fix: prevent server crash on malformed input in fetch and git servers

[TopangaLudwitt]

Summary

Change raise_exceptions from True to False in mcp-server-fetch and mcp-server-git to handle malformed JSON-RPC messages gracefully.

Problem

With raise_exceptions=True, any invalid byte on stdin causes an unhandled ExceptionGroup that terminates the server process. As reported in #3359, fuzz testing showed mcp-server-fetch crashed on 61 out of 65 test cases, while servers using the default raise_exceptions=False survived all 65.

Fix

Set raise_exceptions=False (the SDK default) in both affected servers, consistent with other reference server implementations.

Files Changed

• src/fetch/src/mcp_server_fetch/server.py — line 288
• src/git/src/mcp_server_git/server.py — line 496

Fixes #3359

[cliffhall]

@claude review

[claude]

Claude finished @cliffhall's task in 1m 23s —— View job

---

Code Review

• Read changed files and git diff
• Understand raise_exceptions parameter behavior in MCP Python SDK
• Check for related tests or other affected servers
• Post review feedback

---

Summary: This is a small, well-targeted fix that aligns mcp-server-fetch and mcp-server-git with the MCP Python SDK's default behavior. The change is correct and safe to merge.

---

What the change does

Both servers previously called:

await server.run(read_stream, write_stream, options, raise_exceptions=True)

With raise_exceptions=True, any unhandled exception during message processing — including those triggered by malformed or fuzzed stdin input — propagates out of server.run() and crashes the process. With raise_exceptions=False (the SDK default), the SDK catches those exceptions internally and returns them as JSON-RPC error responses, keeping the server alive.

The change sets raise_exceptions=False in both servers, which is the SDK default and the behavior already used by mcp-server-time (which omits the parameter entirely at src/time/src/mcp_server_time/server.py).

---

Assessment

Correctness ✅
The fix correctly addresses the crash-on-malformed-input behavior. The fuzz testing data cited in #3359 (61/65 crashes with True vs. 0/65 with False) is compelling evidence.

Consistency ✅
All three Python reference servers now share the same resilience behavior. mcp-server-time already relies on the SDK default (no raise_exceptions arg), so this brings fetch and git into alignment.

Minimal scope ✅
Two one-line changes, no collateral edits. Exactly the right size for a targeted bug fix.

Tests ⚠️
No tests were added to cover the resilience behavior. This isn't a blocker, but a test that feeds a malformed/fuzzed message through the server and asserts it doesn't crash (rather than checking the response) would prevent regressions. Both servers have existing test files (src/fetch/tests/test_server.py, src/git/tests/test_server.py) where such a test could live.

Prior use of raise_exceptions=True
This flag is typically useful during development so that exceptions surface visibly in test runs rather than being swallowed as protocol error responses. Setting it to True in shipped code is an oversight — the fix is appropriate.

---

Minor notes

• src/fetch/src/mcp_server_fetch/server.py line 266 has a pre-existing # TODO: after SDK bug is addressed, don't catch the exception comment. That's unrelated to this PR, but worth a follow-up once the referenced SDK bug is resolved.
• There is no explicit raise_exceptions arg in mcp-server-time; if consistency is desired across all three servers, it would be cleaner to either add raise_exceptions=False explicitly to mcp-server-time or remove the explicit arg here and rely on the default — but this is purely cosmetic and not a blocker.

---

Verdict: Approve. The change is correct, safe, and well-motivated. Consider adding a resilience test in a follow-up.