Prompt for AI Agents

In docker_mcp/core/transfer/archive.py around lines 344 to 351, the TimeoutError
handler should use logger.exception instead of logger.error, avoid an
unnecessary f-string, and suppress the original exception context by using
"raise ArchiveError('Archive extraction timed out after 3600 seconds') from
None"; replace the logger.error(...) call with logger.exception(...) passing the
same context args and change the raise to the non-f-string form with "from
None".

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add @pytest.mark.unit marker (see previous comment).

Same issue as the previous test class—this test method needs the @pytest.mark.unit marker.

 class TestBackupManager:
     """Test BackupManager initialization."""
 
+    @pytest.mark.unit
     def test_backup_manager_init(self, backup_manager):

🤖 Prompt for AI Agents

In tests/unit/test_backup.py around lines 91 to 98, the test method
test_backup_manager_init is missing the @pytest.mark.unit marker; add the
pytest.mark.unit decorator (import pytest if not already imported) above the
test method (or above the TestBackupManager class) so the test is labeled as a
unit test.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Excellent coverage of backup scenarios; add @pytest.mark.unit markers.

The test coverage is comprehensive, including success cases, timeouts, failures, and edge cases (invalid output, size check failures). The mock sequences correctly simulate the multi-step backup process.

However, all 9 test methods in this class are missing the @pytest.mark.unit marker required by the coding guidelines.

Apply this pattern to all 9 test methods in the class:

     @pytest.mark.asyncio
+    @pytest.mark.unit
     async def test_backup_nonexistent_directory(self, backup_manager, docker_host):

Repeat for:

• test_backup_directory_success
• test_backup_directory_with_custom_reason
• test_backup_check_timeout
• test_backup_operation_timeout
• test_backup_operation_failure
• test_backup_size_check_timeout
• test_backup_size_check_failure
• test_backup_size_invalid_output

🤖 Prompt for AI Agents

In tests/unit/test_backup.py around lines 101 to 281, the nine async test
methods in TestBackupDirectory are missing the required @pytest.mark.unit
marker; add @pytest.mark.unit above each of the following test methods:
test_backup_nonexistent_directory, test_backup_directory_success,
test_backup_directory_with_custom_reason, test_backup_check_timeout,
test_backup_operation_timeout, test_backup_operation_failure,
test_backup_size_check_timeout, test_backup_size_check_failure, and
test_backup_size_invalid_output so each test is decorated with both
@pytest.mark.asyncio and @pytest.mark.unit (order doesn't matter).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Consider immutable fixture usage; add @pytest.mark.unit markers.

The restore tests provide excellent coverage of edge cases. However, several tests mutate the test_backup_info fixture (lines 308, 322, 336). While this works because pytest fixtures are function-scoped by default, creating new BackupInfo instances would be more explicit and maintainable.

Additionally, all 6 test methods need the @pytest.mark.unit marker.

Example refactor for immutability:

     async def test_restore_backup_not_directory_type(
         self, backup_manager, docker_host, test_backup_info
     ):
         """Test restore with non-directory backup type."""
-        test_backup_info.type = "volume"
+        backup_info = test_backup_info.model_copy(update={"type": "volume"})
 
         success, message = await backup_manager.restore_directory_backup(
-            host=docker_host, backup_info=test_backup_info
+            host=docker_host, backup_info=backup_info
         )

Add @pytest.mark.unit to all 6 methods following the same pattern as previous comments.

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In tests/unit/test_backup.py around lines 283 to 375, several restore tests
currently mutate the shared test_backup_info fixture (at ~lines 308, 322, 336)
and lack the @pytest.mark.unit marker; instead, create fresh BackupInfo
instances inside each test before modifying fields (e.g., copy or instantiate a
new BackupInfo from the fixture values) so the original fixture remains
immutable, and add @pytest.mark.unit to all six test methods; ensure each test
uses its local BackupInfo variable when calling restore_directory_backup.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Handle unused variable; add @pytest.mark.unit markers.

The cleanup tests provide solid coverage of success and failure scenarios. However, there are two minor issues:

1. Line 391: The message variable from tuple unpacking is unused (same issue likely on line 437 in test_cleanup_delete_failure). Use _ prefix to indicate intentionally unused variables.
2. All 4 test methods need the @pytest.mark.unit marker.

Apply this diff:

             mock_delete.return_value = (True, "File deleted successfully")
 
-            success, message = await backup_manager.cleanup_backup(
+            success, _message = await backup_manager.cleanup_backup(
                 host=docker_host, backup_info=test_backup_info
             )

Also update line 436 in test_cleanup_delete_failure and add @pytest.mark.unit to all 4 methods.

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools

🪛 Ruff (0.14.4)

391-391: Unpacked variable message is never used

Prefix it with an underscore or any other dummy variable pattern

(RUF059)

🤖 Prompt for AI Agents

In tests/unit/test_backup.py around lines 378 to 441, the four async test
methods need the @pytest.mark.unit marker added and the unused 'message'
variables (line ~391 in test_cleanup_backup_no_path and line ~436 in
test_cleanup_delete_failure, plus any other tuple-unpacked 'message' instances)
should be renamed to `_message` or just `_` to indicate they are intentionally
unused; update the tuple unpacking in each test that doesn't use the message so
it assigns the second element to `_` and add @pytest.mark.unit above each test
coroutine.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Use @pytest.mark.integration for integration scenarios.

This test verifies the interaction between multiple backup operations and state tracking across the BackupManager, which is an integration scenario. Per coding guidelines, use @pytest.mark.integration rather than @pytest.mark.unit.

Apply this diff:

 class TestBackupManagerIntegration:
     """Test BackupManager integration scenarios."""
 
     @pytest.mark.asyncio
+    @pytest.mark.integration
     async def test_multiple_backups_tracking(self, backup_manager, docker_host):

🤖 Prompt for AI Agents

In tests/unit/test_backup.py around lines 444 to 471, the
test_multiple_backups_tracking is an integration scenario but only has
@pytest.mark.asyncio; add the @pytest.mark.integration marker (in addition to
keeping @pytest.mark.asyncio) — either place @pytest.mark.integration above the
test method or at the class level so the test is marked as integration per
guidelines.

[coderabbitai]

Actionable comments posted: 7

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

docker_mcp/models/container.py (1)

11-17: Add ConfigDict to enable validation and string processing.

The base model is missing Pydantic v2 configuration. Per coding guidelines, models should configure validate_assignment and str_strip_whitespace.

Apply this diff to add the required configuration:

 from pydantic import BaseModel, Field, field_validator
+from pydantic import ConfigDict
 
 from .enums import ProtocolLiteral
 

 class MCPModel(BaseModel):
     """Base model with common MCP settings."""
+
+    model_config = ConfigDict(
+        validate_assignment=True,
+        str_strip_whitespace=True,
+    )
 
     def model_dump(self, **kwargs) -> dict[str, Any]:

Based on coding guidelines.

docker_mcp/services/cleanup.py (1)

500-506: Enforce docker command allowlist before launching subprocess

_run_cleanup_command executes whatever docker payload is passed in without first checking it against the mandated ALLOWED_DOCKER_COMMANDS. That bypasses the security control we rely on to prevent arbitrary remote command execution, and any upstream change that feeds a dynamic list into this helper would immediately widen the attack surface. Please route the docker subcommand slice through the existing allowlist validation helper before calling asyncio.create_subprocess_exec, in line with what the other services are required to do. As per coding guidelines.

docker_mcp/services/stack/migration_executor.py (1)

1008-1016: Use the original host_id instead of munged hostname

StackTools.manage_stack expects the configured host_id key, not a hostname with dots replaced. Substituting source_host.hostname.replace(".", "_") will miss most configs (raising host-not-found). Please thread the real host IDs into these helpers (_execute_stop_source_step, deploy_stack_on_target, verify step, rollback closures) and use them directly.

-        if not dry_run:
-            stop_result = await self.stack_tools.manage_stack(
-                source_host.hostname.replace(".", "_"), stack_name, "down"
-            )
+        if not dry_run:
+            stop_result = await self.stack_tools.manage_stack(
+                source_host_id,
+                stack_name,
+                "down",
+            )

(Pass source_host_id into this method and analogous sites instead of deriving it from hostname.)

♻️ Duplicate comments (11)

docker_mcp/core/config_loader.py (1)

130-135: Prevent Windows crash in SSH key validator

os.getuid() doesn't exist on Windows, so this branch raises AttributeError as soon as an identity_file is set, breaking config loading on that platform. Guard the ownership check behind hasattr(os, "getuid") (or equivalent) so POSIX enforcement stays intact without regressing Windows operators.

-        current_uid = os.getuid()
-        if file_stat.st_uid != current_uid:
-            raise ValueError(
-                f"SSH identity file '{v}' is not owned by current user (uid={current_uid})"
-            )
+        if hasattr(os, "getuid"):
+            current_uid = os.getuid()
+            if file_stat.st_uid != current_uid:
+                raise ValueError(
+                    f"SSH identity file '{v}' is not owned by current user (uid={current_uid})"
+                )

docker_mcp/services/host.py (1)

429-447: Restore required SSH hardening options in probe

The SSH probes still omit the mandated -o UserKnownHostsFile=/dev/null, -o LogLevel=ERROR, and keepalive settings, so we leak host keys to operators’ known_hosts and lose the hardening the guidelines require. Please reinstate the full option set (and mirror it in _test_ssh_connection) before shipping.

         ssh_cmd = [
             "ssh",
             "-o",
             "BatchMode=yes",
             "-o",
             "ConnectTimeout=10",
             "-o",
             "StrictHostKeyChecking=accept-new",
+            "-o",
+            "UserKnownHostsFile=/dev/null",
+            "-o",
+            "LogLevel=ERROR",
+            "-o",
+            "ServerAliveInterval=15",
+            "-o",
+            "ServerAliveCountMax=3",
         ]

Apply the same additions to the _test_ssh_connection command list so both paths meet the security requirements. As per coding guidelines

tests/integration/test_host_service.py (2)

47-54: Drop unused mock variable

mock_save is never referenced and will trip Ruff’s F841 check. Just patch without binding (or assert on it) to clear the lint failure.

-            with patch('docker_mcp.services.host.save_config') as mock_save:
+            with patch('docker_mcp.services.host.save_config'):

---

255-257: Use builtin TimeoutError in mock

Per our Python 3.11 guidance (and Ruff UP041), use the builtin TimeoutError instead of asyncio.TimeoutError when faking the timeout.

-        import asyncio
-        with patch('asyncio.create_subprocess_exec', side_effect=asyncio.TimeoutError()):
+        with patch('asyncio.create_subprocess_exec', side_effect=TimeoutError()):

docker_mcp/services/stack/migration_executor.py (2)

571-589: Timeout path still skips progress update

We still return on timeout without marking the active step as failed or emitting the final progress payload, so consumers remain stuck on "in_progress". Please call update_progress (and mark the current rollback step failed) before returning.

         except TimeoutError:
-            migration_context["errors"].append("Migration timed out after 30 minutes")
+            current_step = migration_context.get("current_step", {}).get("name")
+            if current_step:
+                update_progress(
+                    current_step,
+                    "failed",
+                    {"error": "Migration timed out after 30 minutes"},
+                )
+            migration_context["errors"].append("Migration timed out after 30 minutes")
             migration_context["overall_success"] = False
             migration_context["end_time"] = datetime.now().isoformat()

---

978-985: Verification failure still marked as completed

We still call mark_step_completed even when _execute_verify_step returns False, so rollback never sees the failure. Please mark the step failed (and propagate the failure) when verification fails.

-        await self._execute_verify_step(
+        verify_success = await self._execute_verify_step(
             update_progress, target_host, stack_name, volume_paths, migration_context, dry_run
         )
 
-        await self.rollback_manager.mark_step_completed(
-            rollback_context,
-            MigrationStep.VERIFY_DEPLOYMENT
-        )
+        if verify_success:
+            await self.rollback_manager.mark_step_completed(
+                rollback_context,
+                MigrationStep.VERIFY_DEPLOYMENT,
+            )
+        else:
+            await self.rollback_manager.mark_step_failed(
+                rollback_context,
+                MigrationStep.VERIFY_DEPLOYMENT,
+                "Deployment verification failed",
+            )
+            return False

docker_mcp/core/migration/rollback.py (2)

545-548: Manual rollback still overshoots the target step

Using >= target_index continues to roll back the requested step itself. Please switch the comparison to > so we only undo steps that occurred after the target step.

             filtered_actions = [
                 action for action in context.rollback_actions
-                if step_order.index(action.step) >= target_index
+                if step_order.index(action.step) > target_index
             ]

---

749-772: Rollback verification still treats empty ps output as success

len(result.stdout.strip()) > 0 is truthy for '[]', so we mark verification successful while every expected container is still down. Parse the JSON output and assert each expected container is running (also add the missing import json).

+        import json
 ...
-            # Check if expected containers are running
-            # This is a simplified check - production would parse JSON
-            return len(expected_containers) > 0 and len(result.stdout.strip()) > 0
+            try:
+                containers = json.loads(result.stdout or "[]")
+            except json.JSONDecodeError:
+                return False
+
+            running_ids = {
+                (item.get("ID") or "")[:12]
+                for item in containers
+                if item.get("State") == "running"
+            }
+            expected_ids = {cid[:12] for cid in expected_containers}
+            return bool(expected_ids) and expected_ids.issubset(running_ids)

docker_mcp/core/compose_manager.py (1)

341-360: Preserve timeout traceback and chain the error.

Both timeout handlers swallow the original TimeoutError and log without a traceback, which makes incident debugging painful and repeats feedback from the previous review. Catch the timeout as a variable, log with logger.exception(...), and re-raise DockerMCPError using from exc so the root cause is retained. Example fix:

-        except TimeoutError:
-            logger.error("Get compose path timed out", host_id=host_id)
-            raise DockerMCPError("Get compose path timed out after 15 seconds")
+        except TimeoutError as exc:
+            logger.exception("Get compose path timed out", host_id=host_id)
+            raise DockerMCPError("Get compose path timed out after 15 seconds") from exc
...
-        except TimeoutError:
-            logger.error("Create compose file timed out", host_id=host_id, stack_name=stack_name)
-            raise DockerMCPError("Create compose file timed out after 30 seconds")
+        except TimeoutError as exc:
+            logger.exception(
+                "Create compose file timed out", host_id=host_id, stack_name=stack_name
+            )
+            raise DockerMCPError("Create compose file timed out after 30 seconds") from exc

As per coding guidelines

docker_mcp/core/transfer/archive.py (1)

238-240: Make the archive timestamp timezone-aware.

datetime.now() still emits a naive timestamp, which can collide or sort incorrectly across hosts. Switch to UTC explicitly, e.g.:

-from datetime import datetime
+from datetime import datetime, timezone
...
-                timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
+                timestamp = datetime.now(timezone.utc).strftime("%Y%m%d_%H%M%S")

docker_mcp/tools/containers.py (1)

353-368: Surface lookup suggestions in the error response.

find_container_by_identifier now returns rich suggestions/ambiguity data, but this block throws it away by immediately calling container_not_found, so the caller still sees a plain 404. Please propagate the message and context (including suggestions and the ambiguous flag), e.g.:

-            if not find_result.get("success"):
-                error_msg = find_result.get("error", "Container not found")
-                suggestions = find_result.get("suggestions", [])
-                if suggestions:
-                    ...
-                return DockerMCPErrorResponse.container_not_found(host_id, container_id)
+            if not find_result.get("success"):
+                error_msg = find_result.get("error", "Container not found")
+                context = {
+                    "host_id": host_id,
+                    "container_id": container_id,
+                    "ambiguous": find_result.get("ambiguous", False),
+                    "suggestions": find_result.get("suggestions", [])[:10],
+                }
+                return DockerMCPErrorResponse.generic_error(error_msg, context)

Apply the same pattern to start_container, stop_container, restart_container, and get_container_stats so the new lookup helper actually benefits users.

As per coding guidelines

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1cbbdd3 and f565096.

📒 Files selected for processing (14)

• docker_mcp/core/compose_manager.py (4 hunks)
• docker_mcp/core/config_loader.py (9 hunks)
• docker_mcp/core/docker_context.py (5 hunks)
• docker_mcp/core/metrics.py (1 hunks)
• docker_mcp/core/migration/rollback.py (1 hunks)
• docker_mcp/core/transfer/archive.py (4 hunks)
• docker_mcp/core/transfer/containerized_rsync.py (2 hunks)
• docker_mcp/models/container.py (2 hunks)
• docker_mcp/resources/health.py (1 hunks)
• docker_mcp/services/cleanup.py (6 hunks)
• docker_mcp/services/host.py (1 hunks)
• docker_mcp/services/stack/migration_executor.py (11 hunks)
• docker_mcp/tools/containers.py (11 hunks)
• tests/integration/test_host_service.py (1 hunks)

🧰 Additional context used

📓 Path-based instructions (8)

docker_mcp/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

docker_mcp/**/*.py: Validate Docker commands against an explicit allowlist (ALLOWED_DOCKER_COMMANDS) before execution
Execute subprocess calls only after validation, always with explicit timeouts, and annotate legitimate calls with # nosec B603
Build SSH commands with secure options (StrictHostKeyChecking=no, UserKnownHostsFile=/dev/null, LogLevel=ERROR, ConnectTimeout, ServerAliveInterval) and support identity_file
Use modern Python 3.11+ async exception patterns: asyncio.timeout, exception groups (except*), and asyncio.TaskGroup for batching
Validate host IDs before operations and provide clear error messages when hosts are not found
Use Python 3.11+ union syntax (e.g., str | None) and avoid Optional/Union legacy syntax
Use TypeAlias for complex recurring types (Python 3.12+)
Pydantic models should use Field(default_factory=...) for mutable defaults
Use structured logging with structlog and include contextual fields (e.g., host_id, operation)
All I/O operations must be async (use async/await)

docker_mcp/**/*.py: Target Python 3.11+ with type hints on public interfaces and async pathways
Route subprocess access through established helpers in docker_mcp/core and docker_mcp/services

Files:

• docker_mcp/core/docker_context.py
• docker_mcp/core/compose_manager.py
• docker_mcp/services/cleanup.py
• docker_mcp/services/host.py
• docker_mcp/services/stack/migration_executor.py
• docker_mcp/models/container.py
• docker_mcp/core/config_loader.py
• docker_mcp/tools/containers.py
• docker_mcp/resources/health.py
• docker_mcp/core/transfer/archive.py
• docker_mcp/core/transfer/containerized_rsync.py
• docker_mcp/core/migration/rollback.py
• docker_mcp/core/metrics.py

docker_mcp/core/**/*.py

📄 CodeRabbit inference engine (docker_mcp/core/CLAUDE.md)

docker_mcp/core/**/*.py: Define configuration using Pydantic BaseSettings with explicit environment variable aliases and model_config env_file ".env" and extra="ignore"
Use an async context manager (asynccontextmanager + AsyncExitStack) for Docker operations with timeout (asyncio.timeout) and guaranteed cleanup
Protect shared caches with asyncio.Lock when checking/updating context caches
Create Docker contexts with retry and exponential backoff; on failure, handle ExceptionGroup using except* for DockerContextError and SSHConnectionError
Use asyncio.TaskGroup for concurrent creation of multiple Docker contexts and collect results per host
Track resources in operation context and clean them up in reverse order, supporting both sync close() and async aclose()/close()
Log cleanup errors with structlog using async-friendly logging (e.g., logger.awarning) without failing the cleanup loop
Construct SSH URLs as ssh://user@hostname and append :port only when port != 22
When invoking docker/ssh via subprocess.run, execute in a thread executor to avoid blocking and annotate the call with "# nosec B603"
Compose file path resolution should first use an explicit compose_path if provided, else fall back to auto-discovery
Implement hot reload by watching config file changes (e.g., with awatch) and invoking an async reload callback with the new config
When importing SSH config entries, skip wildcard names (* or ?), require a hostname, default user to "root", and tag hosts as ["imported", "ssh-config"]
Ensure all core exceptions inherit from DockerMCPError with specific subclasses for contexts and configuration (DockerContextError, ConfigurationError)

Files:

• docker_mcp/core/docker_context.py
• docker_mcp/core/compose_manager.py
• docker_mcp/core/config_loader.py
• docker_mcp/core/transfer/archive.py
• docker_mcp/core/transfer/containerized_rsync.py
• docker_mcp/core/migration/rollback.py
• docker_mcp/core/metrics.py

**/*.py

📄 CodeRabbit inference engine (AGENTS.md)

**/*.py: Enforce 100-character maximum line length (Ruff)
Use double quotes for strings (Ruff)
Use space indentation (no tabs) (Ruff)
Use snake_case for module, function, and variable names
Use PascalCase for class names
Use UPPER_SNAKE for constants

Files:

• docker_mcp/core/docker_context.py
• docker_mcp/core/compose_manager.py
• docker_mcp/services/cleanup.py
• tests/integration/test_host_service.py
• docker_mcp/services/host.py
• docker_mcp/services/stack/migration_executor.py
• docker_mcp/models/container.py
• docker_mcp/core/config_loader.py
• docker_mcp/tools/containers.py
• docker_mcp/resources/health.py
• docker_mcp/core/transfer/archive.py
• docker_mcp/core/transfer/containerized_rsync.py
• docker_mcp/core/migration/rollback.py
• docker_mcp/core/metrics.py

docker_mcp/services/**/*.py

📄 CodeRabbit inference engine (docker_mcp/services/CLAUDE.md)

docker_mcp/services/**/*.py: Use Pydantic v2 models for input validation in services (BaseModel, Field, field_validator, ValidationError, ValidationInfo)
Validate host_id with regex ^[a-zA-Z0-9_-]+$ and length bounds (1–64)
Validate container_id with length bounds (1–128)
Constrain action to Literal["start","stop","restart","pause","unpause","remove"]
Constrain timeout to 1–300 seconds with a default of 30
Use field_validator with ValidationInfo context to ensure host exists in configuration when validating host_id
Validate stack_name with regex ^[a-zA-Z0-9][a-zA-Z0-9_-]$, length ≤ 63, and reject reserved names {docker, compose, system, network, volume}
Allow environment dict but scan keys for sensitive patterns (password|secret|token|key); warn instead of blocking
Catch Pydantic ValidationError and return structured validation errors in ToolResult
Provide decorator-based validation (e.g., @validate_host_exists, @validate_container_id) for common checks
Use TypeGuard functions (e.g., is_docker_host_config) to strengthen runtime type checks
Use a ValidationResult class (result pattern) to aggregate validation outcomes and errors
Perform parallel async validations with asyncio.gather and aggregate results before constructing request models
Use async context managers for operations (ServiceOperationContext, docker_operation_context) with logging, timeouts, and cleanup
Use batch_operation_context to track progress for batch operations and always log completion stats
Use an async ConnectionPool with reference counting via asynccontextmanager for connection reuse and cleanup
Use modern exception handling: asyncio.timeout, except for grouped Docker errors, structured logging, and consistent ToolResult error payloads with context
Use structured logging (structlog) with contextual fields (host_id, operation, ids, duration, error) for info and error events
Services store a reference to DockerMCPConfig and expose helper accessors like get_host_config

Reuse existing permis...

Files:

• docker_mcp/services/cleanup.py
• docker_mcp/services/host.py
• docker_mcp/services/stack/migration_executor.py

tests/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

tests/**/*.py: Organize tests with pytest markers: @pytest.mark.unit, @pytest.mark.integration, @pytest.mark.slow; maintain ≥85% coverage
Async tests must use @pytest.mark.asyncio

tests/**/*.py: Use pytest markers such as @pytest.mark.integration, slow, and requires_docker to keep CI selectors meaningful
Prefer FastMCP in-memory clients for unit tests and mock external SSH/Docker interactions to stay deterministic

Files:

• tests/integration/test_host_service.py

docker_mcp/models/**/*.py

📄 CodeRabbit inference engine (docker_mcp/models/CLAUDE.md)

docker_mcp/models/**/*.py: Configure models with ConfigDict instead of legacy Config
Use Annotated[...] with Field(...) for constraints and metadata
Prefer modern union syntax (T | None) over typing.Union/Optional
Use Literal for constrained string enums (e.g., statuses)
Use Field(default_factory=...) for mutable defaults (lists, dicts)
Document units for numeric fields in comments (e.g., bytes, milliseconds)
Model config: enable validate_assignment and str_strip_whitespace
Model config: populate_by_name/use aliases consistently (alias_generator or by_alias)
Define computed data using @computed_field for serialized properties; use @Property for non-serialized
Use field_validator/model_validator (v2) for field and cross-field validation
Validate identifiers and names with Field constraints and regex (e.g., hostnames, usernames, ports)
Avoid reserved ports below 1024 except common ones; enforce via validator
If file paths are provided (e.g., ssh_key_path), validate existence and permissions in model_validator
Perform async validations via explicit async methods after model creation (do not rely on async validators)
Use discriminated unions with Field(discriminator=...) and Literal event types for polymorphic models
Leverage @field_serializer and @model_serializer for custom output (e.g., human-readable byte sizes, metadata)
Use model_dump/model_dump_json with include/exclude and exclude_none for controlled serialization
Use model_copy(update={...}) for immutable-style updates
Include host context (host_id) alongside resource identifiers for multi-host operations
Represent timestamps as ISO 8601 strings where specified (e.g., created, updated, timestamp, last_check, last_ping)
Use snake_case for field names consistently
Name models using {Resource}{Purpose} (e.g., ContainerInfo, HostStatus, DeployStackRequest)
Provide default_factory for all collection fields (services, tags, labels, environment, ports)
Separate model categories by purpose: Information, Status, Stati...

Files:

• docker_mcp/models/container.py

docker_mcp/tools/**/*.py

📄 CodeRabbit inference engine (docker_mcp/tools/CLAUDE.md)

docker_mcp/tools/**/*.py: Use DockerContextManager for executing Docker CLI commands instead of ad-hoc subprocess calls
Standardize success responses to include: success=True, message, host_id, resource identifiers (e.g., container_id), data, timestamp (ISO)
Standardize error responses to include: success=False, error message, host_id, relevant resource identifiers, timestamp (ISO)
Ensure all responses include consistent fields: success (bool), timestamp (ISO), host_id, and relevant resource identifiers (container_id, stack_name, etc.)
Automatically parse JSON-output Docker commands (inspect, version, info) and return parsed JSON; otherwise wrap stdout under output
Use Docker context for container operations; use SSH for stack operations requiring remote filesystem access
Validate stack names: regex ^[a-zA-Z0-9][a-zA-Z0-9_-]$, length <= 63, and disallow reserved names {docker, compose, system, network, volume}
Validate action parameters against explicit allowlists and return structured errors for invalid actions
Use Python 3.11+ async error-handling patterns: asyncio.timeout, exception groups (except), and TaskGroup for batch operations
Manage resources with AsyncExitStack and async context managers (e.g., connections, locks) for complex operations
Process JSON line outputs robustly: iterate lines, json.loads per line, warn on JSONDecodeError
Enrich base Docker listings with additional inspect-derived details (e.g., volumes, networks, compose_project)
Use Pydantic models for validation/serialization and return model_dump() for API responses
Implement parsing helpers: percentage strings to float, size strings to bytes, and port summaries formatted as host→container
Use structured logging (structlog) to log start, completion, and failures with contextual fields (host_id, container_id, action, duration, error)
Validate Docker commands against an allowed command set before execution; reject disallowed or empty commands
Use SSH security options for automation: Strict...

Files:

• docker_mcp/tools/containers.py

docker_mcp/core/transfer/**/*.py

📄 CodeRabbit inference engine (CLAUDE.md)

Implement new transfer methods by subclassing BaseTransfer and providing transfer(...), validate_requirements(...), and get_transfer_type()

Files:

• docker_mcp/core/transfer/archive.py
• docker_mcp/core/transfer/containerized_rsync.py

🧬 Code graph analysis (10)

docker_mcp/core/docker_context.py (1)

docker_mcp/core/exceptions.py (1)

• DockerContextError (12-13)

docker_mcp/core/compose_manager.py (1)

docker_mcp/core/exceptions.py (1)

• DockerMCPError (4-5)

docker_mcp/services/cleanup.py (2)

docker_mcp/core/config_loader.py (2)

• DockerMCPConfig (186-195)
• DockerHost (19-137)

docker_mcp/utils.py (1)

• build_ssh_command (19-69)

tests/integration/test_host_service.py (3)

docker_mcp/services/host.py (7)

• add_docker_host (39-153)
• list_docker_hosts (155-191)
• edit_docker_host (217-347)
• remove_docker_host (349-402)
• test_connection (404-545)
• discover_host_capabilities (547-610)
• handle_action (1291-1334)

docker_mcp/models/enums.py (1)

• HostAction (12-23)

tests/conftest.py (4)

• docker_mcp_config (69-76)
• mock_docker_context_manager (227-239)
• minimal_config (80-86)
• multi_host_config (90-114)

docker_mcp/services/stack/migration_executor.py (3)

docker_mcp/core/migration/rollback.py (11)

• MigrationRollbackManager (133-863)
• MigrationStep (48-55)
• MigrationStepState (38-45)
• create_context (179-219)
• cleanup_context (851-863)
• automatic_rollback (349-512)
• verify_rollback (604-738)
• create_checkpoint (221-264)
• mark_step_failed (325-347)
• mark_step_completed (305-323)
• register_rollback_action (266-303)

docker_mcp/tools/stacks.py (2)

• StackTools (25-1070)
• manage_stack (654-692)

docker_mcp/utils.py (1)

• build_ssh_command (19-69)

docker_mcp/core/config_loader.py (2)

docker_mcp/core/transfer/containerized_rsync.py (1)

• transfer (299-410)

docker_mcp/core/transfer/rsync.py (1)

• transfer (69-186)

docker_mcp/tools/containers.py (3)

docker_mcp/core/docker_context.py (1)

• get_client (335-412)

docker_mcp/core/error_response.py (4)

• DockerMCPErrorResponse (38-269)
• docker_context_error (173-182)
• container_not_found (204-213)
• generic_error (260-269)

docker_mcp/tools/logs.py (1)

• _build_error_response (170-216)

docker_mcp/resources/health.py (3)

docker_mcp/core/docker_context.py (1)

• ensure_context (90-121)

docker_mcp/services/host.py (1)

• test_connection (404-545)

docker_mcp/core/metrics.py (3)

• get_metrics_collector (398-411)
• get_prometheus_metrics (304-371)
• get_metrics (215-248)

docker_mcp/core/migration/rollback.py (4)

docker_mcp/core/config_loader.py (1)

• DockerHost (19-137)

docker_mcp/core/exceptions.py (1)

• DockerMCPError (4-5)

docker_mcp/utils.py (1)

• build_ssh_command (19-69)

docker_mcp/services/stack/migration_orchestrator.py (1)

• get_rollback_status (1068-1154)

docker_mcp/core/metrics.py (1)

docker_mcp/core/operation_tracking.py (1)

• success (141-159)

🪛 Ruff (0.14.4)

docker_mcp/core/docker_context.py

95-95: Avoid specifying long messages outside the exception class

(TRY003)

---

121-121: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

121-121: Avoid specifying long messages outside the exception class

(TRY003)

---

157-157: Replace aliased errors with TimeoutError

Replace with builtin TimeoutError

(UP041)

---

234-234: Avoid specifying long messages outside the exception class

(TRY003)

---

315-315: Consider moving this statement to an else block

(TRY300)

---

329-329: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

329-329: Logging statement uses f-string

(G004)

---

349-349: Consider moving this statement to an else block

(TRY300)

---

350-350: Do not catch blind exception: Exception

(BLE001)

---

355-355: Abstract raise to an inner function

(TRY301)

---

355-355: Avoid specifying long messages outside the exception class

(TRY003)

---

379-381: Abstract raise to an inner function

(TRY301)

---

379-381: Create your own exception

(TRY002)

---

379-381: Avoid specifying long messages outside the exception class

(TRY003)

---

388-388: Logging statement uses f-string

(G004)

---

391-391: Logging statement uses f-string

(G004)

---

392-392: Consider moving this statement to an else block

(TRY300)

---

394-394: Do not catch blind exception: Exception

(BLE001)

---

396-396: Logging statement uses f-string

(G004)

---

403-403: Logging statement uses f-string

(G004)

---

408-408: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

408-408: Logging statement uses f-string

(G004)

docker_mcp/core/compose_manager.py

345-345: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

346-346: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

346-346: Avoid specifying long messages outside the exception class

(TRY003)

---

359-359: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

360-360: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

360-360: Avoid specifying long messages outside the exception class

(TRY003)

docker_mcp/services/cleanup.py

53-53: Missing return type annotation for special method __init__

Add return type annotation: None

(ANN204)

---

174-176: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

214-214: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

236-236: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

243-243: Unpacked variable detailed_stderr is never used

Prefix it with an underscore or any other dummy variable pattern

(RUF059)

---

279-279: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

281-281: Do not catch blind exception: Exception

(BLE001)

---

282-282: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

338-338: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

343-343: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

348-348: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

393-393: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

417-417: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

1091-1099: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

1105-1105: Unpacked variable containers_stderr is never used

Prefix it with an underscore or any other dummy variable pattern

(RUF059)

---

1115-1123: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

1129-1129: Unpacked variable networks_stderr is never used

Prefix it with an underscore or any other dummy variable pattern

(RUF059)

---

1139-1146: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

1152-1152: Unpacked variable images_stderr is never used

Prefix it with an underscore or any other dummy variable pattern

(RUF059)

tests/integration/test_host_service.py

47-47: Local variable mock_save is assigned to but never used

Remove assignment to unused variable mock_save

(F841)

---

256-256: Replace aliased errors with TimeoutError

Replace asyncio.TimeoutError with builtin TimeoutError

(UP041)

docker_mcp/services/host.py

525-525: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

535-535: Do not catch blind exception: Exception

(BLE001)

---

536-536: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

docker_mcp/services/stack/migration_executor.py

78-78: Missing return type annotation for special method __init__

Add return type annotation: None

(ANN204)

---

118-118: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

129-129: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

138-139: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

196-200: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

574-574: datetime.datetime.now() called without a tz argument

(DTZ005)

---

575-579: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

591-591: Do not catch blind exception: Exception

(BLE001)

---

594-598: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

719-719: Dynamically typed expressions (typing.Any) are disallowed in rollback_context

(ANN401)

---

721-721: Boolean-typed positional argument in function definition

(FBT001)

---

762-762: Missing return type annotation for private function restart_source_stack

Add return type annotation: None

(ANN202)

---

816-816: Missing return type annotation for private function cleanup_backup

Add return type annotation: None

(ANN202)

---

823-823: Consider [*ssh_cmd, "rm", "-f", shlex.quote(backup_path)] instead of concatenation

Replace with [*ssh_cmd, "rm", "-f", shlex.quote(backup_path)]

(RUF005)

---

867-867: Missing return type annotation for private function cleanup_transferred_data

Add return type annotation: None

(ANN202)

---

874-876: Consider [*ssh_cmd, "rm", "-rf", shlex.quote(target_path)] instead of concatenation

Replace with [*ssh_cmd, "rm", "-rf", shlex.quote(target_path)]

(RUF005)

---

929-929: Missing return type annotation for private function cleanup_target_deployment

Add return type annotation: None

(ANN202)

---

1115-1115: datetime.datetime.now() called without a tz argument

(DTZ005)

---

1142-1142: datetime.datetime.now() called without a tz argument

(DTZ005)

docker_mcp/core/config_loader.py

63-65: Avoid specifying long messages outside the exception class

(TRY003)

---

69-69: Avoid specifying long messages outside the exception class

(TRY003)

---

74-76: Avoid specifying long messages outside the exception class

(TRY003)

---

108-108: Avoid specifying long messages outside the exception class

(TRY003)

---

112-112: Avoid specifying long messages outside the exception class

(TRY003)

---

124-128: Avoid specifying long messages outside the exception class

(TRY003)

---

133-135: Avoid specifying long messages outside the exception class

(TRY003)

docker_mcp/tools/containers.py

72-72: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

253-253: Consider moving this statement to an else block

(TRY300)

---

309-313: Consider moving this statement to an else block

(TRY300)

---

316-316: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

322-327: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

330-330: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

624-630: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

632-632: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

1236-1236: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1239-1244: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

1248-1248: Do not catch blind exception: Exception

(BLE001)

---

1250-1255: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

docker_mcp/resources/health.py

40-40: Missing return type annotation for special method __init__

Add return type annotation: None

(ANN204)

---

42-42: Missing return type annotation for private function _temp_fn

Add return type annotation: str

(ANN202)

---

119-122: Consider moving this statement to an else block

(TRY300)

---

123-123: Do not catch blind exception: Exception

(BLE001)

---

126-126: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

148-151: Consider moving this statement to an else block

(TRY300)

---

157-157: Do not catch blind exception: Exception

(BLE001)

---

160-160: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

163-163: Do not catch blind exception: Exception

(BLE001)

---

166-166: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

203-203: Do not catch blind exception: Exception

(BLE001)

---

206-206: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

209-209: Do not catch blind exception: Exception

(BLE001)

---

212-212: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

231-234: Consider moving this statement to an else block

(TRY300)

---

235-235: Do not catch blind exception: Exception

(BLE001)

---

238-238: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

266-266: Missing return type annotation for special method __init__

Add return type annotation: None

(ANN204)

---

291-291: Missing return type annotation for special method __init__

Add return type annotation: None

(ANN204)

---

291-291: Boolean-typed positional argument in function definition

(FBT001)

---

291-291: Boolean default positional argument in function definition

(FBT002)

---

293-293: Missing return type annotation for private function _temp_fn

Add return type annotation: str

(ANN202)

docker_mcp/core/transfer/archive.py

225-225: Avoid specifying long messages outside the exception class

(TRY003)

---

238-238: datetime.datetime.now() called without a tz argument

(DTZ005)

---

247-247: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

251-251: Consider [*ssh_cmd, remote_cmd] instead of concatenation

Replace with [*ssh_cmd, remote_cmd]

(RUF005)

---

271-271: Avoid specifying long messages outside the exception class

(TRY003)

---

275-280: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

281-281: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

281-281: Avoid specifying long messages outside the exception class

(TRY003)

---

281-281: f-string without any placeholders

Remove extraneous f prefix

(F541)

---

297-299: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

312-316: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

317-317: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

317-317: Avoid specifying long messages outside the exception class

(TRY003)

---

317-317: f-string without any placeholders

Remove extraneous f prefix

(F541)

---

339-341: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

363-368: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

369-369: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

---

369-369: Avoid specifying long messages outside the exception class

(TRY003)

---

369-369: f-string without any placeholders

Remove extraneous f prefix

(F541)

docker_mcp/core/migration/rollback.py

35-35: Unnecessary pass statement

Remove unnecessary pass

(PIE790)

---

174-174: Missing return type annotation for special method __init__

Add return type annotation: None

(ANN204)

---

430-434: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

436-436: Do not catch blind exception: Exception

(BLE001)

---

443-448: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

491-491: Consider moving this statement to an else block

(TRY300)

---

493-493: Do not catch blind exception: Exception

(BLE001)

---

507-507: Use explicit conversion flag

Replace with conversion flag

(RUF010)

---

531-531: Avoid specifying long messages outside the exception class

(TRY003)

---

726-726: Consider moving this statement to an else block

(TRY300)

---

728-728: Do not catch blind exception: Exception

(BLE001)

---

729-733: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

---

749-753: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

773-773: Replace aliased errors with TimeoutError

Replace with builtin TimeoutError

(UP041)

---

784-788: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

804-804: Replace aliased errors with TimeoutError

Replace with builtin TimeoutError

(UP041)

---

818-821: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

834-834: Consider moving this statement to an else block

(TRY300)

---

836-836: Replace aliased errors with TimeoutError

Replace with builtin TimeoutError

(UP041)

---

848-848: Do not catch blind exception: Exception

(BLE001)

docker_mcp/core/metrics.py

64-64: Missing return type annotation for special method __init__

Add return type annotation: None

(ANN204)

---

103-103: Boolean-typed positional argument in function definition

(FBT001)

---

169-169: Boolean-typed positional argument in function definition

(FBT001)

---

169-169: Boolean default positional argument in function definition

(FBT002)

---

197-197: Boolean-typed positional argument in function definition

(FBT001)

---

215-215: Boolean-typed positional argument in function definition

(FBT001)

---

215-215: Boolean default positional argument in function definition

(FBT002)

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Guard context creation with a per-host asyncio.Lock.

The new timeout wrapper didn’t address the original race: two coroutines can hit this block concurrently, both miss _context_cache, and both try to create the same Docker context; the second one then fails with “context already exists”. The core guidelines explicitly require protecting shared caches with asyncio.Lock. Please introduce a host-scoped lock (e.g., self._context_locks.setdefault(host_id, asyncio.Lock())) and wrap the cache checks, existence check, and _create_context(...) call in async with lock: so that only one coroutine per host performs the create/update path at a time (and mirror this pattern for the client cache). Without it, parallel operations remain flaky.

As per coding guidelines

🧰 Tools

🪛 Ruff (0.14.4)

95-95: Avoid specifying long messages outside the exception class

(TRY003)

🤖 Prompt for AI Agents

In docker_mcp/core/docker_context.py around lines 90 to 118, introduce a
per-host asyncio.Lock (e.g., self._context_locks.setdefault(host_id,
asyncio.Lock())) and acquire it with async with lock: around the shared-cache
and creation logic so the cache checks, the _context_exists check, and the
_create_context(...) call are executed atomically for a given host; inside that
critical section re-check the cache/exists after acquiring the lock and update
the cache only once creation succeeds, and apply the same host-scoped lock
pattern to the client cache paths as well to prevent concurrent coroutines from
racing to create the same context or client.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Target cleanup check misreports success

docker compose ps returns '[]' with exit code 0 when nothing is running, so the current predicate returns False even when cleanup succeeded. Please parse the JSON and ensure there are zero running containers.

-            # Success if no containers are found
-            return result.returncode != 0 or len(result.stdout.strip()) == 0
+            try:
+                containers = json.loads(result.stdout or "[]")
+            except json.JSONDecodeError:
+                return False
+
+            return all(
+                item.get("State") != "running"
+                for item in containers
+            )

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In docker_mcp/core/migration/rollback.py around lines 801 to 803, the cleanup
success check incorrectly treats an empty JSON list ('[]') with exit code 0 as
failure; instead parse result.stdout as JSON (import json if not present),
verify it is a list and check that len(parsed) == 0, and return True when the
parsed list is empty. Also handle JSON decode errors (treat as failure or fall
back to existing logic) and ensure the return value reflects success only when
the parsed container list is empty.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Critical: Environment variable exposure creates secrets leakage risk.

The env field exposes container environment variables, which commonly contain secrets (API keys, passwords, database credentials, tokens). This creates a critical security vulnerability as these values can be:

• Serialized to logs via model_dump()
• Returned through MCP API responses
• Persisted in diagnostic outputs

Additionally, none of the new fields have validation or size constraints, creating potential DoS vectors with unbounded data.

Solution 1 (Recommended): Add field-level sanitization and validation

+from pydantic import field_validator
+
 class ContainerInfo(MCPModel):
     """Information about a Docker container (minimal for type safety)."""
 
     container_id: str
     name: str
     host_id: str
     image: str | None = None
     status: str | None = None
     state: str | None = None
     ports: list[str] = Field(default_factory=list)
-    labels: dict[str, str] = Field(default_factory=dict)
-    env: list[str] = Field(default_factory=list)
-    volumes: list[str] = Field(default_factory=list)
-    networks: list[str] = Field(default_factory=list)
+    labels: dict[str, str] = Field(
+        default_factory=dict,
+        description="Container labels (metadata key-value pairs)",
+    )
+    env: list[str] = Field(
+        default_factory=list,
+        description="Container environment variables (sanitized - secrets redacted)",
+        max_length=1000,
+    )
+    volumes: list[str] = Field(
+        default_factory=list,
+        description="Container volume mounts",
+        max_length=100,
+    )
+    networks: list[str] = Field(
+        default_factory=list,
+        description="Networks the container is attached to",
+        max_length=50,
+    )
+
+    @field_validator("env", mode="before")
+    @classmethod
+    def sanitize_env(cls, v: list[str]) -> list[str]:
+        """Redact sensitive environment variable values."""
+        if not v:
+            return v
+        
+        # Common secret/sensitive env var patterns
+        sensitive_patterns = {
+            "password", "passwd", "pwd", "secret", "key", "token", 
+            "api_key", "apikey", "auth", "credential", "private"
+        }
+        
+        sanitized = []
+        for item in v:
+            if "=" in item:
+                key, _ = item.split("=", 1)
+                key_lower = key.lower()
+                # Redact if key contains sensitive pattern
+                if any(pattern in key_lower for pattern in sensitive_patterns):
+                    sanitized.append(f"{key}=***REDACTED***")
+                else:
+                    sanitized.append(item)
+            else:
+                sanitized.append(item)
+        
+        return sanitized

Solution 2 (Alternative): Remove env field entirely or make opt-in

If environment variables aren't essential for the use case, consider removing the field or requiring explicit opt-in with warnings about security implications.

Based on coding guidelines and PR security review findings.

🤖 Prompt for AI Agents

In docker_mcp/models/container.py around lines 31-34, the env field (and other
new unconstrained fields) expose sensitive environment variables and permit
unbounded data; update the model to prevent secrets leakage by (1) removing raw
string exposure: change env to a secret-safe representation (e.g., use Pydantic
SecretStr/Secret types or a map of keys to masked values) and mark it excluded
from serialization/exports, or make the field opt-in with clear warning; (2) add
validators that enforce maximum item counts and per-item length limits for env,
labels, volumes, and networks to prevent DoS (reject or truncate overly large
inputs); and (3) ensure model_dump/model_dump_json and any API/export methods
explicitly redact or exclude env contents so secrets are never logged or
returned.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Consider constraining the metadata field type.

The dict[str, Any] type provides no validation or type safety. Without constraints, this field could accumulate unbounded data or unexpected types.

Consider adding validation:

-    metadata: dict[str, Any] = Field(default_factory=dict)
+    metadata: dict[str, Any] = Field(
+        default_factory=dict,
+        description="Stack metadata and custom annotations",
+    )
+    
+    @field_validator("metadata")
+    @classmethod
+    def validate_metadata_size(cls, v: dict[str, Any]) -> dict[str, Any]:
+        """Limit metadata to prevent unbounded growth."""
+        max_keys = 100
+        if len(v) > max_keys:
+            raise ValueError(f"Metadata cannot exceed {max_keys} keys")
+        return v

Alternatively, if the metadata structure is known, use a typed model instead of dict[str, Any].

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	metadata: dict[str, Any] = Field(default_factory=dict)
	metadata: dict[str, Any] = Field(
	default_factory=dict,
	description="Stack metadata and custom annotations",
	)
	@field_validator("metadata")
	@classmethod
	def validate_metadata_size(cls, v: dict[str, Any]) -> dict[str, Any]:
	"""Limit metadata to prevent unbounded growth."""
	max_keys = 100
	if len(v) > max_keys:
	raise ValueError(f"Metadata cannot exceed {max_keys} keys")
	return v

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Kill ssh subprocesses when cleanup detail fetch times out

Inside _get_cleanup_details, the asyncio.timeout(60.0) context cancels the coroutine but the spawned ssh processes are left running whenever a command exceeds the window. We never call proc.kill()/wait(), so the task times out while the child continues to consume resources (and keeps the SSH connection open). Wrap each communicate() in its own asyncio.wait_for and ensure we kill the process on timeout so we don’t leak zombie SSH sessions.

-                containers_stdout, containers_stderr = await containers_proc.communicate()
+                try:
+                    containers_stdout, containers_stderr = await asyncio.wait_for(
+                        containers_proc.communicate(), timeout=60.0
+                    )
+                except TimeoutError:
+                    containers_proc.kill()
+                    await containers_proc.wait()
+                    raise
...
-                networks_stdout, networks_stderr = await networks_proc.communicate()
+                try:
+                    networks_stdout, networks_stderr = await asyncio.wait_for(
+                        networks_proc.communicate(), timeout=60.0
+                    )
+                except TimeoutError:
+                    networks_proc.kill()
+                    await networks_proc.wait()
+                    raise
...
-                images_stdout, images_stderr = await images_proc.communicate()
+                try:
+                    images_stdout, images_stderr = await asyncio.wait_for(
+                        images_proc.communicate(), timeout=60.0
+                    )
+                except TimeoutError:
+                    images_proc.kill()
+                    await images_proc.wait()
+                    raise

Apply the same pattern to each cleanup detail command to keep subprocess lifetimes bounded. As per coding guidelines.

🧰 Tools

🪛 Ruff (0.14.4)

1091-1099: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

1105-1105: Unpacked variable containers_stderr is never used

Prefix it with an underscore or any other dummy variable pattern

(RUF059)

---

1115-1123: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

1129-1129: Unpacked variable networks_stderr is never used

Prefix it with an underscore or any other dummy variable pattern

(RUF059)

---

1139-1146: Consider iterable unpacking instead of concatenation

Replace with iterable unpacking

(RUF005)

---

1152-1152: Unpacked variable images_stderr is never used

Prefix it with an underscore or any other dummy variable pattern

(RUF059)

🤖 Prompt for AI Agents

In docker_mcp/services/cleanup.py around lines 1090-1156 the child SSH/docker
subprocesses spawned for containers/networks/images use communicate() directly
inside a global asyncio.timeout context and can be left running if the outer
timeout cancels the coroutine; wrap each proc.communicate() call with
asyncio.wait_for(..., timeout=some_shorter_timeout) and on asyncio.TimeoutError
(or asyncio.CancelledError) call proc.kill() (or proc.terminate() if
appropriate) then await proc.wait() to reap the child, optionally capture/ignore
stdout/stderr after kill; apply the same pattern to the containers_proc,
networks_proc and images_proc invocations so no SSH subprocess is leaked when a
detail fetch times out.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Rollback closures must fail when the restart does

restart_source_stack() swallows a failed manage_stack call, so rollback records success even if the stack never comes back up. Please check the result and raise on failure (same applies to the other rollback helpers).

             async def restart_source_stack():
                 """Rollback action: Restart source stack."""
                 self.logger.info(
                     "Rollback: Restarting source stack",
                     host_id=source_host_id,
                     stack_name=stack_name
                 )
-                await self.stack_tools.manage_stack(
-                    source_host_id,
-                    stack_name,
-                    "up"
-                )
+                result = await self.stack_tools.manage_stack(
+                    source_host_id,
+                    stack_name,
+                    "up",
+                )
+                if not result.get("success", False):
+                    raise RuntimeError(
+                        f"Failed to restart source stack: {result.get('error') or 'unknown error'}"
+                    )

🧰 Tools

🪛 Ruff (0.14.4)

762-762: Missing return type annotation for private function restart_source_stack

Add return type annotation: None

(ANN202)

🤖 Prompt for AI Agents

In docker_mcp/services/stack/migration_executor.py around lines 762 to 783, the
rollback helper restart_source_stack currently calls
self.stack_tools.manage_stack but does not propagate failure; change it to
capture the result/exception from manage_stack and raise an exception (or
re-raise) when the operation indicates failure so the rollback manager records a
failed action; apply the same pattern to the other rollback helper closures
(check return value or catch exceptions, log context, and raise on non-success)
so rollback actions do not falsely report success.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Propagate failures from target cleanup rollback

cleanup_target_deployment() ignores the return payload from manage_stack, so we brag about a successful rollback while the target stack might still be up. Please validate success and raise on failure (and consider surfacing the error message).

             async def cleanup_target_deployment():
                 """Rollback action: Stop and remove target stack."""
                 self.logger.info(
                     "Rollback: Stopping target stack",
                     host_id=target_host_id,
                     stack_name=stack_name
                 )
-                await self.stack_tools.manage_stack(
-                    target_host_id,
-                    stack_name,
-                    "down"
-                )
+                result = await self.stack_tools.manage_stack(
+                    target_host_id,
+                    stack_name,
+                    "down",
+                )
+                if not result.get("success", False):
+                    raise RuntimeError(
+                        f"Failed to stop target stack: {result.get('error') or 'unknown error'}"
+                    )

🧰 Tools

🪛 Ruff (0.14.4)

929-929: Missing return type annotation for private function cleanup_target_deployment

Add return type annotation: None

(ANN202)

🤖 Prompt for AI Agents

In docker_mcp/services/stack/migration_executor.py around lines 929 to 949, the
cleanup_target_deployment() rollback action currently ignores the return value
from self.stack_tools.manage_stack so a failed stop may be reported as
successful; modify cleanup_target_deployment to await manage_stack, inspect the
returned payload (e.g., result.get("success") or similar), and if it indicates
failure raise an exception containing the error message/details from the payload
(or a composed message including host_id and stack_name) so the rollback manager
sees the failure and logs/surfaces the underlying error.