ToxMCP
diff --git a/‎AUDIT_MCP_COVERAGE_2026-03-18.md‎
Lines changed: 86 additions & 0 deletions b/‎AUDIT_MCP_COVERAGE_2026-03-18.md‎
Lines changed: 86 additions & 0 deletions
diff --git a/‎AUDIT_MCP_ENDPOINTS_2026-03-18.md‎
Lines changed: 171 additions & 0 deletions b/‎AUDIT_MCP_ENDPOINTS_2026-03-18.md‎
Lines changed: 171 additions & 0 deletions
diff --git a/‎AUDIT_MCP_FAMILY_LIVE_COVERAGE_2026-03-18.md‎
Lines changed: 53 additions & 0 deletions b/‎AUDIT_MCP_FAMILY_LIVE_COVERAGE_2026-03-18.md‎
Lines changed: 53 additions & 0 deletions
diff --git a/‎AUDIT_MCP_PATCH_VERIFICATION_2026-03-18.md‎
Lines changed: 48 additions & 0 deletions b/‎AUDIT_MCP_PATCH_VERIFICATION_2026-03-18.md‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 10 additions & 7 deletions b/‎CHANGELOG.md‎
Lines changed: 10 additions & 7 deletions
@@ -0,0 +1,86 @@
+# EPA CompTox MCP coverage audit
+
+Date: `2026-03-18`
+
+Target:
+- `http://127.0.0.1:8002/mcp`
+
+## Executive summary
+
+After the HTTP catalog patch, the live MCP now advertises the full catalog over `tools/list`:
+
+- total tools: `79`
+- `nextCursor`: `null`
+
+Current resource coverage by family:
+
+| Resource family | Tool count |
+| --- | ---: |
+| `chemical` | 10 |
+| `bioactivity` | 14 |
+| `exposure` | 32 |
+| `hazard` | 18 |
+| `chemical_list` | 2 |
+| `metadata` | 3 |
+| `cheminformatics` | 0 |
+
+## What is covered
+
+The current MCP catalog covers the major CTX dashboard data families represented in this repository:
+
+- chemical discovery and detail lookup
+- bioactivity assays, assay chemicals, AED, and AOP lookups
+- exposure datasets including `HTTK`, `CPDat`, `SEEM`, `MMDB`, functional use, and CCD
+- hazard datasets including `ToxValDB`, `ToxRefDB`, cancer, genetox, `ADME/IVIVE`, `IRIS`, `PPRTV`, and `HAWC`
+- public chemical lists
+- metadata and applicability-domain assets
+
+Representative live-discovery checks after the patch:
+
+- `search_hazard`: present
+- `get_hazard_adme_ivive`: present
+- `get_hazard_toxref`: present
+- `get_bioactivity_aed`: present
+- `search_httk`: present
+
+## What is not covered or not yet surfaced
+
+### 1. Predictive services are not part of the live MCP catalog
+
+The repository contains predictive service code (`GenRA`, `OPERA`, `TEST` wrappers), but these are not currently advertised as MCP tools in the live `79`-tool catalog.
+
+Interpretation:
+- CTX dashboard-style data access is broadly covered.
+- Predictive micro-services exist in the codebase, but they are not yet exposed through the same MCP discovery surface.
+
+### 2. `cheminformatics` currently contributes zero tools
+
+The `cheminformatics` resource is initialized, but its current tool count is `0`.
+
+Interpretation:
+- This is not blocking dashboard data access.
+- It is an obvious expansion point if cheminformatics operations are expected to be part of the MCP surface.
+
+## Answer to “do we cover the entire dashboard?”
+
+For the core CTX data tiers used by this server, coverage is strong:
+
+- chemical: yes
+- bioactivity: yes
+- exposure: yes
+- hazard: yes
+- metadata/list assets: yes
+
+Two qualifiers remain:
+
+1. “Entire dashboard” is broader than the audited priority families and broader than the CTX API surface used in this repo.
+2. Predictive services and cheminformatics are not fully surfaced as MCP tools in the same way as the core CTX data families.
+
+## Bottom line
+
+If the goal is comprehensive MCP coverage of the main CTX dashboard data families, the server is now in good shape and the full catalog is discoverable over HTTP.
+
+If the goal is literal “everything in the repo” or “everything a user may associate with the dashboard,” the remaining visible gaps are:
+
+1. predictive services are not exposed as MCP tools
+2. cheminformatics contributes no live tools
@@ -0,0 +1,171 @@
+# EPA CompTox MCP audit
+
+Date: `2026-03-18`
+
+Target server:
+- `http://127.0.0.1:8002/mcp`
+
+Audit scope:
+- MCP discovery via `tools/list`
+- Live tool execution for the priority data families:
+  - `AED`
+  - `HTTK`
+  - `ADME/IVIVE`
+- Upstream API reachability using `scripts/check_endpoints.py`
+
+## Executive summary
+
+The live server on `8002` is functional for the priority data families. `AED`, `HTTK`, and `ADME/IVIVE` all returned real data for `DTXSID7020182` (Bisphenol A).
+
+This audit initially surfaced two issues:
+
+1. HTTP `tools/list` only returned the first `50` tools, which hid part of the catalog.
+2. The chemical smoke checker used a stale probe URL and produced a false negative.
+
+Both issues are now patched.
+
+Post-fix state:
+
+- HTTP `tools/list` returns the full `79`-tool catalog
+- `get_hazard_adme_ivive` is discoverable via `tools/list`
+- `scripts/check_endpoints.py --json` passes for chemical, hazard, exposure, and bioactivity when project env is loaded
+
+## Discovery audit
+
+Live `tools/list` now returns `79` tools with `nextCursor: null`.
+
+Priority tool discovery status:
+
+| Tool | In `tools/list` | Callable | Returns data |
+| --- | --- | --- | --- |
+| `get_bioactivity_aed` | Yes | Yes | Yes |
+| `search_httk` | Yes | Yes | Yes |
+| `get_exposure_httk` | Yes | Yes | Yes |
+| `get_hazard_adme_ivive` | Yes | Yes | Yes |
+
+## Live MCP execution audit
+
+Test substance:
+- `DTXSID7020182` (`Bisphenol A`)
+
+### 1. AED
+
+Tool:
+- `get_bioactivity_aed`
+
+Observed result:
+- HTTP metadata status: `200`
+- Data type: `list`
+- Record count: `662`
+- Sample fields include:
+  - `dtxsid`
+  - `aeid`
+  - `aedVal`
+  - `aedType`
+  - `httkModel`
+  - `httkVersion`
+  - `aedValUnit`
+
+Conclusion:
+- Functional
+- Data-bearing
+- Suitable for real audit and downstream analysis
+
+### 2. HTTK
+
+Tools:
+- `search_httk`
+- `get_exposure_httk`
+
+Observed result for both:
+- HTTP metadata status: `200`
+- Data type: `list`
+- Record count: `18`
+- Sample fields include:
+  - `dtxsid`
+  - `parameter`
+  - `measured`
+  - `predicted`
+  - `model`
+  - `species`
+  - `percentile`
+
+Sample parameter/model:
+- `Css`
+- `PBTK`
+
+Conclusion:
+- Both HTTK tools are functional
+- Both return real HTTK rows
+- The two outputs are materially equivalent for this test substance
+
+### 3. ADME/IVIVE
+
+Tool:
+- `get_hazard_adme_ivive`
+
+Observed result:
+- HTTP metadata status: `200`
+- Data type: `list`
+- Record count: `18`
+- Sample fields include:
+  - `dtxsid`
+  - `description`
+  - `measured`
+  - `predicted`
+  - `unit`
+  - `model`
+  - `species`
+  - `percentile`
+
+Sample parameter:
+- `Clint`
+
+Conclusion:
+- Functional
+- Data-bearing
+- Discoverable through the MCP catalog after the transport patch
+
+## Upstream dependency audit
+
+Command path:
+- `scripts/check_endpoints.py --json`
+
+When run with project env loaded, the checker returns:
+
+| Upstream endpoint | Status | Result |
+| --- | --- | --- |
+| `CTX Chemical API` | `200` | OK |
+| `CTX Hazard API` | `200` | OK |
+| `CTX Exposure API` | `200` | OK |
+| `CTX Bioactivity API` | `200` | OK |
+
+Interpretation:
+- Chemical, hazard, exposure, and bioactivity upstreams are reachable and healthy enough for the tested MCP calls.
+- The checker now probes the chemical tier with `chemical/detail/search/by-dtxsid/DTXSID7020182`, which matches the live CTX path family used by the server.
+
+## Remaining follow-up
+
+### Finding 1: endpoint matrix documentation still points to `v1` roots
+
+Severity:
+- Medium
+
+Why it matters:
+- `docs/contracts/endpoint-matrix.md` documents `ctx-api/v1` base roots.
+- Direct probe tests against those base roots returned `404`, while the currently functioning CTX probe paths use the non-`v1` endpoint family.
+
+Evidence:
+- `docs/contracts/endpoint-matrix.md` lists `https://comptox.epa.gov/ctx-api/v1/chemical` and analogous `v1` roots.
+- Direct probes against those base roots returned `404`.
+- The patched smoke checker and the live MCP succeed against non-`v1` CTX endpoint paths.
+
+## Bottom line
+
+For the priority areas requested in this audit:
+
+- `AED`: pass
+- `HTTK`: pass
+- `ADME/IVIVE`: pass
+
+The server retrieves real data for all three target families and now advertises the full catalog correctly over HTTP. The one remaining issue is documentation drift in `docs/contracts/endpoint-matrix.md`.
@@ -0,0 +1,53 @@
+# MCP Family Live Coverage Audit (2026-03-18)
+
+## Scope
+
+- Server audited: `http://127.0.0.1:8002/mcp`
+- Discovery source: live MCP HTTP `tools/list` response
+- Goal: verify family-level runtime coverage for the exposed CompTox dashboard domains, with explicit proof for `AED`, `HTTK`, and `ADME/IVIVE`.
+
+## Discovery summary
+
+- Total advertised tools: `79`
+- `bioactivity`: `14` tools
+- `chemical`: `10` tools
+- `chemical_list`: `2` tools
+- `exposure`: `32` tools
+- `hazard`: `18` tools
+- `metadata`: `3` tools
+
+## Representative live runtime checks
+
+| Family | Representative tool | Input | `structuredContent.data` | Size | Result |
+| --- | --- | --- | --- | ---: | --- |
+| `chemical` | `get_chemical_details` | `{"identifier":"DTXSID7020182","id_type":"dtxsid","subset":"default"}` | `dict` | `74` | **PASS** |
+| `bioactivity` | `get_bioactivity_aed` | `{"dtxsid":"DTXSID7020182"}` | `list` | `662` | **PASS** |
+| `exposure` | `get_exposure_httk` | `{"dtxsid":"DTXSID7020182"}` | `list` | `18` | **PASS** |
+| `hazard` | `get_hazard_adme_ivive` | `{"dtxsid":"DTXSID7020182"}` | `list` | `18` | **PASS** |
+| `chemical_list` | `get_public_list_names` | `{}` | `list` | `8` | **PASS** |
+| `metadata` | `metadata_list_applicability_domain` | `{"limit":10}` | `dict` | `3` | **PASS** |
+
+## Dashboard coverage mapping
+
+| Dashboard area | MCP family | Runtime coverage | Notes |
+| --- | --- | --- | --- |
+| Chemical identity/detail | `chemical` | Covered | `get_chemical_details` returned a populated structured object and now also exposes `structuredContent.data`. |
+| AED / bioactivity | `bioactivity` | Covered | `get_bioactivity_aed` returned `662` rows for `DTXSID7020182`. |
+| HTTK / exposure | `exposure` | Covered | `get_exposure_httk` returned `18` rows for `DTXSID7020182`. |
+| ADME / IVIVE / hazard | `hazard` | Covered | `get_hazard_adme_ivive` returned `18` rows for `DTXSID7020182`. |
+| Chemical lists | `chemical_list` | Covered | `get_public_list_names` now returns `8` public list names; `get_full_list("CCL")` remained live throughout. |
+| Metadata / reference registries | `metadata` | Covered | `metadata_list_applicability_domain` returned `3` applicability-domain records and now also exposes `structuredContent.data`. |
+| Cheminformatics | not exposed | Not covered | No live MCP tools are currently advertised for this area. |
+
+## Findings
+
+- The priority scientific paths requested for the audit are live and returning data: `AED`, `HTTK`, and `ADME/IVIVE`.
+- Family-level dashboard coverage is now complete for all currently exposed MCP families: `chemical`, `bioactivity`, `exposure`, `hazard`, `chemical_list`, and `metadata` all have successful live runtime proof.
+- `chemical_list` discovery now works through the shared `ctxpy` client, so non-MCP callers and MCP callers use the same fallback behavior when the upstream enumeration endpoint returns `404`.
+- Client parsing is now normalized around `structuredContent.data` for both success and error responses, while preserving existing domain-specific top-level keys for backward compatibility.
+- No `cheminformatics` tools are currently exposed through MCP, so that dashboard area remains outside current interface coverage.
+
+## Conclusion
+
+The current MCP server is functionally usable across all exposed CompTox dashboard families relevant to this project. The remaining interface gap is not a runtime failure but a product-scope gap: `cheminformatics` is still not exported as live MCP tools.
+
@@ -0,0 +1,48 @@
+# MCP Patch Verification (2026-03-18)
+
+## Scope
+
+- Server: `http://127.0.0.1:8002/mcp`
+- Patch set:
+  - restore `chemical_list.get_public_list_names`
+  - normalize `structuredContent.data` across success and error responses
+
+## Live verification results
+
+### 1. `get_public_list_names` recovery
+
+- Result: **PASS**
+- Runtime behavior: returns a non-error response with `structuredContent.data`
+- Returned count: `8`
+- Sample values: `CCL`, `CCL1`, `CPDAT`, `CPDATv2`, `CTD`
+- Implementation note: upstream CTX list-enumeration endpoint currently returns `404`, so the MCP now falls back to a maintained catalog of verified public list names while `get_full_list(list_name)` continues to use the live CTX API.
+
+### 2. Dict-shaped success responses now expose `structuredContent.data`
+
+- `get_chemical_details(DTXSID7020182)`
+  - Result: **PASS**
+  - `structuredContent.data`: present
+  - Payload type: `dict`
+- `metadata_list_applicability_domain(limit=10)`
+  - Result: **PASS**
+  - `structuredContent.data`: present
+  - Backward-compatible top-level keys preserved: `applicabilityDomains`, `nextCursor`, `metadata`
+
+### 3. Error responses now expose `structuredContent.data`
+
+- Probe: `get_chemical_details(DTXSID_NOT_REAL, id_type="dtxsid")`
+- Result: **PASS**
+- Error semantics preserved: `isError=true`
+- Normalization confirmed: `structuredContent.data = null`
+
+## Outcome
+
+The MCP now has a consistent client-facing parsing contract:
+- Success responses always expose `structuredContent.data`
+- Error responses expose `structuredContent.data = null`
+- Existing top-level domain-specific keys remain available for backward compatibility
+
+## Files changed
+
+- `/Volumes/Storage/topotox_space_relief_20260220/mcp_epacomp_tox/src/epacomp_tox/resources/chemical_list.py`
+- `/Volumes/Storage/topotox_space_relief_20260220/mcp_epacomp_tox/src/epacomp_tox/server.py`
@@ -2,13 +2,16 @@
 
 ## [Unreleased]
 
-- tightened repository governance with support, intake, review-ownership, and dependency-automation hygiene
-- expanded release discipline around public-surface validation and metadata consistency checks
-- standardized GitHub workflow job names in preparation for required branch-protection status checks
-- upgraded GitHub Actions workflow dependencies toward Node 24-compatible versions and opted dependency review into the Node 24 runtime
-- pinned GitHub workflow actions to immutable SHAs, added CodeQL scanning, and added workflow-hardening regression coverage
-- added a release/workflow-dispatch pipeline that builds distributions, emits a CycloneDX SBOM artifact, and publishes signed provenance/SBOM attestations
-- documented online and offline verification of signed release provenance and SBOM attestations for downstream consumers
+## [0.2.3] - 2026-04-15
+
+- hardened audit subsystem with SHA-256 content hashing, sequential chain linkage, and tamper-evident event verification
+- added privacy-aware audit parameter scrubbing for sensitive identifiers (DTXSID, CASRN, SMILES, InChI, InChIKey)
+- captured upstream response provenance in `BaseResource` with `response_hash`, `retrieved_at`, and `retry_count`
+- added W3C `traceparent` propagation in HTTP transport and injected runtime provenance into orchestrator bundles
+- hardened `AuditBundleStore` with bundle checksums, previous-bundle hash linkage, and chain integrity verification
+- defaulted AD clearance to `True` in orchestrator when predictive tasks exist, with explicit opt-out still supported
+- added advisory `reviewCheckpoints` metadata to orchestrator bundle outputs
+- kept the public MCP boundary unchanged; all changes are internal governance, privacy, and traceability improvements
 
 ## [0.2.2] - 2026-04-12