Skip to content

feat(deps): Upgrade to @modelcontextprotocol/sdk version 1.23 and Zod to v4 #90

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
frontegg-david merged 4 commits into from
Nov 29, 2025
Merged

feat(deps): Upgrade to @modelcontextprotocol/sdk version 1.23 and Zod to v4 #90

frontegg-david merged 4 commits into from
Nov 29, 2025

Conversation

@frontegg-david
Copy link
Contributor

@frontegg-david frontegg-david commented Nov 29, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores

    • Upgraded Zod to v4, updated package manifests and removed legacy JSON-schema tooling.
    • Replaced legacy JSON Schema conversion tooling with Zod v4-based handling.

  • Refactor

    • Tightened public schemas: record/map keys now explicitly strings and function shapes clarified.
    • Standardized validation errors to use Zod v4 "issues" payloads for clearer messages.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 29, 2025
edited
Loading

Walkthrough

Migrates the codebase toward Zod v4: replaces JSONSchema7 with a Zod v4 JsonSchema alias and toJsonSchema, tightens many z.record() keys to require string keys, converts z.function() signatures to input/output tuple form, broadens Zod constraints to ZodType, and updates ZodError usage from .errors to .issues.

Changes

Cohort / File(s) Summary
Package manifests
package.json, libs/adapters/package.json, libs/mcp-from-openapi/package.json, libs/sdk/package.json, libs/testing/package.json, libs/plugins/package.json, libs/ui/package.json		 Upgrade to Zod v4, add/remove related dependencies (add zod-from-json-schema, remove json-schema-to-zod-v3 / zod-to-json-schema), adjust @modelcontextprotocol/sdk versions and add peerDep for zod where applicable.
CRM tool schemas
apps/demo/src/apps/crm/tools/activities-list.tool.ts, apps/demo/src/apps/crm/tools/activities-log.tool.ts, apps/demo/src/apps/crm/tools/activities-stats.tool.ts		 Tightened record key types: metadata and byType now use z.record(z.string(), ...) (string keys) instead of unkeyed records.
OpenAPI / adapters / mcp-from-openapi
libs/adapters/src/openapi/openapi.tool.ts, libs/mcp-from-openapi/src/*		 Introduce JsonSchema alias (from zod/v4/core), rename/replace toJSONSchema7toJsonSchema, update schema/parameter/response builders and signatures to use JsonSchema. Add request/headers/body mappers in openapi.tool runtime.
MCP HTTP types & CodeCall plugin
libs/cli/src/templates/3rd-party-integration/src/mcp-http-types.ts, libs/plugins/src/codecall/*, libs/plugins/src/codecall/tools/*, libs/plugins/src/codecall/utils/describe.utils.ts		 Convert many z.record() usages to explicit z.record(z.string(), ...); convert z.function().args(...).returns(...) to { input: z.tuple([...]), output: ... }; add DEFAULT_* option constants and switch .default() to factory forms; migrate JSON schema handling to Zod v4 toJSONSchema/JsonSchema usage.
Worker-pool / protocol
libs/enclave/src/adapters/worker-pool/protocol.ts		 toolCallMessageSchema.args tightened to z.record(z.string(), z.unknown()).
SDK core types & decorators / metadata
libs/sdk/src/common/metadata/tool.metadata.ts, libs/sdk/src/common/decorators/tool.decorator.ts, libs/sdk/src/common/decorators/plugin.decorator.ts, libs/sdk/src/common/decorators/front-mcp.decorator.ts		 Add JsonSchema alias, generalize Zod typings (e.g., ZodObject<any>ZodObject, ZodTypeAnyZodType), adjust helper types and decorator utilities to align with Zod v4 typings.
SDK auth, sessions, flows
libs/sdk/src/auth/**, libs/sdk/src/common/interfaces/flow.interface.ts, libs/sdk/src/common/flow/flow.utils.ts		 Tighten z.record() keys to string where applicable, remove some .default({}) usages, add/adjust state/constructor signatures, and switch Zod error handling from .errors.issues.
SDK transport & handlers
libs/sdk/src/transport/**/*, libs/sdk/src/transport/mcp-handlers/mcp-handlers.types.ts, libs/sdk/src/transport/transport.types.ts		 Broaden generic constraints from ZodObject<any> to ZodType; update TypedElicitResult and handler generics to use ZodType/ZodObject defaults; replace zod-to-json-schema with z.toJSONSchema.
SDK schemas, providers, logger, utils
libs/sdk/src/common/schemas/*, libs/sdk/src/common/metadata/front-mcp.metadata.ts, libs/sdk/src/front-mcp/front-mcp.providers.ts, libs/sdk/src/logger/logger.registry.ts, libs/sdk/src/utils/types.utils.ts		 Refactor annotated-class schema checks to explicit branches, remove some automatic .default({}), introduce DEFAULT_HTTP_OPTIONS/default logging, update Infer<> to use ZodType.
UI component schemas & validation
libs/ui/src/components/*, libs/ui/src/validation/wrapper.ts		 Tighten data records to z.record(z.string(), z.string()); convert table render function schema to tuple input/output form; validation helpers read ZodError.issues and map paths to strings.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Areas to review closely:

  • All usages/imports of JSONSchema7 / toJSONSchema7 → ensure toJsonSchema and JsonSchema alias are used consistently across mcp-from-openapi, plugins, and adapters.
  • z.record() conversions: verify validators and runtime callers expect string keys (particularly message/args maps, headers, session token maps).
  • z.function() → input/output tuple conversions: confirm callers and runtime invocations continue to validate as intended.
  • Zod type constraint changes (ZodType vs ZodObject): check implementations/overrides for compatibility and adjust generics where necessary.
  • Error migrations: ensure all catch blocks and error wrappers now properly consume e.issues and produce the expected error payload shape.
  • Package.json / peerDependency changes: verify final dependency graph and lockfile updates for Zod v4 and removed/added packages.

Possibly related PRs

Poem

🐇
I hopped through types and tightened keys,
Swapped errors for issues with elegant ease;
From JSON7 to Zod v4 I sped,
Now schemas dream in cleaner thread—
A tiny rabbit’s typed delight! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the primary changes: upgrading to @modelcontextprotocol/sdk 1.23 and Zod v4, which is the core focus reflected throughout the changeset.
Docstring Coverage ✅ Passed Docstring coverage is 94.44% which is sufficient. The required threshold is 80.00%.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch upgrade-mcp-to-1.23
📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0dfebea and 3c987bb.

📒 Files selected for processing (5)
  • libs/sdk/package.json (1 hunks)
  • libs/sdk/src/tool/flows/tools-list.flow.ts (2 hunks)
  • libs/sdk/src/transport/adapters/transport.sse.adapter.ts (3 hunks)
  • libs/sdk/src/transport/adapters/transport.streamable-http.adapter.ts (2 hunks)
  • package.json (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (5)
  • package.json
  • libs/sdk/src/transport/adapters/transport.streamable-http.adapter.ts
  • libs/sdk/src/transport/adapters/transport.sse.adapter.ts
  • libs/sdk/package.json
  • libs/sdk/src/tool/flows/tools-list.flow.ts
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: build

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Nov 29, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 10

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
libs/adapters/src/openapi/openapi.tool.ts (1)

78-92: Specify return type and handle non-object schemas correctly.

The function has two type safety issues:

  1. Bare z.ZodObject violates strict typing: In Zod v4, ZodObject requires generic parameters. Use z.ZodObject<z.ZodRawShape> or better yet, return z.ZodTypeAny since convertJsonSchemaToZod can produce any Zod type (string, number, array, etc.), not just objects.

  2. Unsafe cast masks runtime bugs: Line 88's double cast (as unknown as z.ZodObject) coerces non-object schemas into ZodObject, but line 28 then calls .shape which may not exist or behave incorrectly on non-object types. If the JSON Schema converts to a primitive type (e.g., z.string()), this will fail.

The function should either:

  • Return z.ZodTypeAny and update callers to handle all Zod types, or
  • Validate that the conversion produces a ZodObject and throw a specific error if not
function getZodSchemaFromJsonSchema(jsonSchema: JsonSchema, toolName: string): z.ZodTypeAny {
  if (typeof jsonSchema !== 'object' || jsonSchema === null) {
    return z.object({}).passthrough();
  }

  try {
    const zodSchema = convertJsonSchemaToZod(jsonSchema);
    if (typeof zodSchema?.parse !== 'function') {
      throw new Error('Conversion did not produce a valid Zod schema.');
    }
    return zodSchema; // Return as-is without unsafe cast
  } catch (err: unknown) {
    console.error(`Failed to generate Zod schema for '${toolName}':`, err);
    return z.object({}).passthrough();
  }
}

Then update line 28 to handle all types:

inputSchema: zodSchema instanceof z.ZodObject ? zodSchema.shape : {},
♻️ Duplicate comments (1)
libs/sdk/src/common/decorators/front-mcp.decorator.ts (1)

14-35: Use MCP-specific error classes instead of generic Error.

Similar to plugin.decorator.ts, this file uses generic Error classes for validation errors. According to the coding guidelines, files in libs/sdk/src/**/*.ts should use specific MCP error classes with error codes from MCP_ERROR_CODES.

Based on learnings, use specific MCP error classes with error codes from MCP_ERROR_CODES instead of generic Error classes.

🧹 Nitpick comments (15)
libs/sdk/src/utils/types.utils.ts (1)

1-17: Zod v4 migration for Infer looks correct; consider type‑only import for ZodType.

The switch from ZodTypeAny to ZodType keeps the Infer behavior while aligning with Zod v4 and avoiding the any-ish alias, which is good for stricter typing in libs/sdk. To tighten things further and avoid an unnecessary runtime symbol, you could change the import to:

import { z } from 'zod';
import type { ZodType } from 'zod';

Functionally equivalent, but slightly cleaner for bundling and matches the “types as types” convention. As per coding guidelines for strict TS typing in libs/sdk/src/**/*.ts.

libs/sdk/src/front-mcp/front-mcp.providers.ts (1)

14-22: Type the HTTP defaults and confirm behavior change vs. previous server defaults

Defining DEFAULT_HTTP_OPTIONS and using config.http ?? DEFAULT_HTTP_OPTIONS improves robustness when config.http is missing; however:

  1. Behavioral change: Previously, FrontMcpServerInstance received config.http directly (likely undefined when not configured), so its own internal defaults applied. Now, you’re forcing { port: 3000, entryPath: '/mcp' } when config.http is undefined. Please confirm:

    • These values match the prior internal defaults of FrontMcpServerInstance, or
    • This intentional change is documented in the SDK docs (under docs/draft/docs/**) since it effectively alters default runtime behavior in libs/sdk.

  2. Type-safety for defaults: To keep DEFAULT_HTTP_OPTIONS in sync with the server’s constructor type, consider tying it directly to the constructor parameter type instead of a bare object literal:

-const DEFAULT_HTTP_OPTIONS = { port: 3000, entryPath: '/mcp' };
+const DEFAULT_HTTP_OPTIONS: ConstructorParameters<typeof FrontMcpServerInstance>[0] = {
+  port: 3000,
+  entryPath: '/mcp',
+};

This ensures you’ll get a compile-time error if the HTTP options shape changes.

libs/sdk/src/flows/flow.registry.ts (1)

79-89: Avoid relying on broad type assertion in runFlow if possible

The new as Promise<FlowOutputOf<Name> | undefined> assertion is type‑only and keeps runtime behavior unchanged, but it hides any mismatch between FlowInstance.run’s actual return type and FlowOutputOf<Name>. If feasible, consider tightening typings so this method doesn’t need an assertion—for example by:

  • Ensuring FlowInstance is generic on the specific FlowName and that this.instances is typed accordingly (so flow.run(...) is inferred as Promise<FlowOutputOf<Name> | undefined>), or
  • Updating FlowInstance.run’s signature to return Promise<FlowOutputOf<FlowName> | undefined> in a way that composes correctly with FlowOutputOf<Name> here.

If those changes are non‑trivial right now, the current cast is acceptable but worth revisiting to keep the SDK’s public typing as sound as possible.

libs/sdk/src/common/decorators/front-mcp.decorator.ts (1)

13-35: Capture error.format() once for consistency and performance.

Unlike the refactoring in plugin.decorator.ts (line 12), this code still calls error.format() multiple times (lines 13, 18, 27). For consistency and to avoid repeated computations, consider capturing the result once at the beginning like in the other decorator.

Apply this diff to capture error.format() once:

   const { error, data: metadata } = frontMcpMetadataSchema.safeParse(providedMetadata);
   if (error) {
+    const formatted = error.format();
-    if (error.format().apps) {
+    if (formatted.apps) {
       throw new Error(
-        `Invalid metadata provided to @FrontMcp { apps: [?] }: \n${JSON.stringify(error.format().apps, null, 2)}`,
+        `Invalid metadata provided to @FrontMcp { apps: [?] }: \n${JSON.stringify(formatted.apps, null, 2)}`,
       );
     }
-    if (error.format().providers) {
+    if (formatted.providers) {
       throw new Error(
         `Invalid metadata provided to @FrontMcp { providers: [?] }: \n${JSON.stringify(
-          error.format().providers,
+          formatted.providers,
           null,
           2,
         )}`,
       );
     }
-    const loggingFormat = error.format()['logging'] as Record<string, unknown> | undefined;
+    const loggingFormat = formatted['logging'] as Record<string, unknown> | undefined;
     if (loggingFormat?.['transports']) {
libs/sdk/src/common/schemas/annotated-class.schema.ts (2)

27-48: Provider schema refactor looks correct; consider tightening the ctor check

The new early-return and null-guarded control flow correctly covers:

  • direct class providers (function + metadata),
  • useValue objects via their .constructor metadata, and
  • useFactory providers validated by frontMcpProviderMetadataSchema.

For extra robustness, you could ensure .constructor is actually a function before passing it to Reflect.hasMetadata:

-        const ctor = (useValue as Record<string, unknown>)['constructor'];
-        if (ctor && Reflect.hasMetadata(FrontMcpProviderTokens.type, ctor as object)) {
+        const ctor = (useValue as Record<string, unknown>)['constructor'];
+        if (typeof ctor === 'function' && Reflect.hasMetadata(FrontMcpProviderTokens.type, ctor)) {

Same idea applies to the analogous blocks below.

50-71: Deduplicate repeated annotated schema logic and centralize the record shape

annotatedFrontMcpAuthProvidersSchema, annotatedFrontMcpPluginsSchema, and annotatedFrontMcpAdaptersSchema all repeat the same object‑inspection pattern (Record<string, unknown>, useValue/useFactory handling, metadata checks) with only tokens + metadata schemas differing.

Consider extracting a small helper like:

function makeAnnotatedProviderLikeSchema(
  token: unknown,
  metadataSchema: z.ZodTypeAny,
  message: string,
) {
  return z.custom<Type>(
    (v): v is Type => {
      // shared function/useValue/useFactory logic here
    },
    { message },
  );
}

and using a shared, named record type instead of inline Record<string, unknown>, to align with the guideline about centralizing record type definitions in libs/sdk/src/common/records/.

As per coding guidelines, centralizing these record definitions will keep schemas consistent and easier to maintain.

Also applies to: 73-94, 96-117

libs/sdk/src/common/schemas/http-output.schema.ts (1)

35-37: Correct Zod v4 migration, but the value type has redundant nesting.

The explicit key type is correct for Zod v4. However, the value union has redundant z.string() - the inner union z.union([z.string(), z.array(z.string())]) already covers the string case.

Consider simplifying:

 export const HttpHeaders = z
-  .record(z.string(), z.union([z.string(), z.union([z.string(), z.array(z.string())])]))
+  .record(z.string(), z.union([z.string(), z.array(z.string())]))
   .default({});
libs/sdk/src/auth/flows/oauth.authorize.flow.ts (1)

75-84: Verify custom error message options on Zod literals

codeChallengeMethodSchema and responseTypeSchema now pass { message: '...' } as the options object to z.literal(). Zod v4 changed how custom messages are configured, and it’s not obvious that message here will actually control the final error text.

I’d recommend:

  • Add a small test that fails these fields and asserts the emitted messages, and
  • If the messages don’t match, switch to a pattern that’s confirmed to work in v4 (e.g., an explicit .refine()/.superRefine() or a schema-level errorMap), rather than relying on the options object.
libs/sdk/src/auth/session/transport-session.types.ts (1)

316-324: Record key typing tightened to string – aligns Zod schemas with TS types

Updating:

  • meta to z.record(z.string(), z.unknown()).optional(), and
  • tokens to z.record(z.string(), encryptedBlobSchema).optional()

brings the Zod schemas in line with the corresponding Record<string, ...> TypeScript interfaces and clarifies key types. This is a safe, non‑breaking improvement.

If you find yourself repeating z.record(z.string(), ...) across multiple SDK modules, consider centralizing a shared “string-keyed record” schema helper under libs/sdk/src/common/records/ for consistency, as per the shared records guideline. Based on learnings, ...

Also applies to: 326-332

libs/plugins/src/codecall/codecall.plugin.ts (1)

67-72: Bracket vs dot property access for includeTools

Using parsedOptions['includeTools'] here is functionally equivalent to parsedOptions.includeTools. Unless this is working around a specific typing constraint on CodeCallPluginOptionsInput/CodeCallPluginOptions, the dot form is a bit clearer:

-              includeTools: parsedOptions['includeTools'],
+              includeTools: parsedOptions.includeTools,

If the bracket form is needed to satisfy the type system (e.g., indexed access on a looser options type), consider adding a brief comment explaining why.

libs/sdk/src/transport/adapters/transport.streamable-http.adapter.ts (1)

7-7: Streamable HTTP sendElicitRequest correctly generalized; consider wrapping JSON-schema conversion

The T extends ZodType constraint and import look correct and keep this adapter aligned with LocalTransportAdapter and TypedElicitResult<T>. The behavior of sendElicitRequest is unchanged.

To reduce reliance on requestedSchema as any, consider introducing a small helper (e.g., toJsonSchemaFromZod(schema: ZodType)) that encapsulates the zod-to-json-schema call and its typing in one place, then use it here and in the SSE adapter. This keeps the any usage localized and easier to adjust if the library’s typings change.

Also applies to: 51-76

libs/sdk/src/transport/adapters/transport.sse.adapter.ts (1)

6-6: SSE sendElicitRequest generalized to ZodType in line with other transports

The T extends ZodType constraint and new import correctly align this adapter with LocalTransportAdapter and TypedElicitResult<T>, without changing runtime behavior.

As in the streamable HTTP adapter, consider wrapping the zodToJsonSchema(requestedSchema as any) call in a shared helper that takes a ZodType and returns a typed JSON Schema, so the any cast is centralized and easier to maintain.

Also applies to: 51-76

libs/adapters/src/openapi/openapi.tool.ts (1)

6-10: Import placement after type alias is unconventional.

The import on line 10 appears after the type alias definition (lines 8-9). While syntactically valid, this breaks the conventional import-first organization and may confuse readers or linters.

Consider moving all imports together at the top:

 import { z } from 'zod';
 import { tool } from '@frontmcp/sdk';
 import { convertJsonSchemaToZod } from 'json-schema-to-zod-v3';
 import type { McpOpenAPITool } from 'mcp-from-openapi';
 import type { OpenApiAdapterOptions } from './openapi.types';
 import type { JSONSchema } from 'zod/v4/core';
+import { buildRequest, applyAdditionalHeaders, parseResponse } from './openapi.utils';
+import { resolveToolSecurity } from './openapi.security';

 /** JSON Schema type from Zod v4 */
 type JsonSchema = JSONSchema.JSONSchema;
-import { buildRequest, applyAdditionalHeaders, parseResponse } from './openapi.utils';
-import { resolveToolSecurity } from './openapi.security';
libs/mcp-from-openapi/src/parameter-resolver.ts (1)

377-391: Consider narrowing ParameterInfo.schema type for stricter type safety.

The union SchemaObject | ReferenceObject | JsonSchema provides flexibility but may lead to runtime type confusion. Since toJsonSchema is called in buildParameterSchema anyway, consider standardizing inputs earlier.

This is a minor suggestion that can be deferred if the current approach serves the codebase well.

libs/mcp-from-openapi/src/schema-builder.ts (1)

83-98: Remove redundant condition in for...in loop.

The condition if (key in obj) on line 91 is always true within a for...in loop since the loop only iterates over properties that exist in the object. This check can be safely removed to simplify the code.

Apply this diff:

   for (const key in obj) {
-    if (key in obj) {
-      const value = obj[key];
-      if (value && typeof value === 'object') {
-        this.removeRefsRecursive(value);
-      }
+    const value = obj[key];
+    if (value && typeof value === 'object') {
+      this.removeRefsRecursive(value);
     }
   }
📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 05c6414 and fde58ea.

⛔ Files ignored due to path filters (1)
  • yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (59)
  • apps/demo/src/apps/crm/tools/activities-list.tool.ts (1 hunks)
  • apps/demo/src/apps/crm/tools/activities-log.tool.ts (1 hunks)
  • apps/demo/src/apps/crm/tools/activities-stats.tool.ts (1 hunks)
  • libs/adapters/package.json (1 hunks)
  • libs/adapters/src/openapi/openapi.tool.ts (5 hunks)
  • libs/cli/src/templates/3rd-party-integration/src/mcp-http-types.ts (4 hunks)
  • libs/enclave/src/adapters/worker-pool/protocol.ts (1 hunks)
  • libs/mcp-from-openapi/package.json (1 hunks)
  • libs/mcp-from-openapi/src/index.ts (2 hunks)
  • libs/mcp-from-openapi/src/parameter-resolver.ts (14 hunks)
  • libs/mcp-from-openapi/src/response-builder.ts (5 hunks)
  • libs/mcp-from-openapi/src/schema-builder.ts (22 hunks)
  • libs/mcp-from-openapi/src/types.ts (4 hunks)
  • libs/plugins/src/codecall/codecall.plugin.ts (1 hunks)
  • libs/plugins/src/codecall/codecall.types.ts (7 hunks)
  • libs/plugins/src/codecall/tools/describe.schema.ts (1 hunks)
  • libs/plugins/src/codecall/tools/describe.tool.ts (6 hunks)
  • libs/plugins/src/codecall/tools/invoke.schema.ts (1 hunks)
  • libs/plugins/src/codecall/utils/describe.utils.ts (13 hunks)
  • libs/sdk/package.json (1 hunks)
  • libs/sdk/src/auth/authorization/authorization.types.ts (2 hunks)
  • libs/sdk/src/auth/flows/oauth.authorize.flow.ts (2 hunks)
  • libs/sdk/src/auth/flows/session.verify.flow.ts (1 hunks)
  • libs/sdk/src/auth/session/transport-session.types.ts (1 hunks)
  • libs/sdk/src/common/decorators/front-mcp.decorator.ts (2 hunks)
  • libs/sdk/src/common/decorators/plugin.decorator.ts (2 hunks)
  • libs/sdk/src/common/decorators/tool.decorator.ts (4 hunks)
  • libs/sdk/src/common/flow/flow.utils.ts (1 hunks)
  • libs/sdk/src/common/interfaces/flow.interface.ts (4 hunks)
  • libs/sdk/src/common/interfaces/internal/primary-auth-provider.interface.ts (1 hunks)
  • libs/sdk/src/common/metadata/front-mcp.metadata.ts (1 hunks)
  • libs/sdk/src/common/metadata/tool.metadata.ts (4 hunks)
  • libs/sdk/src/common/schemas/annotated-class.schema.ts (1 hunks)
  • libs/sdk/src/common/schemas/http-output.schema.ts (3 hunks)
  • libs/sdk/src/common/types/options/auth.options.ts (4 hunks)
  • libs/sdk/src/flows/flow.registry.ts (1 hunks)
  • libs/sdk/src/front-mcp/front-mcp.providers.ts (2 hunks)
  • libs/sdk/src/logger/logger.registry.ts (2 hunks)
  • libs/sdk/src/prompt/flows/get-prompt.flow.ts (3 hunks)
  • libs/sdk/src/prompt/flows/prompts-list.flow.ts (1 hunks)
  • libs/sdk/src/resource/flows/read-resource.flow.ts (2 hunks)
  • libs/sdk/src/resource/flows/resource-templates-list.flow.ts (1 hunks)
  • libs/sdk/src/resource/flows/resources-list.flow.ts (1 hunks)
  • libs/sdk/src/tool/flows/call-tool.flow.ts (2 hunks)
  • libs/sdk/src/tool/flows/tools-list.flow.ts (1 hunks)
  • libs/sdk/src/transport/adapters/transport.local.adapter.ts (2 hunks)
  • libs/sdk/src/transport/adapters/transport.sse.adapter.ts (2 hunks)
  • libs/sdk/src/transport/adapters/transport.streamable-http.adapter.ts (2 hunks)
  • libs/sdk/src/transport/mcp-handlers/mcp-handlers.types.ts (2 hunks)
  • libs/sdk/src/transport/transport.types.ts (2 hunks)
  • libs/sdk/src/utils/types.utils.ts (1 hunks)
  • libs/testing/package.json (1 hunks)
  • libs/ui/package.json (1 hunks)
  • libs/ui/src/components/button.schema.ts (1 hunks)
  • libs/ui/src/components/card.schema.ts (1 hunks)
  • libs/ui/src/components/form.schema.ts (3 hunks)
  • libs/ui/src/components/table.schema.ts (1 hunks)
  • libs/ui/src/validation/wrapper.ts (1 hunks)
  • package.json (1 hunks)
🧰 Additional context used
📓 Path-based instructions (10)
**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Use strict type checking in TypeScript - avoid any types without strong justification, prefer unknown for generic type defaults
Use unknown instead of any for generic type parameters with no constraint or default fallback
Use type parameters with constraints instead of unconstrained generic types
Avoid non-null assertions (!) - throw specific errors with proper error handling instead
Use clean, descriptive names for all exports, types, classes, functions, and properties

Files:

  • libs/sdk/src/prompt/flows/prompts-list.flow.ts
  • libs/sdk/src/utils/types.utils.ts
  • libs/sdk/src/resource/flows/resource-templates-list.flow.ts
  • libs/sdk/src/transport/adapters/transport.sse.adapter.ts
  • apps/demo/src/apps/crm/tools/activities-log.tool.ts
  • libs/mcp-from-openapi/src/index.ts
  • apps/demo/src/apps/crm/tools/activities-list.tool.ts
  • libs/sdk/src/transport/transport.types.ts
  • libs/sdk/src/resource/flows/read-resource.flow.ts
  • libs/sdk/src/auth/flows/session.verify.flow.ts
  • libs/sdk/src/tool/flows/call-tool.flow.ts
  • libs/plugins/src/codecall/tools/invoke.schema.ts
  • libs/sdk/src/auth/authorization/authorization.types.ts
  • libs/plugins/src/codecall/codecall.plugin.ts
  • libs/sdk/src/flows/flow.registry.ts
  • libs/ui/src/components/card.schema.ts
  • libs/sdk/src/resource/flows/resources-list.flow.ts
  • libs/sdk/src/common/decorators/plugin.decorator.ts
  • libs/ui/src/components/form.schema.ts
  • libs/mcp-from-openapi/src/types.ts
  • libs/ui/src/components/table.schema.ts
  • libs/mcp-from-openapi/src/parameter-resolver.ts
  • libs/sdk/src/transport/adapters/transport.streamable-http.adapter.ts
  • libs/ui/src/validation/wrapper.ts
  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
  • libs/sdk/src/transport/mcp-handlers/mcp-handlers.types.ts
  • libs/sdk/src/common/metadata/front-mcp.metadata.ts
  • libs/sdk/src/common/schemas/http-output.schema.ts
  • libs/ui/src/components/button.schema.ts
  • libs/sdk/src/tool/flows/tools-list.flow.ts
  • libs/plugins/src/codecall/codecall.types.ts
  • libs/plugins/src/codecall/utils/describe.utils.ts
  • libs/sdk/src/transport/adapters/transport.local.adapter.ts
  • libs/cli/src/templates/3rd-party-integration/src/mcp-http-types.ts
  • libs/sdk/src/logger/logger.registry.ts
  • libs/sdk/src/front-mcp/front-mcp.providers.ts
  • libs/sdk/src/common/flow/flow.utils.ts
  • apps/demo/src/apps/crm/tools/activities-stats.tool.ts
  • libs/plugins/src/codecall/tools/describe.schema.ts
  • libs/sdk/src/common/types/options/auth.options.ts
  • libs/sdk/src/common/interfaces/internal/primary-auth-provider.interface.ts
  • libs/sdk/src/auth/flows/oauth.authorize.flow.ts
  • libs/sdk/src/common/decorators/tool.decorator.ts
  • libs/sdk/src/common/metadata/tool.metadata.ts
  • libs/sdk/src/common/schemas/annotated-class.schema.ts
  • libs/adapters/src/openapi/openapi.tool.ts
  • libs/plugins/src/codecall/tools/describe.tool.ts
  • libs/enclave/src/adapters/worker-pool/protocol.ts
  • libs/mcp-from-openapi/src/response-builder.ts
  • libs/sdk/src/common/interfaces/flow.interface.ts
  • libs/sdk/src/auth/session/transport-session.types.ts
  • libs/sdk/src/prompt/flows/get-prompt.flow.ts
  • libs/mcp-from-openapi/src/schema-builder.ts
libs/sdk/src/**/*.ts

📄 CodeRabbit inference engine (CLAUDE.md)

libs/sdk/src/**/*.ts: MCP response types must use typed protocol definitions (GetPromptResult, ReadResourceResult) instead of unknown for SDK methods
Use specific MCP error classes with error codes from MCP_ERROR_CODES instead of generic Error classes
Validate hook flows match entry types and fail fast with InvalidHookFlowError for unsupported flows
Centralize record type definitions in libs/sdk/src/common/records/ instead of module-specific files
Use changeScope property name instead of scope for event properties to avoid confusion with Scope class
Validate URIs per RFC 3986 using isValidMcpUri refinement in Zod schemas at metadata level
Create shared base classes (ExecutionContextBase) for common execution context functionality across different context types
Do not mutate rawInput in flows - use state.set() for flow state management instead

Files:

  • libs/sdk/src/prompt/flows/prompts-list.flow.ts
  • libs/sdk/src/utils/types.utils.ts
  • libs/sdk/src/resource/flows/resource-templates-list.flow.ts
  • libs/sdk/src/transport/adapters/transport.sse.adapter.ts
  • libs/sdk/src/transport/transport.types.ts
  • libs/sdk/src/resource/flows/read-resource.flow.ts
  • libs/sdk/src/auth/flows/session.verify.flow.ts
  • libs/sdk/src/tool/flows/call-tool.flow.ts
  • libs/sdk/src/auth/authorization/authorization.types.ts
  • libs/sdk/src/flows/flow.registry.ts
  • libs/sdk/src/resource/flows/resources-list.flow.ts
  • libs/sdk/src/common/decorators/plugin.decorator.ts
  • libs/sdk/src/transport/adapters/transport.streamable-http.adapter.ts
  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
  • libs/sdk/src/transport/mcp-handlers/mcp-handlers.types.ts
  • libs/sdk/src/common/metadata/front-mcp.metadata.ts
  • libs/sdk/src/common/schemas/http-output.schema.ts
  • libs/sdk/src/tool/flows/tools-list.flow.ts
  • libs/sdk/src/transport/adapters/transport.local.adapter.ts
  • libs/sdk/src/logger/logger.registry.ts
  • libs/sdk/src/front-mcp/front-mcp.providers.ts
  • libs/sdk/src/common/flow/flow.utils.ts
  • libs/sdk/src/common/types/options/auth.options.ts
  • libs/sdk/src/common/interfaces/internal/primary-auth-provider.interface.ts
  • libs/sdk/src/auth/flows/oauth.authorize.flow.ts
  • libs/sdk/src/common/decorators/tool.decorator.ts
  • libs/sdk/src/common/metadata/tool.metadata.ts
  • libs/sdk/src/common/schemas/annotated-class.schema.ts
  • libs/sdk/src/common/interfaces/flow.interface.ts
  • libs/sdk/src/auth/session/transport-session.types.ts
  • libs/sdk/src/prompt/flows/get-prompt.flow.ts
libs/**

⚙️ CodeRabbit configuration file

libs/**: Contains publishable SDK libraries. Review for API correctness, breaking changes, and consistency with docs. When public APIs change, ensure there is a matching docs/draft/docs/** update (not direct edits under docs/docs/**).

Files:

  • libs/sdk/src/prompt/flows/prompts-list.flow.ts
  • libs/sdk/src/utils/types.utils.ts
  • libs/sdk/package.json
  • libs/sdk/src/resource/flows/resource-templates-list.flow.ts
  • libs/testing/package.json
  • libs/mcp-from-openapi/package.json
  • libs/sdk/src/transport/adapters/transport.sse.adapter.ts
  • libs/ui/package.json
  • libs/mcp-from-openapi/src/index.ts
  • libs/sdk/src/transport/transport.types.ts
  • libs/sdk/src/resource/flows/read-resource.flow.ts
  • libs/adapters/package.json
  • libs/sdk/src/auth/flows/session.verify.flow.ts
  • libs/sdk/src/tool/flows/call-tool.flow.ts
  • libs/plugins/src/codecall/tools/invoke.schema.ts
  • libs/sdk/src/auth/authorization/authorization.types.ts
  • libs/plugins/src/codecall/codecall.plugin.ts
  • libs/sdk/src/flows/flow.registry.ts
  • libs/ui/src/components/card.schema.ts
  • libs/sdk/src/resource/flows/resources-list.flow.ts
  • libs/sdk/src/common/decorators/plugin.decorator.ts
  • libs/ui/src/components/form.schema.ts
  • libs/mcp-from-openapi/src/types.ts
  • libs/ui/src/components/table.schema.ts
  • libs/mcp-from-openapi/src/parameter-resolver.ts
  • libs/sdk/src/transport/adapters/transport.streamable-http.adapter.ts
  • libs/ui/src/validation/wrapper.ts
  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
  • libs/sdk/src/transport/mcp-handlers/mcp-handlers.types.ts
  • libs/sdk/src/common/metadata/front-mcp.metadata.ts
  • libs/sdk/src/common/schemas/http-output.schema.ts
  • libs/ui/src/components/button.schema.ts
  • libs/sdk/src/tool/flows/tools-list.flow.ts
  • libs/plugins/src/codecall/codecall.types.ts
  • libs/plugins/src/codecall/utils/describe.utils.ts
  • libs/sdk/src/transport/adapters/transport.local.adapter.ts
  • libs/cli/src/templates/3rd-party-integration/src/mcp-http-types.ts
  • libs/sdk/src/logger/logger.registry.ts
  • libs/sdk/src/front-mcp/front-mcp.providers.ts
  • libs/sdk/src/common/flow/flow.utils.ts
  • libs/plugins/src/codecall/tools/describe.schema.ts
  • libs/sdk/src/common/types/options/auth.options.ts
  • libs/sdk/src/common/interfaces/internal/primary-auth-provider.interface.ts
  • libs/sdk/src/auth/flows/oauth.authorize.flow.ts
  • libs/sdk/src/common/decorators/tool.decorator.ts
  • libs/sdk/src/common/metadata/tool.metadata.ts
  • libs/sdk/src/common/schemas/annotated-class.schema.ts
  • libs/adapters/src/openapi/openapi.tool.ts
  • libs/plugins/src/codecall/tools/describe.tool.ts
  • libs/enclave/src/adapters/worker-pool/protocol.ts
  • libs/mcp-from-openapi/src/response-builder.ts
  • libs/sdk/src/common/interfaces/flow.interface.ts
  • libs/sdk/src/auth/session/transport-session.types.ts
  • libs/sdk/src/prompt/flows/get-prompt.flow.ts
  • libs/mcp-from-openapi/src/schema-builder.ts
apps/demo/**

⚙️ CodeRabbit configuration file

apps/demo/**: apps/demo directory contains a demo application for testing purposes. It can be used as a reference for SDK usage examples.

Files:

  • apps/demo/src/apps/crm/tools/activities-log.tool.ts
  • apps/demo/src/apps/crm/tools/activities-list.tool.ts
  • apps/demo/src/apps/crm/tools/activities-stats.tool.ts
**/{libs,apps}/**/src/index.ts

📄 CodeRabbit inference engine (CLAUDE.md)

**/{libs,apps}/**/src/index.ts: Export everything users need from barrel files (index.ts), without legacy aliases or deprecated names
Do not add backwards compatibility exports or aliases (legacy exports) in new libraries

Files:

  • libs/mcp-from-openapi/src/index.ts
libs/ui/src/components/**/*.schema.ts

📄 CodeRabbit inference engine (libs/ui/CLAUDE.md)

libs/ui/src/components/**/*.schema.ts: Every component must have a Zod schema with .strict() mode to reject unknown properties
Use consistent enum naming for variants ('primary', 'secondary', 'outline', 'ghost', 'danger', 'success') and sizes ('xs', 'sm', 'md', 'lg', 'xl')
Use HTMX schema with strict mode including get, post, put, delete, target, swap, and trigger properties

Files:

  • libs/ui/src/components/card.schema.ts
  • libs/ui/src/components/form.schema.ts
  • libs/ui/src/components/table.schema.ts
  • libs/ui/src/components/button.schema.ts
libs/ui/src/components/**/*.ts

📄 CodeRabbit inference engine (libs/ui/CLAUDE.md)

libs/ui/src/components/**/*.ts: Validate component options using validateOptions() helper and return error box on validation failure
Add JSDoc examples with @example tags showing basic usage and options patterns for all components
Use pure HTML string generation without React/Vue/JSX - components return HTML strings only

Files:

  • libs/ui/src/components/card.schema.ts
  • libs/ui/src/components/form.schema.ts
  • libs/ui/src/components/table.schema.ts
  • libs/ui/src/components/button.schema.ts
libs/ui/src/**/*.ts

📄 CodeRabbit inference engine (libs/ui/CLAUDE.md)

libs/ui/src/**/*.ts: Always use escapeHtml() utility for all user-provided content to prevent XSS vulnerabilities
Hard-code CDN URLs only in theme presets; always reference theme.cdn configuration in component code

Files:

  • libs/ui/src/components/card.schema.ts
  • libs/ui/src/components/form.schema.ts
  • libs/ui/src/components/table.schema.ts
  • libs/ui/src/validation/wrapper.ts
  • libs/ui/src/components/button.schema.ts
libs/ui/src/components/**

📄 CodeRabbit inference engine (libs/ui/CLAUDE.md)

Organize components into schema.ts (definitions) and implementation .ts files with matching names

Files:

  • libs/ui/src/components/card.schema.ts
  • libs/ui/src/components/form.schema.ts
  • libs/ui/src/components/table.schema.ts
  • libs/ui/src/components/button.schema.ts
libs/adapters/src/**/*.ts

📄 CodeRabbit inference engine (CLAUDE.md)

Do not hardcode capabilities in adapters - use registry.getCapabilities() for dynamic capability exposure

Files:

  • libs/adapters/src/openapi/openapi.tool.ts
🧠 Learnings (18)
📚 Learning: 2025-11-26T17:22:58.085Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T17:22:58.085Z
Learning: Applies to libs/sdk/src/**/*.ts : Do not mutate rawInput in flows - use state.set() for flow state management instead

Applied to files:

  • libs/sdk/src/prompt/flows/prompts-list.flow.ts
  • libs/sdk/src/resource/flows/resource-templates-list.flow.ts
  • libs/sdk/src/resource/flows/read-resource.flow.ts
  • libs/sdk/src/auth/flows/session.verify.flow.ts
  • libs/sdk/src/tool/flows/call-tool.flow.ts
  • libs/sdk/src/flows/flow.registry.ts
  • libs/sdk/src/tool/flows/tools-list.flow.ts
  • libs/sdk/src/common/flow/flow.utils.ts
  • libs/sdk/src/common/interfaces/flow.interface.ts
  • libs/sdk/src/prompt/flows/get-prompt.flow.ts
📚 Learning: 2025-11-26T15:23:04.965Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/ui/CLAUDE.md:0-0
Timestamp: 2025-11-26T15:23:04.965Z
Learning: Applies to libs/ui/src/components/**/*.schema.ts : Every component must have a Zod schema with `.strict()` mode to reject unknown properties

Applied to files:

  • libs/sdk/src/utils/types.utils.ts
  • libs/mcp-from-openapi/package.json
  • libs/ui/package.json
  • libs/plugins/src/codecall/tools/invoke.schema.ts
  • libs/sdk/src/auth/authorization/authorization.types.ts
  • libs/ui/src/components/card.schema.ts
  • libs/ui/src/components/form.schema.ts
  • libs/mcp-from-openapi/src/types.ts
  • libs/ui/src/components/table.schema.ts
  • libs/mcp-from-openapi/src/parameter-resolver.ts
  • libs/sdk/src/transport/mcp-handlers/mcp-handlers.types.ts
  • libs/ui/src/components/button.schema.ts
  • libs/plugins/src/codecall/utils/describe.utils.ts
  • libs/cli/src/templates/3rd-party-integration/src/mcp-http-types.ts
  • libs/plugins/src/codecall/tools/describe.schema.ts
  • libs/sdk/src/auth/flows/oauth.authorize.flow.ts
  • libs/sdk/src/common/decorators/tool.decorator.ts
  • libs/sdk/src/common/metadata/tool.metadata.ts
  • libs/sdk/src/common/schemas/annotated-class.schema.ts
  • libs/adapters/src/openapi/openapi.tool.ts
  • libs/plugins/src/codecall/tools/describe.tool.ts
  • libs/mcp-from-openapi/src/response-builder.ts
  • libs/mcp-from-openapi/src/schema-builder.ts
📚 Learning: 2025-11-26T17:22:58.085Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T17:22:58.085Z
Learning: Applies to libs/sdk/src/**/*.ts : Centralize record type definitions in libs/sdk/src/common/records/ instead of module-specific files

Applied to files:

  • libs/sdk/src/utils/types.utils.ts
  • apps/demo/src/apps/crm/tools/activities-log.tool.ts
  • libs/sdk/src/transport/transport.types.ts
  • libs/sdk/src/auth/authorization/authorization.types.ts
  • libs/ui/src/components/card.schema.ts
  • libs/ui/src/components/form.schema.ts
  • libs/mcp-from-openapi/src/types.ts
  • libs/sdk/src/common/schemas/http-output.schema.ts
  • libs/plugins/src/codecall/utils/describe.utils.ts
  • libs/cli/src/templates/3rd-party-integration/src/mcp-http-types.ts
  • apps/demo/src/apps/crm/tools/activities-stats.tool.ts
  • libs/plugins/src/codecall/tools/describe.schema.ts
  • libs/sdk/src/common/metadata/tool.metadata.ts
  • libs/sdk/src/auth/session/transport-session.types.ts
📚 Learning: 2025-11-26T17:22:58.085Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T17:22:58.085Z
Learning: Applies to libs/sdk/src/**/*.ts : Validate hook flows match entry types and fail fast with InvalidHookFlowError for unsupported flows

Applied to files:

  • libs/sdk/src/resource/flows/resource-templates-list.flow.ts
  • libs/sdk/src/tool/flows/call-tool.flow.ts
  • libs/sdk/src/tool/flows/tools-list.flow.ts
  • libs/sdk/src/auth/flows/oauth.authorize.flow.ts
  • libs/sdk/src/common/interfaces/flow.interface.ts
  • libs/sdk/src/prompt/flows/get-prompt.flow.ts
📚 Learning: 2025-11-26T17:22:58.085Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T17:22:58.085Z
Learning: Applies to libs/sdk/src/**/*.ts : Use specific MCP error classes with error codes from MCP_ERROR_CODES instead of generic Error classes

Applied to files:

  • libs/mcp-from-openapi/src/index.ts
  • libs/sdk/src/common/decorators/plugin.decorator.ts
  • libs/mcp-from-openapi/src/types.ts
  • libs/sdk/src/common/decorators/front-mcp.decorator.ts
  • libs/sdk/src/transport/mcp-handlers/mcp-handlers.types.ts
  • libs/sdk/src/common/metadata/front-mcp.metadata.ts
  • libs/cli/src/templates/3rd-party-integration/src/mcp-http-types.ts
  • libs/mcp-from-openapi/src/response-builder.ts
  • libs/mcp-from-openapi/src/schema-builder.ts
📚 Learning: 2025-11-26T17:22:58.085Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T17:22:58.085Z
Learning: Applies to **/{libs,apps}/**/src/index.ts : Export everything users need from barrel files (index.ts), without legacy aliases or deprecated names

Applied to files:

  • libs/mcp-from-openapi/src/index.ts
📚 Learning: 2025-11-26T17:22:58.085Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T17:22:58.085Z
Learning: Applies to libs/sdk/src/**/*.ts : MCP response types must use typed protocol definitions (GetPromptResult, ReadResourceResult) instead of `unknown` for SDK methods

Applied to files:

  • libs/sdk/src/transport/transport.types.ts
  • libs/sdk/src/auth/authorization/authorization.types.ts
  • libs/mcp-from-openapi/src/types.ts
  • libs/sdk/src/transport/mcp-handlers/mcp-handlers.types.ts
  • libs/sdk/src/common/metadata/front-mcp.metadata.ts
  • libs/sdk/src/transport/adapters/transport.local.adapter.ts
  • libs/cli/src/templates/3rd-party-integration/src/mcp-http-types.ts
  • libs/plugins/src/codecall/tools/describe.schema.ts
  • libs/sdk/src/common/schemas/annotated-class.schema.ts
  • libs/mcp-from-openapi/src/response-builder.ts
  • libs/sdk/src/prompt/flows/get-prompt.flow.ts
  • libs/mcp-from-openapi/src/schema-builder.ts
📚 Learning: 2025-11-26T17:22:58.085Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T17:22:58.085Z
Learning: Applies to **/*.{ts,tsx} : Use type parameters with constraints instead of unconstrained generic types

Applied to files:

  • libs/sdk/src/transport/transport.types.ts
📚 Learning: 2025-11-26T17:22:58.085Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T17:22:58.085Z
Learning: Applies to libs/adapters/src/**/*.ts : Do not hardcode capabilities in adapters - use registry.getCapabilities() for dynamic capability exposure

Applied to files:

  • libs/adapters/package.json
📚 Learning: 2025-11-05T15:00:47.800Z 
Learnt from: frontegg-david
Repo: agentfront/frontmcp PR: 11
File: libs/core/src/auth/jwks/jwks.service.ts:62-0
Timestamp: 2025-11-05T15:00:47.800Z
Learning: In the FrontMCP codebase (libs/core/src/auth/jwks/jwks.service.ts), the verifyGatewayToken method intentionally skips signature verification when running in development-only no-auth mode, using decodeJwtPayloadSafe instead of jwtVerify. This is a deliberate design for local development convenience and should not be flagged as a security issue when the PR or code context indicates development/no-auth mode.

Applied to files:

  • libs/sdk/src/auth/flows/session.verify.flow.ts
📚 Learning: 2025-11-26T17:22:58.085Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T17:22:58.085Z
Learning: Applies to libs/sdk/src/**/*.ts : Validate URIs per RFC 3986 using isValidMcpUri refinement in Zod schemas at metadata level

Applied to files:

  • libs/sdk/src/auth/authorization/authorization.types.ts
  • libs/ui/src/components/card.schema.ts
  • libs/ui/src/components/form.schema.ts
  • libs/mcp-from-openapi/src/types.ts
  • libs/mcp-from-openapi/src/parameter-resolver.ts
  • libs/sdk/src/transport/mcp-handlers/mcp-handlers.types.ts
  • libs/sdk/src/common/metadata/front-mcp.metadata.ts
  • libs/cli/src/templates/3rd-party-integration/src/mcp-http-types.ts
  • libs/sdk/src/common/metadata/tool.metadata.ts
  • libs/sdk/src/common/schemas/annotated-class.schema.ts
  • libs/adapters/src/openapi/openapi.tool.ts
  • libs/mcp-from-openapi/src/schema-builder.ts
📚 Learning: 2025-11-26T15:23:04.965Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/ui/CLAUDE.md:0-0
Timestamp: 2025-11-26T15:23:04.965Z
Learning: Applies to libs/ui/src/components/**/*.schema.ts : Use HTMX schema with strict mode including get, post, put, delete, target, swap, and trigger properties

Applied to files:

  • libs/sdk/src/auth/authorization/authorization.types.ts
  • libs/ui/src/components/card.schema.ts
  • libs/ui/src/components/form.schema.ts
  • libs/ui/src/components/table.schema.ts
  • libs/mcp-from-openapi/src/parameter-resolver.ts
  • libs/sdk/src/common/schemas/http-output.schema.ts
  • libs/ui/src/components/button.schema.ts
  • libs/plugins/src/codecall/utils/describe.utils.ts
  • libs/cli/src/templates/3rd-party-integration/src/mcp-http-types.ts
📚 Learning: 2025-11-26T15:23:04.965Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/ui/CLAUDE.md:0-0
Timestamp: 2025-11-26T15:23:04.965Z
Learning: Applies to libs/ui/src/components/**/*.schema.ts : Use consistent enum naming for variants ('primary', 'secondary', 'outline', 'ghost', 'danger', 'success') and sizes ('xs', 'sm', 'md', 'lg', 'xl')

Applied to files:

  • libs/ui/src/components/card.schema.ts
  • libs/ui/src/components/form.schema.ts
  • libs/ui/src/components/button.schema.ts
  • libs/plugins/src/codecall/utils/describe.utils.ts
📚 Learning: 2025-11-26T15:23:04.965Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/ui/CLAUDE.md:0-0
Timestamp: 2025-11-26T15:23:04.965Z
Learning: Applies to libs/ui/src/components/** : Organize components into schema.ts (definitions) and implementation .ts files with matching names

Applied to files:

  • libs/ui/src/components/card.schema.ts
  • libs/ui/src/components/form.schema.ts
  • libs/ui/src/components/button.schema.ts
  • libs/plugins/src/codecall/utils/describe.utils.ts
  • libs/plugins/src/codecall/tools/describe.tool.ts
📚 Learning: 2025-11-26T15:23:04.965Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/ui/CLAUDE.md:0-0
Timestamp: 2025-11-26T15:23:04.965Z
Learning: Applies to libs/ui/src/components/**/*.ts : Validate component options using `validateOptions()` helper and return error box on validation failure

Applied to files:

  • libs/ui/src/components/card.schema.ts
  • libs/ui/src/components/form.schema.ts
  • libs/ui/src/validation/wrapper.ts
📚 Learning: 2025-11-26T15:23:04.965Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/ui/CLAUDE.md:0-0
Timestamp: 2025-11-26T15:23:04.965Z
Learning: Applies to libs/ui/src/components/**/*.test.ts : Write validation tests covering invalid variant/options, unknown properties, and valid option acceptance

Applied to files:

  • libs/ui/src/components/card.schema.ts
  • libs/ui/src/components/form.schema.ts
  • libs/ui/src/validation/wrapper.ts
📚 Learning: 2025-11-26T15:23:04.965Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: libs/ui/CLAUDE.md:0-0
Timestamp: 2025-11-26T15:23:04.965Z
Learning: Use Zod schema validation for all component inputs as a core validation strategy

Applied to files:

  • libs/ui/src/components/form.schema.ts
  • libs/sdk/src/common/metadata/tool.metadata.ts
📚 Learning: 2025-11-26T17:22:58.085Z 
Learnt from: CR
Repo: agentfront/frontmcp PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T17:22:58.085Z
Learning: Applies to **/*.{ts,tsx} : Use strict type checking in TypeScript - avoid `any` types without strong justification, prefer `unknown` for generic type defaults

Applied to files:

  • libs/ui/src/components/form.schema.ts
🧬 Code graph analysis (17)
libs/sdk/src/prompt/flows/prompts-list.flow.ts (2)
libs/sdk/src/errors/index.ts (1)
  • InvalidInputError (10-10)
libs/sdk/src/errors/mcp.error.ts (1)
  • InvalidInputError (223-240)
libs/sdk/src/resource/flows/resource-templates-list.flow.ts (2)
libs/sdk/src/errors/index.ts (1)
  • InvalidInputError (10-10)
libs/sdk/src/errors/mcp.error.ts (1)
  • InvalidInputError (223-240)
libs/sdk/src/transport/transport.types.ts (1)
libs/sdk/src/utils/types.utils.ts (1)
  • Infer (17-17)
libs/sdk/src/resource/flows/read-resource.flow.ts (2)
libs/sdk/src/errors/index.ts (1)
  • InvalidInputError (10-10)
libs/sdk/src/errors/mcp.error.ts (1)
  • InvalidInputError (223-240)
libs/sdk/src/tool/flows/call-tool.flow.ts (2)
libs/sdk/src/errors/index.ts (1)
  • InvalidInputError (10-10)
libs/sdk/src/errors/mcp.error.ts (1)
  • InvalidInputError (223-240)
libs/sdk/src/flows/flow.registry.ts (1)
libs/sdk/src/common/interfaces/flow.interface.ts (2)
  • FlowInputOf (8-8)
  • FlowOutputOf (9-9)
libs/sdk/src/resource/flows/resources-list.flow.ts (2)
libs/sdk/src/errors/index.ts (1)
  • InvalidInputError (10-10)
libs/sdk/src/errors/mcp.error.ts (1)
  • InvalidInputError (223-240)
libs/mcp-from-openapi/src/types.ts (2)
libs/mcp-from-openapi/src/index.ts (4)
  • toJsonSchema (74-74)
  • SchemaObject (55-55)
  • ReferenceObject (49-49)
  • isReferenceObject (74-74)
libs/plugins/src/codecall/tools/describe.tool.ts (1)
  • toJsonSchema (101-149)
libs/mcp-from-openapi/src/parameter-resolver.ts (1)
libs/mcp-from-openapi/src/types.ts (5)
  • ParameterLocation (25-25)
  • ParameterObject (34-34)
  • toJsonSchema (67-152)
  • SchemaObject (53-53)
  • ReferenceObject (45-45)
libs/sdk/src/common/decorators/front-mcp.decorator.ts (1)
libs/sdk/src/common/metadata/front-mcp.metadata.ts (2)
  • FrontMcpMetadata (83-83)
  • frontMcpMetadataSchema (85-85)
libs/sdk/src/common/metadata/front-mcp.metadata.ts (1)
libs/sdk/src/common/types/options/logging.options.ts (1)
  • loggingOptionsSchema (35-40)
libs/plugins/src/codecall/utils/describe.utils.ts (1)
libs/cli/src/templates/3rd-party-integration/src/tools/example.list.ts (1)
  • inputSchema (12-17)
libs/cli/src/templates/3rd-party-integration/src/mcp-http-types.ts (1)
libs/sdk/src/common/schemas/http-output.schema.ts (1)
  • HttpOutput (251-251)
libs/sdk/src/front-mcp/front-mcp.providers.ts (1)
libs/sdk/src/common/metadata/front-mcp.metadata.ts (1)
  • FrontMcpConfigType (90-90)
libs/sdk/src/common/flow/flow.utils.ts (2)
libs/sdk/src/errors/index.ts (2)
  • InvalidInputError (10-10)
  • InvalidMethodError (12-12)
libs/sdk/src/errors/mcp.error.ts (2)
  • InvalidInputError (223-240)
  • InvalidMethodError (269-273)
libs/sdk/src/common/interfaces/internal/primary-auth-provider.interface.ts (1)
libs/sdk/src/common/types/options/auth.options.ts (1)
  • TransportConfig (648-648)
libs/sdk/src/prompt/flows/get-prompt.flow.ts (1)
libs/sdk/src/errors/mcp.error.ts (1)
  • InvalidInputError (223-240)
🪛 GitHub Actions: On Push
libs/ui/package.json

[error] 41-41: The 'tslib' package is not used by 'ui' project. @nx/dependency-checks

package.json

[error] 41-41: The 'tslib' package is not used by 'ui' project. @nx/dependency-checks

@frontegg-david frontegg-david merged commit b44c2d4 into main Nov 29, 2025
3 checks passed
@frontegg-david frontegg-david deleted the upgrade-mcp-to-1.23 branch November 29, 2025 17:39
This was referenced Nov 29, 2025
Merged
Merged
This was referenced Dec 8, 2025
Merged
Merged
Merged
This was referenced Dec 16, 2025
Merged
Merged
Merged
This was referenced Jan 1, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@frontegg-david