# Boundary & Risk Card Project: modelcontextprotocol/python-sdk ## Doramagic Trial Decision Current decision: it can enter pre-publication recommendation checks. First use should still start with least privilege, a temporary directory, and reversible configuration. ## What The User Can Do Now - Read the Human Manual first to understand the project purpose and main workflows. - Use Prompt Preview for pre-install exploration; it validates interaction shape, not real execution. - Run official Quick Start commands only inside an isolated environment, not a primary setup. ## Do Not Do Yet - Do not treat Prompt Preview as a real project execution result. - Do not treat metadata-only validation as sandbox installation validation. - Do not describe unverified capabilities as supported, working, or safe to install. - Do not provide production data, private files, real secrets, or primary host configuration on first trial. ## Pre-Install Checklist - Host AI match: local_cli - Official installation entry status: official entry point found - Isolated temporary directory, temporary host, or container validation: required - Configuration rollback path: required - API keys, network access, file access, or host configuration changes: treat as high risk until confirmed - Installation command, actual output, and failure logs: must be recorded ## Current Blockers - No blockers. ## Project-Specific Pitfalls - 来源证据:Duplicate `initialize` with changed parameters can overwrite `ServerSession.client_params` (high): 可能增加新用户试用和生产接入成本。 Suggested check: 来源问题仍为 open,Pack Agent 需要复核是否仍影响当前版本。 - 来源证据:Streamable HTTP server silently drops in-flight request when client reuses a JSON-RPC id (high): 可能增加新用户试用和生产接入成本。 Suggested check: 来源问题仍为 open,Pack Agent 需要复核是否仍影响当前版本。 - 来源证据:streamable_http_client: one concurrent request HTTPStatusError tears down sibling requests (high): 可能增加新用户试用和生产接入成本。 Suggested check: 来源问题仍为 open,Pack Agent 需要复核是否仍影响当前版本。 - 来源证据:FastMCP crashes when tool return type uses Python 3.10+ `A | B | C` union syntax (high): 可能阻塞安装或首次运行。 Suggested check: 来源问题仍为 open,Pack Agent 需要复核是否仍影响当前版本。 - 来源证据:Feature Proposal: Secure Tool/Resource/Prompt Decorators with Auth + Encrypted I/O (high): 可能影响授权、密钥配置或安全边界。 Suggested check: 来源问题仍为 open,Pack Agent 需要复核是否仍影响当前版本。 ## Risk And Permission Notes - no_demo: medium ## Evidence Gaps - No structured evidence gaps are currently visible.