# Pitfall Log / 踩坑日志 项目:PrefectHQ/fastmcp 摘要:发现 33 个潜在踩坑项,其中 12 个为 high/blocking;最高优先级:安装坑 - 来源证据:RecursionError in json_schema_to_type on self-referential $ref in tool outputSchema。 ## 1. 安装坑 · 来源证据:RecursionError in json_schema_to_type on self-referential $ref in tool outputSchema - 严重度:high - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个安装相关的待验证问题:RecursionError in json_schema_to_type on self-referential $ref in tool outputSchema - 对用户的影响:可能增加新用户试用和生产接入成本。 - 证据:community_evidence:github | https://github.com/PrefectHQ/fastmcp/issues/4306 | 来源讨论提到 python 相关条件,需在安装/试用前复核。 ## 2. 安装坑 · 来源证据:Upgrade checks failing on main branch - 严重度:high - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个安装相关的待验证问题:Upgrade checks failing on main branch - 对用户的影响:可能阻塞安装或首次运行。 - 证据:community_evidence:github | https://github.com/PrefectHQ/fastmcp/issues/4241 | 来源类型 github_issue 暴露的待验证使用条件。 ## 3. 安装坑 · 来源证据:caching middleware broken - 严重度:high - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个安装相关的待验证问题:caching middleware broken - 对用户的影响:可能阻塞安装或首次运行。 - 证据:community_evidence:github | https://github.com/PrefectHQ/fastmcp/issues/4300 | 来源讨论提到 python 相关条件,需在安装/试用前复核。 ## 4. 配置坑 · 来源证据:FastMCP StatefulProxyClient.clear() can cause KeyError during proxy session teardown - 严重度:high - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个配置相关的待验证问题:FastMCP StatefulProxyClient.clear() can cause KeyError during proxy session teardown - 对用户的影响:可能阻塞安装或首次运行。 - 证据:community_evidence:github | https://github.com/PrefectHQ/fastmcp/issues/4321 | 来源讨论提到 python 相关条件,需在安装/试用前复核。 ## 5. 配置坑 · 来源证据:feat: hook or factory for customizing tool timeout error messages and types - 严重度:high - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个配置相关的待验证问题:feat: hook or factory for customizing tool timeout error messages and types - 对用户的影响:可能增加新用户试用和生产接入成本。 - 证据:community_evidence:github | https://github.com/PrefectHQ/fastmcp/issues/4305 | 来源讨论提到 python 相关条件,需在安装/试用前复核。 ## 6. 维护坑 · 来源证据:expand_uri_template and match_uri_template do not round-trip path values containing reserved characters - 严重度:high - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个维护/版本相关的待验证问题:expand_uri_template and match_uri_template do not round-trip path values containing reserved characters - 对用户的影响:可能影响升级、迁移或版本选择。 - 证据:community_evidence:github | https://github.com/PrefectHQ/fastmcp/issues/4326 | 来源讨论提到 python 相关条件,需在安装/试用前复核。 ## 7. 安全/权限坑 · 失败模式:security_permissions: No guardrails against destructive tool capabilities (shell exec, file deletion, env access) - 严重度:high - 证据强度:source_linked - 发现:Developers should check this security_permissions risk before relying on the project: No guardrails against destructive tool capabilities (shell exec, file deletion, env access) - 对用户的影响:Developers may expose sensitive permissions or credentials: No guardrails against destructive tool capabilities (shell exec, file deletion, env access) - 证据:failure_mode_cluster:github_issue | https://github.com/PrefectHQ/fastmcp/issues/4318 | No guardrails against destructive tool capabilities (shell exec, file deletion, env access) ## 8. 安全/权限坑 · 失败模式:security_permissions: on_message middleware not called for unauthenticated requests - 严重度:high - 证据强度:source_linked - 发现:Developers should check this security_permissions risk before relying on the project: on_message middleware not called for unauthenticated requests - 对用户的影响:Developers may expose sensitive permissions or credentials: on_message middleware not called for unauthenticated requests - 证据:failure_mode_cluster:github_issue | https://github.com/PrefectHQ/fastmcp/issues/4309 | on_message middleware not called for unauthenticated requests ## 9. 安全/权限坑 · 来源证据:No guardrails against destructive tool capabilities (shell exec, file deletion, env access) - 严重度:high - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题:No guardrails against destructive tool capabilities (shell exec, file deletion, env access) - 对用户的影响:可能影响升级、迁移或版本选择。 - 证据:community_evidence:github | https://github.com/PrefectHQ/fastmcp/issues/4318 | 来源讨论提到 python 相关条件,需在安装/试用前复核。 ## 10. 安全/权限坑 · 来源证据:RateLimitingMiddleware.get_client_id passing an async callable silently disables rate limiting - 严重度:high - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题:RateLimitingMiddleware.get_client_id passing an async callable silently disables rate limiting - 对用户的影响:可能影响授权、密钥配置或安全边界。 - 证据:community_evidence:github | https://github.com/PrefectHQ/fastmcp/issues/4320 | 来源讨论提到 python 相关条件,需在安装/试用前复核。 ## 11. 安全/权限坑 · 来源证据:feat: FastMCP(default_tool_timeout=...) for server-wide tool timeout default - 严重度:high - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题:feat: FastMCP(default_tool_timeout=...) for server-wide tool timeout default - 对用户的影响:可能影响授权、密钥配置或安全边界。 - 证据:community_evidence:github | https://github.com/PrefectHQ/fastmcp/issues/4304 | 来源讨论提到 python 相关条件,需在安装/试用前复核。 ## 12. 安全/权限坑 · 来源证据:on_message middleware not called for unauthenticated requests - 严重度:high - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题:on_message middleware not called for unauthenticated requests - 对用户的影响:可能影响授权、密钥配置或安全边界。 - 证据:community_evidence:github | https://github.com/PrefectHQ/fastmcp/issues/4309 | 来源讨论提到 python 相关条件,需在安装/试用前复核。 ## 13. 安装坑 · 失败模式:installation: Upgrade checks failing on main branch - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this installation risk before relying on the project: Upgrade checks failing on main branch - 对用户的影响:Developers may fail before the first successful local run: Upgrade checks failing on main branch - 证据:failure_mode_cluster:github_issue | https://github.com/PrefectHQ/fastmcp/issues/4241 | Upgrade checks failing on main branch ## 14. 安装坑 · 失败模式:installation: caching middleware broken - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this installation risk before relying on the project: caching middleware broken - 对用户的影响:Developers may fail before the first successful local run: caching middleware broken - 证据:failure_mode_cluster:github_issue | https://github.com/PrefectHQ/fastmcp/issues/4300 | caching middleware broken ## 15. 安装坑 · 失败模式:installation: v3.3.1: Loop There It Is - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this installation risk before relying on the project: v3.3.1: Loop There It Is - 对用户的影响:Upgrade or migration may change expected behavior: v3.3.1: Loop There It Is - 证据:failure_mode_cluster:github_release | https://github.com/PrefectHQ/fastmcp/releases/tag/v3.3.1 | v3.3.1: Loop There It Is ## 16. 安装坑 · 失败模式:installation: v3.4.0: Remote Control - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this installation risk before relying on the project: v3.4.0: Remote Control - 对用户的影响:Upgrade or migration may change expected behavior: v3.4.0: Remote Control - 证据:failure_mode_cluster:github_release | https://github.com/PrefectHQ/fastmcp/releases/tag/v3.4.0 | v3.4.0: Remote Control ## 17. 安装坑 · 失败模式:installation: v3.4.1: Floor It - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this installation risk before relying on the project: v3.4.1: Floor It - 对用户的影响:Upgrade or migration may change expected behavior: v3.4.1: Floor It - 证据:failure_mode_cluster:github_release | https://github.com/PrefectHQ/fastmcp/releases/tag/v3.4.1 | v3.4.1: Floor It ## 18. 配置坑 · 失败模式:configuration: CIMD redirect_uri validation rejects loopback URIs with dynamic ports (RFC 8252 §7.3) - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this configuration risk before relying on the project: CIMD redirect_uri validation rejects loopback URIs with dynamic ports (RFC 8252 §7.3) - 对用户的影响:Developers may misconfigure credentials, environment, or host setup: CIMD redirect_uri validation rejects loopback URIs with dynamic ports (RFC 8252 §7.3) - 证据:failure_mode_cluster:github_issue | https://github.com/PrefectHQ/fastmcp/issues/3588 | CIMD redirect_uri validation rejects loopback URIs with dynamic ports (RFC 8252 §7.3) ## 19. 配置坑 · 失败模式:configuration: feat: FastMCP(default_tool_timeout=...) for server-wide tool timeout default - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this configuration risk before relying on the project: feat: FastMCP(default_tool_timeout=...) for server-wide tool timeout default - 对用户的影响:Developers may misconfigure credentials, environment, or host setup: feat: FastMCP(default_tool_timeout=...) for server-wide tool timeout default - 证据:failure_mode_cluster:github_issue | https://github.com/PrefectHQ/fastmcp/issues/4304 | feat: FastMCP(default_tool_timeout=...) for server-wide tool timeout default ## 20. 配置坑 · 失败模式:configuration: feat: hook or factory for customizing tool timeout error messages and types - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this configuration risk before relying on the project: feat: hook or factory for customizing tool timeout error messages and types - 对用户的影响:Developers may misconfigure credentials, environment, or host setup: feat: hook or factory for customizing tool timeout error messages and types - 证据:failure_mode_cluster:github_issue | https://github.com/PrefectHQ/fastmcp/issues/4305 | feat: hook or factory for customizing tool timeout error messages and types ## 21. 配置坑 · 失败模式:configuration: v3.4.0b1: Remote Possibility - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this configuration risk before relying on the project: v3.4.0b1: Remote Possibility - 对用户的影响:Upgrade or migration may change expected behavior: v3.4.0b1: Remote Possibility - 证据:failure_mode_cluster:github_release | https://github.com/PrefectHQ/fastmcp/releases/tag/v3.4.0b1 | v3.4.0b1: Remote Possibility ## 22. 配置坑 · 失败模式:configuration: v3.4.2: Heads Up - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this configuration risk before relying on the project: v3.4.2: Heads Up - 对用户的影响:Upgrade or migration may change expected behavior: v3.4.2: Heads Up - 证据:failure_mode_cluster:github_release | https://github.com/PrefectHQ/fastmcp/releases/tag/v3.4.2 | v3.4.2: Heads Up ## 23. 能力坑 · 能力判断依赖假设 - 严重度:medium - 证据强度:source_linked - 发现:README/documentation is current enough for a first validation pass. - 对用户的影响:假设不成立时,用户拿不到承诺的能力。 - 证据:capability.assumptions | https://github.com/PrefectHQ/fastmcp | README/documentation is current enough for a first validation pass. ## 24. 运行坑 · 失败模式:runtime: FastMCP StatefulProxyClient.clear() can cause KeyError during proxy session teardown - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this runtime risk before relying on the project: FastMCP StatefulProxyClient.clear() can cause KeyError during proxy session teardown - 对用户的影响:Developers may hit a documented source-backed failure mode: FastMCP StatefulProxyClient.clear() can cause KeyError during proxy session teardown - 证据:failure_mode_cluster:github_issue | https://github.com/PrefectHQ/fastmcp/issues/4321 | FastMCP StatefulProxyClient.clear() can cause KeyError during proxy session teardown ## 25. 运行坑 · 失败模式:runtime: RateLimitingMiddleware.get_client_id passing an async callable silently disables rate limiting - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this runtime risk before relying on the project: RateLimitingMiddleware.get_client_id passing an async callable silently disables rate limiting - 对用户的影响:Developers may hit a documented source-backed failure mode: RateLimitingMiddleware.get_client_id passing an async callable silently disables rate limiting - 证据:failure_mode_cluster:github_issue | https://github.com/PrefectHQ/fastmcp/issues/4320 | RateLimitingMiddleware.get_client_id passing an async callable silently disables rate limiting ## 26. 运行坑 · 失败模式:runtime: RecursionError in json_schema_to_type on self-referential $ref in tool outputSchema - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this runtime risk before relying on the project: RecursionError in json_schema_to_type on self-referential $ref in tool outputSchema - 对用户的影响:Developers may hit a documented source-backed failure mode: RecursionError in json_schema_to_type on self-referential $ref in tool outputSchema - 证据:failure_mode_cluster:github_issue | https://github.com/PrefectHQ/fastmcp/issues/4306 | RecursionError in json_schema_to_type on self-referential $ref in tool outputSchema ## 27. 维护坑 · 失败模式:migration: expand_uri_template and match_uri_template do not round-trip path values containing reserved... - 严重度:medium - 证据强度:source_linked - 发现:Developers should check this migration risk before relying on the project: expand_uri_template and match_uri_template do not round-trip path values containing reserved characters - 对用户的影响:Developers may hit a documented source-backed failure mode: expand_uri_template and match_uri_template do not round-trip path values containing reserved characters - 证据:failure_mode_cluster:github_issue | https://github.com/PrefectHQ/fastmcp/issues/4326 | expand_uri_template and match_uri_template do not round-trip path values containing reserved characters ## 28. 维护坑 · 维护活跃度未知 - 严重度:medium - 证据强度:source_linked - 发现:未记录 last_activity_observed。 - 对用户的影响:新项目、停更项目和活跃项目会被混在一起,推荐信任度下降。 - 证据:evidence.maintainer_signals | https://github.com/PrefectHQ/fastmcp | last_activity_observed missing - 严重度:medium - 证据强度:source_linked - 发现:no_demo - 证据:downstream_validation.risk_items | https://github.com/PrefectHQ/fastmcp | no_demo; severity=medium ## 30. 安全/权限坑 · 存在评分风险 - 严重度:medium - 证据强度:source_linked - 发现:no_demo - 对用户的影响:风险会影响是否适合普通用户安装。 - 证据:risks.scoring_risks | https://github.com/PrefectHQ/fastmcp | no_demo; severity=medium ## 31. 安全/权限坑 · 来源证据:CIMD redirect_uri validation rejects loopback URIs with dynamic ports (RFC 8252 §7.3) - 严重度:medium - 证据强度:source_linked - 发现:GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题:CIMD redirect_uri validation rejects loopback URIs with dynamic ports (RFC 8252 §7.3) - 对用户的影响:可能影响授权、密钥配置或安全边界。 - 证据:community_evidence:github | https://github.com/PrefectHQ/fastmcp/issues/3588 | 来源讨论提到 python 相关条件,需在安装/试用前复核。 ## 32. 维护坑 · issue/PR 响应质量未知 - 严重度:low - 证据强度:source_linked - 发现:issue_or_pr_quality=unknown。 - 对用户的影响:用户无法判断遇到问题后是否有人维护。 - 证据:evidence.maintainer_signals | https://github.com/PrefectHQ/fastmcp | issue_or_pr_quality=unknown ## 33. 维护坑 · 发布节奏不明确 - 严重度:low - 证据强度:source_linked - 发现:release_recency=unknown。 - 对用户的影响:安装命令和文档可能落后于代码,用户踩坑概率升高。 - 证据:evidence.maintainer_signals | https://github.com/PrefectHQ/fastmcp | release_recency=unknown