Refactor: Improvements

[TLDart]

Description

Refactors the EUVD MCP server codebase for improved reliability, observability, and security. Introduces structured error handling, input validation, structured logging, in-process metrics, and adds a root path redirect to /mcp. Also hardens all GitHub Actions workflows to follow least-privilege permissions.

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update
• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)

Related Issues

Changes Made

• Added structured error handling decorator (_handle_tool_errors) in main.py covering ValidationError, HTTPStatusError, TransportError, and unexpected exceptions — returns consistent error dicts to the LLM
• Added root path (/) redirect to /mcp via a RedirectResponse
• Introduced euvd_mcp/utils/logging_config.py for centralised, structured logging (stderr only, to avoid polluting MCP stdio transport)
• Introduced euvd_mcp/utils/metrics.py with in-process per-tool request counts, latency tracking, error rates, and cache hit/miss ratios exposed via a /metrics endpoint
• Introduced euvd_mcp/utils/validation.py with reusable validators for CVSS scores, EPSS scores, date strings, and ENISA IDs
• Added euvd_mcp/models/input_models.py with Pydantic input models for tool parameters
• Refactored euvd_mcp/controllers/euvd_api.py for cleaner separation of concerns
• Fixed Dockerfile build issues
• Added explicit permissions blocks to all GitHub Actions workflows (ci.yml, code-quality.yml) to comply with the principle of least privilege (CodeQL actions/missing-workflow-permissions)
• Extended test suite with test_error_handling.py, test_validation.py, and test_logging_config.py

Testing

• Unit tests added/updated
• Integration tests added/updated
• Manual testing performed

Checklist

• My code follows the project's style guidelines
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings or errors
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests passed locally with my changes
• Any dependent changes have been merged and published

Screenshots (if applicable)

Additional Notes

• The /metrics endpoint is in-memory only and resets on restart — suitable for health checks and dashboards but not persistent monitoring.
• Logging is intentionally written to stderr to keep stdout clean for the MCP stdio transport.
• The GitHub Actions permission fixes address the CodeQL finding actions/missing-workflow-permissions.