Describe the Bug
The filter_sensitive_fields output policy action throws a 'TypeSchema' object has no attribute 'get' error when used. The policy action fails during output policy evaluation because nested Pydantic models are not converted to dictionaries.
To Reproduce
Steps to reproduce the behavior:
- Create a tool with
sensitive: true fields in the return type
- Add an output policy with
action: filter_sensitive_fields
- Run a test with
user_context
- See error
Expected Behavior
The filter_sensitive_fields action should filter out fields marked as sensitive: true from the response when the policy condition is met.
Environment
- MXCP Version: latest from pip
- Python Version: 3.11+
- Operating System: Any
- Installation Method: pip
Configuration
# tool definition
return:
type: object
properties:
salary:
type: number
sensitive: true
policies:
output:
- condition: "user.role != 'admin'"
action: filter_sensitive_fieldsError Output
'TypeSchema' object has no attribute 'get'
Additional Context
Root Cause Analysis:
The bug is in enforcer.py:483-494. The _filter_sensitive_fields method expects a dict[str, Any] and calls type_def.get("sensitive", False):
# enforcer.py:483
def _filter_sensitive_fields(self, data: Any, type_def: dict[str, Any]) -> Any:
if type_def.get("sensitive", False): # <-- This line fails
return NoneBut the caller at enforcer.py:378-382 passes endpoint_def["return"] which comes from service.py:255:
component_dict = component.model_dump(mode="python", exclude_unset=True)
When using mode="python", nested Pydantic models like TypeSchemaModel are NOT converted to dicts - they remain as Pydantic model instances. Pydantic models don't have a .get() method.
Fix Options:
- Change
service.py:255 to use mode="json" which recursively converts to dicts
- Change
enforcer.py to use attribute access (type_def.sensitive) instead of .get()
- Call
.model_dump() on nested models before passing to _filter_sensitive_fields
Location in code:
mxcp.sdk.policy.enforcer during output policy evaluationenforcer.py:483-494service.py:255
This happens consistently when using the filter_sensitive_fields policy action.
Describe the Bug
The
filter_sensitive_fieldsoutput policy action throws a'TypeSchema' object has no attribute 'get'error when used. The policy action fails during output policy evaluation because nested Pydantic models are not converted to dictionaries.To Reproduce
Steps to reproduce the behavior:
sensitive: truefields in the return typeaction: filter_sensitive_fieldsuser_contextExpected Behavior
The
filter_sensitive_fieldsaction should filter out fields marked assensitive: truefrom the response when the policy condition is met.Environment
Configuration
Error Output
Additional Context
Root Cause Analysis:
The bug is in
enforcer.py:483-494. The_filter_sensitive_fieldsmethod expects adict[str, Any]and callstype_def.get("sensitive", False):But the caller at
enforcer.py:378-382passesendpoint_def["return"]which comes fromservice.py:255:When using
mode="python", nested Pydantic models likeTypeSchemaModelare NOT converted to dicts - they remain as Pydantic model instances. Pydantic models don't have a.get()method.Fix Options:
service.py:255to usemode="json"which recursively converts to dictsenforcer.pyto use attribute access (type_def.sensitive) instead of.get().model_dump()on nested models before passing to_filter_sensitive_fieldsLocation in code:
mxcp.sdk.policy.enforcerduring output policy evaluationenforcer.py:483-494service.py:255This happens consistently when using the
filter_sensitive_fieldspolicy action.