Skip to content

feat: Add output transforms for pre-tool and post-tool processing of schemas and responses #209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
frontegg-david merged 12 commits into from
Jan 14, 2026
Merged

feat: Add output transforms for pre-tool and post-tool processing of schemas and responses #209

frontegg-david merged 12 commits into from
Jan 14, 2026

Conversation

@frontegg-david
Copy link
Contributor

@frontegg-david frontegg-david commented Jan 13, 2026
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features

    • Output Transforms: configurable schema exposure, description modes, custom formatters, and global/per-tool pre/post-tool hooks; protocol presets for transport.

  • Documentation

    • Expanded Output Transforms docs with examples, contexts, filters and error-handling; updated transport/protocol guidance.

  • Refactor

    • Consolidated transport config into protocol/presets and removed legacy migration surface and deprecated flags.

  • Bug Fixes

    • Improved logging, more tolerant init/ping handling, and stricter auth role checks.

  • Tests

    • Large new test suite covering output transforms.

  • Chores

    • Added synchronous file-read API, SECURITY.md, and .env gitignore entry.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 13, 2026
edited
Loading

📝 Walkthrough

Walkthrough

Adds a new output/data transformation pipeline to the OpenAPI adapter (pre-tool and post-tool transforms, schema description modes and custom formatters), integrates transforms into tool metadata and execution, expands tests and docs, and applies broad SDK refactors to transport, persistence, types, barrels, logging, and utilities.

Changes

Cohort / File(s) Summary
OpenAPI adapter & types
libs/adapters/src/openapi/openapi.adapter.ts, libs/adapters/src/openapi/openapi.tool.ts, libs/adapters/src/openapi/openapi.types.ts		 Adds schema/data transform types and runtime: input/output schema transforms, pre-tool/post-tool transforms, outputSchema modes, description formatters, collect/apply pipelines, and post-tool data transformation with filter and error handling.
OpenAPI tests
libs/adapters/src/openapi/__tests__/openapi-transforms.spec.ts		 Large test additions covering outputSchema modes, pre/post/generator transforms, description formatters, context propagation, and helper refactors.
Docs & README
docs/draft/docs/adapters/openapi-adapter.mdx, libs/adapters/src/openapi/README.md		 New "Output Transforms" documentation and examples duplicated/expanded across docs and README.
Transport & persistence
libs/sdk/src/transport/transport.registry.ts, libs/sdk/src/transport/adapters/streamable-http-transport.ts, libs/sdk/src/transport/adapters/__tests__/streamable-http-transport.test.ts		 Change persistenceConfig typing to `false
Handler factories / MCP handlers
libs/sdk/src/transport/mcp-handlers/*.ts		 Many handler factories renamed/typed to return McpHandler<...>, converted to async handlers, added scoped loggers and try/catch with structured error logging.
Session stores & auth utils
libs/sdk/src/auth/machine-id.ts, libs/sdk/src/auth/session/redis-session.store.ts, libs/sdk/src/auth/session/vercel-kv-session.store.ts, libs/sdk/src/auth/session/__tests__/redis-session.store.test.ts		 Use new readFileSync util for machine id; ping() now logs errors and returns false on failure; tests updated to assert logging and constructor acceptance of optional logger.
FS & utils
libs/utils/src/fs/*, libs/utils/src/index.ts, libs/utils/src/storage/errors.ts		 Add lazy readFileSync API and export; StorageConnectionError appends cause message; tests updated.
Transport types & metadata refactor
libs/sdk/src/common/types/options/transport/*, libs/sdk/src/common/metadata/front-mcp.metadata.ts, apps/**/src/main.ts		 Replace nested auth.transport flags with top-level transport.protocol presets/config, make persistence `false
Removed migration & deprecated modules
libs/sdk/src/common/migrate/*, libs/sdk/src/common/types/options/auth/transport.deprecated.ts, libs/sdk/src/common/types/options/transport.options.ts		 Removal of legacy migration helpers and deprecated transport option modules and tests.
Barrels & types reorg
libs/sdk/src/common/types/options/*		 Add/rename barrels and schema/interface files for http, logging, session, redis, pagination, server-info, transport; move many exports.
Misc & infra
.github/workflows/pr-testing-registry.yml, libs/cli/src/commands/dev.ts, package.json engines updates, SECURITY.md, .gitignore, assorted app files		 CI ngrok defaulting, TSX --conditions flag, Node engine >=22 in many package.json files, security doc, gitignore entry, app decorator transport config updates, and small app/plugin defensive checks.

Sequence Diagram(s)

sequenceDiagram
    actor Client
    participant Adapter as OpenAPI Adapter
    participant Tool as Tool Executor
    participant Handler as Response Handler

    Client->>Adapter: request tools / metadata
    Adapter->>Adapter: collect input/output schema transforms (generator/per-tool/global)
    Adapter->>Adapter: apply outputSchema options & description formatting
    Adapter->>Tool: execute tool using transformed schemas
    Tool->>Handler: return raw API response (apiResponse)
    Handler->>Handler: evaluate post-tool filter(ctx)
    alt filter passes
      Handler->>Handler: apply post-tool transform (sync/async)
    else
      Handler->>Handler: retain original data
    end
    Handler->>Client: return final response
Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~150 minutes

Possibly related PRs

Poem

🐰 I hopped through schemas, tidy and bright,
I trimmed descriptions by lantern-light.
Pre-tools I tucked, post-tools took flight,
Data polished, returned — neat and right.
Docs and tests cheered—carrots for tonight! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1
❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 64.00% which is insufficient. The required threshold is 65.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title accurately describes the main change: adding output transforms for pre-tool and post-tool processing of schemas and responses in the OpenAPI adapter.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 38e0a03 and 2322c9c.

📒 Files selected for processing (10)
  • SECURITY.md
  • libs/adapters/package.json
  • libs/auth/package.json
  • libs/cli/package.json
  • libs/di/package.json
  • libs/plugins/package.json
  • libs/sdk/package.json
  • libs/ui/package.json
  • libs/uipack/package.json
  • libs/utils/package.json
🚧 Files skipped from review as they are similar to previous changes (1)
  • SECURITY.md
🧰 Additional context used
📓 Path-based instructions (3)
libs/**

⚙️ CodeRabbit configuration file

libs/**: Contains publishable SDK libraries. Review for API correctness, breaking changes, and consistency with docs. When public APIs change, ensure there is a matching docs/draft/docs/** update (not direct edits under docs/docs/**).

Files:

  • libs/cli/package.json
  • libs/uipack/package.json
  • libs/di/package.json
  • libs/auth/package.json
  • libs/ui/package.json
  • libs/sdk/package.json
  • libs/adapters/package.json
  • libs/plugins/package.json
  • libs/utils/package.json
libs/uipack/**/{package.json,*.ts,*.tsx,*.js,*.jsx}

📄 CodeRabbit inference engine (libs/uipack/CLAUDE.md)

Do not add React dependencies to @frontmcp/uipack - it must remain React-free. Use @frontmcp/ui for React components.

Files:

  • libs/uipack/package.json
libs/ui/package.json

📄 CodeRabbit inference engine (libs/ui/CLAUDE.md)

libs/ui/package.json: The @frontmcp/ui package requires React as a peer dependency (^18.0.0 || ^19.0.0)
Entry points must match the documented paths: @frontmcp/ui/react, @frontmcp/ui/renderers, @frontmcp/ui/render, @frontmcp/ui/universal, @frontmcp/ui/bundler, @frontmcp/ui/bridge, @frontmcp/ui/components, @frontmcp/ui/layouts, @frontmcp/ui/web-components

Files:

  • libs/ui/package.json
🧠 Learnings (9)
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to **/*.{ts,tsx} : Use `frontmcp/utils` for file system operations instead of `fs/promises` or `node:fs` directly

Applied to files:

  • libs/cli/package.json
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to **/*.{ts,tsx} : Use `frontmcp/utils` for cryptographic operations instead of `node:crypto` directly

Applied to files:

  • libs/cli/package.json
  • libs/utils/package.json
📚 Learning: 2026-01-06T02:34:55.689Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/plugins/CLAUDE.md:0-0
Timestamp: 2026-01-06T02:34:55.689Z
Learning: Applies to libs/plugins/**/*.ts : Use proper ES module imports instead of `require()` for SDK imports; avoid dynamic require of `frontmcp/sdk` modules

Applied to files:

  • libs/cli/package.json
  • libs/uipack/package.json
  • libs/adapters/package.json
  • libs/plugins/package.json
📚 Learning: 2026-01-04T14:35:18.366Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/uipack/CLAUDE.md:0-0
Timestamp: 2026-01-04T14:35:18.366Z
Learning: Applies to libs/uipack/**/{package.json,*.ts,*.tsx,*.js,*.jsx} : Do not add React dependencies to frontmcp/uipack - it must remain React-free. Use frontmcp/ui for React components.

Applied to files:

  • libs/uipack/package.json
  • libs/ui/package.json
📚 Learning: 2026-01-04T14:35:18.366Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/uipack/CLAUDE.md:0-0
Timestamp: 2026-01-04T14:35:18.366Z
Learning: Applies to libs/uipack/**/index.{ts,js} : Export all public APIs through appropriate entry points (frontmcp/uipack, frontmcp/uipack/adapters, frontmcp/uipack/theme, etc.)

Applied to files:

  • libs/uipack/package.json
  • libs/ui/package.json
📚 Learning: 2025-12-24T00:41:41.819Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/ui/CLAUDE.md:0-0
Timestamp: 2025-12-24T00:41:41.819Z
Learning: Applies to libs/ui/package.json : The frontmcp/ui package requires React as a peer dependency (^18.0.0 || ^19.0.0)

Applied to files:

  • libs/uipack/package.json
  • libs/ui/package.json
  • libs/adapters/package.json
  • libs/plugins/package.json
  • libs/utils/package.json
📚 Learning: 2025-12-24T00:41:41.819Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/ui/CLAUDE.md:0-0
Timestamp: 2025-12-24T00:41:41.819Z
Learning: Applies to libs/ui/package.json : Entry points must match the documented paths: frontmcp/ui/react, frontmcp/ui/renderers, frontmcp/ui/render, frontmcp/ui/universal, frontmcp/ui/bundler, frontmcp/ui/bridge, frontmcp/ui/components, frontmcp/ui/layouts, frontmcp/ui/web-components

Applied to files:

  • libs/ui/package.json
📚 Learning: 2026-01-06T02:34:55.689Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/plugins/CLAUDE.md:0-0
Timestamp: 2026-01-06T02:34:55.689Z
Learning: Applies to libs/plugins/**/*.ts : Always use `frontmcp/utils` for cryptographic operations (hkdfSha256, encryptAesGcm, decryptAesGcm, randomBytes, sha256, sha256Hex, base64urlEncode, base64urlDecode) instead of `node:crypto`

Applied to files:

  • libs/utils/package.json
📚 Learning: 2026-01-06T02:34:55.689Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/plugins/CLAUDE.md:0-0
Timestamp: 2026-01-06T02:34:55.689Z
Learning: Applies to libs/plugins/**/*.ts : Avoid using `node:crypto` directly; always use `frontmcp/utils` for cross-platform cryptographic support

Applied to files:

  • libs/utils/package.json
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
  • GitHub Check: Lint & Format Checks
  • GitHub Check: Build Libraries
  • GitHub Check: Package E2E (Verdaccio)
  • GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (9)
libs/adapters/package.json (1)

55-57: LGTM!

Engine constraint is consistent with the repo-wide Node 22+ requirement being applied across packages.

libs/di/package.json (1)

47-49: LGTM!

Engine constraint aligns with the coordinated Node 22+ baseline across the monorepo.

libs/utils/package.json (1)

26-28: LGTM!

As a foundational utility package, this engine constraint appropriately establishes the Node 22+ baseline that propagates to dependent packages.

libs/sdk/package.json (1)

57-59: LGTM!

Engine constraint is properly applied to the main SDK package, ensuring users receive clear feedback about the Node version requirement.

libs/cli/package.json (1)

28-30: Engine constraint already documented — no action needed.

The Node.js 22+ requirement is already properly documented in docs/draft/docs/getting-started/installation.mdx and docs/draft/docs/getting-started/quickstart.mdx, which clearly state the minimum version as 22 (LTS Maintenance) and recommend version 24 (Active LTS). The constraint is consistently applied across all packages in libs/.

libs/ui/package.json (1)

57-59: LGTM! Node.js 22+ engine constraint added consistently.

The React peer dependency requirements (lines 67-68) remain correctly set to ^18.0.0 || ^19.0.0, and the exports configuration supports the documented entry points. Based on learnings and coding guidelines, this file is compliant.

libs/auth/package.json (1)

47-49: LGTM! Consistent Node.js 22+ engine constraint.

The change aligns with the repo-wide Node 22+ requirement being established across all packages.

libs/plugins/package.json (1)

47-49: LGTM! Consistent Node.js 22+ engine constraint.

The change aligns with the repo-wide minimum Node version requirement.

libs/uipack/package.json (1)

59-61: LGTM! Node.js 22+ constraint added; package remains React-free.

Verified that no React dependencies were introduced—the package correctly remains React-free as required by the coding guidelines and learnings.

✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 13, 2026
edited
Loading

⏹️ PR Testing Registry Stopped

The temporary npm registry for this PR has been shut down.

Property Value
Version 0.7.2-pr.209.bf53787
Reason Timeout reached
Stopped at 2026-01-14T01:00:55.666Z

To start a new registry, trigger the workflow again.

coderabbitai[bot]
coderabbitai bot reviewed Jan 13, 2026
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
libs/sdk/src/transport/adapters/__tests__/streamable-http-transport.test.ts (1)

330-339: Consider using void operator for intentional no-op.

The referenceA variable is assigned and then set to null to simulate instance going down. This works but the linter may flag unused variable.

Suggestion to clarify intent 
      // Simulate A going down (reference lost)
-
-      let referenceA: RecreateableStreamableHTTPServerTransport | null = instanceA;
-      referenceA = null;
+      void instanceA; // Simulate A going down (reference lost)

Alternatively, keep as-is if the current pattern better communicates the simulation intent to readers.

libs/adapters/src/openapi/openapi.adapter.ts (1)

594-673: Async output schema options handling is well-designed.

Key aspects:

  • Promise.resolve(formatter(...)) correctly handles both sync and async formatters
  • Mode processing order: apply to description first, then optionally remove from definition
  • Pre-tool transforms applied after built-in mode processing
  • Post-tool transform stored in metadata for runtime execution

Consider: The custom descriptionFormatter call (line 618) has no try-catch. If it throws, the entire fetch() will fail.

♻️ Suggested error handling for custom formatter 
       if (formatter) {
         // Custom formatter (can be async for LLM-based generation)
-        schemaText = await Promise.resolve(formatter(newOutputSchema, formatterCtx));
+        try {
+          schemaText = await Promise.resolve(formatter(newOutputSchema, formatterCtx));
+        } catch (err) {
+          const errorMessage = err instanceof Error ? err.message : String(err);
+          this.logger.warn(
+            `[${tool.name}] Custom descriptionFormatter failed: ${errorMessage}. Using built-in formatter.`,
+          );
+          schemaText = this.formatSchemaForDescription(newOutputSchema, descriptionFormat);
+        }
       } else {
📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between aa9a00c and fcb2f8b.

📒 Files selected for processing (6)
  • libs/adapters/src/openapi/__tests__/openapi-transforms.spec.ts
  • libs/adapters/src/openapi/openapi.adapter.ts
  • libs/adapters/src/openapi/openapi.tool.ts
  • libs/adapters/src/openapi/openapi.types.ts
  • libs/sdk/src/transport/adapters/__tests__/streamable-http-transport.test.ts
  • libs/sdk/src/transport/adapters/streamable-http-transport.ts
🧰 Additional context used
📓 Path-based instructions (5)
**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Use strict TypeScript mode with no any types without strong justification
Avoid non-null assertions (!) - use proper error handling and type guards instead
Use @frontmcp/utils for cryptographic operations instead of node:crypto directly
Use @frontmcp/utils for file system operations instead of fs/promises or node:fs directly

Files:

  • libs/sdk/src/transport/adapters/__tests__/streamable-http-transport.test.ts
  • libs/adapters/src/openapi/__tests__/openapi-transforms.spec.ts
  • libs/sdk/src/transport/adapters/streamable-http-transport.ts
  • libs/adapters/src/openapi/openapi.tool.ts
  • libs/adapters/src/openapi/openapi.adapter.ts
  • libs/adapters/src/openapi/openapi.types.ts
**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.test.{ts,tsx}: Achieve 95%+ test coverage across all metrics (statements, branches, functions, lines)
Use Jest for testing with 95%+ coverage requirement and 100% test pass rate
Do not use prefixes like 'PT-001' in test names
Do not skip constructor validation tests for error classes and types
Include instanceof checks in tests for error classes to verify proper error hierarchy

Files:

  • libs/sdk/src/transport/adapters/__tests__/streamable-http-transport.test.ts
libs/{sdk,adapters}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

libs/{sdk,adapters}/**/*.{ts,tsx}: Use specific error classes with MCP error codes instead of generic errors
Use getCapabilities() for dynamic capability exposure instead of hardcoding capabilities

Files:

  • libs/sdk/src/transport/adapters/__tests__/streamable-http-transport.test.ts
  • libs/adapters/src/openapi/__tests__/openapi-transforms.spec.ts
  • libs/sdk/src/transport/adapters/streamable-http-transport.ts
  • libs/adapters/src/openapi/openapi.tool.ts
  • libs/adapters/src/openapi/openapi.adapter.ts
  • libs/adapters/src/openapi/openapi.types.ts
libs/sdk/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

libs/sdk/**/*.{ts,tsx}: Prefer interface for defining object shapes in TypeScript, avoid any types
Use type parameters with constraints instead of unconstrained generics with any defaults
Validate URIs per RFC 3986 at metadata level using isValidMcpUri refinement
Use changeScope instead of scope in change event properties to avoid confusion with Scope class
Fail fast on invalid hook flows by validating hooks match their entry type
Centralize record types in common/records and import from there, not from module-specific files
Return strictly typed MCP protocol responses (e.g., Promise<GetPromptResult>) instead of Promise<unknown> for MCP entry methods
Use unknown instead of any for generic type parameter defaults (not for MCP protocol types)
Create shared base classes for common functionality like ExecutionContextBase for ToolContext and ResourceContext
Do not mutate rawInput in flows - use state.set() for managing flow state instead
Validate inputs and outputs through parseOutput/safeParseOutput methods in validation flows

Files:

  • libs/sdk/src/transport/adapters/__tests__/streamable-http-transport.test.ts
  • libs/sdk/src/transport/adapters/streamable-http-transport.ts
libs/**

⚙️ CodeRabbit configuration file

libs/**: Contains publishable SDK libraries. Review for API correctness, breaking changes, and consistency with docs. When public APIs change, ensure there is a matching docs/draft/docs/** update (not direct edits under docs/docs/**).

Files:

  • libs/sdk/src/transport/adapters/__tests__/streamable-http-transport.test.ts
  • libs/adapters/src/openapi/__tests__/openapi-transforms.spec.ts
  • libs/sdk/src/transport/adapters/streamable-http-transport.ts
  • libs/adapters/src/openapi/openapi.tool.ts
  • libs/adapters/src/openapi/openapi.adapter.ts
  • libs/adapters/src/openapi/openapi.types.ts
🧠 Learnings (10)
📚 Learning: 2026-01-04T14:35:18.366Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/uipack/CLAUDE.md:0-0
Timestamp: 2026-01-04T14:35:18.366Z
Learning: Applies to libs/uipack/**/{theme,adapters,bundler}/**/*.{test,spec}.{ts,tsx,js,jsx} : Test behavior across all supported platform configurations (OpenAI, Claude, etc.)

Applied to files:

  • libs/adapters/src/openapi/__tests__/openapi-transforms.spec.ts
📚 Learning: 2026-01-06T02:34:55.689Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/plugins/CLAUDE.md:0-0
Timestamp: 2026-01-06T02:34:55.689Z
Learning: Applies to libs/plugins/**/*.ts : Extend tool metadata using `declare global` pattern to allow tools to specify plugin-specific options in their decorators

Applied to files:

  • libs/adapters/src/openapi/__tests__/openapi-transforms.spec.ts
  • libs/adapters/src/openapi/openapi.tool.ts
  • libs/adapters/src/openapi/openapi.types.ts
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to libs/sdk/**/*.{ts,tsx} : Return strictly typed MCP protocol responses (e.g., `Promise<GetPromptResult>`) instead of `Promise<unknown>` for MCP entry methods

Applied to files:

  • libs/adapters/src/openapi/openapi.tool.ts
  • libs/adapters/src/openapi/openapi.adapter.ts
📚 Learning: 2026-01-06T02:34:55.689Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/plugins/CLAUDE.md:0-0
Timestamp: 2026-01-06T02:34:55.689Z
Learning: Applies to libs/plugins/**/*.ts : Use proper ES module imports instead of `require()` for SDK imports; avoid dynamic require of `frontmcp/sdk` modules

Applied to files:

  • libs/adapters/src/openapi/openapi.adapter.ts
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to libs/{sdk,adapters}/**/*.{ts,tsx} : Use specific error classes with MCP error codes instead of generic errors

Applied to files:

  • libs/adapters/src/openapi/openapi.adapter.ts
📚 Learning: 2026-01-04T14:35:18.366Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/uipack/CLAUDE.md:0-0
Timestamp: 2026-01-04T14:35:18.366Z
Learning: Organize code following the frontmcp/uipack directory structure (adapters/, bundler/, theme/, renderers/, validation/, etc.)

Applied to files:

  • libs/adapters/src/openapi/openapi.adapter.ts
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to **/*.{ts,tsx} : Use `frontmcp/utils` for file system operations instead of `fs/promises` or `node:fs` directly

Applied to files:

  • libs/adapters/src/openapi/openapi.adapter.ts
📚 Learning: 2025-12-24T00:41:41.819Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/ui/CLAUDE.md:0-0
Timestamp: 2025-12-24T00:41:41.819Z
Learning: Applies to libs/ui/src/react/hooks/**/*.{ts,tsx} : MCP bridge hooks (useMcpBridge, useCallTool, useToolInput, useToolOutput, useTheme) must be properly typed and handle loading/error states

Applied to files:

  • libs/adapters/src/openapi/openapi.adapter.ts
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to **/*.{ts,tsx} : Use `frontmcp/utils` for cryptographic operations instead of `node:crypto` directly

Applied to files:

  • libs/adapters/src/openapi/openapi.adapter.ts
📚 Learning: 2026-01-04T14:35:18.366Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/uipack/CLAUDE.md:0-0
Timestamp: 2026-01-04T14:35:18.366Z
Learning: Applies to libs/uipack/**/index.{ts,js} : Export all public APIs through appropriate entry points (frontmcp/uipack, frontmcp/uipack/adapters, frontmcp/uipack/theme, etc.)

Applied to files:

  • libs/adapters/src/openapi/openapi.adapter.ts
🧬 Code graph analysis (2)
libs/adapters/src/openapi/openapi.tool.ts (1)
libs/adapters/src/openapi/openapi.types.ts (1)
  • PostToolTransformContext (505-516)
libs/adapters/src/openapi/openapi.types.ts (1)
libs/sdk/src/context/frontmcp-context.ts (2)
  • FrontMcpContext (147-503)
  • FrontMcpContext (509-509)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
  • GitHub Check: Build Libraries
  • GitHub Check: Lint & Format Checks
  • GitHub Check: Package E2E (Verdaccio)
  • GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (23)
libs/sdk/src/transport/adapters/streamable-http-transport.ts (1)

130-142: LGTM! Sensible relaxation of validation.

The change correctly removes the requirement for a pre-existing sessionId field since it won't exist on a fresh transport—the method's purpose is to set it. The comment at lines 131-132 clearly explains the rationale.

The use of '_initialized' in webTransport is appropriate for checking property existence on an unknown object shape.

libs/sdk/src/transport/adapters/__tests__/streamable-http-transport.test.ts (1)

140-146: Test correctly updated to match relaxed validation.

The test now properly validates that only the _initialized field is required, aligning with the implementation change. The error message assertion is appropriately scoped.

libs/adapters/src/openapi/openapi.tool.ts (3)

219-245: Post-tool transform implementation looks solid.

The transform pipeline correctly:

  1. Builds context with all required fields
  2. Checks optional filter before applying transform
  3. Handles async transforms via await
  4. Gracefully degrades on failure with warning log

One minor consideration: the transformedData variable is declared with let but the catch block doesn't reassign it (original value preserved by not modifying). This is intentional and correct behavior.

47-62: Conditional output schema wrapping is well-implemented.

The check for openapiTool.outputSchema !== undefined correctly handles the case where outputSchemaMode: 'description' moves the schema to the description, ensuring no empty wrapper is created.

72-73: Clean conditional metadata inclusion.

The spread pattern ...(wrappedOutputSchema && { rawOutputSchema: wrappedOutputSchema }) is idiomatic TypeScript for conditional property inclusion.

libs/adapters/src/openapi/openapi.adapter.ts (6)

152-164: Transform pipeline ordering is well-structured.

The pipeline correctly sequences:

  1. Description mode
  2. Tool transforms
  3. Input transforms
  4. Schema transforms
  5. Output schema options (async for LLM support)

The dataTransforms || outputTransforms fallback maintains backward compatibility with the deprecated outputTransforms option.

503-543: Schema transforms implementation is correct.

The method properly:

  1. Builds context for transform functions
  2. Applies transforms in order (input, then output)
  3. Uses reference equality to avoid unnecessary object creation
  4. Logs when transforms are applied

549-587: Transform collection with correct priority ordering.

Priority generator > perTool > global allows:

  • Global defaults that apply everywhere
  • Per-tool overrides for specific tools
  • Generator for dynamic/conditional transforms

This matches the established pattern from toolTransforms and inputTransforms.

699-727: Pre-tool transform collection with proper merging.

The spread-based merging allows partial overrides (e.g., per-tool can override just transformDescription while inheriting global's transformSchema). This provides flexible composition.

733-772: Post-tool transform collection with intentional merge strategy.

The explicit handling of transform and filter separately allows:

  • Per-tool transform with inherited global filter
  • Generator transform with inherited filter from per-tool or global

This is a sensible design for the filter inheritance pattern.

778-816: Schema formatting helpers are comprehensive.

The helpers handle:

  • Object properties with required/optional annotations
  • Array types with recursive item type resolution
  • Union types (e.g., string | null)
  • Fallback to 'any' for untyped schemas
  • Object title for named types
libs/adapters/src/openapi/openapi.types.ts (6)

346-361: JsonSchemaType is appropriately permissive.

The index signature [key: string]: unknown allows for JSON Schema extensions while providing type safety for common properties. This balances type safety with flexibility for complex schemas.

518-563: Transform types with clear pre/post distinction.

  • PreToolTransform: Applied at fetch() time, modifies tool definitions
  • PostToolTransform: Applied at execution time, modifies response data

The context types correctly reflect available data at each phase:

  • PreToolTransformContext: tool + adapterOptions only
  • PostToolTransformContext: full runtime context including FrontMcpContext, status, ok

565-599: DataTransformOptions follows established patterns.

The structure mirrors ToolTransformOptions and InputTransformOptions with:

  • global: Applied to all tools
  • perTool: Keyed by tool name
  • generator: Dynamic function-based transforms

The JSDoc note (lines 569-570) correctly guides users to schemaTransforms for definition changes vs dataTransforms for runtime data manipulation.

601-605: Clean deprecation with type alias.

The @deprecated tag will trigger IDE warnings, guiding users to DataTransformOptions while maintaining backward compatibility.

875-951: BaseOptions extensions are well-documented and backward compatible.

The additions follow the pattern of other options:

  • Optional fields with sensible defaults
  • JSDoc with practical code examples
  • Clear separation of concerns (schema transforms vs output schema display vs data transforms)

630-634: Remove or document the unused preToolTransform metadata field.

The preToolTransform field is defined in ExtendedToolMetadata (line 631) but is never stored in metadata.adapter during tool creation. The preToolTransforms config option is used to transform the tool schema and description during adapter initialization (lines 634–648), but only postToolTransform is persisted in metadata (line 669) for runtime use. The preToolTransform field in the type definition appears vestigial and should either be removed or documented if intended for future use.

libs/adapters/src/openapi/__tests__/openapi-transforms.spec.ts (6)

58-64: Good helper pattern for test clarity.

The getFirstTool helper:

  1. Asserts tools array exists
  2. Asserts at least one tool
  3. Returns first tool

This reduces boilerplate and ensures consistent assertions across tests.

897-1043: Comprehensive outputSchema options test coverage.

Tests verify:

  • mode: 'definition' - no description modification
  • mode: 'both' with jsonSchema and summary formats
  • mode: 'description' - schema moved to description
  • Custom sync and async descriptionFormatter
  • Graceful handling of missing outputSchema

1171-1337: PreToolTransforms tests cover key scenarios.

Tests verify:

  • transformSchema modifies output schema
  • transformDescription modifies description with schema access
  • Per-tool and generator priority/override
  • Schema removal via transformSchema: () => undefined

1339-1434: PostToolTransforms tests verify metadata storage.

These tests correctly focus on:

  • Transform function stored in metadata for runtime use
  • Per-tool and generator patterns work
  • Metadata structure is correct

Runtime transform execution would be tested in integration tests or tool execution tests.

1436-1805: Combined transforms tests ensure integration works.

Key integration scenarios tested:

  • outputSchema + dataTransforms.preToolTransforms ordering
  • Context propagation verification (line 1494-1497)
  • postToolTransform with outputSchema options
  • Schema edge cases: many properties, arrays of objects, union types, missing type, nested arrays

730-746: Mapper type structure aligns with mcp-from-openapi.

The explicit mapper objects with type, key, required, and security fields match the expected interface from mcp-from-openapi.

coderabbitai[bot]
coderabbitai bot reviewed Jan 13, 2026
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
libs/sdk/src/auth/session/__tests__/redis-session.store.test.ts (1)

388-409: LGTM! Test correctly verifies error logging behavior.

The test properly validates that when a connection fails during ping(), the store logs an error via the injected logger and returns false. The mock logger setup is comprehensive and the assertions match the implementation in the source file.

Minor observation: The as never cast on line 399 works but is less precise than typing the mock logger interface. Consider using a partial mock type if this pattern is used elsewhere:

💡 Optional: Type the mock logger more precisely 
-      const mockLogger = {
+      const mockLogger: Partial<import('@frontmcp/utils').Logger> = {
         error: jest.fn(),
         warn: jest.fn(),
         info: jest.fn(),
         debug: jest.fn(),
         verbose: jest.fn(),
         child: jest.fn(),
       };
 
-      const storeWithLogger = new RedisSessionStore({ host: 'localhost', port: 6379 }, mockLogger as never);
+      const storeWithLogger = new RedisSessionStore({ host: 'localhost', port: 6379 }, mockLogger as Parameters<typeof RedisSessionStore>[1]);
libs/utils/src/fs/fs.spec.ts (1)

36-57: Tests look good with reasonable coverage.

The tests cover the happy path, error handling (ENOENT), and the encoding parameter. One minor observation: the encoding test on lines 50-56 uses 'utf8' which is typically the default encoding, so it doesn't strongly verify that the encoding parameter is actually being applied differently.

Consider testing with a buffer or verifying behavior differs from the default:

it('should support custom encoding', () => {
  const filePath = path.join(tempDir, 'encoding-test.txt');
  const buffer = Buffer.from([0xc3, 0xa9]); // UTF-8 bytes for 'é'
  fs.writeFileSync(filePath, buffer);

  const content = readFileSync(filePath, 'utf8');
  expect(content).toBe('é');
});

This is a minor suggestion and doesn't block the PR.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 14c770b and 4f7ad5d.

📒 Files selected for processing (3)
  • libs/sdk/src/auth/session/__tests__/redis-session.store.test.ts
  • libs/utils/src/fs/fs.spec.ts
  • libs/utils/src/storage/__tests__/errors.test.ts
🧰 Additional context used
📓 Path-based instructions (5)
**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Use strict TypeScript mode with no any types without strong justification
Avoid non-null assertions (!) - use proper error handling and type guards instead
Use @frontmcp/utils for cryptographic operations instead of node:crypto directly
Use @frontmcp/utils for file system operations instead of fs/promises or node:fs directly

Files:

  • libs/utils/src/fs/fs.spec.ts
  • libs/sdk/src/auth/session/__tests__/redis-session.store.test.ts
  • libs/utils/src/storage/__tests__/errors.test.ts
libs/**

⚙️ CodeRabbit configuration file

libs/**: Contains publishable SDK libraries. Review for API correctness, breaking changes, and consistency with docs. When public APIs change, ensure there is a matching docs/draft/docs/** update (not direct edits under docs/docs/**).

Files:

  • libs/utils/src/fs/fs.spec.ts
  • libs/sdk/src/auth/session/__tests__/redis-session.store.test.ts
  • libs/utils/src/storage/__tests__/errors.test.ts
**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.test.{ts,tsx}: Achieve 95%+ test coverage across all metrics (statements, branches, functions, lines)
Use Jest for testing with 95%+ coverage requirement and 100% test pass rate
Do not use prefixes like 'PT-001' in test names
Do not skip constructor validation tests for error classes and types
Include instanceof checks in tests for error classes to verify proper error hierarchy

Files:

  • libs/sdk/src/auth/session/__tests__/redis-session.store.test.ts
  • libs/utils/src/storage/__tests__/errors.test.ts
libs/{sdk,adapters}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

libs/{sdk,adapters}/**/*.{ts,tsx}: Use specific error classes with MCP error codes instead of generic errors
Use getCapabilities() for dynamic capability exposure instead of hardcoding capabilities

Files:

  • libs/sdk/src/auth/session/__tests__/redis-session.store.test.ts
libs/sdk/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

libs/sdk/**/*.{ts,tsx}: Prefer interface for defining object shapes in TypeScript, avoid any types
Use type parameters with constraints instead of unconstrained generics with any defaults
Validate URIs per RFC 3986 at metadata level using isValidMcpUri refinement
Use changeScope instead of scope in change event properties to avoid confusion with Scope class
Fail fast on invalid hook flows by validating hooks match their entry type
Centralize record types in common/records and import from there, not from module-specific files
Return strictly typed MCP protocol responses (e.g., Promise<GetPromptResult>) instead of Promise<unknown> for MCP entry methods
Use unknown instead of any for generic type parameter defaults (not for MCP protocol types)
Create shared base classes for common functionality like ExecutionContextBase for ToolContext and ResourceContext
Do not mutate rawInput in flows - use state.set() for managing flow state instead
Validate inputs and outputs through parseOutput/safeParseOutput methods in validation flows

Files:

  • libs/sdk/src/auth/session/__tests__/redis-session.store.test.ts
🧠 Learnings (4)
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to **/*.{ts,tsx} : Use `frontmcp/utils` for file system operations instead of `fs/promises` or `node:fs` directly

Applied to files:

  • libs/utils/src/fs/fs.spec.ts
📚 Learning: 2026-01-06T02:34:55.689Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/plugins/CLAUDE.md:0-0
Timestamp: 2026-01-06T02:34:55.689Z
Learning: Applies to libs/plugins/**/*.test.ts : Tests must achieve 95%+ code coverage across all metrics; use `MockStore` implementing `RememberStoreInterface` for RememberPlugin testing

Applied to files:

  • libs/sdk/src/auth/session/__tests__/redis-session.store.test.ts
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to **/*.test.{ts,tsx} : Include `instanceof` checks in tests for error classes to verify proper error hierarchy

Applied to files:

  • libs/utils/src/storage/__tests__/errors.test.ts
📚 Learning: 2026-01-04T14:35:18.366Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/uipack/CLAUDE.md:0-0
Timestamp: 2026-01-04T14:35:18.366Z
Learning: Applies to libs/uipack/**/{src}/**/*.{ts,tsx,js,jsx} : Do not expose internal error details in public APIs - use sanitized error messages

Applied to files:

  • libs/utils/src/storage/__tests__/errors.test.ts
🧬 Code graph analysis (1)
libs/sdk/src/auth/session/__tests__/redis-session.store.test.ts (1)
libs/sdk/src/auth/session/redis-session.store.ts (1)
  • RedisSessionStore (35-348)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
  • GitHub Check: Lint & Format Checks
  • GitHub Check: Build Libraries
  • GitHub Check: Package E2E (Verdaccio)
  • GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (2)
libs/utils/src/fs/fs.spec.ts (1)

4-4: LGTM!

The import correctly adds readFileSync to the public API surface being tested.

libs/utils/src/storage/__tests__/errors.test.ts (1)

59-72: LGTM! Tests properly cover the new cause message behavior.

The new tests effectively verify both branches of the enhanced StorageConnectionError behavior:

  1. When a cause is provided, the message includes the cause's message
  2. When no cause is provided, the message remains unchanged

The instanceof checks for error hierarchy are already covered by the existing test at lines 74-77 and the comprehensive "Error hierarchy" section, so these focused behavioral tests appropriately don't duplicate that verification. Based on learnings, the existing coverage satisfies the requirement for instanceof checks.

coderabbitai[bot]
coderabbitai bot reviewed Jan 13, 2026
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
.github/workflows/pr-testing-registry.yml (1)

176-190: Default domain logic breaks the fallback for users without NGROK_AUTH_TOKEN.

The new default domain logic on lines 178-181 ensures NGROK_DOMAIN is always set. However, the check on lines 184-187 will now always fail when NGROK_AUTH_TOKEN is not configured, because a domain is always present.

Previously, users without NGROK_AUTH_TOKEN could run the workflow and get a random ngrok URL. Now, they will always hit the error on line 185-186 since NGROK_DOMAIN is never empty.

Consider one of these fixes:

  1. Only apply the default domain when NGROK_AUTH_TOKEN is available.
  2. Keep the original behavior where no domain means random URL generation.
🐛 Proposed fix: Only default domain when auth token is available 
          # Get domain - use provided value or default to frontmcp-pr-{PR_NUM}.ngrok.io
          NGROK_DOMAIN="${{ inputs.ngrok_domain }}"
-          if [ -z "${NGROK_DOMAIN}" ]; then
+          if [ -z "${NGROK_DOMAIN}" ] && [ -n "${NGROK_AUTH_TOKEN:-}" ]; then
            NGROK_DOMAIN="frontmcp-pr-${{ inputs.pr_number }}.ngrok.io"
            echo "Using default domain: ${NGROK_DOMAIN}"
          fi
📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4c4f126 and bf53787.

📒 Files selected for processing (1)
  • .github/workflows/pr-testing-registry.yml
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
  • GitHub Check: Lint & Format Checks
  • GitHub Check: Build Libraries
  • GitHub Check: Package E2E (Verdaccio)
  • GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (1)
.github/workflows/pr-testing-registry.yml (1)

22-26: LGTM!

The updated description accurately reflects the new defaulting behavior implemented in the workflow.

coderabbitai[bot]
coderabbitai bot reviewed Jan 14, 2026
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
docs/draft/docs/servers/server.mdx (1)

357-366: Inconsistent persistence configuration example.

The example at line 359 uses persistence: { enabled: true }, but the type definition shown earlier (lines 82-84) defines persistence as false | { defaultTtlMs?: number } without an enabled property. This inconsistency could confuse users.

📝 Suggested fix 
   transport: {
-    persistence: { enabled: true },
+    persistence: { defaultTtlMs: 3600000 },  // Or just omit to use auto-enabled defaults
   },

Alternatively, if enabled is a valid property, update the type definition at lines 82-84 to include it.

🤖 Fix all issues with AI agents 
In `@libs/sdk/src/common/metadata/__tests__/front-mcp.metadata.test.ts`:
- Around line 17-27: The type guard isPersistenceObject currently returns true
for null but its return type lacks null; mirror the fix made in
front-mcp.metadata.ts by updating the type guard signature to include null
(value is { redis?: unknown; defaultTtlMs?: number } | false | null | undefined)
and keep the existing null check that returns true, ensuring the runtime
behavior and the TypeScript type are consistent; update any related tests to
reflect the accepted null union if present.

In `@libs/sdk/src/common/metadata/front-mcp.metadata.ts`:
- Around line 131-142: The type guard isPersistenceObject currently returns true
for null but its type predicate doesn't include null; update the predicate to
reflect actual behavior by adding null to the union (i.e., change the return
type to include | null) OR change the runtime check so null is treated as
invalid (return false) if you want null rejected; specifically modify the
function signature isPersistenceObject(...) : value is { redis?: unknown;
defaultTtlMs?: number } | false | undefined | null (or remove the `if (value ===
null)` branch and return false) and keep the rest of the validation logic
unchanged.
🧹 Nitpick comments (14)
apps/e2e/demo-e2e-remote/src/main.ts (1)

6-6: Pre-existing unused variable.

idpProviderUrl is defined but never used within this file. This appears to be pre-existing (not part of the current changes), but you may want to address it as a follow-up cleanup if the variable is no longer needed.

docs/draft/docs/authentication/demo-servers.mdx (1)

64-65: Redundant bullet points.

Line 64 already states that full enables "all transports with relaxed session requirements." Line 65 then repeats that Streamable HTTP has relaxed session requirements—this is already covered by "all transports." Consider consolidating these or making line 65 highlight a distinct aspect.

✏️ Suggested consolidation 
-- Uses `full` protocol preset enabling all transports with relaxed session requirements for easy smoke tests.
-- Enables Streamable HTTP for MCP clients with relaxed session requirements.
+- Uses the `full` protocol preset—all transports enabled with relaxed session requirements—for easy smoke tests.
libs/sdk/src/common/types/options/__tests__/transport.options.test.ts (1)

311-366: Add tests for stateless-api and full presets to match expandProtocolConfig coverage.

The expandProtocolConfig tests cover all four presets (legacy, modern, stateless-api, full), but toLegacyProtocolFlags only tests modern, legacy, and undefined. Adding tests for the remaining presets ensures complete branch coverage and validates the flag mapping for all preset configurations.

🧪 Suggested additional test cases 
   it('should convert custom protocol config to legacy flags', () => {
     const result = toLegacyProtocolFlags({
       sse: false,
       streamable: false,
       json: true,
       stateless: true,
       legacy: true,
       strictSession: false,
     });
     expect(result).toEqual({
       enableLegacySSE: true,
       enableSseListener: false,
       enableStreamableHttp: false,
       enableStatelessHttp: true,
       enableStatefulHttp: true,
       requireSessionForStreamable: false,
     });
   });
+
+  it('should convert stateless-api preset to legacy flags', () => {
+    const result = toLegacyProtocolFlags('stateless-api');
+    expect(result).toEqual({
+      enableLegacySSE: false,
+      enableSseListener: false,
+      enableStreamableHttp: false,
+      enableStatelessHttp: true,
+      enableStatefulHttp: false,
+      requireSessionForStreamable: false,
+    });
+  });
+
+  it('should convert full preset to legacy flags', () => {
+    const result = toLegacyProtocolFlags('full');
+    expect(result).toEqual({
+      enableLegacySSE: true,
+      enableSseListener: true,
+      enableStreamableHttp: true,
+      enableStatelessHttp: true,
+      enableStatefulHttp: true,
+      requireSessionForStreamable: false,
+    });
+  });
 });
libs/sdk/src/common/types/options/server-info/schema.ts (1)

12-18: Consider adding URL validation for websiteUrl.

The websiteUrl field accepts any string. Per coding guidelines, URIs should be validated. Consider adding a URL refinement:

♻️ Proposed fix 
 export const serverInfoOptionsSchema = z.object({
   name: z.string(),
   title: z.string().optional(),
   version: z.string(),
-  websiteUrl: z.string().optional(),
+  websiteUrl: z.string().url().optional(),
   icons: z.array(IconSchema).optional(),
 } satisfies RawZodShape<ServerInfoOptionsInterface>);

Alternatively, if custom MCP URI validation is required, use the isValidMcpUri refinement mentioned in the coding guidelines.

libs/sdk/src/common/types/options/http/schema.ts (1)

12-12: Prefer z.unknown() over z.any() for hostFactory.

Per coding guidelines, avoid any types without strong justification. While hostFactory accepts a complex union type that Zod cannot natively validate, using z.unknown() is safer and aligns with the guideline to use unknown instead of any.

♻️ Suggested change 
-  hostFactory: z.any().optional(),
+  hostFactory: z.unknown().optional(),

Based on coding guidelines requiring unknown instead of any for SDK code.

libs/sdk/src/common/types/options/redis/interfaces.ts (1)

95-98: Consider adding a discriminant to the legacy connection option.

The third union member (RedisConnectionInterface & CommonStorageOptionsInterface) lacks a provider discriminant, which can make runtime type narrowing more complex compared to the other union members that have explicit provider: 'redis' | 'vercel-kv' literals.

If this is intentional to support legacy configurations without an explicit provider field (defaulting to Redis), this is acceptable but worth documenting. Otherwise, consider requiring provider: 'redis' for all Redis connections.

libs/sdk/src/common/types/options/session/schema.ts (1)

29-35: Consider constraining the function type in sessionMode.

The z.function() at line 31 accepts any function signature. If sessionMode when a function should have a specific signature (e.g., (issuer: string) => 'stateful' | 'stateless' based on the docs), consider using z.function().args(...).returns(...) for better type safety and validation.

💡 Example of constrained function schema 
 export const sessionOptionsSchema = z.object({
   sessionMode: z
-    .union([z.literal('stateful'), z.literal('stateless'), z.function()])
+    .union([
+      z.literal('stateful'),
+      z.literal('stateless'),
+      z.function()
+        .args(z.string())
+        .returns(z.union([z.literal('stateful'), z.literal('stateless')]))
+    ])
     .optional()
     .default('stateless'),
   platformDetection: platformDetectionConfigSchema.optional(),
 } satisfies RawZodShape<SessionOptionsInterface>);
libs/sdk/src/scope/flows/http.request.flow.ts (1)

208-220: Avoid non-null assertion on transport.

Per coding guidelines, non-null assertions (!) should be avoided in favor of proper error handling or type guards. While the comment states transport is "always defined after schema parsing," a defensive check would be safer.

♻️ Suggested fix 
-      // Use transport config from scope metadata (top-level transport config only)
-      // Note: transportConfig is always defined after schema parsing (has defaults)
-      const transportConfig = this.scope.metadata.transport!;
+      // Use transport config from scope metadata (top-level transport config only)
+      const transportConfig = this.scope.metadata.transport;
+      if (!transportConfig) {
+        this.logger.error(`[${this.requestId}] transport config not found in scope metadata`);
+        this.respond(httpRespond.internalError('Transport configuration missing'));
+        return;
+      }
libs/sdk/src/common/types/options/http/index.ts (1)

8-9: Backwards-compatible alias may violate coding guidelines.

The HttpConfig alias contradicts the guideline to "do not add backwards compatibility aliases" in barrel exports. Based on learnings, this should be removed unless there's a specific migration plan requiring it.

If this alias is intentional for a deprecation period, consider adding a @deprecated JSDoc comment to guide users toward HttpOptions.

Option 1: Remove the alias (preferred per guidelines) 
 export type { HttpOptionsInterface } from './interfaces';
 export { httpOptionsSchema } from './schema';
 export type { HttpOptions, HttpOptionsInput } from './schema';
-
-// Re-export with backwards-compatible alias
-export type { HttpOptions as HttpConfig } from './schema';
Option 2: If alias is necessary, add deprecation notice 
-// Re-export with backwards-compatible alias
-export type { HttpOptions as HttpConfig } from './schema';
+/**
+ * `@deprecated` Use `HttpOptions` instead. Will be removed in a future version.
+ */
+export type { HttpOptions as HttpConfig } from './schema';
libs/sdk/src/common/types/options/pagination/schema.ts (1)

10-17: Consider adding satisfies constraint for type alignment.

The loggingOptionsSchema in this PR uses satisfies RawZodShape<LoggingOptionsInterface> to ensure the schema aligns with its corresponding interface. For consistency and compile-time safety, consider applying the same pattern here:

+import type { RawZodShape } from '../../common.types';
+import type { ToolPaginationOptionsInterface } from './interfaces';
+
 export const toolPaginationOptionsSchema = z.object({
   mode: z
     .union([z.literal('auto'), z.boolean()])
     .optional()
     .default('auto'),
   pageSize: z.number().int().positive().optional().default(40),
   autoThreshold: z.number().int().positive().optional().default(40),
-});
+} satisfies RawZodShape<ToolPaginationOptionsInterface>);

This ensures the schema stays in sync with the interface if either is modified.

libs/sdk/src/common/types/options/redis/index.ts (1)

4-32: Potential duplicate export of StorageProvider.

StorageProvider is exported twice: once as an alias StorageProviderInterface from ./interfaces (line 5), and again directly from ./schema (line 25). This may cause confusion for consumers. Consider removing one of the exports or clarifying the distinction in comments.

♻️ Suggested clarification

If both exports are intentional (interface from ./interfaces and inferred type from schema), add a clarifying comment:

+// StorageProvider from schema is the Zod-inferred type
+// StorageProviderInterface from interfaces is the explicit interface (same shape)
 export type {
   StorageProvider,
   RedisProviderOptions,

Alternatively, if they're the same type, remove the duplicate:

 export type {
   StorageProvider as StorageProviderInterface,
   CommonStorageOptionsInterface,
   RedisConnectionInterface,
   RedisProviderOptionsInterface,
   VercelKvProviderOptionsInterface,
   RedisOptionsInterface,
 } from './interfaces';

 // ... later ...

 export type {
-  StorageProvider,
   RedisProviderOptions,
libs/sdk/src/transport/transport.registry.ts (2)

120-136: Consider using a type guard instead of inline cast.

The cast on line 122 (as { redis?: { provider?: string } } | undefined) works but is verbose. A type guard or extracting this logic into a helper would improve readability and type safety.

♻️ Suggested improvement 
+  private getProviderType(): string {
+    if (typeof this.persistenceConfig === 'object' && this.persistenceConfig?.redis) {
+      return 'provider' in this.persistenceConfig.redis 
+        ? this.persistenceConfig.redis.provider ?? 'redis' 
+        : 'redis';
+    }
+    return 'redis';
+  }

   // In the validation block:
-  const persistConfig = this.persistenceConfig as { redis?: { provider?: string } } | undefined;
-  const providerType = persistConfig?.redis?.provider ?? 'redis';
+  const providerType = this.getProviderType();

401-402: Duplicate TTL extraction logic.

The defaultTtlMs extraction pattern (typeof this.persistenceConfig === 'object' ? this.persistenceConfig?.defaultTtlMs : undefined) is repeated at lines 307-308 and 401-402. Consider extracting this into a getter method to reduce duplication.

♻️ Suggested refactor 
+  /**
+   * Get the default TTL for session persistence.
+   * Returns undefined if persistence is disabled or not configured.
+   */
+  private getDefaultTtlMs(): number | undefined {
+    return typeof this.persistenceConfig === 'object' 
+      ? this.persistenceConfig?.defaultTtlMs 
+      : undefined;
+  }

   // Then replace:
-  const defaultTtlMs = typeof this.persistenceConfig === 'object' ? this.persistenceConfig?.defaultTtlMs : undefined;
+  const defaultTtlMs = this.getDefaultTtlMs();
libs/sdk/src/common/types/options/transport/schema.ts (1)

221-255: Consider validating the sessionMode function signature with Zod.

The z.function() on line 227 accepts any function without runtime signature validation. While TypeScript's satisfies RawZodShape<TransportOptionsInterface> constraint enforces compile-time type safety, the code currently uses a runtime cast to bridge the gap: sessionMode: config.sessionMode as ExpandedTransportConfig['sessionMode']. This cast masks the type inference mismatch between z.function() and the expected signature.

Since Zod 4.x supports function validation, refactoring to validate the signature would eliminate the cast and strengthen runtime safety:

♻️ Optional: Add function signature validation 
   sessionMode: z
-    .union([z.literal('stateful'), z.literal('stateless'), z.function()])
+    .union([
+      z.literal('stateful'),
+      z.literal('stateless'),
+      z.function()
+        .args(z.string()) // issuer
+        .returns(z.union([
+          z.literal('stateful'),
+          z.literal('stateless'),
+          z.promise(z.union([z.literal('stateful'), z.literal('stateless')]))
+        ]))
+    ])
     .optional()
     .default('stateful'),

This removes the need for the cast workaround while maintaining backward compatibility.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 05a341f and d91bc70.

📒 Files selected for processing (79)
  • apps/demo/src/main.ts
  • apps/e2e/demo-e2e-agents/src/main.ts
  • apps/e2e/demo-e2e-cache/src/main.ts
  • apps/e2e/demo-e2e-codecall/src/main.ts
  • apps/e2e/demo-e2e-config/src/main.ts
  • apps/e2e/demo-e2e-errors/src/main.ts
  • apps/e2e/demo-e2e-hooks/src/main.ts
  • apps/e2e/demo-e2e-multiapp/src/main.ts
  • apps/e2e/demo-e2e-notifications/src/main.ts
  • apps/e2e/demo-e2e-openapi/src/main.ts
  • apps/e2e/demo-e2e-orchestrated/src/main.ts
  • apps/e2e/demo-e2e-providers/src/main.ts
  • apps/e2e/demo-e2e-redis/src/main.ts
  • apps/e2e/demo-e2e-remember/src/main.ts
  • apps/e2e/demo-e2e-remote/src/main.ts
  • apps/e2e/demo-e2e-serverless/src/main.ts
  • apps/e2e/demo-e2e-standalone/src/main.ts
  • apps/e2e/demo-e2e-transparent/src/main.ts
  • apps/e2e/demo-e2e-transport-recreation/src/main.ts
  • apps/e2e/demo-e2e-ui/src/main.ts
  • docs/draft/docs/authentication/demo-servers.mdx
  • docs/draft/docs/servers/server.mdx
  • libs/sdk/src/auth/session/record/session.base.ts
  • libs/sdk/src/auth/session/session.transport.ts
  • libs/sdk/src/auth/session/utils/session-id.utils.ts
  • libs/sdk/src/auth/session/vercel-kv-session.store.ts
  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
  • libs/sdk/src/common/interfaces/internal/primary-auth-provider.interface.ts
  • libs/sdk/src/common/metadata/__tests__/front-mcp.metadata.test.ts
  • libs/sdk/src/common/metadata/front-mcp.metadata.ts
  • libs/sdk/src/common/migrate/__tests__/auth-transport.migrate.test.ts
  • libs/sdk/src/common/migrate/auth-transport.migrate.ts
  • libs/sdk/src/common/migrate/index.ts
  • libs/sdk/src/common/types/options/__tests__/redis.options.test.ts
  • libs/sdk/src/common/types/options/__tests__/transport.options.test.ts
  • libs/sdk/src/common/types/options/auth/index.ts
  • libs/sdk/src/common/types/options/auth/interfaces.ts
  • libs/sdk/src/common/types/options/auth/orchestrated.schema.ts
  • libs/sdk/src/common/types/options/auth/public.schema.ts
  • libs/sdk/src/common/types/options/auth/schema.ts
  • libs/sdk/src/common/types/options/auth/transparent.schema.ts
  • libs/sdk/src/common/types/options/auth/transport.deprecated.ts
  • libs/sdk/src/common/types/options/auth/typecheck.ts
  • libs/sdk/src/common/types/options/auth/utils.ts
  • libs/sdk/src/common/types/options/http.options.ts
  • libs/sdk/src/common/types/options/http/index.ts
  • libs/sdk/src/common/types/options/http/interfaces.ts
  • libs/sdk/src/common/types/options/http/schema.ts
  • libs/sdk/src/common/types/options/index.ts
  • libs/sdk/src/common/types/options/logging.options.ts
  • libs/sdk/src/common/types/options/logging/index.ts
  • libs/sdk/src/common/types/options/logging/interfaces.ts
  • libs/sdk/src/common/types/options/logging/schema.ts
  • libs/sdk/src/common/types/options/pagination/index.ts
  • libs/sdk/src/common/types/options/pagination/interfaces.ts
  • libs/sdk/src/common/types/options/pagination/schema.ts
  • libs/sdk/src/common/types/options/redis/index.ts
  • libs/sdk/src/common/types/options/redis/interfaces.ts
  • libs/sdk/src/common/types/options/redis/schema.ts
  • libs/sdk/src/common/types/options/server-info.options.ts
  • libs/sdk/src/common/types/options/server-info/index.ts
  • libs/sdk/src/common/types/options/server-info/interfaces.ts
  • libs/sdk/src/common/types/options/server-info/schema.ts
  • libs/sdk/src/common/types/options/session.options.ts
  • libs/sdk/src/common/types/options/session/index.ts
  • libs/sdk/src/common/types/options/session/interfaces.ts
  • libs/sdk/src/common/types/options/session/schema.ts
  • libs/sdk/src/common/types/options/transport.options.ts
  • libs/sdk/src/common/types/options/transport/index.ts
  • libs/sdk/src/common/types/options/transport/interfaces.ts
  • libs/sdk/src/common/types/options/transport/schema.ts
  • libs/sdk/src/common/types/options/transport/typecheck.ts
  • libs/sdk/src/common/utils/decide-request-intent.utils.ts
  • libs/sdk/src/provider/provider.registry.ts
  • libs/sdk/src/scope/flows/http.request.flow.ts
  • libs/sdk/src/scope/scope.instance.ts
  • libs/sdk/src/tool/flows/tools-list.flow.ts
  • libs/sdk/src/transport/README.md
  • libs/sdk/src/transport/transport.registry.ts
💤 Files with no reviewable changes (12)
  • libs/sdk/src/common/types/options/auth/orchestrated.schema.ts
  • libs/sdk/src/common/types/options/http.options.ts
  • libs/sdk/src/common/types/options/logging.options.ts
  • libs/sdk/src/common/types/options/auth/transparent.schema.ts
  • libs/sdk/src/common/types/options/session.options.ts
  • libs/sdk/src/common/migrate/tests/auth-transport.migrate.test.ts
  • libs/sdk/src/common/types/options/transport.options.ts
  • libs/sdk/src/common/types/options/server-info.options.ts
  • libs/sdk/src/common/migrate/auth-transport.migrate.ts
  • libs/sdk/src/common/types/options/auth/transport.deprecated.ts
  • libs/sdk/src/common/migrate/index.ts
  • libs/sdk/src/common/types/options/auth/public.schema.ts
✅ Files skipped from review due to trivial changes (3)
  • libs/sdk/src/common/types/options/redis/schema.ts
  • libs/sdk/src/common/types/options/session/index.ts
  • libs/sdk/src/common/types/options/auth/typecheck.ts
🚧 Files skipped from review as they are similar to previous changes (1)
  • libs/sdk/src/auth/session/vercel-kv-session.store.ts
🧰 Additional context used
📓 Path-based instructions (8)
**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Use strict TypeScript mode with no any types without strong justification
Avoid non-null assertions (!) - use proper error handling and type guards instead
Use @frontmcp/utils for cryptographic operations instead of node:crypto directly
Use @frontmcp/utils for file system operations instead of fs/promises or node:fs directly

Files:

  • libs/sdk/src/auth/session/utils/session-id.utils.ts
  • apps/e2e/demo-e2e-orchestrated/src/main.ts
  • libs/sdk/src/common/types/options/server-info/schema.ts
  • libs/sdk/src/common/types/options/http/index.ts
  • libs/sdk/src/scope/scope.instance.ts
  • libs/sdk/src/common/types/options/__tests__/redis.options.test.ts
  • libs/sdk/src/common/types/options/http/interfaces.ts
  • libs/sdk/src/common/types/options/logging/index.ts
  • apps/e2e/demo-e2e-config/src/main.ts
  • libs/sdk/src/common/types/options/session/schema.ts
  • libs/sdk/src/common/types/options/logging/schema.ts
  • apps/e2e/demo-e2e-ui/src/main.ts
  • libs/sdk/src/auth/session/record/session.base.ts
  • apps/e2e/demo-e2e-providers/src/main.ts
  • libs/sdk/src/auth/session/session.transport.ts
  • apps/e2e/demo-e2e-transport-recreation/src/main.ts
  • apps/e2e/demo-e2e-standalone/src/main.ts
  • libs/sdk/src/common/types/options/transport/index.ts
  • libs/sdk/src/common/types/options/redis/interfaces.ts
  • apps/e2e/demo-e2e-notifications/src/main.ts
  • libs/sdk/src/common/types/options/auth/utils.ts
  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
  • apps/e2e/demo-e2e-hooks/src/main.ts
  • libs/sdk/src/common/types/options/server-info/interfaces.ts
  • libs/sdk/src/common/types/options/http/schema.ts
  • libs/sdk/src/common/types/options/pagination/schema.ts
  • libs/sdk/src/common/types/options/auth/schema.ts
  • libs/sdk/src/provider/provider.registry.ts
  • apps/e2e/demo-e2e-openapi/src/main.ts
  • apps/e2e/demo-e2e-remember/src/main.ts
  • apps/e2e/demo-e2e-errors/src/main.ts
  • apps/demo/src/main.ts
  • apps/e2e/demo-e2e-codecall/src/main.ts
  • libs/sdk/src/common/types/options/pagination/interfaces.ts
  • libs/sdk/src/common/interfaces/internal/primary-auth-provider.interface.ts
  • libs/sdk/src/common/types/options/pagination/index.ts
  • apps/e2e/demo-e2e-redis/src/main.ts
  • libs/sdk/src/common/utils/decide-request-intent.utils.ts
  • apps/e2e/demo-e2e-remote/src/main.ts
  • libs/sdk/src/common/types/options/transport/typecheck.ts
  • apps/e2e/demo-e2e-multiapp/src/main.ts
  • libs/sdk/src/common/types/options/session/interfaces.ts
  • libs/sdk/src/common/types/options/logging/interfaces.ts
  • libs/sdk/src/common/types/options/transport/interfaces.ts
  • apps/e2e/demo-e2e-transparent/src/main.ts
  • libs/sdk/src/common/types/options/server-info/index.ts
  • libs/sdk/src/common/types/options/auth/interfaces.ts
  • apps/e2e/demo-e2e-agents/src/main.ts
  • libs/sdk/src/common/metadata/front-mcp.metadata.ts
  • libs/sdk/src/common/metadata/__tests__/front-mcp.metadata.test.ts
  • libs/sdk/src/scope/flows/http.request.flow.ts
  • libs/sdk/src/tool/flows/tools-list.flow.ts
  • apps/e2e/demo-e2e-cache/src/main.ts
  • libs/sdk/src/common/types/options/auth/index.ts
  • libs/sdk/src/common/types/options/__tests__/transport.options.test.ts
  • apps/e2e/demo-e2e-serverless/src/main.ts
  • libs/sdk/src/common/types/options/transport/schema.ts
  • libs/sdk/src/transport/transport.registry.ts
  • libs/sdk/src/common/types/options/index.ts
  • libs/sdk/src/common/types/options/redis/index.ts
libs/{sdk,adapters}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

libs/{sdk,adapters}/**/*.{ts,tsx}: Use specific error classes with MCP error codes instead of generic errors
Use getCapabilities() for dynamic capability exposure instead of hardcoding capabilities

Files:

  • libs/sdk/src/auth/session/utils/session-id.utils.ts
  • libs/sdk/src/common/types/options/server-info/schema.ts
  • libs/sdk/src/common/types/options/http/index.ts
  • libs/sdk/src/scope/scope.instance.ts
  • libs/sdk/src/common/types/options/__tests__/redis.options.test.ts
  • libs/sdk/src/common/types/options/http/interfaces.ts
  • libs/sdk/src/common/types/options/logging/index.ts
  • libs/sdk/src/common/types/options/session/schema.ts
  • libs/sdk/src/common/types/options/logging/schema.ts
  • libs/sdk/src/auth/session/record/session.base.ts
  • libs/sdk/src/auth/session/session.transport.ts
  • libs/sdk/src/common/types/options/transport/index.ts
  • libs/sdk/src/common/types/options/redis/interfaces.ts
  • libs/sdk/src/common/types/options/auth/utils.ts
  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
  • libs/sdk/src/common/types/options/server-info/interfaces.ts
  • libs/sdk/src/common/types/options/http/schema.ts
  • libs/sdk/src/common/types/options/pagination/schema.ts
  • libs/sdk/src/common/types/options/auth/schema.ts
  • libs/sdk/src/provider/provider.registry.ts
  • libs/sdk/src/common/types/options/pagination/interfaces.ts
  • libs/sdk/src/common/interfaces/internal/primary-auth-provider.interface.ts
  • libs/sdk/src/common/types/options/pagination/index.ts
  • libs/sdk/src/common/utils/decide-request-intent.utils.ts
  • libs/sdk/src/common/types/options/transport/typecheck.ts
  • libs/sdk/src/common/types/options/session/interfaces.ts
  • libs/sdk/src/common/types/options/logging/interfaces.ts
  • libs/sdk/src/common/types/options/transport/interfaces.ts
  • libs/sdk/src/common/types/options/server-info/index.ts
  • libs/sdk/src/common/types/options/auth/interfaces.ts
  • libs/sdk/src/common/metadata/front-mcp.metadata.ts
  • libs/sdk/src/common/metadata/__tests__/front-mcp.metadata.test.ts
  • libs/sdk/src/scope/flows/http.request.flow.ts
  • libs/sdk/src/tool/flows/tools-list.flow.ts
  • libs/sdk/src/common/types/options/auth/index.ts
  • libs/sdk/src/common/types/options/__tests__/transport.options.test.ts
  • libs/sdk/src/common/types/options/transport/schema.ts
  • libs/sdk/src/transport/transport.registry.ts
  • libs/sdk/src/common/types/options/index.ts
  • libs/sdk/src/common/types/options/redis/index.ts
libs/sdk/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

libs/sdk/**/*.{ts,tsx}: Prefer interface for defining object shapes in TypeScript, avoid any types
Use type parameters with constraints instead of unconstrained generics with any defaults
Validate URIs per RFC 3986 at metadata level using isValidMcpUri refinement
Use changeScope instead of scope in change event properties to avoid confusion with Scope class
Fail fast on invalid hook flows by validating hooks match their entry type
Centralize record types in common/records and import from there, not from module-specific files
Return strictly typed MCP protocol responses (e.g., Promise<GetPromptResult>) instead of Promise<unknown> for MCP entry methods
Use unknown instead of any for generic type parameter defaults (not for MCP protocol types)
Create shared base classes for common functionality like ExecutionContextBase for ToolContext and ResourceContext
Do not mutate rawInput in flows - use state.set() for managing flow state instead
Validate inputs and outputs through parseOutput/safeParseOutput methods in validation flows

Files:

  • libs/sdk/src/auth/session/utils/session-id.utils.ts
  • libs/sdk/src/common/types/options/server-info/schema.ts
  • libs/sdk/src/common/types/options/http/index.ts
  • libs/sdk/src/scope/scope.instance.ts
  • libs/sdk/src/common/types/options/__tests__/redis.options.test.ts
  • libs/sdk/src/common/types/options/http/interfaces.ts
  • libs/sdk/src/common/types/options/logging/index.ts
  • libs/sdk/src/common/types/options/session/schema.ts
  • libs/sdk/src/common/types/options/logging/schema.ts
  • libs/sdk/src/auth/session/record/session.base.ts
  • libs/sdk/src/auth/session/session.transport.ts
  • libs/sdk/src/common/types/options/transport/index.ts
  • libs/sdk/src/common/types/options/redis/interfaces.ts
  • libs/sdk/src/common/types/options/auth/utils.ts
  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
  • libs/sdk/src/common/types/options/server-info/interfaces.ts
  • libs/sdk/src/common/types/options/http/schema.ts
  • libs/sdk/src/common/types/options/pagination/schema.ts
  • libs/sdk/src/common/types/options/auth/schema.ts
  • libs/sdk/src/provider/provider.registry.ts
  • libs/sdk/src/common/types/options/pagination/interfaces.ts
  • libs/sdk/src/common/interfaces/internal/primary-auth-provider.interface.ts
  • libs/sdk/src/common/types/options/pagination/index.ts
  • libs/sdk/src/common/utils/decide-request-intent.utils.ts
  • libs/sdk/src/common/types/options/transport/typecheck.ts
  • libs/sdk/src/common/types/options/session/interfaces.ts
  • libs/sdk/src/common/types/options/logging/interfaces.ts
  • libs/sdk/src/common/types/options/transport/interfaces.ts
  • libs/sdk/src/common/types/options/server-info/index.ts
  • libs/sdk/src/common/types/options/auth/interfaces.ts
  • libs/sdk/src/common/metadata/front-mcp.metadata.ts
  • libs/sdk/src/common/metadata/__tests__/front-mcp.metadata.test.ts
  • libs/sdk/src/scope/flows/http.request.flow.ts
  • libs/sdk/src/tool/flows/tools-list.flow.ts
  • libs/sdk/src/common/types/options/auth/index.ts
  • libs/sdk/src/common/types/options/__tests__/transport.options.test.ts
  • libs/sdk/src/common/types/options/transport/schema.ts
  • libs/sdk/src/transport/transport.registry.ts
  • libs/sdk/src/common/types/options/index.ts
  • libs/sdk/src/common/types/options/redis/index.ts
libs/**

⚙️ CodeRabbit configuration file

libs/**: Contains publishable SDK libraries. Review for API correctness, breaking changes, and consistency with docs. When public APIs change, ensure there is a matching docs/draft/docs/** update (not direct edits under docs/docs/**).

Files:

  • libs/sdk/src/auth/session/utils/session-id.utils.ts
  • libs/sdk/src/common/types/options/server-info/schema.ts
  • libs/sdk/src/common/types/options/http/index.ts
  • libs/sdk/src/scope/scope.instance.ts
  • libs/sdk/src/common/types/options/__tests__/redis.options.test.ts
  • libs/sdk/src/common/types/options/http/interfaces.ts
  • libs/sdk/src/common/types/options/logging/index.ts
  • libs/sdk/src/common/types/options/session/schema.ts
  • libs/sdk/src/common/types/options/logging/schema.ts
  • libs/sdk/src/auth/session/record/session.base.ts
  • libs/sdk/src/auth/session/session.transport.ts
  • libs/sdk/src/common/types/options/transport/index.ts
  • libs/sdk/src/common/types/options/redis/interfaces.ts
  • libs/sdk/src/common/types/options/auth/utils.ts
  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
  • libs/sdk/src/common/types/options/server-info/interfaces.ts
  • libs/sdk/src/common/types/options/http/schema.ts
  • libs/sdk/src/common/types/options/pagination/schema.ts
  • libs/sdk/src/common/types/options/auth/schema.ts
  • libs/sdk/src/provider/provider.registry.ts
  • libs/sdk/src/common/types/options/pagination/interfaces.ts
  • libs/sdk/src/common/interfaces/internal/primary-auth-provider.interface.ts
  • libs/sdk/src/common/types/options/pagination/index.ts
  • libs/sdk/src/common/utils/decide-request-intent.utils.ts
  • libs/sdk/src/common/types/options/transport/typecheck.ts
  • libs/sdk/src/common/types/options/session/interfaces.ts
  • libs/sdk/src/common/types/options/logging/interfaces.ts
  • libs/sdk/src/common/types/options/transport/interfaces.ts
  • libs/sdk/src/common/types/options/server-info/index.ts
  • libs/sdk/src/common/types/options/auth/interfaces.ts
  • libs/sdk/src/common/metadata/front-mcp.metadata.ts
  • libs/sdk/src/common/metadata/__tests__/front-mcp.metadata.test.ts
  • libs/sdk/src/scope/flows/http.request.flow.ts
  • libs/sdk/src/tool/flows/tools-list.flow.ts
  • libs/sdk/src/transport/README.md
  • libs/sdk/src/common/types/options/auth/index.ts
  • libs/sdk/src/common/types/options/__tests__/transport.options.test.ts
  • libs/sdk/src/common/types/options/transport/schema.ts
  • libs/sdk/src/transport/transport.registry.ts
  • libs/sdk/src/common/types/options/index.ts
  • libs/sdk/src/common/types/options/redis/index.ts
**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.test.{ts,tsx}: Achieve 95%+ test coverage across all metrics (statements, branches, functions, lines)
Use Jest for testing with 95%+ coverage requirement and 100% test pass rate
Do not use prefixes like 'PT-001' in test names
Do not skip constructor validation tests for error classes and types
Include instanceof checks in tests for error classes to verify proper error hierarchy

Files:

  • libs/sdk/src/common/types/options/__tests__/redis.options.test.ts
  • libs/sdk/src/common/metadata/__tests__/front-mcp.metadata.test.ts
  • libs/sdk/src/common/types/options/__tests__/transport.options.test.ts
apps/demo/**

⚙️ CodeRabbit configuration file

apps/demo/**: apps/demo directory contains a demo application for testing purposes. It can be used as a reference for SDK usage examples.

Files:

  • apps/demo/src/main.ts
docs/draft/docs/**

⚙️ CodeRabbit configuration file

docs/draft/docs/**: This folder holds the draft/source docs that humans are expected to edit. When authors want to add or change documentation, they should do it here. The Codex workflow uses these drafts, together with the code diff, to generate the latest docs under docs/docs/. As a reviewer: - Encourage contributors to add/update content here instead of docs/docs/. - It is fine to do structural/content feedback here (clarity, examples, etc).

Files:

  • docs/draft/docs/servers/server.mdx
  • docs/draft/docs/authentication/demo-servers.mdx
docs/**

⚙️ CodeRabbit configuration file

docs/**: Repository documentation for the SDK, using MDX and hosted by Mintlify. See more specific rules for: - docs/docs/** (latest rendered docs, automation-only) - docs/v/** (archived versions, read-only) - docs/draft/docs/** (human-editable drafts) - docs/blogs/** (blogs, human edited) - docs/docs.json (Mintlify navigation)

Files:

  • docs/draft/docs/servers/server.mdx
  • docs/draft/docs/authentication/demo-servers.mdx
🧠 Learnings (31)
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to libs/sdk/**/*.{ts,tsx} : Centralize record types in common/records and import from there, not from module-specific files

Applied to files:

  • libs/sdk/src/auth/session/utils/session-id.utils.ts
  • libs/sdk/src/common/types/options/http/index.ts
  • libs/sdk/src/common/types/options/__tests__/redis.options.test.ts
  • libs/sdk/src/common/types/options/logging/index.ts
  • libs/sdk/src/common/types/options/session/schema.ts
  • libs/sdk/src/common/types/options/logging/schema.ts
  • libs/sdk/src/common/types/options/transport/index.ts
  • libs/sdk/src/common/types/options/auth/utils.ts
  • libs/sdk/src/common/types/options/auth/schema.ts
  • libs/sdk/src/common/types/options/pagination/index.ts
  • libs/sdk/src/common/utils/decide-request-intent.utils.ts
  • libs/sdk/src/common/types/options/transport/typecheck.ts
  • libs/sdk/src/common/types/options/session/interfaces.ts
  • libs/sdk/src/common/types/options/logging/interfaces.ts
  • libs/sdk/src/common/types/options/transport/interfaces.ts
  • libs/sdk/src/common/types/options/server-info/index.ts
  • libs/sdk/src/common/types/options/auth/interfaces.ts
  • libs/sdk/src/tool/flows/tools-list.flow.ts
  • libs/sdk/src/common/types/options/auth/index.ts
  • libs/sdk/src/common/types/options/transport/schema.ts
  • libs/sdk/src/common/types/options/index.ts
  • libs/sdk/src/common/types/options/redis/index.ts
📚 Learning: 2026-01-06T02:34:55.689Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/plugins/CLAUDE.md:0-0
Timestamp: 2026-01-06T02:34:55.689Z
Learning: Applies to libs/plugins/**/*.ts : Use proper ES module imports instead of `require()` for SDK imports; avoid dynamic require of `frontmcp/sdk` modules

Applied to files:

  • libs/sdk/src/auth/session/utils/session-id.utils.ts
  • libs/sdk/src/common/types/options/__tests__/redis.options.test.ts
  • libs/sdk/src/common/types/options/auth/utils.ts
  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
  • libs/sdk/src/common/types/options/transport/interfaces.ts
  • libs/sdk/src/common/metadata/front-mcp.metadata.ts
  • libs/sdk/src/tool/flows/tools-list.flow.ts
  • libs/sdk/src/common/types/options/auth/index.ts
  • libs/sdk/src/common/types/options/index.ts
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to libs/{sdk,adapters}/**/*.{ts,tsx} : Use `getCapabilities()` for dynamic capability exposure instead of hardcoding capabilities

Applied to files:

  • libs/sdk/src/auth/session/utils/session-id.utils.ts
  • libs/sdk/src/common/utils/decide-request-intent.utils.ts
  • libs/sdk/src/common/types/options/session/interfaces.ts
  • libs/sdk/src/common/types/options/auth/index.ts
  • libs/sdk/src/common/types/options/index.ts
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to libs/sdk/**/*.{ts,tsx} : Use `changeScope` instead of `scope` in change event properties to avoid confusion with Scope class

Applied to files:

  • libs/sdk/src/auth/session/utils/session-id.utils.ts
  • libs/sdk/src/scope/scope.instance.ts
  • libs/sdk/src/common/types/options/auth/schema.ts
  • libs/sdk/src/scope/flows/http.request.flow.ts
  • libs/sdk/src/common/types/options/index.ts
📚 Learning: 2026-01-04T14:35:18.366Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/uipack/CLAUDE.md:0-0
Timestamp: 2026-01-04T14:35:18.366Z
Learning: Applies to libs/uipack/**/{theme,adapters,bundler}/**/*.{test,spec}.{ts,tsx,js,jsx} : Test behavior across all supported platform configurations (OpenAI, Claude, etc.)

Applied to files:

  • libs/sdk/src/auth/session/utils/session-id.utils.ts
  • libs/sdk/src/common/types/options/__tests__/transport.options.test.ts
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to **/*.{ts,tsx} : Use `frontmcp/utils` for cryptographic operations instead of `node:crypto` directly

Applied to files:

  • libs/sdk/src/auth/session/utils/session-id.utils.ts
  • apps/e2e/demo-e2e-ui/src/main.ts
  • apps/e2e/demo-e2e-providers/src/main.ts
  • apps/e2e/demo-e2e-standalone/src/main.ts
  • libs/sdk/src/common/types/options/auth/utils.ts
  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
  • apps/e2e/demo-e2e-openapi/src/main.ts
  • apps/e2e/demo-e2e-remember/src/main.ts
  • apps/e2e/demo-e2e-codecall/src/main.ts
  • apps/e2e/demo-e2e-redis/src/main.ts
  • apps/e2e/demo-e2e-multiapp/src/main.ts
  • apps/e2e/demo-e2e-transparent/src/main.ts
  • libs/sdk/src/common/metadata/front-mcp.metadata.ts
  • libs/sdk/src/common/metadata/__tests__/front-mcp.metadata.test.ts
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to libs/*/src/index.ts : Export everything users need through barrel exports (index.ts), do not add backwards compatibility aliases

Applied to files:

  • libs/sdk/src/common/types/options/http/index.ts
  • libs/sdk/src/common/types/options/logging/index.ts
  • libs/sdk/src/common/types/options/transport/index.ts
  • libs/sdk/src/common/types/options/pagination/index.ts
  • libs/sdk/src/common/types/options/server-info/index.ts
  • libs/sdk/src/common/types/options/auth/index.ts
  • libs/sdk/src/common/types/options/index.ts
  • libs/sdk/src/common/types/options/redis/index.ts
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to libs/sdk/**/*.{ts,tsx} : Return strictly typed MCP protocol responses (e.g., `Promise<GetPromptResult>`) instead of `Promise<unknown>` for MCP entry methods

Applied to files:

  • libs/sdk/src/common/types/options/http/interfaces.ts
  • libs/sdk/src/common/types/options/session/interfaces.ts
  • libs/sdk/src/common/types/options/transport/interfaces.ts
  • libs/sdk/src/common/metadata/front-mcp.metadata.ts
  • libs/sdk/src/common/metadata/__tests__/front-mcp.metadata.test.ts
📚 Learning: 2026-01-04T14:35:18.366Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/uipack/CLAUDE.md:0-0
Timestamp: 2026-01-04T14:35:18.366Z
Learning: Applies to libs/uipack/**/{validation,**}/**/*.{ts,tsx} : Use `.strict()` on all Zod schemas for validation

Applied to files:

  • libs/sdk/src/common/types/options/session/schema.ts
  • libs/sdk/src/common/types/options/logging/schema.ts
  • libs/sdk/src/common/types/options/pagination/schema.ts
  • libs/sdk/src/common/types/options/auth/schema.ts
  • libs/sdk/src/common/types/options/transport/typecheck.ts
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to libs/sdk/**/*.{ts,tsx} : Prefer `interface` for defining object shapes in TypeScript, avoid `any` types

Applied to files:

  • libs/sdk/src/common/types/options/session/schema.ts
  • libs/sdk/src/common/types/options/redis/interfaces.ts
  • libs/sdk/src/common/types/options/server-info/interfaces.ts
  • libs/sdk/src/common/types/options/session/interfaces.ts
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to libs/sdk/**/*.{ts,tsx} : Use type parameters with constraints instead of unconstrained generics with `any` defaults

Applied to files:

  • libs/sdk/src/common/types/options/session/schema.ts
  • libs/sdk/src/common/types/options/logging/schema.ts
  • libs/sdk/src/common/types/options/transport/typecheck.ts
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to libs/sdk/**/*.{ts,tsx} : Validate inputs and outputs through parseOutput/safeParseOutput methods in validation flows

Applied to files:

  • libs/sdk/src/common/types/options/logging/schema.ts
  • libs/sdk/src/common/types/options/transport/typecheck.ts
📚 Learning: 2026-01-04T14:35:18.366Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/uipack/CLAUDE.md:0-0
Timestamp: 2026-01-04T14:35:18.366Z
Learning: Applies to libs/uipack/**/index.{ts,js} : Export all public APIs through appropriate entry points (frontmcp/uipack, frontmcp/uipack/adapters, frontmcp/uipack/theme, etc.)

Applied to files:

  • libs/sdk/src/common/types/options/transport/index.ts
  • libs/sdk/src/common/types/options/pagination/index.ts
  • apps/e2e/demo-e2e-multiapp/src/main.ts
  • libs/sdk/src/common/types/options/auth/index.ts
  • libs/sdk/src/common/types/options/index.ts
📚 Learning: 2026-01-04T14:35:18.366Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/uipack/CLAUDE.md:0-0
Timestamp: 2026-01-04T14:35:18.366Z
Learning: Applies to libs/uipack/**/{src}/**/*.{ts,tsx} : Always validate component options before use

Applied to files:

  • libs/sdk/src/common/types/options/auth/utils.ts
📚 Learning: 2026-01-06T02:34:55.689Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/plugins/CLAUDE.md:0-0
Timestamp: 2026-01-06T02:34:55.689Z
Learning: Applies to libs/plugins/**/*plugin.ts : Use module augmentation for context properties via `declare module 'frontmcp/sdk'` combined with runtime plugin metadata `contextExtensions`, not module-level side effects

Applied to files:

  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
  • libs/sdk/src/common/metadata/front-mcp.metadata.ts
  • libs/sdk/src/common/metadata/__tests__/front-mcp.metadata.test.ts
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to libs/sdk/**/*.{ts,tsx} : Validate URIs per RFC 3986 at metadata level using `isValidMcpUri` refinement

Applied to files:

  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
  • libs/sdk/src/common/metadata/__tests__/front-mcp.metadata.test.ts
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to **/*.{ts,tsx} : Use `frontmcp/utils` for file system operations instead of `fs/promises` or `node:fs` directly

Applied to files:

  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
📚 Learning: 2026-01-06T02:34:55.689Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/plugins/CLAUDE.md:0-0
Timestamp: 2026-01-06T02:34:55.689Z
Learning: Applies to libs/plugins/**/*.ts : Always use `frontmcp/utils` for cryptographic operations (hkdfSha256, encryptAesGcm, decryptAesGcm, randomBytes, sha256, sha256Hex, base64urlEncode, base64urlDecode) instead of `node:crypto`

Applied to files:

  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
📚 Learning: 2026-01-06T02:34:55.689Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/plugins/CLAUDE.md:0-0
Timestamp: 2026-01-06T02:34:55.689Z
Learning: Applies to libs/plugins/**/*.ts : Avoid using `node:crypto` directly; always use `frontmcp/utils` for cross-platform cryptographic support

Applied to files:

  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
📚 Learning: 2025-12-24T00:41:41.819Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/ui/CLAUDE.md:0-0
Timestamp: 2025-12-24T00:41:41.819Z
Learning: Applies to libs/ui/src/**/*.{ts,tsx} : Never import React-free utilities from frontmcp/ui; use frontmcp/uipack for bundling, build tools, platform adapters, and theme utilities

Applied to files:

  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to libs/{sdk,adapters}/**/*.{ts,tsx} : Use specific error classes with MCP error codes instead of generic errors

Applied to files:

  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
📚 Learning: 2025-12-24T00:41:41.819Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/ui/CLAUDE.md:0-0
Timestamp: 2025-12-24T00:41:41.819Z
Learning: Applies to libs/ui/src/react/hooks/**/*.{ts,tsx} : MCP bridge hooks (useMcpBridge, useCallTool, useToolInput, useToolOutput, useTheme) must be properly typed and handle loading/error states

Applied to files:

  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
  • libs/sdk/src/tool/flows/tools-list.flow.ts
📚 Learning: 2026-01-04T14:35:18.366Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/uipack/CLAUDE.md:0-0
Timestamp: 2026-01-04T14:35:18.366Z
Learning: Applies to libs/uipack/**/{build,bundler}/**/*.{ts,tsx,js,jsx} : For server-side MDX rendering with bundled React, use frontmcp/ui/renderers instead of frontmcp/uipack/renderers

Applied to files:

  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to **/*.{ts,tsx} : Use strict TypeScript mode with no `any` types without strong justification

Applied to files:

  • libs/sdk/src/common/types/options/transport/typecheck.ts
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to libs/sdk/**/*.{ts,tsx} : Use `unknown` instead of `any` for generic type parameter defaults (not for MCP protocol types)

Applied to files:

  • libs/sdk/src/common/types/options/transport/typecheck.ts
📚 Learning: 2026-01-04T14:35:18.366Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/uipack/CLAUDE.md:0-0
Timestamp: 2026-01-04T14:35:18.366Z
Learning: Applies to libs/uipack/**/{src}/**/*.{ts,tsx} : Do not use `any` type without justification in TypeScript code

Applied to files:

  • libs/sdk/src/common/types/options/transport/typecheck.ts
📚 Learning: 2026-01-06T17:16:04.304Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-01-06T17:16:04.304Z
Learning: Applies to libs/sdk/**/*.{ts,tsx} : Fail fast on invalid hook flows by validating hooks match their entry type

Applied to files:

  • libs/sdk/src/common/types/options/transport/typecheck.ts
📚 Learning: 2026-01-06T02:34:55.689Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/plugins/CLAUDE.md:0-0
Timestamp: 2026-01-06T02:34:55.689Z
Learning: Applies to libs/plugins/**/*.ts : Avoid using `any` type without justification in TypeScript files

Applied to files:

  • libs/sdk/src/common/types/options/transport/typecheck.ts
📚 Learning: 2025-12-24T00:41:41.819Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/ui/CLAUDE.md:0-0
Timestamp: 2025-12-24T00:41:41.819Z
Learning: Applies to libs/ui/src/**/*.{ts,tsx} : Avoid using any type without justification; all props, return types, and generics must be properly typed

Applied to files:

  • libs/sdk/src/common/types/options/transport/typecheck.ts
📚 Learning: 2026-01-06T02:34:55.689Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/plugins/CLAUDE.md:0-0
Timestamp: 2026-01-06T02:34:55.689Z
Learning: Applies to libs/plugins/**/*plugin.ts : Extend ExecutionContextBase with plugin-specific properties using module declaration (`declare module 'frontmcp/sdk'`) combined with `contextExtensions` in plugin metadata

Applied to files:

  • libs/sdk/src/common/metadata/front-mcp.metadata.ts
📚 Learning: 2025-12-24T00:41:41.819Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/ui/CLAUDE.md:0-0
Timestamp: 2025-12-24T00:41:41.819Z
Learning: Applies to libs/ui/src/bundler/**/*.{ts,tsx} : The bundler module must re-export utilities from frontmcp/uipack/bundler and provide SSR component bundling functionality

Applied to files:

  • libs/sdk/src/common/types/options/index.ts
🧬 Code graph analysis (16)
libs/sdk/src/common/types/options/server-info/schema.ts (2)
libs/sdk/src/common/types/options/server-info/index.ts (4)
  • serverInfoOptionsSchema (5-5)
  • ServerInfoOptionsInterface (4-4)
  • ServerInfoOptions (6-6)
  • ServerInfoOptionsInput (6-6)
libs/sdk/src/common/types/options/server-info/interfaces.ts (1)
  • ServerInfoOptionsInterface (9-34)
libs/sdk/src/scope/scope.instance.ts (1)
libs/sdk/src/provider/provider.registry.ts (1)
  • ProviderRegistry (49-1077)
libs/sdk/src/common/types/options/http/interfaces.ts (1)
libs/sdk/src/common/types/options/http/index.ts (1)
  • HttpOptionsInterface (4-4)
libs/sdk/src/auth/session/record/session.base.ts (1)
libs/sdk/src/auth/session/session.transport.ts (1)
  • TransportIdGenerator (4-16)
libs/sdk/src/common/types/options/redis/interfaces.ts (2)
libs/sdk/src/common/types/options/redis/index.ts (7)
  • StorageProvider (5-5)
  • StorageProvider (25-25)
  • CommonStorageOptionsInterface (6-6)
  • RedisConnectionInterface (7-7)
  • RedisProviderOptionsInterface (8-8)
  • VercelKvProviderOptionsInterface (9-9)
  • RedisOptionsInterface (10-10)
libs/sdk/src/common/types/options/redis/schema.ts (1)
  • StorageProvider (14-14)
libs/sdk/src/common/decorators/front-mcp.decorator.ts (1)
libs/sdk/src/common/metadata/front-mcp.metadata.ts (1)
  • frontMcpMetadataSchema (214-216)
libs/sdk/src/common/types/options/server-info/interfaces.ts (1)
libs/sdk/src/common/types/options/server-info/index.ts (1)
  • ServerInfoOptionsInterface (4-4)
libs/sdk/src/common/types/options/http/schema.ts (1)
libs/sdk/src/common/types/options/http/index.ts (4)
  • httpOptionsSchema (5-5)
  • HttpOptions (6-6)
  • HttpOptions (9-9)
  • HttpOptionsInput (6-6)
libs/sdk/src/common/types/options/pagination/schema.ts (1)
libs/sdk/src/common/types/options/pagination/interfaces.ts (1)
  • ToolPaginationOptionsInterface (15-37)
libs/sdk/src/provider/provider.registry.ts (3)
libs/sdk/src/common/types/options/transport/index.ts (2)
  • DistributedEnabled (22-22)
  • shouldCacheProviders (39-39)
libs/sdk/src/common/types/options/transport/interfaces.ts (1)
  • DistributedEnabled (199-199)
libs/sdk/src/common/types/options/transport/schema.ts (2)
  • DistributedEnabled (32-32)
  • shouldCacheProviders (331-339)
libs/sdk/src/common/types/options/pagination/interfaces.ts (1)
libs/sdk/src/common/types/options/pagination/index.ts (2)
  • ToolPaginationOptionsInterface (4-4)
  • PaginationOptionsInterface (4-4)
libs/sdk/src/common/utils/decide-request-intent.utils.ts (2)
libs/sdk/src/common/types/options/transport/index.ts (1)
  • LegacyProtocolFlags (51-51)
libs/sdk/src/common/types/options/transport/schema.ts (1)
  • LegacyProtocolFlags (146-153)
libs/sdk/src/common/types/options/transport/typecheck.ts (5)
libs/sdk/src/common/types/options/session/index.ts (4)
  • platformMappingEntrySchema (11-11)
  • PlatformMappingEntry (13-13)
  • platformDetectionConfigSchema (11-11)
  • PlatformDetectionConfig (13-13)
libs/sdk/src/common/types/options/session/schema.ts (4)
  • platformMappingEntrySchema (13-16)
  • PlatformMappingEntry (40-40)
  • platformDetectionConfigSchema (21-24)
  • PlatformDetectionConfig (45-45)
libs/sdk/src/common/types/options/transport/index.ts (8)
  • PlatformMappingEntry (19-19)
  • PlatformDetectionConfig (20-20)
  • persistenceConfigSchema (32-32)
  • PersistenceConfig (15-15)
  • ProtocolConfig (12-12)
  • ProtocolPreset (13-13)
  • transportOptionsSchema (30-30)
  • TransportOptionsInterface (9-9)
libs/sdk/src/common/types/options/transport/interfaces.ts (6)
  • PlatformMappingEntry (17-17)
  • PlatformDetectionConfig (17-17)
  • PersistenceConfig (162-175)
  • ProtocolConfig (80-122)
  • ProtocolPreset (62-62)
  • TransportOptionsInterface (256-344)
libs/sdk/src/common/types/options/transport/schema.ts (6)
  • persistenceConfigSchema (207-210)
  • PersistenceConfig (28-28)
  • ProtocolConfig (29-29)
  • ProtocolPreset (30-30)
  • transportOptionsSchema (221-255)
  • TransportOptionsInterface (27-27)
libs/sdk/src/common/types/options/logging/interfaces.ts (2)
libs/sdk/src/common/types/options/logging/index.ts (3)
  • LogLevel (4-4)
  • LogLevelName (4-4)
  • LoggingOptionsInterface (5-5)
libs/sdk/src/common/interfaces/logger.interface.ts (1)
  • LogTransportType (19-19)
libs/sdk/src/common/types/options/__tests__/transport.options.test.ts (2)
libs/sdk/src/common/types/options/transport/index.ts (5)
  • persistenceConfigSchema (32-32)
  • transportOptionsSchema (30-30)
  • expandProtocolConfig (36-36)
  • PROTOCOL_PRESETS (34-34)
  • toLegacyProtocolFlags (37-37)
libs/sdk/src/common/types/options/transport/schema.ts (5)
  • persistenceConfigSchema (207-210)
  • transportOptionsSchema (221-255)
  • expandProtocolConfig (116-136)
  • PROTOCOL_PRESETS (44-96)
  • toLegacyProtocolFlags (160-170)
libs/sdk/src/transport/transport.registry.ts (1)
libs/sdk/src/common/types/options/transport/schema.ts (1)
  • TransportPersistenceConfigInput (281-281)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
  • GitHub Check: Lint & Format Checks
  • GitHub Check: Build Libraries
  • GitHub Check: Package E2E (Verdaccio)
  • GitHub Check: Analyze (javascript-typescript)

✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.

coderabbitai[bot]
coderabbitai bot reviewed Jan 14, 2026
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Fix all issues with AI agents 
In `@SECURITY.md`:
- Line 9: Replace the bare email address "david@frontegg.com" in SECURITY.md
with a mailto link so it renders as a clickable email link (e.g., use the email
text as the link text and a mailto: URL as the target); update the line
"Instead, please report them via email to: **david@frontegg.com**" to use the
mailto link while preserving emphasis/bold formatting.
- Around line 29-42: Update the SECURITY.md entry to use the actual published
package name "frontmcp" instead of "@frontmcp/cli", and add an "engines": {
"node": ">=22.0.0" } field to the package.json of every individual package that
currently lacks it (all workspace packages except the root and
`@frontmcp/testing`); ensure you update the package.json files for `@frontmcp/sdk`,
`@frontmcp/auth`, `@frontmcp/utils`, `@frontmcp/adapters`, `@frontmcp/plugins`,
`@frontmcp/di`, `@frontmcp/ui`, `@frontmcp/uipack` and any other workspace packages
missing the constraint so installing individual packages enforces Node.js 22+.
📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8cbd2b9 and a92ea4c.

📒 Files selected for processing (1)
  • SECURITY.md
🧰 Additional context used
🪛 markdownlint-cli2 (0.18.1)
SECURITY.md

9-9: Bare URL used

(MD034, no-bare-urls)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
  • GitHub Check: Build Libraries
  • GitHub Check: Lint & Format Checks
  • GitHub Check: Package E2E (Verdaccio)
  • GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (2)
SECURITY.md (2)

50-68: Verify security feature claims.

The specific claims about cryptography implementations, test coverage requirements, and code quality standards should be verified against the actual codebase configuration and dependencies.

#!/bin/bash
# Description: Verify security claims against actual implementation

echo "=== Checking crypto dependencies ==="
fd -t f "package.json" -x jq -r 'select(.dependencies != null or .devDependencies != null) | 
  {name: .name, jose: (.dependencies.jose // .devDependencies.jose // "not found"), 
   noble: ((.dependencies // {}) + (.devDependencies // {}) | to_entries | map(select(.key | contains("noble"))) | from_entries)}'

echo ""
echo "=== Checking test coverage configuration ==="
fd -t f -g "*jest.config.*" -g "*vitest.config.*" -x cat {} \; | grep -A 5 -i "coverage"

echo ""
echo "=== Checking TypeScript strict mode ==="
fd -t f "tsconfig.json" -x jq -r 'select(.compilerOptions.strict != null) | "File: \(input_filename) | strict: \(.compilerOptions.strict)"'

74-78: The external packages list is accurate. All five packages (ast-guard, vectoriadb, enclave-vm, json-schema-to-zod-v3, mcp-from-openapi) have been moved to separate repositories and only exist as external dependencies in the monorepo. No source code directories for these packages are present, and no other moved packages are missing from the list.

✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.

@frontegg-david frontegg-david merged commit 206800a into main Jan 14, 2026
25 checks passed
@frontegg-david frontegg-david deleted the enhance-openapi-adapter branch January 14, 2026 22:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@frontegg-david