fix(core): fix tool listing

[frontegg-david]

Summary by CodeRabbit

• New Features

  • Tools listing and call flows for discovering and invoking tools.
  • Tool naming/qualification and optional hidden-tool support (includeHidden).
  • Scope metadata now includes stable identifiers.

• Improvements

  • App readiness initialized concurrently for faster startup.

• Refactoring

  • Flow system migrated from hook-centric to plan-centric architecture.
  • Ownership/lineage system for tools modernized and name normalization utilities added.

[coderabbitai]

Walkthrough

Refactors the invoker/flow hook system to plan-based metadata, restructures tool ownership and registry lineage, adds new tool flows, removes the session.create flow and flow routers, makes MCP handler guards/schemas optional, and introduces several SDK/type surface changes and scope initialization updates.

Changes

Cohort / File(s)	Summary
Invoker core & API libs/core/src/invoker/*.ts (e.g., invoker.decorators.ts, invoker.factory.ts, invoker.flow.ts, invoker.helpers.ts, invoker.types.ts, index.ts)	Removed hook decorators and helper utilities; introduced plan-centric metadata (PLAN_NAME / PLAN_DEPENDS_ON); removed nested-flow methods; adjusted exported types to emphasize Plan/InvokePlan/StagesFromPlan; removed invoker.helpers export.
Tool ownership, registry & utils libs/core/src/tool/* (e.g., tool.instance.ts, tool.registry.ts, tool.types.ts, tool.utils.ts)	Switched to EntryOwnerRef/EntryLineage model, added IndexedTool and naming utilities, changed ToolRegistry constructor/owner types and getTools(includeHidden?) API, updated adoption/lineage logic.
New / changed tool flows libs/core/src/tool/flows/* (call-tool.flow.ts, tools-list.flow.ts, tool.execute.flow.ts)	Added CallToolFlow and ToolsListFlow (staged plans); updated ToolExecuteFlow to use FlowHooksOf and removed static create method; staged implementations scaffolded.
Session & flow router removals libs/core/src/auth/session/flows/session.create.flow.ts (deleted), libs/core/src/common/flow.router.ts (exports removed)	Deleted complete session.create flow and removed exported flow routers/constants.
MCP handlers & types libs/core/src/transport/mcp-handlers/*.ts, mcp-handlers.types.ts, index.ts	Made when and responseSchema optional; removed guards/responseSchema from several handlers; ListTools handler now delegates to scope.runFlowForOutput('tools:list-tools', ...).
Scope, provider & app registry updates libs/core/src/scope/*, libs/core/src/provider/provider.registry.ts, libs/core/src/app/app.registry.ts, libs/core/src/scope/scope.utils.ts	Moved initialization into async initialize(), scope id from metadata, tools now ToolRegistry, added runFlowForOutput(), provider registry gains parent lookup (getWithParents), app registry awaits ready promises in parallel.
Adapter / SDK surface changes libs/adapters/src/openapi/openapi.types.ts, libs/sdk/src/* (e.g., dynamic/dynamic.adapter.ts, interfaces/adapter.interface.ts, entries/*.ts, metadata/*.ts, interfaces/internal/registry.interface.ts)	Added name on adapter options and abstract options on DynamicAdapter; AdapterInterface gains options; FlowRunOptions extended to include output/state/stage; scope/tool entries and metadata augmented (owner, tools getter, id fields); ToolRegistryInterface.getTools signature updated.
Transport & local adapter libs/core/src/transport/* (e.g., adapters/transport.local.adapter.ts, flows/*)	LocalTransportAdapter gains transport/eventStore/elicit handler/ready/server fields; SSE/streamable HTTP flows adjusted (formatting and guard logic), SSE elicit result path now fails with Not implemented.
Removed exception & helpers libs/core/src/exceptions/tool-not-found.exception.ts (deleted), libs/core/src/invoker/invoker.helpers.ts (deleted functions)	Removed specialized ToolNotFoundError and helper utilities useInvokeState/useCreateInvoker.
Docs, examples & minor formatting README.md, docs/**, apps/demo/src/apps/expenses/tools/create-expense.tool.ts, libs/plugins/src/cache/cache.plugin.ts, assorted import spacing changes	Documentation frontmatter/formatting tweaks, path updates in quickstart, renamed tool decorator name to createExpense, removed unused import in cache plugin, many minor import/whitespace adjustments.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Scope
    participant ToolsListFlow
    participant ToolRegistry
    participant App

    Client->>Scope: runFlowForOutput('tools:list-tools', {request, ctx})
    Scope->>ToolsListFlow: invoke flow (pre → execute → post)
    rect rgb(230,245,255)
        ToolsListFlow->>ToolsListFlow: parseInput (validate method)
        ToolsListFlow->>ToolRegistry: findTools (discover per-scope / per-app)
    end
    rect rgb(235,255,230)
        ToolsListFlow->>ToolsListFlow: resolveConflicts (detect name collisions)
        ToolsListFlow->>App: collect tool metadata
        ToolsListFlow->>ToolsListFlow: parseTools (build descriptors)
    end
    ToolsListFlow-->>Client: return ListToolsResult (tools[])

Loading

sequenceDiagram
    participant ToolRegistry
    participant ToolInstance
    participant OwnerRef

    Note over ToolRegistry: Old construction
    ToolRegistry->>ToolInstance: new ToolInstance(record, providers)
    ToolInstance->>ToolInstance: providedBy: Token[] (old)

    Note over ToolRegistry: New construction (lineage/owner)
    ToolRegistry->>ToolInstance: new ToolInstance(record, providers, owner: EntryOwnerRef)
    ToolInstance->>ToolInstance: owner = EntryOwnerRef
    ToolRegistry->>ToolRegistry: track EntryLineage for ownership resolution

Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120 minutes

• Areas needing focused review:
  • Invoker decorator → plan migration and all consuming call sites (ensure no residual hook usage).
  • ToolRegistry ownership/lineage changes and ToolInstance constructor updates (verify adoption/relineage logic).
  • Deletion of session.create flow and flow routers (search codebase for callers).
  • Scope initialization lifecycle and new runFlowForOutput API (race conditions, readiness).
  • MCP handler optional guards/responseSchema effects on dispatch and validation.
  • SDK metadata/type surface changes (FlowRunOptions, entries, interfaces) impacting downstream consumers.

Poem

🐇 I hopped through plans and renamed a tool,
Lineage stitched each owner to the rule,
Flows now list and call with staged delight,
Sessions tucked away for a quieter night,
A rabbit's patch of code, all tidy and cool.

Pre-merge checks and finishing touches

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(core): fix tool listing' directly addresses the main objective of the PR, which involves multiple tool-related changes including new tool flow implementations, tool registry updates, and handler modifications for listing tools.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-tool-execution

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Note

Unit test generation is an Early Access feature. Expect some limitations and changes as we gather feedback and continue to improve it.

---

Generating unit tests... This may take up to 20 minutes.

[coderabbitai]

✅ UTG Post-Process Complete

No new issues were detected in the generated code and all check runs have completed. The unit test generation process has completed successfully.

[coderabbitai]

Creating a PR to put the unit tests in...

The changes have been created in this pull request: View PR

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (4)

libs/core/src/transport/adapters/transport.local.adapter.ts (2)

117-123: Unsafe non-null assertions and hardcoded protocol value.

Two issues:

1. Lines 120 and 122 use non-null assertions (session!.id, session!.payload) without validating that session exists. If session is undefined in the auth object, this will cause a runtime error.

2. Line 123 hardcodes protocol: 'sse', but this class supports both SSEServerTransport and StreamableHTTPServerTransport (line 14). This may be incorrect for HTTP-based transports.

Consider this fix:

-  const {token, user, session} = req[ServerRequestTokens.auth];
+  const {token, user, session} = req[ServerRequestTokens.auth];
+  if (!session) {
+    throw new Error('Session is required for authentication');
+  }
   req.auth = {
     token,
-    sessionId: session!.id,
+    sessionId: session.id,
     user,
-    sessionIdPayload: session!.payload,
-    protocol: 'sse',
+    sessionIdPayload: session.payload,
+    protocol: this.transport instanceof SSEServerTransport ? 'sse' : 'http',
     scopes: [],
     clientId: user.sub ?? '',
     transport,
   } satisfies AuthInfo;

---

136-145: Inconsistent null safety checks.

Line 136 accesses req.body.error without checking if req.body exists, while line 145 correctly uses optional chaining (req.body?.result). If req.body is undefined, line 136 will throw a runtime error.

Apply this fix:

-  if (req.body.error) {
-    const {code, message} = req.body.error;
+  if (req.body?.error) {
+    const {code, message} = req.body.error;
     if (code === -32600 && message === 'Elicitation not supported') {

libs/core/src/transport/mcp-handlers/call-tool-request.handler.ts (1)

20-25: Restore real tool execution in call handler.
Line 23 now returns a stub "tesintg" response, so every callTool request will ignore the requested tool and always reply with that placeholder text. That completely breaks MCP tool invocation. Please wire this handler back to the tool execution path (e.g., resolve the tool via the scope registry or run the new tools:call-tool flow) and remove the stub before shipping.

libs/core/src/tool/flows/tool.execute.flow.ts (1)

274-282: Duplicate Stage handlers double-fire parse/validate

There are already @Stage('parseInput') and @Stage('validateInput') methods earlier in this class. Adding _parseInputStage and _validateInputStage with the same stage names causes the pipeline to invoke those phases twice, doubling hook execution and mutating state twice. Please drop the duplicates (or give them distinct stage ids).

-  @Stage('parseInput')
-  async _parseInputStage() {
-    await this.runToolStage(ToolHookStage.willParseInput);
-  }
-
-  @Stage('validateInput')
-  async _validateInputStage() {
-    await this.runToolStage(ToolHookStage.willValidateInput);
-  }

🧹 Nitpick comments (5)

libs/core/src/transport/flows/handle.sse.flow.ts (2)

62-62: Use const for token since it's never reassigned.

Only session needs to be mutable. Destructure immutable values with const for clarity.

Apply this diff:

-  let {token, session} = request[ServerRequestTokens.auth] as Authorization;
+  const {token} = request[ServerRequestTokens.auth] as Authorization;
+  let {session} = request[ServerRequestTokens.auth] as Authorization;

Or use a more concise pattern:

-  let {token, session} = request[ServerRequestTokens.auth] as Authorization;
+  const auth = request[ServerRequestTokens.auth] as Authorization;
+  const {token} = auth;
+  let {session} = auth;

---

98-109: Remove commented-out code.

The explicit "Not implemented" error is appropriate, but the commented code should be removed to improve readability.

Apply this diff:

 async onElicitResult() {
-  // const transport = await transportService.getTransporter('sse', token, session.id);
-  // if (!transport) {
-  //   this.respond(httpRespond.rpcError('session not initialized'));
-  //   return;
-  // }
-  // await transport.handleRequest(request, response);
   this.fail(new Error('Not implemented'));
 }

libs/core/src/transport/flows/handle.streamable-http.flow.ts (1)

62-62: Use const for token since it's never reassigned.

Only session needs to be mutable. Destructure immutable values with const for clarity.

Apply this diff:

-  let {token, session} = request[ServerRequestTokens.auth] as Authorization;
+  const {token} = request[ServerRequestTokens.auth] as Authorization;
+  let {session} = request[ServerRequestTokens.auth] as Authorization;

Or use a more concise pattern:

-  let {token, session} = request[ServerRequestTokens.auth] as Authorization;
+  const auth = request[ServerRequestTokens.auth] as Authorization;
+  const {token} = auth;
+  let {session} = auth;

libs/core/src/transport/adapters/transport.local.adapter.ts (1)

77-96: Remove commented code and avoid empty catch blocks.

Several code quality concerns:

1. Lines 81-83 contain commented-out code without explanation. Either remove it or add a comment explaining why it's disabled.
2. Lines 84-85 and 92-94 use empty catch blocks that silently suppress errors, making debugging difficult.
3. Lines 78 and 88 use console.log/console.warn instead of this.logger (which is available and used elsewhere).

Consider this refactor:

  async destroy(reason?: string): Promise<void> {
-   console.log('destroying transporter, reason:', reason);
+   this.logger.info('Destroying transporter', { reason });

    try {
-     // if(!this.transport.closed){
-     //   this.transport.close();
-     // }
-   } catch {
-     /* empty */
+     if (!this.transport.closed) {
+       this.transport.close();
+     }
+   } catch (error) {
+     this.logger.warn('Failed to close transport', { error });
    }
    if (reason) {
-     console.warn(`Destroying transporter: ${reason}`);
+     this.logger.warn('Destroying transporter with reason', { reason });
    } else {
      try {
        this.onDispose?.();
-     } catch {
-       /* empty */
+     } catch (error) {
+       this.logger.error('onDispose callback failed', { error });
      }
    }
  }

README.md (1)

42-68: Fix nested list indentation to align with markdown standards.

The nested items in the table of contents use 4-space indentation, but the markdown standard (MD007) expects 2 spaces per nesting level.

As per coding guidelines

Apply this diff to fix the indentation:

 - [Why FrontMCP?](#why-frontmcp)
 - [Installation](#installation)
 - [Quickstart](#quickstart)
-    - [Minimal Server & App](#minimal-server--app)
-    - [Function and Class Tools](#function-and-class-tools)
-    - [Scripts & tsconfig](#scripts--tsconfig)
-    - [MCP Inspector](#mcp-inspector)
+  - [Minimal Server & App](#minimal-server--app)
+  - [Function and Class Tools](#function-and-class-tools)
+  - [Scripts & tsconfig](#scripts--tsconfig)
+  - [MCP Inspector](#mcp-inspector)
 - [Core Concepts](#core-concepts)
-    - [Servers](#servers)
-    - [Apps](#apps)
-    - [Tools](#tools)
-    - [Resources](#resources)
-    - [Prompts](#prompts)
-    - [Providers](#providers)
-    - [Adapters](#adapters)
-    - [Plugins](#plugins)
+  - [Servers](#servers)
+  - [Apps](#apps)
+  - [Tools](#tools)
+  - [Resources](#resources)
+  - [Prompts](#prompts)
+  - [Providers](#providers)
+  - [Adapters](#adapters)
+  - [Plugins](#plugins)
 - [Authentication](#authentication)
-    - [Remote OAuth](#remote-oauth)
-    - [Local OAuth](#local-oauth)
+  - [Remote OAuth](#remote-oauth)
+  - [Local OAuth](#local-oauth)
 - [Sessions & Transport](#sessions--transport)
 - [Logging Transports](#logging-transports)
 - [Deployment](#deployment)
-    - [Local Dev](#local-dev)
-    - [Production](#production)
+  - [Local Dev](#local-dev)
+  - [Production](#production)
 - [Version Alignment](#version-alignment)
 - [Contributing](#contributing)
 - [License](#license)

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0e4f620 and 567c7dd.

📒 Files selected for processing (55)

• README.md (3 hunks)
• apps/demo/src/apps/expenses/tools/create-expense.tool.ts (1 hunks)
• docs/getting-started/quickstart.mdx (4 hunks)
• docs/index.mdx (0 hunks)
• docs/servers/extensibility/logging.mdx (1 hunks)
• libs/adapters/src/openapi/openapi.types.ts (1 hunks)
• libs/core/src/adapter/adapter.instance.ts (1 hunks)
• libs/core/src/app/app.registry.ts (2 hunks)
• libs/core/src/app/instances/app.local.instance.ts (1 hunks)
• libs/core/src/auth/flows/session.verify.flow.ts (0 hunks)
• libs/core/src/auth/flows/well-known.jwks.flow.ts (0 hunks)
• libs/core/src/auth/flows/well-known.oauth-authorization-server.flow.ts (0 hunks)
• libs/core/src/auth/flows/well-known.prm.flow.ts (0 hunks)
• libs/core/src/auth/session/flows/session.create.flow.ts (0 hunks)
• libs/core/src/common/flow.router.ts (0 hunks)
• libs/core/src/exceptions/tool-not-found.exception.ts (0 hunks)
• libs/core/src/invoker/index.ts (0 hunks)
• libs/core/src/invoker/invoker.decorators.ts (2 hunks)
• libs/core/src/invoker/invoker.factory.ts (2 hunks)
• libs/core/src/invoker/invoker.flow.ts (4 hunks)
• libs/core/src/invoker/invoker.helpers.ts (0 hunks)
• libs/core/src/invoker/invoker.types.ts (1 hunks)
• libs/core/src/plugin/plugin.registry.ts (4 hunks)
• libs/core/src/plugin/plugin.types.ts (0 hunks)
• libs/core/src/provider/provider.registry.ts (8 hunks)
• libs/core/src/scope/scope.instance.ts (5 hunks)
• libs/core/src/scope/scope.registry.ts (1 hunks)
• libs/core/src/scope/scope.utils.ts (3 hunks)
• libs/core/src/tool/flows/call-tool.flow.ts (1 hunks)
• libs/core/src/tool/flows/tool.execute.flow.ts (4 hunks)
• libs/core/src/tool/flows/tools-list.flow.ts (1 hunks)
• libs/core/src/tool/tool.instance.ts (2 hunks)
• libs/core/src/tool/tool.registry.ts (10 hunks)
• libs/core/src/tool/tool.types.ts (3 hunks)
• libs/core/src/tool/tool.utils.ts (3 hunks)
• libs/core/src/transport/adapters/transport.local.adapter.ts (4 hunks)
• libs/core/src/transport/flows/handle.sse.flow.ts (4 hunks)
• libs/core/src/transport/flows/handle.streamable-http.flow.ts (4 hunks)
• libs/core/src/transport/mcp-handlers/Initialized-notification.hanlder.ts (1 hunks)
• libs/core/src/transport/mcp-handlers/call-tool-request.handler.ts (1 hunks)
• libs/core/src/transport/mcp-handlers/index.ts (1 hunks)
• libs/core/src/transport/mcp-handlers/initialize-request.handler.ts (0 hunks)
• libs/core/src/transport/mcp-handlers/list-tools-request.handler.ts (1 hunks)
• libs/core/src/transport/mcp-handlers/mcp-handlers.types.ts (1 hunks)
• libs/core/src/transport/transport.registry.ts (2 hunks)
• libs/plugins/src/cache/cache.plugin.ts (0 hunks)
• libs/sdk/src/dynamic/dynamic.adapter.ts (2 hunks)
• libs/sdk/src/entries/index.ts (1 hunks)
• libs/sdk/src/entries/scope.entry.ts (2 hunks)
• libs/sdk/src/entries/tool.entry.ts (1 hunks)
• libs/sdk/src/interfaces/adapter.interface.ts (1 hunks)
• libs/sdk/src/interfaces/flow.interface.ts (2 hunks)
• libs/sdk/src/interfaces/internal/registry.interface.ts (1 hunks)
• libs/sdk/src/metadata/flow.metadata.ts (1 hunks)
• libs/sdk/src/metadata/front-mcp.metadata.ts (3 hunks)

💤 Files with no reviewable changes (13)

• libs/core/src/auth/flows/well-known.jwks.flow.ts
• libs/plugins/src/cache/cache.plugin.ts
• libs/core/src/invoker/index.ts
• libs/core/src/auth/flows/well-known.oauth-authorization-server.flow.ts
• libs/core/src/exceptions/tool-not-found.exception.ts
• docs/index.mdx
• libs/core/src/auth/flows/well-known.prm.flow.ts
• libs/core/src/common/flow.router.ts
• libs/core/src/invoker/invoker.helpers.ts
• libs/core/src/plugin/plugin.types.ts
• libs/core/src/auth/flows/session.verify.flow.ts
• libs/core/src/transport/mcp-handlers/initialize-request.handler.ts
• libs/core/src/auth/session/flows/session.create.flow.ts

🧰 Additional context used

🧬 Code graph analysis (18)

libs/core/src/transport/mcp-handlers/index.ts (1)

libs/core/src/transport/mcp-handlers/mcp-handlers.types.ts (1)

• McpHandlerOptions (43-46)

libs/core/src/transport/mcp-handlers/Initialized-notification.hanlder.ts (1)

libs/core/src/transport/mcp-handlers/mcp-handlers.types.ts (1)

• McpHandler (26-41)

libs/sdk/src/interfaces/flow.interface.ts (1)

libs/sdk/src/metadata/flow.metadata.ts (1)

• FlowMetadata (35-44)

libs/core/src/tool/flows/tools-list.flow.ts (6)

libs/core/src/auth/flows/well-known.oauth-authorization-server.flow.ts (3)

• outputSchema (47-47)
• ExtendFlows (76-78)
• Flow (85-144)

libs/sdk/src/metadata/flow.metadata.ts (3)

• FlowPlan (54-56)
• ExtendFlows (8-10)
• FlowRunOptions (23-30)

libs/core/src/tool/flows/call-tool.flow.ts (2)

• ExtendFlows (42-50)
• Flow (56-130)

libs/core/src/auth/flows/well-known.jwks.flow.ts (2)

• ExtendFlows (27-35)
• Flow (42-91)

libs/core/src/scope/scope.instance.ts (1)

• tools (116-118)

libs/core/src/app/instances/app.local.instance.ts (1)

• tools (73-75)

libs/core/src/tool/tool.instance.ts (1)

libs/core/src/provider/provider.registry.ts (1)

• ProviderRegistry (24-890)

libs/core/src/transport/mcp-handlers/call-tool-request.handler.ts (1)

libs/core/src/transport/mcp-handlers/mcp-handlers.types.ts (2)

• McpHandlerOptions (43-46)
• McpHandler (26-41)

libs/core/src/provider/provider.registry.ts (1)

libs/core/src/scope/scope.instance.ts (2)

• providers (108-110)
• Scope (25-136)

libs/core/src/tool/flows/call-tool.flow.ts (2)

libs/sdk/src/metadata/flow.metadata.ts (3)

• FlowPlan (54-56)
• ExtendFlows (8-10)
• FlowRunOptions (23-30)

libs/core/src/tool/flows/tools-list.flow.ts (2)

• ExtendFlows (44-52)
• Flow (58-170)

libs/sdk/src/entries/scope.entry.ts (1)

libs/sdk/src/interfaces/internal/registry.interface.ts (1)

• ToolRegistryInterface (87-95)

libs/core/src/invoker/invoker.flow.ts (4)

libs/sdk/src/metadata/flow.metadata.ts (1)

• FlowName (13-13)

libs/core/src/invoker/invoker.types.ts (1)

• CreateOptions (215-218)

libs/core/src/scope/scope.instance.ts (1)

• Scope (25-136)

libs/core/src/invoker/invoker.factory.ts (1)

• makeRouteInvoker (115-147)

libs/core/src/transport/flows/handle.streamable-http.flow.ts (2)

libs/core/src/transport/flows/handle.sse.flow.ts (1)

• stateSchema (27-31)

libs/core/src/scope/scope.instance.ts (1)

• Scope (25-136)

libs/core/src/transport/flows/handle.sse.flow.ts (1)

libs/core/src/transport/flows/handle.streamable-http.flow.ts (1)

• stateSchema (27-31)

libs/core/src/tool/tool.registry.ts (3)

libs/sdk/src/interfaces/internal/registry.interface.ts (1)

• ToolRegistryInterface (87-95)

libs/core/src/tool/tool.types.ts (2)

• DEFAULT_EXPORT_OPTS (88-93)
• IndexedTool (64-76)

libs/core/src/tool/tool.utils.ts (3)

• normalizeSegment (93-98)
• normalizeProviderId (100-106)
• normalizeOwnerPath (108-119)

libs/core/src/tool/tool.types.ts (2)

libs/core/src/tool/tool.instance.ts (1)

• ToolInstance (5-44)

libs/core/src/tool/tool.registry.ts (1)

• ToolRegistry (28-399)

libs/core/src/scope/scope.utils.ts (1)

libs/sdk/src/metadata/front-mcp.metadata.ts (1)

• AppScopeMetadata (82-86)

libs/core/src/scope/scope.instance.ts (5)

libs/core/src/app/app.registry.ts (1)

• AppRegistry (9-72)

libs/core/src/tool/tool.registry.ts (1)

• ToolRegistry (28-399)

libs/core/src/transport/transport.registry.ts (1)

• TransportService (20-205)

libs/sdk/src/metadata/flow.metadata.ts (1)

• FlowName (13-13)

libs/sdk/src/interfaces/flow.interface.ts (2)

• FlowInputOf (8-8)
• FlowOutputOf (9-9)

libs/core/src/transport/mcp-handlers/list-tools-request.handler.ts (1)

libs/core/src/transport/mcp-handlers/mcp-handlers.types.ts (2)

• McpHandlerOptions (43-46)
• McpHandler (26-41)

libs/core/src/tool/tool.utils.ts (1)

libs/core/src/tool/tool.types.ts (1)

• NameCase (80-80)

🪛 ESLint

libs/core/src/provider/provider.registry.ts

[error] 865-865: Unexpected aliasing of 'this' to local variable.

(@typescript-eslint/no-this-alias)

libs/core/src/tool/flows/call-tool.flow.ts

[error] 87-89: Unexpected empty async method 'findTool'.

(@typescript-eslint/no-empty-function)

---

[error] 92-94: Unexpected empty async method 'acquireQuota'.

(@typescript-eslint/no-empty-function)

---

[error] 97-99: Unexpected empty async method 'acquireSemaphore'.

(@typescript-eslint/no-empty-function)

---

[error] 102-104: Unexpected empty async method 'createToolCallContext'.

(@typescript-eslint/no-empty-function)

---

[error] 107-109: Unexpected empty async method 'validateInput'.

(@typescript-eslint/no-empty-function)

---

[error] 112-114: Unexpected empty async method 'execute'.

(@typescript-eslint/no-empty-function)

---

[error] 117-119: Unexpected empty async method 'validateOutput'.

(@typescript-eslint/no-empty-function)

---

[error] 122-124: Unexpected empty async method 'releaseSemaphore'.

(@typescript-eslint/no-empty-function)

---

[error] 127-129: Unexpected empty async method 'releaseQuota'.

(@typescript-eslint/no-empty-function)

libs/core/src/transport/flows/handle.streamable-http.flow.ts

[error] 62-62: 'token' is never reassigned. Use 'const' instead.

(prefer-const)

---

[error] 102-104: Unexpected empty async method 'onElicitResult'.

(@typescript-eslint/no-empty-function)

libs/core/src/transport/flows/handle.sse.flow.ts

[error] 62-62: 'token' is never reassigned. Use 'const' instead.

(prefer-const)

libs/core/src/tool/tool.registry.ts

[error] 169-169: Type boolean trivially inferred from a boolean literal, remove type annotation.

(@typescript-eslint/no-inferrable-types)

libs/core/src/tool/tool.utils.ts

[error] 51-51: Unnecessary escape character: ..

(no-useless-escape)

---

[error] 51-51: Unnecessary escape character: /.

(no-useless-escape)

🪛 markdownlint-cli2 (0.18.1)

README.md

45-45: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

46-46: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

47-47: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

48-48: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

50-50: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

51-51: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

52-52: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

53-53: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

54-54: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

55-55: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

56-56: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

57-57: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

59-59: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

60-60: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

64-64: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

65-65: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

65-65: Link fragments should be valid

(MD051, link-fragments)

🔇 Additional comments (18)

libs/core/src/app/instances/app.local.instance.ts (1)

1-2: LGTM: Formatting-only changes.

The import statements have been reformatted to remove spaces inside braces. No functional changes.

docs/servers/extensibility/logging.mdx (1)

6-6: LGTM! Front matter delimiter added correctly.

The closing --- properly delimits the YAML front matter section, which is standard MDX/markdown format.

README.md (1)

431-432: LGTM! Paragraph reflowed without semantic changes.

The version alignment explanation remains accurate and clear.

docs/getting-started/quickstart.mdx (2)

30-30: LGTM! Path references updated consistently.

The file path references have been simplified from apps/hello/src/... to src/..., reflecting a flatter and more beginner-friendly project structure. All three locations (app comment, tool comment, and dev script) are updated consistently.

Also applies to: 45-45, 68-68

---

83-84: LGTM! Tip content reformatted for readability.

The JSON payload example has been moved to a separate line, improving readability without changing the content.

apps/demo/src/apps/expenses/tools/create-expense.tool.ts (1)

17-17: All references to the old tool name have been successfully updated.

Verification confirms no string references to 'create-expense' exist in the codebase. The new tool name 'createExpense' is correctly set in the tool definition, and the import/usage in index.ts properly references the updated tool. The breaking change has been successfully addressed.

libs/sdk/src/entries/index.ts (1)

1-1: LGTM!

Exposing base.entry is necessary since EntryOwnerRef is now used as a public property type in ToolEntry (line 9 of tool.entry.ts). This properly extends the public API surface.

libs/core/src/app/app.registry.ts (1)

47-66: LGTM! Parallel initialization improves performance.

Collecting all app.ready promises and awaiting them with Promise.all enables concurrent app initialization instead of sequential. If any app fails to initialize, Promise.all will reject immediately, which is appropriate for the initialization phase.

libs/core/src/transport/mcp-handlers/index.ts (1)

7-14: LGTM! Inferred return type is sufficient.

Removing the explicit return type allows TypeScript to infer it from the implementation. This is a clean simplification with no functional impact.

libs/core/src/scope/scope.utils.ts (2)

49-54: LGTM! Hardcoded 'root' ID is safe.

The multi-app scope uses a hardcoded 'root' ID, which is always defined and appropriate for the root scope context.

---

36-42: No issues found; review comment is invalid.

Both LocalAppMetadata and RemoteAppMetadata define name: string as a required field (not optional). Since AppMetadata is a union of these two types, appMetadata.name is guaranteed to exist. Therefore, appMetadata.id ?? appMetadata.name will always resolve to a defined string and poses no type safety risk.

Likely an incorrect or invalid review comment.

libs/core/src/transport/transport.registry.ts (1)

1-19: LGTM! Import formatting cleanup with no functional changes.

The changes are limited to import formatting and organization. No logic or behavior is affected.

libs/sdk/src/interfaces/flow.interface.ts (1)

48-57: LGTM! Logger exposure improves flow observability.

Adding scopeLogger to FlowBase allows flow implementations to access structured logging via this.scopeLogger. The initialization from scope.logger is straightforward and safe.

libs/sdk/src/entries/tool.entry.ts (1)

9-9: The owner property is correctly initialized across all instantiation sites.

The verification confirms that:

• ToolRegistry accepts owner: EntryOwnerRef in its constructor (line 56) and assigns it as this.owner (line 59)
• ToolInstance is instantiated only at ToolRegistry line 103 with new ToolInstance(rec, this.providers, this.owner)
• ToolInstance constructor (line 13) properly receives owner: EntryOwnerRef and assigns it (line 15)
• No direct ToolEntry instantiations or factory methods bypass this initialization

The change is implemented correctly with no uninitialized owner properties.

libs/core/src/adapter/adapter.instance.ts (1)

55-59: The change is type-safe; no action required.

The AdapterInterface explicitly requires options: {name:string} & any, guaranteeing that adapter.options.name is always defined as a string. All adapters must implement AdapterInterface, so the TypeScript compiler prevents any adapter from omitting the name field. The change from the fallback approach to direct access is actually more type-safe, as it leverages the type system rather than metadata fields.

libs/core/src/invoker/invoker.flow.ts (3)

12-20: LGTM! Clean import consolidation.

The import restructuring aligns well with the plan-based refactoring approach. Moving FlowName to @frontmcp/sdk centralizes type definitions appropriately.

---

95-95: LGTM! Cleaner constructor reference.

The direct instance.constructor usage is more concise than the previous approach while maintaining type safety.

---

141-141: LGTM! Idiomatic ES6 shorthand.

The object shorthand syntax changes improve code clarity without altering behavior. The spread operation order at line 154 correctly allows baseExtras to override properties from extrasFactory().

Also applies to: 149-150, 154-154, 194-194

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

README.md (1)

310-322: Remote OAuth formatting still contains spacing issues around optional markers.

While the Local OAuth block (lines 332–339) has been correctly formatted with no spaces around ?: markers (e.g., scopes?: string[]), the Remote OAuth block still retains the malformed spacing from the earlier review concern. Lines 310–322 show dcrEnabled ? : boolean,, clientId ? : string ..., etc., which should match the corrected Local OAuth pattern.

Apply this diff to align Remote OAuth formatting with the corrected Local OAuth block:

   auth: {
     type: 'remote', 
     name: 'frontegg',
     baseUrl: 'https://idp.example.com',
-    dcrEnabled ? : boolean,
-    clientId ? : string | ((info: { clientId: string }) => string),
-    mode ? : 'orchestrated' | 'transparent',
-    allowAnonymous ? : boolean,
-    consent ? : boolean,
-    scopes ? : string[],
-    grantTypes ? : ('authorization_code' | 'refresh_token')[],
-    authEndpoint ? : string,
-    tokenEndpoint ? : string,
-    registrationEndpoint ? : string,
-    userInfoEndpoint ? : string,
-    jwks ? : JSONWebKeySet,
-    jwksUri ? : string
+    dcrEnabled?: boolean,
+    clientId?: string | ((info: { clientId: string }) => string),
+    mode?: 'orchestrated' | 'transparent',
+    allowAnonymous?: boolean,
+    consent?: boolean,
+    scopes?: string[],
+    grantTypes?: ('authorization_code' | 'refresh_token')[],
+    authEndpoint?: string,
+    tokenEndpoint?: string,
+    registrationEndpoint?: string,
+    userInfoEndpoint?: string,
+    jwks?: JSONWebKeySet,
+    jwksUri?: string
   }

🧹 Nitpick comments (1)

README.md (1)

42-68: Fix table of contents indentation to conform to markdown style guide.

The nested list items (sub-topics under main categories) use 4-space indentation, but markdownlint expects 2-space indentation per the MD007 rule. This inconsistency should be standardized.

Apply this diff to fix the indentation:

- [Why FrontMCP?](#why-frontmcp)
- [Installation](#installation)
- [Quickstart](#quickstart)
-    - [Minimal Server & App](#minimal-server--app)
-    - [Function and Class Tools](#function-and-class-tools)
-    - [Scripts & tsconfig](#scripts--tsconfig)
-    - [MCP Inspector](#mcp-inspector)
+- [Why FrontMCP?](#why-frontmcp)
+- [Installation](#installation)
+- [Quickstart](#quickstart)
+  - [Minimal Server & App](#minimal-server--app)
+  - [Function and Class Tools](#function-and-class-tools)
+  - [Scripts & tsconfig](#scripts--tsconfig)
+  - [MCP Inspector](#mcp-inspector)
 - [Core Concepts](#core-concepts)
-    - [Servers](#servers)
-    - [Apps](#apps)
-    - [Tools](#tools)
-    - [Resources](#resources)
-    - [Prompts](#prompts)
-    - [Providers](#providers)
-    - [Adapters](#adapters)
-    - [Plugins](#plugins)
+  - [Servers](#servers)
+  - [Apps](#apps)
+  - [Tools](#tools)
+  - [Resources](#resources)
+  - [Prompts](#prompts)
+  - [Providers](#providers)
+  - [Adapters](#adapters)
+  - [Plugins](#plugins)
 - [Authentication](#authentication)
-    - [Remote OAuth](#remote-oauth)
-    - [Local OAuth](#local-oauth)
+  - [Remote OAuth](#remote-oauth)
+  - [Local OAuth](#local-oauth)
 - [Sessions & Transport](#sessions--transport)
 - [Logging Transports](#logging-transports)
 - [Deployment](#deployment)
-    - [Local Dev](#local-dev)
-    - [Production](#production)
+  - [Local Dev](#local-dev)
+  - [Production](#production)
 - [Version Alignment](#version-alignment)
 - [Contributing](#contributing)
 - [License](#license)

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 567c7dd and 0bf0c67.

📒 Files selected for processing (7)

• README.md (5 hunks)
• docs/servers/authentication/overview.mdx (1 hunks)
• docs/servers/extensibility/adapters.mdx (1 hunks)
• docs/servers/extensibility/logging.mdx (1 hunks)
• docs/servers/extensibility/plugins.mdx (1 hunks)
• docs/servers/extensibility/providers.mdx (1 hunks)
• libs/sdk/src/interfaces/adapter.interface.ts (2 hunks)

✅ Files skipped from review due to trivial changes (3)

• docs/servers/authentication/overview.mdx
• docs/servers/extensibility/adapters.mdx
• docs/servers/extensibility/providers.mdx

🚧 Files skipped from review as they are similar to previous changes (2)

• libs/sdk/src/interfaces/adapter.interface.ts
• docs/servers/extensibility/logging.mdx

🧰 Additional context used

🪛 markdownlint-cli2 (0.18.1)

README.md

45-45: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

46-46: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

47-47: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

48-48: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

50-50: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

51-51: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

52-52: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

53-53: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

54-54: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

55-55: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

56-56: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

57-57: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

59-59: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

60-60: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

64-64: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

65-65: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

65-65: Link fragments should be valid

(MD051, link-fragments)

🔇 Additional comments (1)

docs/servers/extensibility/plugins.mdx (1)

2-3: Documentation metadata updates look good.

The title change from "Plugins" to "Plugin Extensions" improves clarity and specificity, while the new sidebarTitle keeps navigation concise. This is consistent with the pattern applied to other doc pages (adapters, providers) as part of the site reorganization.