Conversation
- Updated package dependencies in package.json to the latest versions, including: - "@ai-sdk/react": "^2.0.111" - "@mastra/ai-sdk": "^1.0.0-beta.8" to "^1.0.0-beta.9" - "@mastra/client-js": "^1.0.0-beta.10" to "^1.0.0-beta.11" - "@mastra/core": "^1.0.0-beta.10" to "^1.0.0-beta.11" - "@mcpc-tech/acp-ai-provider": "^0.1.31" to "^0.1.34" - "@openrouter/ai-sdk-provider": "^1.5.2" to "^1.5.3" - "ai": "^5.0.108" to "^5.0.109" - "framer-motion": "^12.23.25" to "^12.23.26" - "lucide-react": "^0.556.0" to "^0.559.0" - "motion": "^12.23.25" to "^12.23.26" - "@types/node": "^24.10.2" to "^25.0.0" - Refactored acpAgent to use pgMemory and pgQueryTool instead of MongoDB tools. - Removed unused scorer toolCallAppropriatenessScorer from weather-agent. - Updated MongoDB configuration to support PgVector and improved tracing with OpenTelemetry. - Enhanced error handling and tracing in various tools (e.g., fs, jwt-auth, pdf, code analysis). - Cleaned up commented-out code and improved readability in multiple files. - Adjusted the changelog workflow to comment out the delay function for better performance.
Learn moreAll Green is an AI agent that automatically: ✅ Addresses code review comments ✅ Fixes failing CI checks ✅ Resolves merge conflicts |
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
Summary by CodeRabbitRelease Notes
✏️ Tip: You can customize this high-level summary in your review settings. WalkthroughThis PR disables telemetry features in configuration, migrates the ACP agent from MongoDB to PostgreSQL-backed vector tooling, removes certain evaluation scorers, updates OpenTelemetry tracing patterns across multiple tools, and bumps dependency versions. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes
Possibly related PRs
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✨ Finishing touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
🤖 Hi @ssdeanx, I've received your request, and I'm working on it now! You can track my progress in the logs for more details. |
Summary of ChangesHello @ssdeanx, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request focuses on a significant maintenance and refactoring effort, primarily updating numerous project dependencies to their latest versions to ensure stability and leverage new features. A key architectural change involves migrating the "acpAgent" from MongoDB to a PostgreSQL/PgVector backend, offering greater flexibility in data storage. Additionally, the PR streamlines the codebase by removing unused components and enhances the application's observability through a standardized OpenTelemetry tracing implementation across several core tools, providing more robust error handling and performance insights. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
|
🤖 I'm sorry @ssdeanx, but I was unable to process your request. Please see the logs for more details. |
Greptile OverviewGreptile SummaryUpdated dependencies to latest versions and refactored codebase from MongoDB to PgVector for vector storage, with comprehensive tracing migration to OpenTelemetry's native API. Key Changes:
Issues Found:
Confidence Score: 4/5
Important Files ChangedFile Analysis
Sequence DiagramsequenceDiagram
participant Dev as Developer
participant Pkg as package.json
participant Agent as acpAgent
participant Tools as Tools (fs, pdf, jwt-auth, code-analysis)
participant Mongo as MongoDB Config
participant PG as PgVector Storage
participant OTel as OpenTelemetry
Dev->>Pkg: Update dependencies
Note over Pkg: @mastra/core beta.10→beta.11<br/>ai 5.0.108→5.0.109<br/>+octokit package
Dev->>Agent: Refactor MongoDB to PgVector
Agent->>Agent: Remove mongoMemory, mongoQueryTool, mongoGraphTool
Agent->>PG: Add pgMemory, pgQueryTool
Agent->>Agent: Update imports from config
Note over Agent: Instructions still reference<br/>"Mongo" (inconsistency)
Dev->>Tools: Migrate tracing to OpenTelemetry
Tools->>Tools: Replace TracingContext API
Tools->>OTel: Use trace.getTracer()
Tools->>OTel: startSpan() with attributes
Tools->>OTel: recordException() + setStatus()
Note over Tools: fs.ts: sync→async promises<br/>jwt-auth, pdf, code-analysis
Dev->>Mongo: Update mongodb.ts tracing
Mongo->>OTel: Replace Mastra TracingContext
Mongo->>Mongo: Remove TokenLimiter processor
Mongo->>Mongo: Fix memory config structure
Mongo->>OTel: Standardize span error handling
Dev->>Agent: Clean up unused code
Note over Agent: Remove toolCallAppropriatenessScorer<br/>Remove createToxicityScorer
Agent->>PG: Runtime operations
PG->>OTel: Trace vector operations
Tools->>OTel: Trace tool executions
OTel-->>Dev: Observability data
|
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Additional Comments (1)
-
src/mastra/agents/acpAgent.ts, line 65-76 (link)logic: Instructions still reference "Mongo" and
mongoQueryToolbut implementation now uses PgVector andpgQueryTool
18 files reviewed, 1 comment
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request brings a host of valuable updates, primarily focusing on dependency upgrades and refactoring. The migration from MongoDB to PgVector in the acpAgent and the switch to standard OpenTelemetry APIs for tracing are significant improvements. While the changes are largely positive, there are several instances of commented-out code across multiple files that should be removed to enhance maintainability. Additionally, I've identified a few stylistic issues and a minor bug related to incorrect string escaping in one of the files.
| content: { | ||
| type: "text", | ||
| text: `Create a new note, It is critical to provide a detailed description of each section. Ensure that each section is well-organized and easy to read. Also, include subsections for each section. Provide as much detail as possible for each section. Using this template titled \"${today}\" with sections: \"## Tasks\", \"## Specifications\", \"## Resources\", and \"## Notes\". `, | ||
| text: `Create a new note, It is critical to provide a detailed description of each section. Ensure that each section is well-organized and easy to read. Also, include subsections for each section. Provide as much detail as possible for each section. Using this template titled \\"${today}\\" with sections: \\"## Tasks\\", \\"## Specifications\\", \\"## Resources\\", and \\"## Notes\\". `, |
There was a problem hiding this comment.
The double quotes in this template literal are escaped with \\", which results in a literal backslash being included in the final string (e.g., ...titled \\"2024-01-01\\"...). This is likely not the intended behavior. You can use double quotes directly within template literals without any escaping.
| text: `Create a new note, It is critical to provide a detailed description of each section. Ensure that each section is well-organized and easy to read. Also, include subsections for each section. Provide as much detail as possible for each section. Using this template titled \\"${today}\\" with sections: \\"## Tasks\\", \\"## Specifications\\", \\"## Resources\\", and \\"## Notes\\". `, | |
| text: `Create a new note, It is critical to provide a detailed description of each section. Ensure that each section is well-organized and easy to read. Also, include subsections for each section. Provide as much detail as possible for each section. Using this template titled "${today}" with sections: "## Tasks", "## Specifications", "## Resources", and "## Notes". `, |
| ]; } | ||
| default: | ||
| throw new Error(`Prompt \"${name}\" not found, please check the prompt name and try again.`); | ||
| throw new Error(`Prompt \\"${name}\\" not found, please check the prompt name and try again.`); |
There was a problem hiding this comment.
Similar to the issue above, the double quotes in this error message are unnecessarily escaped with \\". This will include a literal backslash in the thrown error message. Double quotes can be used directly inside template literals.
| throw new Error(`Prompt \\"${name}\\" not found, please check the prompt name and try again.`); | |
| throw new Error(`Prompt "${name}" not found, please check the prompt name and try again.`); |
| //const withBundleAnalyzer = require('@next/bundle-analyzer')({ | ||
| // enabled: process.env.ANALYZE === 'true', | ||
| //}) | ||
| //module.exports = withBundleAnalyzer({}) |
There was a problem hiding this comment.
The withBundleAnalyzer configuration is commented out. This should be removed to avoid cluttering the configuration file with dead code.
| //import { | ||
| // NodeSDK, | ||
| // ATTR_SERVICE_NAME, | ||
| // resourceFromAttributes, | ||
| //} from "@mastra/core/telemetry/otel-vendor"; |
There was a problem hiding this comment.
This import block is commented out. If it's no longer needed as part of the OpenTelemetry refactoring, it should be removed to keep the code clean and improve maintainability.
| serviceName: "ai", | ||
| requestContextKeys: ["userId", "environment", "tenantId"], | ||
| sampling: { type: SamplingStrategyType.ALWAYS }, | ||
| //sampling: { type: SamplingStrategyType.ALWAYS }, |
There was a problem hiding this comment.
The sampling configuration for Langfuse is commented out. If this is not intended to be used, it should be removed to avoid confusion and keep the configuration clean.
| //import { createToolCallAccuracyScorerCode } from '@mastra/core/evals/code'; | ||
| //import { createCompletenessScorer } from '@mastra/core/evals/completeness-scorer'; | ||
| import { createScorer, runEvals } from '@mastra/core/evals'; | ||
|
|
||
| export const toolCallAppropriatenessScorer = createToolCallAccuracyScorerCode({ | ||
| expectedTool: 'weatherTool', | ||
| strictMode: false, | ||
| }); | ||
| //export const toolCallAppropriatenessScorer = createToolCallAccuracyScorerCode({ | ||
| //expectedTool: 'weatherTool', | ||
| //strictMode: false, | ||
| //}); | ||
|
|
||
| export const completenessScorer = createCompletenessScorer(); | ||
| //export const completenessScorer = createCompletenessScorer(); |
There was a problem hiding this comment.
These imports and variable declarations are commented out. If these scorers are no longer needed, the corresponding code should be removed entirely to keep the codebase clean and maintainable.
| //toolCallAppropriatenessScorer, | ||
| //completenessScorer, |
There was a problem hiding this comment.
These properties in the scorers object are commented out. They should be removed if they are no longer used.
|
|
||
| for (const symbol of symbols) { | ||
| if ((symbol.kind === 'function' || symbol.kind === 'class') && symbol.endLine) { | ||
| if ((symbol.kind === 'function' || symbol.kind === 'class') && (symbol.endLine !== null && symbol.endLine !== undefined && symbol.endLine > 0)) { |
There was a problem hiding this comment.
This check is more robust than before, but it's a bit verbose. Since null > 0 and undefined > 0 are both false, you can simplify this check to just symbol.endLine > 0 to achieve the same result with better readability.
| if ((symbol.kind === 'function' || symbol.kind === 'class') && (symbol.endLine !== null && symbol.endLine !== undefined && symbol.endLine > 0)) { | |
| if ((symbol.kind === 'function' || symbol.kind === 'class') && symbol.endLine > 0) { |
| @@ -1,4 +1,4 @@ | |||
| import { delay } from '@mastra/core'; | |||
| //import { delay } from '@mastra/core'; | |||
There was a problem hiding this comment.
The import for delay is commented out. This dead code should be removed for better maintainability.
|
|
||
| if (TOKEN_LIMIT < 20000) { | ||
| await delay(60000); | ||
| //await delay(60000); |
There was a problem hiding this comment.
The call to delay is commented out. As per the PR description, this was done for performance. The commented-out code should be removed to keep the codebase clean.
| //await delay(60000); | |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 21
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (14)
src/mastra/mcp/resources.ts (2)
28-39: Path traversal vulnerability: validate and sanitize URI input.The
readNoteFilefunction extracts the title directly from the URI without validation and uses it in file path construction. An attacker could provide a malicious URI likenotes://../../../etc/passwdto access files outside theNOTES_DIR.Apply this diff to add path validation:
const readNoteFile = async (uri: string): Promise<string | null> => { const title = uri.replace("notes://", ""); + // Prevent path traversal attacks + if (title.includes("..") || title.includes("/") || title.includes("\\")) { + console.error(`Invalid note URI: ${uri}`); + return null; + } const notePath = path.join(NOTES_DIR, `${title}.md`); try {Alternatively, use
path.basename()to ensure only the filename is extracted:const readNoteFile = async (uri: string): Promise<string | null> => { - const title = uri.replace("notes://", ""); + const title = path.basename(uri.replace("notes://", "")); const notePath = path.join(NOTES_DIR, `${title}.md`);
41-48: Add TSDoc documentation for the public API.The exported
resourceHandlersis a public API but lacks documentation explaining its purpose and usage.As per coding guidelines, add TSDoc comments:
+/** + * MCP server resource handlers for managing markdown note files. + * + * @remarks + * Provides resource listing and content retrieval for notes stored in the local filesystem. + * All notes are stored as markdown files in the `notes` directory. + * + * @example + * ```typescript + * const resources = await resourceHandlers.listResources(); + * const content = await resourceHandlers.getResourceContent({ uri: 'notes://my-note' }); + * ``` + */ export const resourceHandlers: MCPServerResources = { listResources: listNoteFiles, getResourceContent: async ({ uri }: { uri: string }) => {instrumentation.ts (1)
10-46: UnusedLangfuseExporterinstance and disabled telemetry.The
exporteris instantiated but never used since the SDK setup is commented out. This creates:
- An unused variable that consumes resources
- A non-functional
register()function- Inconsistency with other tools in this PR that are adding OpenTelemetry spans (e.g.,
serpapi-search.tool.ts,jwt-auth.tool.ts)If telemetry is intentionally disabled, either:
- Remove the entire function body and add a comment explaining why
- Or keep a minimal stub that clearly indicates telemetry is disabled
export function register() { - const exporter = new LangfuseExporter({ - publicKey: process.env.LANGFUSE_PUBLIC_KEY, - secretKey: process.env.LANGFUSE_SECRET_KEY, - baseUrl: process.env.LANGFUSE_BASE_URL, - }); - - //const sdk = new NodeSDK({ - // ... commented out code ... - //}); - -// sdk.start(); + // TODO: Telemetry temporarily disabled - spans recorded in tools will be no-ops + // Re-enable NodeSDK setup when ready to export traces }src/mastra/tools/jwt-auth.tool.ts (1)
64-72: Error message not included in thrown error.The
errorMessageis extracted and logged but the thrown error uses a hardcoded "Unknown error" string, losing valuable debugging information.} catch (error) { const errorMessage = error instanceof Error ? error.message : String(error) log.error(`JWT verification failed: ${errorMessage}`) span?.recordException(new Error(errorMessage)); span?.setStatus({ code: SpanStatusCode.ERROR, message: errorMessage }); span?.end(); - throw new Error('JWT verification failed: Unknown error') + throw new Error(`JWT verification failed: ${errorMessage}`) }src/mastra/tools/pdf.ts (1)
27-28: Tool ID should follow 'namespace:toolName' format.Per coding guidelines, tool IDs should follow the format
'namespace:toolName'(e.g.,'pdf:readPDF'or'file:readPDF'). The current ID'readPDF'doesn't include a namespace.export const readPDF = createTool({ - id: 'readPDF', + id: 'file:readPDF', description: 'Read PDF file and extract information',src/mastra/tools/code-analysis.tool.ts (1)
205-221: Indentation inconsistency within try block.The code inside the
tryblock (starting at line 211) is not indented relative to thetrystatement. This affects readability and doesn't match the indentation style in other tools.src/mastra/tools/fs.ts (1)
8-9: Tool ID should follow 'namespace:toolName' format.Per coding guidelines, tool IDs should follow the format
'namespace:toolName'. Consider renaming to'file:fsTool'or'fs:fileOperation'.export const fsTool = createTool({ - id: 'fsTool', + id: 'fs:fileOperation', description: 'File System Tool',src/mastra/agents/acpAgent.ts (3)
53-53: Stale MongoDB references in agent instructions.The capabilities section still references
mongoQueryTool / mongoGraphToolbut the agent now usespgQueryTool. This inconsistency will confuse the LLM about which tools are available.<capabilities> - - Query & mutate Mongo records via mongoQueryTool / mongoGraphTool (Follow Mongo rules below). + - Query & mutate PostgreSQL records via pgQueryTool (Follow database rules below).
65-65: Stale MongoDB reference in process instructions.The process section still instructs to persist to "Mongo" but the storage backend is now PostgreSQL.
- - Persist important decisions, task status, and metadata to Mongo ONLY after completion or explicit commit. + - Persist important decisions, task status, and metadata to PostgreSQL ONLY after completion or explicit commit.
69-78: Rename<mongo_rules>section and update tool references.The section name and content still reference MongoDB despite using
PGVECTOR_PROMPTand PostgreSQL tools. ThemongoQueryToolreference on line 76 should be updated topgQueryTool.- <mongo_rules> + <pg_rules> - Use ${PGVECTOR_PROMPT} to format queries/updates and avoid any unstructured updates. - - Persist "decisions" and "task changes" to collection: acp_tasks, with schema: {taskId, title, status, createdBy, modifiedBy, timestamp, actionLog}. + - Persist "decisions" and "task changes" to table: acp_tasks, with schema: {taskId, title, status, createdBy, modifiedBy, timestamp, actionLog}. - Write to memory only after the task is validated. - </mongo_rules> + </pg_rules> <tools_usage> - - Always do a read with mongoQueryTool before mutating. + - Always do a read with pgQueryTool before mutating.src/mastra/config/mongodb.ts (3)
84-91: Index config type mismatch between actual config and log statement.The actual config uses
type: 'hnsw'withhnswoptions, but the log statement on lines 116-119 incorrectly logstype: 'flat'withivfoptions. This inconsistency makes debugging difficult.Update the log statement (lines 103-130) to match the actual configuration:
indexConfig: { - type: 'flat', + type: 'hnsw', metric: 'cosine', - ivf: { lists: 4000 }, // Adjust list count based on your needs + hnsw: { + m: 16, + efConstruction: 200, + }, }
127-127: Same inverted logic issue in log statement.This mirrors the issue on line 74 - the log shows
generateTitlewill betruewhenTHREAD_GENERATE_TITLEis not'true'.
202-254: Tracing implementation is correct but uses unnecessary optional chaining.The span is always defined from
tracer.startSpan(), so optional chaining (span?.) is unnecessary. While harmless, it adds noise.- span?.setAttribute('chunksCount', chunks.length); - span?.setAttribute('embeddingDimension', embeddings[0]?.length || 0); - span?.setAttribute('processingTimeMs', processingTime); - span?.setAttribute('success', true); - span?.setAttribute('model', 'gemini-embedding-001'); - span?.setAttribute('operation', 'document-processing'); - span?.end(); + span.setAttribute('chunksCount', chunks.length); + span.setAttribute('embeddingDimension', embeddings[0]?.length || 0); + span.setAttribute('processingTimeMs', processingTime); + span.setAttribute('success', true); + span.setAttribute('model', 'gemini-embedding-001'); + span.setAttribute('operation', 'document-processing'); + span.end();src/mastra/tools/code-chunking.ts (1)
106-117: Simplify the endLine validation condition.The null/undefined checks are redundant since
> 0already implies a numeric value. TypeScript will narrow the type with just the> 0check combined with typeof or a simpler truthy check.- if ((symbol.kind === 'function' || symbol.kind === 'class') && (symbol.endLine !== null && symbol.endLine !== undefined && symbol.endLine > 0)) { + if ((symbol.kind === 'function' || symbol.kind === 'class') && typeof symbol.endLine === 'number' && symbol.endLine > 0) {
📜 Review details
Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (18)
instrumentation.ts(2 hunks)next.config.ts(2 hunks)package.json(8 hunks)src/mastra/agents/acpAgent.ts(5 hunks)src/mastra/agents/weather-agent.ts(0 hunks)src/mastra/config/mongodb.ts(12 hunks)src/mastra/index.ts(3 hunks)src/mastra/mcp/prompts.ts(4 hunks)src/mastra/mcp/resources.ts(1 hunks)src/mastra/scorers/weather-scorer.ts(2 hunks)src/mastra/tools/code-analysis.tool.ts(4 hunks)src/mastra/tools/code-chunking.ts(8 hunks)src/mastra/tools/diff-review.tool.ts(4 hunks)src/mastra/tools/fs.ts(2 hunks)src/mastra/tools/jwt-auth.tool.ts(3 hunks)src/mastra/tools/pdf.ts(3 hunks)src/mastra/tools/serpapi-search.tool.ts(1 hunks)src/mastra/workflows/changelog.ts(2 hunks)
💤 Files with no reviewable changes (1)
- src/mastra/agents/weather-agent.ts
🧰 Additional context used
📓 Path-based instructions (20)
**/*.{js,jsx,ts,tsx}
📄 CodeRabbit inference engine (.github/instructions/next-js.instructions.md)
**/*.{js,jsx,ts,tsx}: Usenext/dynamicfor dynamic imports to load components only when needed, improving initial load time.
Usenext/imagecomponent for automatic image optimization, including lazy loading and responsive images.
Use React.memo to prevent unnecessary re-renders of components.
Use the<Link prefetch>tag to prefetch pages that are likely to be visited.
Use getServerSideProps, getStaticProps, or server components for fetching data on the server-side.
Use SWR or React Query for client-side data fetching and caching.
Use CSS Modules, Styled Components, or Tailwind CSS for component-level styling. Prefer Tailwind CSS for rapid development.
Use React Context, Zustand, Jotai, or Recoil for managing global state. Avoid Redux unless necessary.
Usereact-hook-formfor managing forms and validation.
Only fetch the data that is needed by the component to avoid over-fetching.
Avoid long-running synchronous operations in the main thread to prevent blocking.
Always usesetStateor hooks to update state instead of mutating state directly.
Include a complete dependency array inuseEffecthooks to prevent unexpected behavior.
Avoid writing server-side code in client components to prevent exposing secrets or causing unexpected behavior.
Usetry...catchblocks for handling errors in asynchronous operations.
Implement error boundary components usinggetDerivedStateFromErrororcomponentDidCatchlifecycle methods.
Sanitize user input to prevent Cross-Site Scripting (XSS) attacks. Be especially careful when rendering HTML directly from user input.
Store authentication tokens in HTTP-only cookies or local storage securely.
Implement role-based access control to restrict access to sensitive resources.
Clean up event listeners and timers inuseEffecthooks to avoid memory leaks.
Only update state when necessary to reduce the number of re-renders and improve performance.
Use immutable data structures and avoid mutating data directly to prevent unexpected...
Files:
src/mastra/tools/serpapi-search.tool.tssrc/mastra/mcp/resources.tsinstrumentation.tssrc/mastra/tools/pdf.tssrc/mastra/scorers/weather-scorer.tssrc/mastra/workflows/changelog.tssrc/mastra/tools/code-chunking.tssrc/mastra/tools/fs.tssrc/mastra/tools/jwt-auth.tool.tssrc/mastra/tools/code-analysis.tool.tssrc/mastra/index.tsnext.config.tssrc/mastra/mcp/prompts.tssrc/mastra/agents/acpAgent.tssrc/mastra/config/mongodb.tssrc/mastra/tools/diff-review.tool.ts
**/*.{js,ts}
📄 CodeRabbit inference engine (.github/instructions/next-js.instructions.md)
Use parameterized queries or an ORM to prevent SQL injection attacks.
Files:
src/mastra/tools/serpapi-search.tool.tssrc/mastra/mcp/resources.tsinstrumentation.tssrc/mastra/tools/pdf.tssrc/mastra/scorers/weather-scorer.tssrc/mastra/workflows/changelog.tssrc/mastra/tools/code-chunking.tssrc/mastra/tools/fs.tssrc/mastra/tools/jwt-auth.tool.tssrc/mastra/tools/code-analysis.tool.tssrc/mastra/index.tsnext.config.tssrc/mastra/mcp/prompts.tssrc/mastra/agents/acpAgent.tssrc/mastra/config/mongodb.tssrc/mastra/tools/diff-review.tool.ts
src/mastra/tools/**/*.ts
📄 CodeRabbit inference engine (src/mastra/AGENTS.md)
src/mastra/tools/**/*.ts: Use thecreateToolpattern with Zod schemas when adding new tools undersrc/mastra/tools
Use explicit Zod schemas for every tool input/output
src/mastra/tools/**/*.ts: Use Zod schemas for strict validation of tool inputs and outputs in all Mastra tools
Implement tools using the createTool({ id, inputSchema, outputSchema, execute }) pattern
Organize tools into categories: Financial (Polygon, Finnhub, AlphaVantage), Research (SerpAPI, ArXiv), Data (CSV, JSON), RAG (chunking, embeddings)
Files:
src/mastra/tools/serpapi-search.tool.tssrc/mastra/tools/pdf.tssrc/mastra/tools/code-chunking.tssrc/mastra/tools/fs.tssrc/mastra/tools/jwt-auth.tool.tssrc/mastra/tools/code-analysis.tool.tssrc/mastra/tools/diff-review.tool.ts
src/mastra/{tools,workflows}/**/*.ts
📄 CodeRabbit inference engine (src/mastra/AGENTS.md)
Use
RuntimeContextto enforce access control in tools and workflows
Files:
src/mastra/tools/serpapi-search.tool.tssrc/mastra/tools/pdf.tssrc/mastra/workflows/changelog.tssrc/mastra/tools/code-chunking.tssrc/mastra/tools/fs.tssrc/mastra/tools/jwt-auth.tool.tssrc/mastra/tools/code-analysis.tool.tssrc/mastra/tools/diff-review.tool.ts
src/mastra/tools/**/*.tool.ts
📄 CodeRabbit inference engine (src/mastra/tools/AGENTS.md)
src/mastra/tools/**/*.tool.ts: Define Zod schema for inputs and outputs when creating tools
Tool IDs should follow the 'namespace:toolName' format (e.g., 'alpha-vantage:stockTool')
Files:
src/mastra/tools/serpapi-search.tool.tssrc/mastra/tools/jwt-auth.tool.tssrc/mastra/tools/code-analysis.tool.tssrc/mastra/tools/diff-review.tool.ts
src/mastra/tools/**/*.{ts,tsx}
📄 CodeRabbit inference engine (src/mastra/tools/AGENTS.md)
src/mastra/tools/**/*.{ts,tsx}: All tools must include comprehensive error handling with try-catch blocks, clear error messages, and retry logic for API calls
Sanitize inputs, mask secrets in logs, and implement rate-limiting in tools
Implement caching, stream large data, and set timeouts for external API calls in tools
Add Arize spans on all tool execute functions for observability
Files:
src/mastra/tools/serpapi-search.tool.tssrc/mastra/tools/pdf.tssrc/mastra/tools/code-chunking.tssrc/mastra/tools/fs.tssrc/mastra/tools/jwt-auth.tool.tssrc/mastra/tools/code-analysis.tool.tssrc/mastra/tools/diff-review.tool.ts
**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
Never commit API keys or secrets to the repository; use maskSensitiveMessageData() helper from src/mastra/config/pg-storage.ts when logging
**/*.{ts,tsx}: Document interface and type definitions with TSDoc comments explaining their purpose and usage context
Document interface properties with /** */ comments explaining each field's purpose and constraints
Document generic type parameters with @template tags explaining what each type parameter represents
Use type guards with comments explaining the runtime validation logic being performed
Document advanced/complex TypeScript types with explanatory comments about their purpose and use cases
Files:
src/mastra/tools/serpapi-search.tool.tssrc/mastra/mcp/resources.tsinstrumentation.tssrc/mastra/tools/pdf.tssrc/mastra/scorers/weather-scorer.tssrc/mastra/workflows/changelog.tssrc/mastra/tools/code-chunking.tssrc/mastra/tools/fs.tssrc/mastra/tools/jwt-auth.tool.tssrc/mastra/tools/code-analysis.tool.tssrc/mastra/index.tsnext.config.tssrc/mastra/mcp/prompts.tssrc/mastra/agents/acpAgent.tssrc/mastra/config/mongodb.tssrc/mastra/tools/diff-review.tool.ts
src/**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
Run eslint with --max-warnings=0 on src/**/*.{ts,tsx} to enforce linting standards
Files:
src/mastra/tools/serpapi-search.tool.tssrc/mastra/mcp/resources.tssrc/mastra/tools/pdf.tssrc/mastra/scorers/weather-scorer.tssrc/mastra/workflows/changelog.tssrc/mastra/tools/code-chunking.tssrc/mastra/tools/fs.tssrc/mastra/tools/jwt-auth.tool.tssrc/mastra/tools/code-analysis.tool.tssrc/mastra/index.tssrc/mastra/mcp/prompts.tssrc/mastra/agents/acpAgent.tssrc/mastra/config/mongodb.tssrc/mastra/tools/diff-review.tool.ts
**/*.{ts,tsx,js,jsx,py,java,cs,rb,go,rs,cpp,c,h,hpp,swift,kotlin,php,scala,clj,groovy,lua,sh,bash}
📄 CodeRabbit inference engine (.github/instructions/self-explanatory-code-commenting.instructions.md)
**/*.{ts,tsx,js,jsx,py,java,cs,rb,go,rs,cpp,c,h,hpp,swift,kotlin,php,scala,clj,groovy,lua,sh,bash}: Write code that speaks for itself. Comment only when necessary to explain WHY, not WHAT. Avoid obvious comments that state what the code literally does.
Avoid redundant comments that simply repeat what the code is doing
Keep comments accurate and up-to-date with code changes. Remove or update outdated comments that no longer match the implementation.
Write comments for complex business logic that explain the WHY behind specific calculations or business rules
Document non-obvious algorithms with comments explaining the algorithm choice and its reasoning
Add comments explaining what regex patterns match, especially for complex patterns
Document API constraints, rate limits, gotchas, and external dependencies with explanatory comments
Avoid commenting out dead code. Use version control instead of maintaining commented code blocks.
Do not maintain code change history or modification logs as comments. Rely on git history and commit messages instead.
Avoid decorative divider comments (e.g., lines of equals signs or asterisks) for section separation
Ensure comments are placed appropriately above or adjacent to the code they describe
Write comments using proper grammar, spelling, and professional language
Prefer self-documenting code with clear variable/function names over adding comments to explain unclear code
Files:
src/mastra/tools/serpapi-search.tool.tssrc/mastra/mcp/resources.tsinstrumentation.tssrc/mastra/tools/pdf.tssrc/mastra/scorers/weather-scorer.tssrc/mastra/workflows/changelog.tssrc/mastra/tools/code-chunking.tssrc/mastra/tools/fs.tssrc/mastra/tools/jwt-auth.tool.tssrc/mastra/tools/code-analysis.tool.tssrc/mastra/index.tsnext.config.tssrc/mastra/mcp/prompts.tssrc/mastra/agents/acpAgent.tssrc/mastra/config/mongodb.tssrc/mastra/tools/diff-review.tool.ts
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (.github/instructions/self-explanatory-code-commenting.instructions.md)
**/*.{ts,tsx,js,jsx}: Document public APIs with TSDoc/JSDoc comments including parameter descriptions, return types, examples, and thrown exceptions
Add TSDoc comments to configuration constants and environment variables explaining their source, reasoning, or constraints
Use TSDoc annotation tags (TODO, FIXME, HACK, NOTE, WARNING, PERF, SECURITY, BUG, REFACTOR, DEPRECATED) to mark special comments
Include file headers with @fileoverview, @author, @copyright, and @license tags to document file purpose and ownership
Document function parameters with @param tags, return values with @returns tags, and exceptions with @throws tags in TSDoc comments
Use @see tags in TSDoc comments to reference related functions, methods, or documentation
Include @example tags in public API documentation with code examples showing typical usage
Files:
src/mastra/tools/serpapi-search.tool.tssrc/mastra/mcp/resources.tsinstrumentation.tssrc/mastra/tools/pdf.tssrc/mastra/scorers/weather-scorer.tssrc/mastra/workflows/changelog.tssrc/mastra/tools/code-chunking.tssrc/mastra/tools/fs.tssrc/mastra/tools/jwt-auth.tool.tssrc/mastra/tools/code-analysis.tool.tssrc/mastra/index.tsnext.config.tssrc/mastra/mcp/prompts.tssrc/mastra/agents/acpAgent.tssrc/mastra/config/mongodb.tssrc/mastra/tools/diff-review.tool.ts
src/mastra/**/*
📄 CodeRabbit inference engine (src/AGENTS.md)
mastramodules can import fromutils, but must not import fromapporcli(excepttypes)
Files:
src/mastra/tools/serpapi-search.tool.tssrc/mastra/mcp/resources.tssrc/mastra/tools/pdf.tssrc/mastra/scorers/weather-scorer.tssrc/mastra/workflows/changelog.tssrc/mastra/tools/code-chunking.tssrc/mastra/tools/fs.tssrc/mastra/tools/jwt-auth.tool.tssrc/mastra/tools/code-analysis.tool.tssrc/mastra/index.tssrc/mastra/mcp/prompts.tssrc/mastra/agents/acpAgent.tssrc/mastra/config/mongodb.tssrc/mastra/tools/diff-review.tool.ts
src/mastra/mcp/**/*.ts
📄 CodeRabbit inference engine (src/mastra/mcp/AGENTS.md)
src/mastra/mcp/**/*.ts: Implementcoordinate_a2a_tasktool with parameters: task (string), taskType (enum: 'financial'|'content'|'rag'|'report'|'coordination'), workflow (enum: 'sequential'|'parallel'|'conditional'), and priority (enum: 'low'|'medium'|'high'|'urgent')
Implementlist_a2a_agentstool that returns an array of 25+ available agents with names and descriptions
Implementcreate_a2a_workflowtool with parameters: workflowName (string), agents (array), workflowType (enum), and optional description (string)
Implementask_a2aCoordinatortool providing direct access to the A2A coordinator agent for complex coordination tasksUse Model Context Protocol (MCP) server implementation in src/mastra/mcp for external tool integration
Files:
src/mastra/mcp/resources.tssrc/mastra/mcp/prompts.ts
src/mastra/scorers/**/*.ts
📄 CodeRabbit inference engine (src/mastra/scorers/AGENTS.md)
src/mastra/scorers/**/*.ts: Scorers should be deterministic and avoid stochastic logic, unless the stochastic behavior is inherent to the task and explicitly tested
Follow thecreateScorer(...)pattern when creating scorers, define a clearjudgeinstruction, and provide normalized input/output examples for reproducible grading
Provide clear success/failure boundaries and sample test cases with expected outputs for scorersImplement custom evaluation metrics in src/mastra/scorers for automated quality assessment
Files:
src/mastra/scorers/weather-scorer.ts
src/mastra/workflows/**/*.ts
📄 CodeRabbit inference engine (src/mastra/AGENTS.md)
Add new workflow definitions under
src/mastra/workflowsto orchestrate multi-step flowsUse Mastra DSL for multi-step workflow definitions in src/mastra/workflows
Files:
src/mastra/workflows/changelog.ts
src/mastra/index.ts
📄 CodeRabbit inference engine (src/AGENTS.md)
Enforce registration pattern in
mastra/index.tsfor AI orchestration modules composition
Files:
src/mastra/index.ts
**/next.config.{js,ts}
📄 CodeRabbit inference engine (.github/instructions/next-js.instructions.md)
**/next.config.{js,ts}: Integrate linting and formatting into the build process to ensure consistent code.
Analyze bundle size using tools likewebpack-bundle-analyzerto identify large dependencies.
Use tree shaking to remove unused code from bundles.
Files:
next.config.ts
src/mastra/agents/**/*.ts
📄 CodeRabbit inference engine (src/mastra/AGENTS.md)
Add new agent definitions under
src/mastra/agentsthat wire tools together into higher-level behaviors
Files:
src/mastra/agents/acpAgent.ts
src/mastra/agents/*.ts
📄 CodeRabbit inference engine (src/mastra/agents/AGENTS.md)
src/mastra/agents/*.ts: Agent file naming convention: Create agent files using kebab-case with.tsextension in/src/mastra/agents/directory (e.g.,your-agent-name.ts)
Each agent must follow the pattern: export agent asconst yourAgent = new Agent({ id: 'your-agent-id', name: 'Your Agent Name', description: '...' })
Files:
src/mastra/agents/acpAgent.ts
src/mastra/config/**/*.ts
📄 CodeRabbit inference engine (AGENTS.md)
src/mastra/config/**/*.ts: Centralize provider clients (Google, OpenAI, Anthropic, OpenRouter) and storage configuration in src/mastra/config
Use pg-storage with PgVector for vector store functionality in the configuration
Use src/mastra/config for role hierarchy and provider client configuration
Files:
src/mastra/config/mongodb.ts
src/mastra/config/mongodb.ts
📄 CodeRabbit inference engine (src/mastra/config/AGENTS.md)
MongoDB configuration must provide alternative document storage capability
Files:
src/mastra/config/mongodb.ts
🧬 Code graph analysis (5)
src/mastra/tools/pdf.ts (1)
src/mastra/config/logger.ts (1)
log(14-18)
src/mastra/tools/code-chunking.ts (1)
src/mastra/config/logger.ts (1)
log(14-18)
src/mastra/tools/fs.ts (1)
src/mastra/config/logger.ts (1)
log(14-18)
src/mastra/agents/acpAgent.ts (1)
src/mastra/config/pg-storage.ts (1)
pgMemory(87-151)
src/mastra/config/mongodb.ts (1)
src/mastra/config/logger.ts (1)
log(14-18)
🪛 Biome (2.1.2)
src/mastra/tools/diff-review.tool.ts
[error] 165-165: expected , but instead found )
Remove )
(parse)
[error] 165-165: expected , but instead found ;
Remove ;
(parse)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: Agent
- GitHub Check: Codacy Security Scan
🔇 Additional comments (21)
src/mastra/tools/serpapi-search.tool.ts (1)
177-188: LGTM!Good refactoring. Extracting
errorMessageonce and reusing it improves consistency and aligns with the error handling pattern used in other tools across the codebase. The span lifecycle (recordException → setStatus → end) is correctly implemented.src/mastra/tools/jwt-auth.tool.ts (1)
37-53: LGTM!The OpenTelemetry tracing migration is well-implemented. Span lifecycle is properly managed with appropriate attributes, error recording, and status setting. This is consistent with the tracing patterns used in other tools across the codebase.
src/mastra/tools/diff-review.tool.ts (2)
142-145: LGTM on span instrumentation.The span attributes for metrics (
additions,deletions,totalChanges) and proper span termination follow the tracing pattern established across other tools in this PR.
158-165: Error handling follows the established pattern.The catch block properly records the exception, sets the span status to ERROR, ends the span, and rethrows the error. This aligns with the tracing conventions in other tools.
Regarding the static analysis hint: The Biome parse errors appear to be false positives - the closing
});on line 165 correctly terminates both theexecutefunction and thecreateToolcall.src/mastra/tools/pdf.ts (2)
40-43: Tracing setup is correct.The tracer initialization with descriptive name
'tools/read-pdf'and span attributes (pdfPath,service) provide good observability context.
70-81: Span lifecycle correctly handles both success and error paths.The span attributes are set before ending on success, and on error the exception is recorded with proper status before ending. This aligns with the tracing pattern across the codebase.
src/mastra/tools/code-analysis.tool.ts (1)
295-301: Error handling follows established pattern.The catch block correctly records the exception, sets span status to ERROR, ends the span, and rethrows the error. This is consistent with the tracing conventions in
diff-review.tool.ts.package.json (1)
49-82: Dependency updates look reasonable.The beta version bumps for
@mastra/*packages and minor/patch updates for AI SDK packages are consistent with the PR's refactoring objectives.src/mastra/tools/fs.ts (2)
46-47: Success path span handling is correct.The span attribute and termination are properly handled for the write/append success paths.
55-57: Error path span handling follows the established pattern.Exception recording, status setting, and span termination are correctly implemented, consistent with other tools in this PR.
src/mastra/agents/acpAgent.ts (2)
3-6: Import changes align with PostgreSQL migration.The imports correctly bring in
pgMemoryandpgQueryToolfrom the config, andPGVECTOR_PROMPTfrom@mastra/pgto support the PostgreSQL-based vector storage.
99-101: Memory and tools configuration correctly updated.The
memoryandtoolsare now properly configured to use PostgreSQL-backedpgMemoryandpgQueryTool.src/mastra/index.ts (2)
18-18: Import updated to match reduced scorer exports.The import correctly reflects that only
translationScoreris now exported fromweather-scorer.ts.
167-167: Scorer configuration updated correctly.The scorers object now uses the reduced set of available scorers.
src/mastra/config/mongodb.ts (5)
9-10: OpenTelemetry imports added for enhanced tracing.The imports correctly bring in
traceandSpanStatusCodefor creating and managing spans.
190-190: Function signature correctly simplified.Removing the
tracingContextparameter in favor of inline tracer acquisition is a cleaner approach for OpenTelemetry instrumentation.
261-266: Error handling in tracing is well-implemented.The error path correctly records the exception, sets error status, and ends the span before re-throwing.
281-281: Function signature correctly simplified.Consistent with
processDocument, thetracingContextparameter removal is appropriate.
350-350: Function signature correctly simplified.Consistent tracing pattern applied to
querySimilarDocuments.src/mastra/tools/code-chunking.ts (2)
10-29: LGTM!The Zod schemas are well-structured with appropriate defaults for chunking parameters. The output schema properly documents the chunk metadata structure.
130-155: LGTM!The MDocument fallback path correctly handles non-parseable files with proper span lifecycle management. The comment explaining the placeholder line numbers is helpful.
| // webpackMemoryOptimizations: true, | ||
| //7 webpackBuildWorker: true, |
There was a problem hiding this comment.
Minor typo in comment.
Line 52 has a malformed comment //7 instead of //.
// webpackMemoryOptimizations: true,
- //7 webpackBuildWorker: true,
+ // webpackBuildWorker: true,📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| // webpackMemoryOptimizations: true, | |
| //7 webpackBuildWorker: true, | |
| // webpackMemoryOptimizations: true, | |
| // webpackBuildWorker: true, |
🤖 Prompt for AI Agents
In next.config.ts around lines 51 to 52, there's a malformed comment marker
"//7" on line 52; change "//7 webpackBuildWorker: true," to use a proper
comment marker "// webpackBuildWorker: true," so the comment is well-formed
and consistent with the surrounding comments.
| //const withBundleAnalyzer = require('@next/bundle-analyzer')({ | ||
| // enabled: process.env.ANALYZE === 'true', | ||
| //}) | ||
| //module.exports = withBundleAnalyzer({}) |
There was a problem hiding this comment.
🛠️ Refactor suggestion | 🟠 Major
Remove commented-out dead code.
Per coding guidelines, avoid commenting out dead code. Use version control to preserve history instead. If the bundle analyzer is no longer needed, remove these lines entirely.
-//const withBundleAnalyzer = require('@next/bundle-analyzer')({
-// enabled: process.env.ANALYZE === 'true',
-//})
-//module.exports = withBundleAnalyzer({})
-
const withMDX = createMDX({🤖 Prompt for AI Agents
In next.config.ts around lines 68 to 71, remove the commented-out bundle
analyzer block (the three lines that require and invoke @next/bundle-analyzer)
because dead code should not be left commented; simply delete these commented
lines so the file contains only active code, relying on VCS history if the
analyzer is needed later.
| "nanoid": "^5.1.6", | ||
| "next": "^16.0.8", | ||
| "next-themes": "^0.4.6", | ||
| "octokit": "^5.0.5", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify octokit is used in the codebase
rg -n "from ['\"]octokit['\"]|require\(['\"]octokit['\"]" --type=ts --type=jsRepository: ssdeanx/AgentStack
Length of output: 44
🏁 Script executed:
#!/bin/bash
# Broader search for octokit anywhere in the codebase
rg -i "octokit" --type=ts --type=js --type=jsonRepository: ssdeanx/AgentStack
Length of output: 9056
Remove unused octokit dependency.
The octokit package is declared in package.json but is not imported or used anywhere in the codebase. It should be removed to reduce bundle size and avoid maintaining unnecessary dependencies.
🤖 Prompt for AI Agents
In package.json around line 141, the octokit dependency is declared but unused;
remove the "octokit": "^5.0.5" entry from dependencies, then run your package
manager (npm install or yarn install) to update package-lock.json or yarn.lock,
run the test suite and a global search to confirm no imports/usages remain, and
commit the updated package.json and lockfile.
| "@types/jsdom": "^27.0.0", | ||
| "@types/mdx": "^2.0.13", | ||
| "@types/node": "^24.10.2", | ||
| "@types/node": "^25.0.0", |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
@types/node 25.0.0 Node.js version compatibility what version
💡 Result:
@types/node@25.0.0 is the type package for Node.js v25 — i.e., it targets Node 25. [1][2]
Sources:
- Mapping of @types/node versions to Node.js versions. [1]
- Node.js v25.0.0 release. [2]
Use @types/node@^24 or update the Node.js engine requirement to >=25.
@types/node@25.0.0 targets Node.js v25, but your engine requirement (line 42) specifies >=20.9.0. The major version mismatch means the type definitions will include features and types specific to Node.js 25 that don't exist in Node.js 20. Either downgrade @types/node to ^24.x (compatible with Node.js 20) or update the engine requirement to >=25.0.0.
🤖 Prompt for AI Agents
In package.json around line 186, the dependency "@types/node": "^25.0.0" is
incompatible with the project Node engine (>=20.9.0); either change the
devDependency to "@types/node": "^24.x" to match Node 20, or update the
"engines.node" field to ">=25.0.0" to match the types package. Pick one policy:
if you want to keep running on Node 20, replace the types entry with ^24.x and
run npm/yarn install; if you want to require Node 25, update the engines.node
value to >=25.0.0 and update CI/docs accordingly.
| options: { | ||
| // Message management | ||
| lastMessages: parseInt(process.env.MEMORY_LAST_MESSAGES ?? '500'), | ||
| generateTitle: process.env.THREAD_GENERATE_TITLE !== 'true', |
There was a problem hiding this comment.
Inverted generateTitle logic needs correction.
The condition process.env.THREAD_GENERATE_TITLE !== 'true' causes generateTitle to be true when the env var is anything except 'true' (including when undefined), which is counterintuitive. The standard pattern for feature flags is to enable features when the env var is explicitly set to 'true'.
- generateTitle: process.env.THREAD_GENERATE_TITLE !== 'true',
+ generateTitle: process.env.THREAD_GENERATE_TITLE === 'true',📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| generateTitle: process.env.THREAD_GENERATE_TITLE !== 'true', | |
| generateTitle: process.env.THREAD_GENERATE_TITLE === 'true', |
🤖 Prompt for AI Agents
In src/mastra/config/mongodb.ts around line 74, the generateTitle flag is
inverted because it uses process.env.THREAD_GENERATE_TITLE !== 'true', which
yields true unless the env var is exactly 'true'; change the expression to
explicitly check for 'true' (e.g., process.env.THREAD_GENERATE_TITLE === 'true')
so the feature is enabled only when the environment variable is set to 'true'.
| // Trace the exception and set status | ||
| span?.recordException(error instanceof Error ? error : new Error(String(error))); | ||
| span?.setStatus({ code: SpanStatusCode.ERROR, message: error instanceof Error ? error.message : String(error) }); | ||
| span?.end(); |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Optional chaining on span is unnecessary.
The span variable is initialized at line 43 before the try block, so it's always defined in the catch block. The optional chaining (span?.) adds noise without benefit.
- span?.recordException(error instanceof Error ? error : new Error(String(error)));
- span?.setStatus({ code: SpanStatusCode.ERROR, message: error instanceof Error ? error.message : String(error) });
- span?.end();
+ span.recordException(error instanceof Error ? error : new Error(String(error)));
+ span.setStatus({ code: SpanStatusCode.ERROR, message: error instanceof Error ? error.message : String(error) });
+ span.end();📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| // Trace the exception and set status | |
| span?.recordException(error instanceof Error ? error : new Error(String(error))); | |
| span?.setStatus({ code: SpanStatusCode.ERROR, message: error instanceof Error ? error.message : String(error) }); | |
| span?.end(); | |
| // Trace the exception and set status | |
| span.recordException(error instanceof Error ? error : new Error(String(error))); | |
| span.setStatus({ code: SpanStatusCode.ERROR, message: error instanceof Error ? error.message : String(error) }); | |
| span.end(); |
🤖 Prompt for AI Agents
In src/mastra/tools/code-chunking.ts around lines 163 to 166, the catch block
uses optional chaining on span (span?.) even though span is initialized before
the try and guaranteed to be defined here; remove the optional chaining and call
span.recordException(...), span.setStatus(...), and span.end() directly so the
code is clearer and avoids unnecessary noise.
| const tracer = trace.getTracer('diff-review'); | ||
| const span = tracer.startSpan('diff-review', { attributes: { filename, contextLines } }); | ||
|
|
||
| try { | ||
|
|
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Inconsistent span initialization and indentation.
The span is created without optional chaining on line 54, but later uses optional chaining (span?.) when setting attributes. If startSpan can return undefined, use optional chaining consistently. Also, the try block content has inconsistent indentation - the code inside should be indented relative to the try block.
const tracer = trace.getTracer('diff-review');
- const span = tracer.startSpan('diff-review', { attributes: { filename, contextLines } });
+ const span = tracer.startSpan('diff-review', { attributes: { filename, contextLines } });
try {
-
- const unifiedDiff = createPatch(
+ const unifiedDiff = createPatch(Committable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In src/mastra/tools/diff-review.tool.ts around lines 53 to 57, the span is
started without optional chaining but later accessed with span?. which is
inconsistent; either treat startSpan as always returning a Span and remove
optional chaining later, or use optional chaining consistently by changing the
start to const span = trace.getTracer('diff-review')?.startSpan(...). Also fix
the indentation of the try block body so all code inside the try is indented one
level deeper than the try line to match project style.
| case 'read': { | ||
| const readContent = await fsPromises.readFile(file, 'utf8') | ||
| return { message: readContent } | ||
| } |
There was a problem hiding this comment.
Span is not ended on successful read path.
The read case returns early at line 37 without ending the span. This creates a resource leak in the tracing system.
case 'read': {
const readContent = await fsPromises.readFile(file, 'utf8')
+ span?.setAttribute('success', true);
+ span?.end();
return { message: readContent }
}🤖 Prompt for AI Agents
In src/mastra/tools/fs.ts around lines 35 to 38 the read case returns early
without ending the tracing span; ensure the span is ended before returning by
either calling span.end() immediately before the return or by refactoring to
assign the read result to a variable and exit the switch so a shared
finally/cleanup can call span.end(); implement one of these so the span is
always closed on the successful read path.
| default: | ||
| return { message: 'Invalid action' } |
There was a problem hiding this comment.
Span is not ended on invalid action path.
The default case returns without ending the span, creating a resource leak.
default:
+ span?.setAttribute('success', false);
+ span?.end();
return { message: 'Invalid action' }📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| default: | |
| return { message: 'Invalid action' } | |
| default: | |
| span?.setAttribute('success', false); | |
| span?.end(); | |
| return { message: 'Invalid action' } |
🤖 Prompt for AI Agents
In src/mastra/tools/fs.ts around lines 42-43, the default branch returns an
object without ending the telemetry span which leaks the span; update the
default case to call span.end() (and optionally set span.status or record an
error/message on the span) before returning the { message: 'Invalid action' } so
the span is always closed on the invalid-action path.
| if (TOKEN_LIMIT < 20000) { | ||
| await delay(60000); | ||
| //await delay(60000); | ||
| TOKEN_LIMIT = 80000; | ||
| } |
There was a problem hiding this comment.
Removing the delay may cause API rate limit issues.
The commented-out delay was likely intended to prevent hitting LLM API rate limits when TOKEN_LIMIT drops below the threshold. Without this delay, the workflow will reset the token counter and continue immediately, potentially overwhelming the API with requests.
Consider one of these alternatives:
- Keep the delay for rate limiting
- Implement exponential backoff
- Use a rate limiter library
- Add proper API rate limit handling in the agent
if (TOKEN_LIMIT < 20000) {
- //await delay(60000);
+ await delay(60000); // Rate limit protection
TOKEN_LIMIT = 80000;
}Also restore the import:
-//import { delay } from '@mastra/core';
+import { delay } from '@mastra/core';Committable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In src/mastra/workflows/changelog.ts around lines 173-176 the temporary removal
of the delay (commented-out await delay(60000)) causes the token counter reset
to happen immediately and risks hitting LLM API rate limits; restore the
previous rate-limiting behavior by re-enabling the delay (or replace it with an
exponential backoff or a proper rate-limiter call) so TOKEN_LIMIT is not
immediately increased, and re-add the missing import for the delay/rate-limiter
utility at the top of the file; ensure the chosen approach logs/backoffs on
repeated triggers and does not block the event loop unnecessarily.
There was a problem hiding this comment.
Pull request overview
This pull request updates multiple dependencies to their latest versions and performs a significant architectural refactoring from MongoDB to PgVector storage, while also standardizing OpenTelemetry tracing implementation across the codebase. The changes include improvements to error handling, migration to async file operations, and removal of unused scorer functionality.
Key Changes
- Dependency Updates: Updated 15+ packages including core Mastra packages (beta.10 → beta.11), AI SDK packages, and various UI libraries
- Storage Migration: Refactored acpAgent from MongoDB (mongoMemory, mongoQueryTool) to PgVector (pgMemory, pgQueryTool) with corresponding prompt updates
- Tracing Standardization: Migrated from Mastra's custom AISpanType to standard OpenTelemetry APIs across all tools, using
trace.getTracer(),span.recordException(), andSpanStatusCode
Reviewed changes
Copilot reviewed 18 out of 19 changed files in this pull request and generated 18 comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Updated 15 dependencies to latest versions including Mastra core packages, AI SDK, UI libraries, and type definitions |
| package-lock.json | Lock file updates reflecting all package version changes |
| src/mastra/workflows/changelog.ts | Commented out delay function and import, potentially impacting rate limiting |
| src/mastra/tools/serpapi-search.tool.ts | Added proper error message handling before logging |
| src/mastra/tools/pdf.ts | Migrated to OpenTelemetry standard tracing with improved error handling |
| src/mastra/tools/jwt-auth.tool.ts | Refactored tracing to use OpenTelemetry APIs with proper exception recording |
| src/mastra/tools/fs.ts | Converted from sync to async file operations and updated tracing implementation |
| src/mastra/tools/diff-review.tool.ts | Added OpenTelemetry tracing with comprehensive error handling |
| src/mastra/tools/code-chunking.ts | Added tracing, improved type safety, and verbose null checking for endLine |
| src/mastra/tools/code-analysis.tool.ts | Wrapped execution in try-catch with proper error tracing |
| src/mastra/scorers/weather-scorer.ts | Commented out unused toolCallAppropriatenessScorer and completenessScorer |
| src/mastra/mcp/resources.ts | Added braces to if statement return (style change) |
| src/mastra/mcp/prompts.ts | Added block scopes to case statements and single-line if statements |
| src/mastra/index.ts | Removed unused scorers from imports and configuration, commented out sampling config |
| src/mastra/config/mongodb.ts | Refactored to use OpenTelemetry, removed TokenLimiter, restructured memory options |
| src/mastra/agents/weather-agent.ts | Removed toolCallAppropriatenessScorer configuration |
| src/mastra/agents/acpAgent.ts | Migrated from MongoDB to PgVector (mongoMemory→pgMemory, mongoQueryTool→pgQueryTool) |
| next.config.ts | Commented out webpack optimizations and bundle analyzer configuration |
| instrumentation.ts | Commented out entire NodeSDK initialization, disabling OpenTelemetry instrumentation |
|
|
||
| if (TOKEN_LIMIT < 20000) { | ||
| await delay(60000); | ||
| //await delay(60000); |
There was a problem hiding this comment.
Commenting out the delay function can lead to rate limiting issues with the API. The delay was likely added to prevent exceeding token limits. Instead of commenting it out, consider making this configurable through an environment variable or reducing the delay duration if performance is a concern.
| case 'read': { | ||
| const readContent = await fsPromises.readFile(file, 'utf8') | ||
| return { message: readContent } | ||
| } |
There was a problem hiding this comment.
This change replaces synchronous file operations with async operations, which is good. However, for the 'read' case, wrapping the return in a block creates unnecessary scope. The block is only needed if you're declaring variables that might conflict with other case statements. Consider removing the braces for the return statement to maintain consistency with the other cases.
| case 'read': { | |
| const readContent = await fsPromises.readFile(file, 'utf8') | |
| return { message: readContent } | |
| } | |
| case 'read': | |
| const readContent = await fsPromises.readFile(file, 'utf8') | |
| return { message: readContent } |
|
|
||
| for (const symbol of symbols) { | ||
| if ((symbol.kind === 'function' || symbol.kind === 'class') && symbol.endLine) { | ||
| if ((symbol.kind === 'function' || symbol.kind === 'class') && (symbol.endLine !== null && symbol.endLine !== undefined && symbol.endLine > 0)) { |
There was a problem hiding this comment.
The condition check has been made more verbose but it's checking for the same condition multiple times. The expression (symbol.endLine !== null && symbol.endLine !== undefined && symbol.endLine > 0) can be simplified to (symbol.endLine != null && symbol.endLine > 0) using loose equality which checks for both null and undefined, or even better (symbol.endLine && symbol.endLine > 0) if 0 is also an invalid value.
| if ((symbol.kind === 'function' || symbol.kind === 'class') && (symbol.endLine !== null && symbol.endLine !== undefined && symbol.endLine > 0)) { | |
| if ((symbol.kind === 'function' || symbol.kind === 'class') && (symbol.endLine != null && symbol.endLine > 0)) { |
| serviceName: "ai", | ||
| requestContextKeys: ["userId", "environment", "tenantId"], | ||
| sampling: { type: SamplingStrategyType.ALWAYS }, | ||
| //sampling: { type: SamplingStrategyType.ALWAYS }, |
There was a problem hiding this comment.
The sampling configuration for Langfuse has been commented out. This means all traces will be sent regardless of the sampling strategy. If this is intentional to collect all traces, it should be explicitly set rather than commented out. If it's temporary for debugging, consider using an environment variable to control this behavior.
| //sampling: { type: SamplingStrategyType.ALWAYS }, | |
| sampling: { | |
| type: process.env.LANGFUSE_SAMPLING_STRATEGY === "NEVER" | |
| ? SamplingStrategyType.NEVER | |
| : process.env.LANGFUSE_SAMPLING_STRATEGY === "PROBABILISTIC" | |
| ? SamplingStrategyType.PROBABILISTIC | |
| : SamplingStrategyType.ALWAYS | |
| }, |
| webpackMemoryOptimizations: true, | ||
| webpackBuildWorker: true, | ||
| // webpackMemoryOptimizations: true, | ||
| //7 webpackBuildWorker: true, |
There was a problem hiding this comment.
There's a typo in the comment: '//7' should be '//' without the '7'.
| //7 webpackBuildWorker: true, | |
| // webpackBuildWorker: true, |
| import type { UIMessage } from 'ai' | ||
| import { log } from './logger'; | ||
| import { TokenLimiter } from "@mastra/memory/processors"; | ||
| import z from "zod"; |
There was a problem hiding this comment.
'z' is defined but never used.
| import z from "zod"; |
| import { createCompletenessScorer } from '@mastra/core/evals/completeness-scorer'; | ||
| //import { createToolCallAccuracyScorerCode } from '@mastra/core/evals/code'; | ||
| //import { createCompletenessScorer } from '@mastra/core/evals/completeness-scorer'; | ||
| import { createScorer, runEvals } from '@mastra/core/evals'; |
There was a problem hiding this comment.
'runEvals' is defined but never used.
| import { createScorer, runEvals } from '@mastra/core/evals'; | |
| import { createScorer } from '@mastra/core/evals'; |
| import { trace } from "@opentelemetry/api"; | ||
| import { trace, SpanStatusCode } from "@opentelemetry/api"; | ||
| import { PythonParser } from './semantic-utils' | ||
| import type { RequestContext } from '@mastra/core/request-context'; |
There was a problem hiding this comment.
'RequestContext' is defined but never used.
| import type { RequestContext } from '@mastra/core/request-context'; |
| import { promises as fsPromises } from 'fs'; | ||
| import { z } from 'zod'; | ||
| import { log } from '../config/logger'; | ||
| import type { RequestContext } from '@mastra/core/request-context'; |
There was a problem hiding this comment.
'RequestContext' is defined but never used.
| import type { RequestContext } from '@mastra/core/request-context'; |
| import { log } from '../config/logger' | ||
| import { trace } from "@opentelemetry/api"; | ||
| import { trace, SpanStatusCode } from "@opentelemetry/api"; | ||
| import type { RequestContext } from '@mastra/core/request-context'; |
There was a problem hiding this comment.
'RequestContext' is defined but never used.
| import type { RequestContext } from '@mastra/core/request-context'; |
1 participant
Updated package dependencies in package.json to the latest versions, including:
Refactored acpAgent to use pgMemory and pgQueryTool instead of MongoDB tools.
Removed unused scorer toolCallAppropriatenessScorer from weather-agent.
Updated MongoDB configuration to support PgVector and improved tracing with OpenTelemetry.
Enhanced error handling and tracing in various tools (e.g., fs, jwt-auth, pdf, code analysis).
Cleaned up commented-out code and improved readability in multiple files.
Adjusted the changelog workflow to comment out the delay function for better performance.