From a175d33e6ee84a8c43eda69f819a4c9a8ece026b Mon Sep 17 00:00:00 2001 From: Chirag Aggarwal Date: Fri, 3 Jul 2026 10:08:02 +0530 Subject: [PATCH 1/2] (fix): skip uv re-sync at container startup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The image CMD used 'uv run' without --no-sync, so every container start re-resolved the environment — installing the dev group (ruff, black, pyright) from PyPI and re-bytecode-compiling ~3900 files. This burned 30-60s of full-core CPU before the server bound port 8000, which in production caused liveness-probe kills during startup, CPU starvation of sibling pods (their /healthz exceeded the 3s probe timeout), HPA scale-ups from the compile CPU spike, and dropped in-flight MCP requests on every kill. With --no-sync, uv runs the entrypoint from the venv baked at build time (uv sync --frozen --no-dev), so cold start is ~1s and the runtime no longer depends on PyPI availability. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 98754ae..333cf39 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,4 +20,4 @@ ENV HOST=0.0.0.0 \ EXPOSE 8000 -CMD ["uv", "run", "mcp-server-appwrite", "--transport", "http"] +CMD ["uv", "run", "--no-sync", "mcp-server-appwrite", "--transport", "http"] From 8fa97f30299fec808254f38d011525dc3b66a6f9 Mon Sep 17 00:00:00 2001 From: Chirag Aggarwal Date: Fri, 3 Jul 2026 10:09:14 +0530 Subject: [PATCH 2/2] (fix): drop project:all and organization:all from preferred OAuth scopes The console 'all' scope already covers project and organization access, so advertising the finer-grained aliases is redundant. --- src/mcp_server_appwrite/constants.py | 2 -- tests/unit/test_auth.py | 5 +---- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/src/mcp_server_appwrite/constants.py b/src/mcp_server_appwrite/constants.py index 5ac3207..5501818 100644 --- a/src/mcp_server_appwrite/constants.py +++ b/src/mcp_server_appwrite/constants.py @@ -55,8 +55,6 @@ "profile", "email", "all", - "project:all", - "organization:all", ] DISCOVERY_TTL_SECONDS = 300.0 diff --git a/tests/unit/test_auth.py b/tests/unit/test_auth.py index 439ce33..b69ba5c 100644 --- a/tests/unit/test_auth.py +++ b/tests/unit/test_auth.py @@ -92,10 +92,7 @@ def test_advertised_scopes_prefer_curated_subset(self): scopes = asyncio.run(auth.protected_resource_metadata())["scopes_supported"] finally: auth._discovery_cache.pop(pid, None) - self.assertEqual( - scopes, - ["openid", "profile", "email", "all", "project:all", "organization:all"], - ) + self.assertEqual(scopes, ["openid", "profile", "email", "all"]) def test_advertised_scopes_drop_preferred_scopes_missing_from_discovery(self): pid = auth.configured_project_id()