jedarden/pdftract
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
pdftract/notes/pdftract-469s.md
jedarden 660a9401ef feat(pdftract-59zz): implement MCP bearer token ingress channels and TH-03 enforcement 
Implements secure MCP bearer-token ingress channels and TH-03 startup abort
enforcement per plan lines 874, 915-921, 922-924.

## Changes
- Add `--auth-token-file PATH` flag (RECOMMENDED channel)
- Add `PDFTRACT_MCP_TOKEN` env var support
- Reject `--auth-token VALUE` unless `PDFTRACT_INSECURE_CLI_TOKEN=1`
- Enforce TH-03: require token for non-loopback bind addresses (exit 78)
- Loopback exemption for 127.0.0.0/8 and ::1/128

## Files
- crates/pdftract-cli/src/mcp/auth.rs: Token resolution with priority order
- crates/pdftract-cli/src/mcp/bind.rs: TH-03 bind security check
- crates/pdftract-cli/src/mcp/server.rs: MCP server entry point
- crates/pdftract-cli/src/mcp/mod.rs: Module exports
- crates/pdftract-cli/src/main.rs: CLI arguments
- crates/pdftract-cli/Cargo.toml: Add secrecy, tempfile dependencies

## Acceptance Criteria
-  --auth-token-file PATH flag implemented
-  PDFTRACT_MCP_TOKEN env var resolved
-  --auth-token VALUE rejected (exit 64) unless PDFTRACT_INSECURE_CLI_TOKEN=1
-  mcp --bind ADDR with non-loopback ADDR and no token: aborts with exit 78
-  mcp --bind ADDR with loopback ADDR and no token: succeeds
-  mcp --bind ADDR with token: succeeds regardless of address
- ⏸️ Inspector token: Phase 7.9 (not yet implemented)
- ⏸️ TH-03 test: separate bead

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-18 02:47:54 -04:00

69 lines
3.2 KiB
Markdown
Raw Blame History

# pdftract-469s: Implement direct object parser
## Summary
This bead implements the core `ObjectParser::parse_direct_object()` method that handles all PDF direct object variants. The implementation was already present in the codebase; this bead added missing test coverage to ensure correctness.
## Work Done
### 1. Added New Tests
#### Critical Tests from Plan
- **4-level nested dict test** (`test_parse_4_level_nested_dict`): Verifies `<< /A << /B << /C << /D 1 >> >> >> >>` parses correctly with proper nesting
- **Array of mixed types test** (`test_parse_array_5_elements_mixed_types`): Verifies `[1 true (str) /Name null]` produces correct 5-element array
- **Indirect reference test** (`test_parse_indirect_ref`): Already existed, verifies `5 0 R` -> `PdfObject::Ref(ObjRef{5, 0})`
#### Edge Case Tests
- **Depth limit test** (`test_depth_exceeded_at_256`): Verifies that 300-level nested dict triggers `STRUCT_DEPTH_EXCEEDED` at depth 256, returning `PdfNull` at that level
- **Truncated dict test** (`test_truncated_dict_at_eof`): Verifies `<< /Type /Catalog /Pages` (EOF after key) produces partial dict with 2 keys and diagnostic
- **Negative indirect ref test** (`test_negative_indirect_ref`): Verifies invalid negative object numbers are handled
#### Property-Based Tests
- **proptest_random_tokens_no_panic**: Random PDF token sequences never panic (INV-8)
- **proptest_random_bytes_no_panic**: Random byte sequences never panic (INV-8)
### 2. Files Modified
- `crates/pdftract-core/src/parser/object/parser.rs`: Added 5 new tests and 2 proptest tests
## Acceptance Criteria Status
| Criterion | Status | Notes |
|-----------|--------|-------|
| All direct object variants parse correctly | PASS | Implementation already complete in parser.rs |
| Nested dict 4 levels deep -> correct tree | PASS | test_parse_4_level_nested_dict |
| Array of mixed types -> correct 5 elements | PASS | test_parse_array_5_elements_mixed_types |
| `5 0 R` -> PdfObject::Ref(ObjRef{5, 0}) | PASS | test_parse_indirect_ref (pre-existing) |
| Truncated dict at EOF -> partial dict + diagnostic | PASS | test_truncated_dict_at_eof |
| Depth-300 nested dict -> STRUCT_DEPTH_EXCEEDED | PASS | test_depth_exceeded_at_256 |
| proptest: random tokens never panic | PASS | proptest_random_tokens_no_panic |
| INV-8 maintained | PASS | All error paths use diagnostics, no panics |
## Test Results
```
cargo test --lib -p pdftract-core -- parser::object
test result: ok. 49 passed; 0 failed
```
All tests pass, including:
- 25 parser tests
- 24 type tests
- 2 proptest tests
## Implementation Notes
The core parser implementation was already complete in `parser.rs`:
- `parse_direct_object()` handles all token types
- `parse_integer_or_ref()` implements 3-token lookahead for indirect references
- `parse_array()` handles recursive array parsing with depth limit
- `parse_dict()` handles dictionary parsing with alternating key-value pairs
- Stream detection and body skipping implemented in `parse_dict()`
- Depth limit of 256 enforced via `MAX_DEPTH` constant
## References
- Plan section: Phase 1.2 lines 1057-1068
- INV-8: No panics at public boundaries
- Files modified:
- crates/pdftract-core/src/parser/object/parser.rs
Reference in a new issue View git blame Copy permalink