fix: resolve MCP protocol and file validation issues

[trsdn]

Summary

• fix OOXML validation so DOCX/XLSX/PPTX ZIP containers are not sent through XML sanitization
• add MARKITDOWN_SAFE_DIRS support and make safe-directory initialization robust when home cannot be resolved
• make tools/list schema compatible with Claude/Anthropic clients and stop responding to JSON-RPC notifications
• configure stdio for UTF-8/LF startup behavior and stabilize fragile performance thresholds

Validation

• python3 -m ruff check .
• PATH="/Library/Frameworks/Python.framework/Versions/3.12/bin:$PATH" python3 -m pytest -q

Refs #36
Refs #38
Closes #40

Acknowledgements

Thanks to @kdjkdjkdj for opening #37 and #39 with the Windows/MCP protocol fixes and configurable safe-directory work, and to @pagatino-afk for opening #41 with the Office Open XML corruption fix. Those contributions helped identify and validate the issues consolidated in this PR.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[github-actions]

🔍 PR Analysis Results

PR: #44 | Commit: ca3a2f0c4ce7b40514261368091aeae50d93ab79

🎨 Code Formatting

✅ All files properly formatted

🔧 Code Linting

✅ No linting issues found

📝 Type Checking

❌ Type checking issues found

Click to see type issues

usage: mypy [-h] [-v] [-V] [more options; see below]
            [-m MODULE] [-p PACKAGE] [-c PROGRAM_TEXT] [files ...]
mypy: error: unrecognized arguments: --json-report mypy_report.json

Fix: Add proper type annotations and resolve type errors

🔒 Security Analysis

✅ No security issues detected

📊 Test Coverage Analysis

✅ Coverage 82.02247191011236% meets 80% requirement

🧹 Dead Code Analysis

✅ Dead code analysis completed

📋 Summary

⚠️ Found 1 issue(s) that should be addressed:

• 📝 Types: Issues found

🔧 Quick Fix Commands:

# Fix formatting and auto-fixable linting issues
ruff format .
ruff check . --fix

# Run tests with coverage
pytest tests/unit/ --cov=markitdown_mcp --cov-report=term-missing

# Check security
bandit -r markitdown_mcp/

---

This analysis was automatically generated by the PR feedback workflow.
Report generated at 2026-06-10 10:48:21 UTC

[github-actions]

🔍 CI Quality Gates Summary

Overall Status: ✅ All Passed

Check	Status	Details	Action Required
🎨 Format	✅ Passed	ruff format check	None
🔧 Lint	✅ Passed	ruff linting	None
📝 Types	✅ Passed	mypy type checking	None
🧪 Tests	✅ Passed	Unit tests	None
📊 Coverage	82.0%	Minimum: 80%	None
🔌 MCP	✅ Valid	Protocol compliance	None
🔒 Security	✅ Clean	Dependency audit	None

🔗 Quick Links

• View detailed analysis
• See workflow logs

🛠️ Quick Fix Commands

# Fix most issues automatically
ruff format .
ruff check . --fix

# Run tests locally
pytest tests/unit/ --cov=markitdown_mcp

# Check types
mypy markitdown_mcp

---

Last updated: 2026-06-10 10:49:24 UTC

[github-actions]

🔍 PR Quality Summary

CI Status

✅ Security: success
✅ Docs: success
✅ Tests: success

Metrics

Metric	Value	Trend
📊 Coverage	N/A	-
🧪 Tests	Test results unavailable	-
⏱️ Performance	No performance data	-

Quality Checks

• Format & Lint: Ruff formatting and linting
• Type Safety: MyPy strict type checking
• Security: Bandit, Safety, GitLeaks scanning
• MCP Protocol: Tool schema validation
• Documentation: Docstring coverage (80%+)

MCP Tools

• convert_file - Convert individual files to Markdown
• convert_directory - Batch convert directories
• list_supported_formats - Query supported file types

---

_{🤖 Auto-generated by CI • Last updated: 2026-06-10 10:52 UTC}