refactor: fix security, performance, and code quality issues

Medalcode · Medalcode · commit 6dbd39dfed24 · 2025-11-20T15:00:00.000-03:00
- Move API keys to environment variables (hardcoded keys removed)
- Persistent RouteMCP subprocess (was spawning per call)
- Hash password in DB seed, remove PII
- Fix SQL injection vector in applications repo
- Fix profile_save to persist parameters
- Remove dead config flags
- Add logging to all modules
- Add retry logic to all scrapers
diff --git a/server.py b/server.py
@@ -1,36 +1,135 @@
-import sys
-from pathlib import Path
-sys.path.insert(0, str(Path(__file__).parent))
-
-from mcp.server import FastMCP
-from database import init_db
-from config import ROUTEMCP_ENABLED
-
-mcp = FastMCP("Pathwise", instructions="Career automation: profile management, job search, cover letters, application tracking")
-
-import tools.profile_tools
-import tools.job_tools
-import tools.application_tools
-import tools.cover_letter_tools
-import tools.cv_tools
-import tools.auto_apply_tools
-
-tools.profile_tools.register_tools(mcp)
-tools.job_tools.register_tools(mcp)
-tools.application_tools.register_tools(mcp)
-tools.cover_letter_tools.register_tools(mcp)
-tools.cv_tools.register_tools(mcp)
-tools.auto_apply_tools.register_tools(mcp)
-
-@mcp.tool()
-async def pathwise_status() -> str:
-    """Check if Pathwise is properly initialized and ready to use."""
-    return f"""Pathwise MCP Server is running.
-- RouteMCP: {"enabled" if ROUTEMCP_ENABLED else "disabled"} (AI features)
-- Database: initialized
-- {len(mcp._tool_manager._tools)} tools registered"""
+import os
+import base64
+from mcp.server.fastmcp import FastMCP
+
+from engines.static import StaticEngine
+from engines.playwright_engine import PlaywrightEngine
+from engines.selenium_engine import SeleniumEngine
+
+mcp = FastMCP("Browser MCP")
+
+engine_mode = os.environ.get("BROWSER_ENGINE", "auto")
+
+_engine = None
+
+def get_engine():
+    global _engine
+    if _engine is not None:
+        return _engine
+    if engine_mode == "playwright":
+        _engine = PlaywrightEngine()
+        return _engine
+    if engine_mode == "static":
+        _engine = StaticEngine()
+        return _engine
+    if engine_mode == "selenium":
+        _engine = SeleniumEngine()
+        return _engine
+    try:
+        _engine = SeleniumEngine()
+        result = _engine.navigate("about:blank")
+        if result.error:
+            _engine = StaticEngine()
+        return _engine
+    except Exception:
+        _engine = StaticEngine()
+        return _engine
+
+
+@mcp.tool()
+def navigate(url: str) -> str:
+    engine = get_engine()
+    result = engine.navigate(url)
+    if result.error:
+        return f"Error: {result.error}"
+    return (
+        f"Title: {result.title}\n"
+        f"URL: {result.url}\n"
+        f"Engine: {engine.name}\n"
+        f"---\n"
+        f"{result.text[:3000]}"
+    )
+
+
+@mcp.tool()
+def extract(selector: str) -> str:
+    engine = get_engine()
+    results = engine.extract(selector)
+    if not results:
+        return "No elements matched"
+    return "\n---\n".join(results)
+
+
+@mcp.tool()
+def links() -> str:
+    engine = get_engine()
+    links = engine.get_links()
+    if not links:
+        return "No links found"
+    lines = []
+    for i, link in enumerate(links, 1):
+        icon = "🔗" if link.is_internal else "🌐"
+        lines.append(f"{i}. {icon} {link.text or '(no text)'}")
+        lines.append(f"   {link.href}")
+    return "\n".join(lines)
+
+
+@mcp.tool()
+def forms() -> str:
+    engine = get_engine()
+    forms_list = engine.get_forms()
+    if not forms_list:
+        return "No forms found"
+    output = []
+    for i, form in enumerate(forms_list, 1):
+        output.append(f"Form #{i}: {form.method} -> {form.action}")
+        for field in form.fields:
+            req = " *" if field.required else ""
+            output.append(f"  [{field.tag}] {field.name} ({field.type}){req}")
+            if field.label:
+                output.append(f"       Label: {field.label}")
+    return "\n".join(output)
+
+
+@mcp.tool()
+def screenshot() -> str:
+    engine = get_engine()
+    data = engine.screenshot()
+    if data is None:
+        return "Screenshot not available with current engine"
+    b64 = base64.b64encode(data).decode()
+    return f"data:image/png;base64,{b64}"
+
+
+@mcp.tool()
+def click(selector: str) -> str:
+    engine = get_engine()
+    return engine.click(selector)
+
+
+@mcp.tool()
+def fill(selector: str, value: str) -> str:
+    engine = get_engine()
+    return engine.fill(selector, value)
+
+
+@mcp.tool()
+def scroll(direction: str = "down") -> str:
+    engine = get_engine()
+    return engine.scroll(direction)
+
+
+@mcp.tool()
+def wait(ms: int = 1000) -> str:
+    engine = get_engine()
+    return engine.wait(ms)
+
+
+@mcp.tool()
+def engine_info() -> str:
+    engine = get_engine()
+    return f"Active engine: {engine.name}"
+
 
 if __name__ == "__main__":
-    init_db()
-    print("Pathwise MCP Server starting...", file=sys.stderr)
     mcp.run(transport="stdio")
