Pitfall Preferences redcorsair

Redcorsair Method Signature Drift

pythonrefactoringapi-driftmcp

What Happened

Enabling production mode (real LLM attacks instead of demo responses) triggered a chain of 5 rapid-fire failures in ~30 minutes. The MCP server called methods that no longer existed or passed arguments in the wrong order : all discovered at runtime in production, not locally.

Five failures surfaced in sequence, each requiring a Railway deploy cycle (minutes each) to discover:

  1. LLMInterface method called on wrong object : attack methods belong on Target objects
  2. EnhancedJBAScorer.score_response : method renamed during an earlier refactor, caller still used old name
  3. rate_limiter.consume_turn : method planned but never implemented
  4. get_request_count_total : referenced in the health endpoint but never defined
  5. CloudWeaviateSync.__init__ : constructor signature changed, caller using stale kwargs

Each fix was 1-2 lines. The cost was 5 separate deploy-and-fail cycles to Railway.

Root Cause

No static type checking and no integration test. Python’s dynamic dispatch means signature mismatches are invisible until runtime. Demo mode (DEMO_MODE=true) bypassed all the code paths that touched the broken methods, so every local test passed. The “flip to production” commit had never been run in production mode locally.

How to Avoid

  1. Run the server locally in production mode before deploying. A simple DEMO_MODE=false python start.py would have caught all 5 issues in seconds.
  2. Use mypy --strict or pyright. Method signature mismatches are exactly what static type checkers catch.
  3. Integration smoke test. A single test that instantiates the MCP server and calls each endpoint (even with mock LLM responses) would surface all missing methods.
  4. Never ship a “flip to production” commit without local validation. The commit message said “Enable real MCP attack execution” : that flip should be tested before pushing.