feat: Implement MCP support and update dependencies for agent runtime#129
Merged
Conversation
# Conflicts: # clients/web/apps/chat/package.json
Deploying corvus with
|
| Latest commit: |
bff31c5
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://8d74534e.corvus-42x.pages.dev |
| Branch Preview URL: | https://support-mcps-agent-runtime.corvus-42x.pages.dev |
Contributor
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughAdds MCP (Model Context Protocol) runtime to agent-runtime: config/schema types and validation, MCP discovery/client/adapter/normalize modules, Tool trait/ToolSpec/source extension, dispatcher/policy/approval changes with structured denial payloads, registry integration behind feature flag, many tests, docs, and CI updates; no public API removals. Changes
Sequence Diagram(s)sequenceDiagram
participant Config as Config Loader
participant Discover as MCP Discovery
participant McpClient as McpClient
participant Registry as Tool Registry
participant Dispatcher as Tool Dispatcher
participant Approval as Approval Handler
participant Executor as Executor (native/MCP)
participant Channel as Channel/Gateway
Config->>Discover: load MCP servers, validate
Discover->>McpClient: list_tools (startup timeout)
McpClient-->>Discover: manifests
Discover->>Registry: normalize names, create adapters
Registry-->>Dispatcher: register tools
Channel->>Dispatcher: incoming tool call (mcp.server.tool)
Dispatcher->>Dispatcher: evaluate_tool_risk(tool_name)
alt ApprovalRequired
Dispatcher->>Approval: require approval
Approval-->>Channel: structured_denial_payload (approval_required)
else Execute
Dispatcher->>Executor: execute tool (routes to McpClient or native)
Executor-->>Channel: ToolResult (with timeout/output limits)
end
Estimated code review effort🎯 4 (Complex) | ⏱️ ~50 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Contributor
✅ Contributor ReportUser: @yacosta738
Contributor Report evaluates based on public GitHub activity. Analysis period: 2025-03-04 to 2026-03-04 |
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 22
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@clients/agent-runtime/Cargo.toml`:
- Around line 164-167: The Cargo feature mcp-runtime is declared but not used;
gate the MCP module and any of its re-exports/usages behind that feature so
disabling default features actually excludes it. In tools/mod.rs change the
unconditional "pub mod mcp;" to a conditional compile attribute like
"#[cfg(feature = \"mcp-runtime\")] pub mod mcp;" (and optionally add
"#[cfg_attr(docsrs, doc(cfg(feature = \"mcp-runtime\")))]" for docs), then wrap
any direct uses/re-exports of tools::mcp (or functions/types from mcp) with
matching cfg(feature = "mcp-runtime") guards or provide stub/no-op alternatives;
alternatively remove the mcp-runtime feature from Cargo.toml if MCP must always
be compiled.
In `@clients/agent-runtime/src/approval/mod.rs`:
- Around line 58-63: The structured_denial_payload function duplicates the
ApprovalDenial schema; instead construct an ApprovalDenial instance and
serialize it to serde_json::Value to avoid drift. Replace the manual json!
construction in structured_denial_payload(tool_name, reason) with creating
ApprovalDenial { code: "approval_required".into(), tool: tool_name.into(),
reason: reason.into() } (or appropriate field types) and return
serde_json::to_value(approval_denial).unwrap() (or propagate the error) so the
payload is single-sourced from the ApprovalDenial type.
In `@clients/agent-runtime/src/channels/telegram.rs`:
- Line 1889: The test's assert!(result.is_ok()) masks real delivery failures
because send_text_chunks currently swallows chunk send errors; update
send_text_chunks to return the first encountered Err instead of always returning
Ok(()), and adjust the caller (and tests) to expect an Err when a chunk send
fails. Specifically, modify the send_text_chunks function to propagate the first
error from chunk sends (return Result<(), E> with Err on failure), ensure any
higher-level send/Channel::send path (and health_check semantics if relevant)
preserves that error rather than converting to success, and replace the test
assertion at the failing location to assert an Err with the appropriate error
variant or message so fallback delivery failures become diagnostic.
In `@clients/agent-runtime/src/config/schema.rs`:
- Around line 2555-2578: Validate that server.command does not contain NUL bytes
and reject config if it does (similar to the existing keys check) because
server.command is passed to Command::new(); also iterate server.env values and
check for '\0' in each value and bail with "{base}.env contains an invalid
value" when found, so NUL bytes are caught at config load time rather than
causing a runtime failure in .envs().
In `@clients/agent-runtime/src/gateway/mod.rs`:
- Around line 2611-2615: The test currently checks payload["error"]["code"] and
["reason"] but omits the required "tool" field; update the webhook test to
assert the presence and value/type of payload["error"]["tool"] (e.g., assert
that payload["error"]["tool"].as_str().is_some() and that it equals or contains
the expected tool identifier from your contract), referencing the same payload
variable used in the existing assertions and, if available, the canonical
constant (e.g., APPROVAL_TOOL or equivalent) rather than a hardcoded string.
- Around line 1554-1563: The denial_reason logic uses brittle substring matching
(reason.contains("approval")); update the match on evaluate_tool_risk(&tool) so
that for DispatchAction::ApprovalRequired(reason) you deterministically use the
provided reason when it is non-empty (e.g., if !reason.trim().is_empty() then
reason) and otherwise fall back to a fixed template like format!("approval
required before executing `{}`", tool) — remove the contains("approval") check
and keep the DispatchAction::Execute arm as-is (format!("approval required for
`{tool}`")) to preserve behavior.
In `@clients/agent-runtime/src/tools/mcp/adapter.rs`:
- Around line 71-80: In execute(), before calling
self.client.call_tool(&self.original_name, args).await, validate and sanitize
the incoming serde_json::Value: ensure it is a JSON object with the expected
keys/types (reject arrays/primitives), enforce any required fields and types for
this MCP tool, and scrub/limit large or unexpected fields (respect
self.call_timeout_ms and self.output_limit_bytes). If validation fails, return a
structured ToolResult error (no panics) indicating validation errors; only
forward the sanitized serde_json::Value to self.client.call_tool when checks
pass. Update the execute() implementation and any helper (e.g., a validate_args
or sanitize_args function) to centralize schema checks and safe transformation
before dispatch.
- Around line 49-52: The truncation code using String::truncate(max_body) can
panic on multibyte UTF-8 boundaries: replace the truncate call with a UTF-8-safe
truncate (e.g., determine a valid char boundary <= max_body via
output.char_indices() or use output.get(..).and_then(|s| s.get(..char_boundary))
and then append marker) so you never split a codepoint; reference the variables
output, max_body, marker, and output_limit_bytes. Also, in execute() validate
and sanitize the incoming args against the tool parameter schema (use
self.parameters or parameters_schema() to parse/validate the args) before
invoking self.client.call_tool(), returning a validation error if args do not
conform to the schema. Ensure both fixes are applied in the methods where output
truncation and tool dispatch occur (the truncation block and execute()).
In `@clients/agent-runtime/src/tools/mcp/client.rs`:
- Around line 34-53: The call_tool function currently ignores the _arguments
parameter so per-call inputs are dropped; update call_tool to accept and forward
the serde_json::Value to the downstream handlers: remove the underscore from the
argument name, and pass that value into call_tool_from_command(name, arguments).
Likewise update the mock dispatch arms to accept the arguments (e.g.,
call_tool_mock_sleep(name, arguments), call_tool_mock_output(arguments),
call_tool_mock_error(name, arguments), and the "__mcp_mock__" branch should call
a mock helper that accepts the args or ignore them explicitly), and update the
signatures of call_tool_from_command, call_tool_mock_sleep,
call_tool_mock_output, and call_tool_mock_error to accept the serde_json::Value
and use it when constructing the command/transport; apply the same forwarding
changes to the other occurrence mentioned (the block around call_tool at lines
~114-164).
- Around line 247-260: redact_diagnostic currently only scans process env vars
and can miss secrets stored in McpServerConfig.env; update the function to
accept extra server env values (e.g., change fn redact_diagnostic(input: &str)
-> String to fn redact_diagnostic(input: &str, extra_env: impl
IntoIterator<Item=&str>) -> String or similar) and include those values when
replacing with "[REDACTED]"; update call sites that construct diagnostics (where
McpServerConfig.env is available) to pass McpServerConfig.env values into
redact_diagnostic so secrets from the server config are also redacted (refer to
redact_diagnostic and McpServerConfig.env when making changes).
- Around line 129-146: The spawned MCP subprocess (the variable child created
from your Command/spawn call) can leak when tokio::time::timeout fires because
dropping child does not terminate the process; fix this by enabling automatic
kill-on-drop on the Command used to create child (call .kill_on_drop(true) on
the tokio::process::Command builder before spawn()), so when the timeout branch
returns and child is dropped the OS process is terminated; keep the rest of the
timeout handling (the match on tokio::time::timeout and
child.wait_with_output()) unchanged.
In `@clients/agent-runtime/tests/mcp_config_validation.rs`:
- Around line 49-51: The test only asserts timeout-related text after calling
config.validate_for_runtime(), missing the output-limit rejection path; update
the test to include a case where the config sets output_limit_bytes = 0 (e.g.,
construct a config variant or modify the existing config before calling
validate_for_runtime()) and assert that the returned error string contains the
expected output-limit marker (e.g., "output_limit_bytes" or "output_limit") in
addition to the existing timeout checks so both validation paths are explicitly
covered.
In `@clients/agent-runtime/tests/mcp_execution_limits.rs`:
- Around line 41-47: Replace the brittle free-text assertion on result.error
with a structured JSON assertion: parse result.error (via
result.error.as_deref().unwrap_or_default()) as JSON, extract the timeout error
object/code field (e.g., error.code or error.type depending on your error
payload) and assert it equals the expected timeout identifier (e.g., "timeout");
keep the existing assert!(!result.success) and reference the same result
variable so the test now validates the structured error contract rather than
using contains("timeout").
In `@clients/agent-runtime/tests/mcp_registry_integration.rs`:
- Around line 56-64: The elapsed-time assertion in the test around
mcp::discover_tools is too tight and causes flaky CI failures; update the
assertion for elapsed (the variable computed from start.elapsed()) to use a more
generous bound or compute a margin based on the configured discovery timeout
(e.g., compare against config.discovery_timeout + 200ms) instead of hardcoding
180ms so the test remains stable across CI jitter while still ensuring discovery
is reasonably fast.
In `@clients/web/apps/docs/src/content/docs/es/guides/configuration.md`:
- Around line 39-62: Fix Spanish orthography and style in the MCP section:
correct accents and punctuation (e.g., "Configuracion" → "Configuración"),
ensure consistent code block labels and spacing for TOML examples (keep
`mcp.enabled`, `[[mcp.servers]]`, `name`, `enabled`, `command`, `args`
unchanged), rewrite sentences for natural Spanish (e.g., "detrás de un control
de despliegue explícito", "Si un servidor MCP falla al iniciar, los servidores
sanos siguen registrándose; los errores se registran con diagnósticos
redactados"), and ensure terminology consistency with English docs—verify EN/ES
parity and note any untranslated gaps per the docs lint rule for **/*.{md,mdx}.
In `@clients/web/apps/marketing/package.json`:
- Around line 24-25: The package.json pins "vite": "6.4.1" which diverges from
the workspace catalog (vite: 7.3.1); update the marketing app to either adopt
the workspace catalog version by changing the "vite" entry to the catalog
version, or add a clear justification entry in package.json (or repo docs)
explaining why "vite": "6.4.1" is required for Astro, and add/adjust a
compatibility test (CI job or package.json script) that validates the app builds
with the pinned version; reference the "vite" key in package.json and ensure any
change is applied consistently to the docs app or accompanied by the documented
exception.
In `@clients/web/pnpm-workspace.yaml`:
- Around line 5-28: The catalog contains caret ranges for several packages
(e.g., "astro": "^5.18.0", "@astrojs/partytown": "^2.1.4", "sharp": "^0.34.5",
"vue": "^3.5.28", "vue-i18n": "^11.2.8") which reduces clarity; update those
catalog entries to exact versions (remove the caret and pin to the exact version
string from the lockfile) so each value is an exact version like "5.18.0"
instead of "^5.18.0"; locate and change every catalog value that starts with "^"
in the pnpm workspace catalog to its exact counterpart to make the version
contract explicit.
In `@openspec/changes/archive/2026-03-03-support-mcps-agent-runtime/design.md`:
- Around line 14-16: Update the stale spec path in the "Spec mapping" paragraph:
locate the string
`openspec/changes/support-mcps-agent-runtime/specs/mcp-runtime/spec.md` in
design.md (the "Spec mapping" section) and replace it with the correct path for
the archived change, e.g. `openspec/specs/mcp-runtime/spec.md` or the
appropriate relative path within this archive so the reference points to the
current spec file.
In `@openspec/changes/archive/2026-03-03-support-mcps-agent-runtime/proposal.md`:
- Line 49: Edit the sentence "Validate config strictly at load time and fail
safe for malformed or unsafe definitions." and hyphenate "fail-safe" so it reads
"Validate config strictly at load time and fail-safe for malformed or unsafe
definitions." to correct wording and ensure consistency.
In
`@openspec/changes/archive/2026-03-03-support-mcps-agent-runtime/specs/mcp-runtime/spec.md`:
- Around line 20-147: The markdown fails MD022 because several "#### Scenario:
..." headings (e.g., "#### Scenario: Reject malformed server definition", "####
Scenario: Reject unsafe timeout and limit values", "#### Scenario: Secret
references are protected in diagnostics", and others in this section) lack the
required blank line before and/or after the heading; fix by inserting a single
blank line above each "#### Scenario:" heading and ensuring there is at least
one blank line after the heading block (before the next list or paragraph) so
each scenario heading is isolated per markdownlint MD022.
In
`@openspec/changes/archive/2026-03-03-support-mcps-agent-runtime/verify-report.md`:
- Around line 1-173: The markdown file verify-report.md violates markdownlint
rules (MD041/MD022/MD058/MD031) due to inconsistent heading levels and missing
blank lines around headings, tables, and fenced code blocks; fix it by
normalizing heading levels (ensure top-level starts with a single H2 or H1
consistently—e.g., the "## Verification Report" header and all subsequent
section headers), add a blank line before and after each table and fenced code
block (the three fenced blocks under "Build & Tests Execution", "Tests", and
"Coverage"), and ensure there is a blank line between paragraphs and headers
(including the "Completeness", "Build & Tests Execution", "Spec Compliance
Matrix", "Issues Found", and "Verification Addendum" sections) so the
MD041/MD022/MD058/MD031 violations are resolved.
In `@openspec/specs/mcp-runtime/spec.md`:
- Around line 20-151: Several H2/H4 headings like "#### Scenario: Reject
malformed server definition", "#### Scenario: Reject unsafe timeout and limit
values", and other "#### Scenario:"/ "### Requirement:" headings lack the
required blank lines around them causing MD022 lint failures; update spec.md by
inserting a single blank line before and after each affected heading (ensure
each "#### Scenario:" and "### Requirement:" is preceded and followed by an
empty line) so all headings conform to Markdown spacing rules and pass the MD022
lint check.
ℹ️ Review info
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Disabled knowledge base sources:
- Linear integration is disabled
You can enable these sources in your CodeRabbit configuration.
⛔ Files ignored due to path filters (1)
clients/web/pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (46)
SONARQUBE_ISSUES.mdclients/agent-runtime/Cargo.tomlclients/agent-runtime/src/agent/agent.rsclients/agent-runtime/src/agent/dispatcher.rsclients/agent-runtime/src/agent/tests.rsclients/agent-runtime/src/approval/mod.rsclients/agent-runtime/src/channels/mod.rsclients/agent-runtime/src/channels/telegram.rsclients/agent-runtime/src/config/mod.rsclients/agent-runtime/src/config/schema.rsclients/agent-runtime/src/gateway/mod.rsclients/agent-runtime/src/main.rsclients/agent-runtime/src/onboard/wizard.rsclients/agent-runtime/src/providers/anthropic.rsclients/agent-runtime/src/providers/compatible.rsclients/agent-runtime/src/providers/copilot.rsclients/agent-runtime/src/providers/traits.rsclients/agent-runtime/src/security/mod.rsclients/agent-runtime/src/security/policy.rsclients/agent-runtime/src/tools/mcp/adapter.rsclients/agent-runtime/src/tools/mcp/client.rsclients/agent-runtime/src/tools/mcp/mod.rsclients/agent-runtime/src/tools/mcp/normalize.rsclients/agent-runtime/src/tools/mod.rsclients/agent-runtime/src/tools/traits.rsclients/agent-runtime/tests/mcp_config_validation.rsclients/agent-runtime/tests/mcp_execution_limits.rsclients/agent-runtime/tests/mcp_native_regression.rsclients/agent-runtime/tests/mcp_policy_approval_parity.rsclients/agent-runtime/tests/mcp_registry_integration.rsclients/agent-runtime/tests/mcp_runtime_e2e.rsclients/web/apps/chat/package.jsonclients/web/apps/dashboard/package.jsonclients/web/apps/docs/package.jsonclients/web/apps/docs/src/content/docs/en/clients/agent-runtime/architecture.mdclients/web/apps/docs/src/content/docs/en/guides/configuration.mdclients/web/apps/docs/src/content/docs/es/guides/configuration.mdclients/web/apps/marketing/package.jsonclients/web/package.jsonclients/web/pnpm-workspace.yamlopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/design.mdopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/proposal.mdopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/specs/mcp-runtime/spec.mdopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/tasks.mdopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/verify-report.mdopenspec/specs/mcp-runtime/spec.md
💤 Files with no reviewable changes (1)
- SONARQUBE_ISSUES.md
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
- GitHub Check: pr-checks
- GitHub Check: sonar
- GitHub Check: pr-checks
- GitHub Check: Cloudflare Pages
🧰 Additional context used
📓 Path-based instructions (12)
clients/agent-runtime/src/**/*.rs
📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)
clients/agent-runtime/src/**/*.rs: Never log secrets, tokens, raw credentials, or sensitive payloads in any logging statements
Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency
Files:
clients/agent-runtime/src/main.rsclients/agent-runtime/src/tools/mcp/normalize.rsclients/agent-runtime/src/agent/agent.rsclients/agent-runtime/src/providers/compatible.rsclients/agent-runtime/src/agent/tests.rsclients/agent-runtime/src/gateway/mod.rsclients/agent-runtime/src/channels/mod.rsclients/agent-runtime/src/agent/dispatcher.rsclients/agent-runtime/src/tools/mcp/mod.rsclients/agent-runtime/src/config/mod.rsclients/agent-runtime/src/tools/mcp/client.rsclients/agent-runtime/src/security/mod.rsclients/agent-runtime/src/providers/anthropic.rsclients/agent-runtime/src/tools/mod.rsclients/agent-runtime/src/tools/mcp/adapter.rsclients/agent-runtime/src/channels/telegram.rsclients/agent-runtime/src/config/schema.rsclients/agent-runtime/src/providers/copilot.rsclients/agent-runtime/src/approval/mod.rsclients/agent-runtime/src/security/policy.rsclients/agent-runtime/src/tools/traits.rsclients/agent-runtime/src/onboard/wizard.rsclients/agent-runtime/src/providers/traits.rs
clients/agent-runtime/**/*.rs
📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)
Run
cargo fmt --all -- --check,cargo clippy --all-targets -- -D warnings, andcargo testfor code validation, or document which checks were skipped and why
Files:
clients/agent-runtime/src/main.rsclients/agent-runtime/src/tools/mcp/normalize.rsclients/agent-runtime/src/agent/agent.rsclients/agent-runtime/src/providers/compatible.rsclients/agent-runtime/src/agent/tests.rsclients/agent-runtime/src/gateway/mod.rsclients/agent-runtime/src/channels/mod.rsclients/agent-runtime/tests/mcp_runtime_e2e.rsclients/agent-runtime/src/agent/dispatcher.rsclients/agent-runtime/tests/mcp_policy_approval_parity.rsclients/agent-runtime/src/tools/mcp/mod.rsclients/agent-runtime/src/config/mod.rsclients/agent-runtime/src/tools/mcp/client.rsclients/agent-runtime/src/security/mod.rsclients/agent-runtime/src/providers/anthropic.rsclients/agent-runtime/src/tools/mod.rsclients/agent-runtime/tests/mcp_native_regression.rsclients/agent-runtime/src/tools/mcp/adapter.rsclients/agent-runtime/src/channels/telegram.rsclients/agent-runtime/src/config/schema.rsclients/agent-runtime/src/providers/copilot.rsclients/agent-runtime/tests/mcp_execution_limits.rsclients/agent-runtime/src/approval/mod.rsclients/agent-runtime/tests/mcp_registry_integration.rsclients/agent-runtime/src/security/policy.rsclients/agent-runtime/src/tools/traits.rsclients/agent-runtime/tests/mcp_config_validation.rsclients/agent-runtime/src/onboard/wizard.rsclients/agent-runtime/src/providers/traits.rs
clients/agent-runtime/src/main.rs
📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)
clients/agent-runtime/src/main.rs: Preserve CLI contract unless change is intentional and documented; prefer explicit errors over silent fallback for unsupported critical paths
Keep startup path lean and avoid heavy initialization in command parsing flow
Files:
clients/agent-runtime/src/main.rs
**/*.rs
⚙️ CodeRabbit configuration file
**/*.rs: Focus on Rust idioms, memory safety, and ownership/borrowing correctness.
Flag unnecessary clones, unchecked panics in production paths, and weak error context.
Prioritize unsafe blocks, FFI boundaries, concurrency races, and secret handling.
Files:
clients/agent-runtime/src/main.rsclients/agent-runtime/src/tools/mcp/normalize.rsclients/agent-runtime/src/agent/agent.rsclients/agent-runtime/src/providers/compatible.rsclients/agent-runtime/src/agent/tests.rsclients/agent-runtime/src/gateway/mod.rsclients/agent-runtime/src/channels/mod.rsclients/agent-runtime/tests/mcp_runtime_e2e.rsclients/agent-runtime/src/agent/dispatcher.rsclients/agent-runtime/tests/mcp_policy_approval_parity.rsclients/agent-runtime/src/tools/mcp/mod.rsclients/agent-runtime/src/config/mod.rsclients/agent-runtime/src/tools/mcp/client.rsclients/agent-runtime/src/security/mod.rsclients/agent-runtime/src/providers/anthropic.rsclients/agent-runtime/src/tools/mod.rsclients/agent-runtime/tests/mcp_native_regression.rsclients/agent-runtime/src/tools/mcp/adapter.rsclients/agent-runtime/src/channels/telegram.rsclients/agent-runtime/src/config/schema.rsclients/agent-runtime/src/providers/copilot.rsclients/agent-runtime/tests/mcp_execution_limits.rsclients/agent-runtime/src/approval/mod.rsclients/agent-runtime/tests/mcp_registry_integration.rsclients/agent-runtime/src/security/policy.rsclients/agent-runtime/src/tools/traits.rsclients/agent-runtime/tests/mcp_config_validation.rsclients/agent-runtime/src/onboard/wizard.rsclients/agent-runtime/src/providers/traits.rs
**/*
⚙️ CodeRabbit configuration file
**/*: Security first, performance second.
Validate input boundaries, auth/authz implications, and secret management.
Look for behavioral regressions, missing tests, and contract breaks across modules.
Files:
clients/agent-runtime/src/main.rsopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/verify-report.mdclients/agent-runtime/src/tools/mcp/normalize.rsclients/agent-runtime/src/agent/agent.rsclients/web/apps/docs/src/content/docs/es/guides/configuration.mdclients/agent-runtime/src/providers/compatible.rsclients/agent-runtime/src/agent/tests.rsclients/agent-runtime/src/gateway/mod.rsclients/agent-runtime/Cargo.tomlclients/web/apps/dashboard/package.jsonclients/agent-runtime/src/channels/mod.rsclients/agent-runtime/tests/mcp_runtime_e2e.rsclients/agent-runtime/src/agent/dispatcher.rsclients/agent-runtime/tests/mcp_policy_approval_parity.rsclients/agent-runtime/src/tools/mcp/mod.rsclients/agent-runtime/src/config/mod.rsclients/agent-runtime/src/tools/mcp/client.rsclients/agent-runtime/src/security/mod.rsopenspec/specs/mcp-runtime/spec.mdclients/agent-runtime/src/providers/anthropic.rsopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/tasks.mdclients/agent-runtime/src/tools/mod.rsclients/agent-runtime/tests/mcp_native_regression.rsopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/proposal.mdclients/agent-runtime/src/tools/mcp/adapter.rsclients/agent-runtime/src/channels/telegram.rsclients/agent-runtime/src/config/schema.rsclients/web/apps/marketing/package.jsonclients/web/package.jsonclients/web/apps/docs/src/content/docs/en/guides/configuration.mdclients/agent-runtime/src/providers/copilot.rsopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/specs/mcp-runtime/spec.mdclients/web/apps/docs/src/content/docs/en/clients/agent-runtime/architecture.mdclients/agent-runtime/tests/mcp_execution_limits.rsclients/agent-runtime/src/approval/mod.rsclients/web/apps/chat/package.jsonclients/agent-runtime/tests/mcp_registry_integration.rsclients/agent-runtime/src/security/policy.rsclients/agent-runtime/src/tools/traits.rsclients/agent-runtime/tests/mcp_config_validation.rsclients/web/pnpm-workspace.yamlclients/agent-runtime/src/onboard/wizard.rsclients/web/apps/docs/package.jsonclients/agent-runtime/src/providers/traits.rsopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/design.md
**/*.{md,mdx}
⚙️ CodeRabbit configuration file
**/*.{md,mdx}: Verify technical accuracy and that docs stay aligned with code changes.
For user-facing docs, check EN/ES parity or explicitly note pending translation gaps.
Files:
openspec/changes/archive/2026-03-03-support-mcps-agent-runtime/verify-report.mdclients/web/apps/docs/src/content/docs/es/guides/configuration.mdopenspec/specs/mcp-runtime/spec.mdopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/tasks.mdopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/proposal.mdclients/web/apps/docs/src/content/docs/en/guides/configuration.mdopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/specs/mcp-runtime/spec.mdclients/web/apps/docs/src/content/docs/en/clients/agent-runtime/architecture.mdopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/design.md
clients/agent-runtime/src/tools/**/*.rs
📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)
Implement
Tooltrait insrc/tools/with strict parameter schema, validate and sanitize all inputs, and return structuredToolResultwithout panics in runtime path
Files:
clients/agent-runtime/src/tools/mcp/normalize.rsclients/agent-runtime/src/tools/mcp/mod.rsclients/agent-runtime/src/tools/mcp/client.rsclients/agent-runtime/src/tools/mod.rsclients/agent-runtime/src/tools/mcp/adapter.rsclients/agent-runtime/src/tools/traits.rs
clients/agent-runtime/src/{security,gateway,tools}/**/*.rs
📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)
Treat
src/security/,src/gateway/,src/tools/as high-risk surfaces and never broaden filesystem/network execution scope without explicit policy checks
Files:
clients/agent-runtime/src/tools/mcp/normalize.rsclients/agent-runtime/src/gateway/mod.rsclients/agent-runtime/src/tools/mcp/mod.rsclients/agent-runtime/src/tools/mcp/client.rsclients/agent-runtime/src/security/mod.rsclients/agent-runtime/src/tools/mod.rsclients/agent-runtime/src/tools/mcp/adapter.rsclients/agent-runtime/src/security/policy.rsclients/agent-runtime/src/tools/traits.rs
clients/agent-runtime/src/{security,gateway,tools,config}/**/*.rs
📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)
Do not silently weaken security policy or access constraints; keep default behavior secure-by-default with deny-by-default where applicable
Files:
clients/agent-runtime/src/tools/mcp/normalize.rsclients/agent-runtime/src/gateway/mod.rsclients/agent-runtime/src/tools/mcp/mod.rsclients/agent-runtime/src/config/mod.rsclients/agent-runtime/src/tools/mcp/client.rsclients/agent-runtime/src/security/mod.rsclients/agent-runtime/src/tools/mod.rsclients/agent-runtime/src/tools/mcp/adapter.rsclients/agent-runtime/src/config/schema.rsclients/agent-runtime/src/security/policy.rsclients/agent-runtime/src/tools/traits.rs
clients/agent-runtime/src/providers/**/*.rs
📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)
Implement
Providertrait insrc/providers/and register insrc/providers/mod.rsfactory when adding a new provider
Files:
clients/agent-runtime/src/providers/compatible.rsclients/agent-runtime/src/providers/anthropic.rsclients/agent-runtime/src/providers/copilot.rsclients/agent-runtime/src/providers/traits.rs
clients/agent-runtime/**/Cargo.toml
📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)
clients/agent-runtime/**/Cargo.toml: Preserve release-size profile assumptions inCargo.tomland avoid adding heavy dependencies unless clearly justified
Do not add heavy dependencies for minor convenience; justify new crate additions
Files:
clients/agent-runtime/Cargo.toml
clients/agent-runtime/src/channels/**/*.rs
📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)
Implement
Channeltrait insrc/channels/with consistentsend,listen, andhealth_checksemantics and cover auth/allowlist/health behavior with tests
Files:
clients/agent-runtime/src/channels/mod.rsclients/agent-runtime/src/channels/telegram.rs
🧠 Learnings (16)
📓 Common learnings
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/{security,gateway,tools,config}/**/*.rs : Do not silently weaken security policy or access constraints; keep default behavior secure-by-default with deny-by-default where applicable
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/main.rs : Preserve CLI contract unless change is intentional and documented; prefer explicit errors over silent fallback for unsupported critical paths
Applied to files:
clients/agent-runtime/src/main.rsclients/agent-runtime/src/tools/mcp/normalize.rsclients/agent-runtime/src/agent/agent.rsclients/agent-runtime/src/providers/compatible.rsclients/agent-runtime/src/agent/tests.rsclients/agent-runtime/src/gateway/mod.rsclients/agent-runtime/Cargo.tomlclients/agent-runtime/src/channels/mod.rsclients/agent-runtime/tests/mcp_runtime_e2e.rsclients/agent-runtime/src/agent/dispatcher.rsclients/agent-runtime/tests/mcp_policy_approval_parity.rsclients/agent-runtime/src/config/mod.rsclients/agent-runtime/src/tools/mcp/client.rsclients/agent-runtime/src/security/mod.rsclients/agent-runtime/src/providers/anthropic.rsclients/agent-runtime/src/tools/mod.rsclients/agent-runtime/tests/mcp_native_regression.rsopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/proposal.mdclients/agent-runtime/src/tools/mcp/adapter.rsclients/agent-runtime/src/channels/telegram.rsclients/agent-runtime/src/config/schema.rsclients/agent-runtime/tests/mcp_execution_limits.rsclients/agent-runtime/src/approval/mod.rsclients/agent-runtime/src/security/policy.rsclients/agent-runtime/src/tools/traits.rsopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/design.md
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/*.rs : Run `cargo fmt --all -- --check`, `cargo clippy --all-targets -- -D warnings`, and `cargo test` for code validation, or document which checks were skipped and why
Applied to files:
clients/agent-runtime/src/main.rsclients/agent-runtime/src/tools/mcp/normalize.rsclients/agent-runtime/src/agent/agent.rsclients/agent-runtime/src/providers/compatible.rsclients/agent-runtime/src/agent/tests.rsclients/agent-runtime/src/gateway/mod.rsclients/agent-runtime/Cargo.tomlclients/agent-runtime/src/channels/mod.rsclients/agent-runtime/tests/mcp_runtime_e2e.rsclients/agent-runtime/src/agent/dispatcher.rsclients/agent-runtime/tests/mcp_policy_approval_parity.rsclients/agent-runtime/src/tools/mcp/client.rsclients/agent-runtime/src/security/mod.rsclients/agent-runtime/src/providers/anthropic.rsopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/tasks.mdclients/agent-runtime/src/tools/mod.rsclients/agent-runtime/tests/mcp_native_regression.rsclients/agent-runtime/src/config/schema.rsclients/agent-runtime/tests/mcp_execution_limits.rsclients/agent-runtime/src/approval/mod.rsclients/agent-runtime/tests/mcp_registry_integration.rsclients/agent-runtime/src/security/policy.rsclients/agent-runtime/src/tools/traits.rsclients/agent-runtime/tests/mcp_config_validation.rs
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/Cargo.toml : Preserve release-size profile assumptions in `Cargo.toml` and avoid adding heavy dependencies unless clearly justified
Applied to files:
clients/agent-runtime/src/main.rsclients/agent-runtime/src/agent/agent.rsclients/agent-runtime/Cargo.tomlclients/agent-runtime/src/config/mod.rsclients/agent-runtime/src/security/mod.rs
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/main.rs : Keep startup path lean and avoid heavy initialization in command parsing flow
Applied to files:
clients/agent-runtime/src/main.rsclients/agent-runtime/src/agent/agent.rsclients/agent-runtime/src/tools/mcp/client.rs
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/**/*.rs : Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency
Applied to files:
clients/agent-runtime/src/main.rsclients/agent-runtime/src/agent/agent.rsclients/agent-runtime/src/tools/mcp/client.rsclients/agent-runtime/tests/mcp_execution_limits.rs
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/Cargo.toml : Do not add heavy dependencies for minor convenience; justify new crate additions
Applied to files:
clients/agent-runtime/src/main.rsclients/agent-runtime/src/agent/agent.rsclients/agent-runtime/Cargo.tomlclients/agent-runtime/tests/mcp_runtime_e2e.rsclients/agent-runtime/src/config/mod.rsclients/agent-runtime/src/tools/mcp/client.rsclients/agent-runtime/src/security/mod.rsclients/agent-runtime/src/tools/mod.rsopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/proposal.mdclients/agent-runtime/src/config/schema.rsclients/agent-runtime/tests/mcp_execution_limits.rsclients/agent-runtime/src/approval/mod.rsclients/agent-runtime/src/security/policy.rs
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/tools/**/*.rs : Implement `Tool` trait in `src/tools/` with strict parameter schema, validate and sanitize all inputs, and return structured `ToolResult` without panics in runtime path
Applied to files:
clients/agent-runtime/src/tools/mcp/normalize.rsclients/agent-runtime/src/agent/agent.rsclients/agent-runtime/src/providers/compatible.rsclients/agent-runtime/src/agent/tests.rsclients/agent-runtime/src/gateway/mod.rsclients/agent-runtime/src/channels/mod.rsclients/agent-runtime/tests/mcp_runtime_e2e.rsclients/agent-runtime/src/agent/dispatcher.rsclients/agent-runtime/tests/mcp_policy_approval_parity.rsclients/agent-runtime/src/tools/mcp/mod.rsclients/agent-runtime/src/tools/mcp/client.rsclients/agent-runtime/src/security/mod.rsopenspec/specs/mcp-runtime/spec.mdclients/agent-runtime/src/providers/anthropic.rsclients/agent-runtime/src/tools/mod.rsclients/agent-runtime/tests/mcp_native_regression.rsopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/proposal.mdclients/agent-runtime/src/tools/mcp/adapter.rsclients/agent-runtime/src/providers/copilot.rsopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/specs/mcp-runtime/spec.mdclients/web/apps/docs/src/content/docs/en/clients/agent-runtime/architecture.mdclients/agent-runtime/tests/mcp_execution_limits.rsclients/agent-runtime/src/approval/mod.rsclients/agent-runtime/tests/mcp_registry_integration.rsclients/agent-runtime/src/security/policy.rsclients/agent-runtime/src/tools/traits.rsclients/agent-runtime/src/providers/traits.rsopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/design.md
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/{security,gateway,tools,config}/**/*.rs : Do not silently weaken security policy or access constraints; keep default behavior secure-by-default with deny-by-default where applicable
Applied to files:
clients/agent-runtime/src/agent/agent.rsclients/agent-runtime/src/agent/tests.rsclients/agent-runtime/src/gateway/mod.rsclients/agent-runtime/src/channels/mod.rsclients/agent-runtime/src/agent/dispatcher.rsclients/agent-runtime/tests/mcp_policy_approval_parity.rsclients/agent-runtime/src/config/mod.rsclients/agent-runtime/src/tools/mcp/client.rsclients/agent-runtime/src/security/mod.rsopenspec/specs/mcp-runtime/spec.mdopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/tasks.mdclients/agent-runtime/src/tools/mod.rsclients/agent-runtime/tests/mcp_native_regression.rsopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/proposal.mdclients/agent-runtime/src/config/schema.rsclients/web/apps/docs/src/content/docs/en/guides/configuration.mdopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/specs/mcp-runtime/spec.mdclients/web/apps/docs/src/content/docs/en/clients/agent-runtime/architecture.mdclients/agent-runtime/tests/mcp_execution_limits.rsclients/agent-runtime/src/approval/mod.rsclients/agent-runtime/src/security/policy.rsopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/design.md
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/{security,gateway,tools}/**/*.rs : Treat `src/security/`, `src/gateway/`, `src/tools/` as high-risk surfaces and never broaden filesystem/network execution scope without explicit policy checks
Applied to files:
clients/agent-runtime/src/agent/agent.rsclients/agent-runtime/src/agent/tests.rsclients/agent-runtime/src/gateway/mod.rsclients/agent-runtime/tests/mcp_runtime_e2e.rsclients/agent-runtime/src/agent/dispatcher.rsclients/agent-runtime/tests/mcp_policy_approval_parity.rsclients/agent-runtime/src/tools/mcp/client.rsclients/agent-runtime/src/security/mod.rsopenspec/specs/mcp-runtime/spec.mdclients/agent-runtime/src/tools/mod.rsopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/proposal.mdopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/specs/mcp-runtime/spec.mdclients/web/apps/docs/src/content/docs/en/clients/agent-runtime/architecture.mdclients/agent-runtime/tests/mcp_execution_limits.rsclients/agent-runtime/src/approval/mod.rsclients/agent-runtime/src/security/policy.rsopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/design.md
📚 Learning: 2026-02-17T07:28:38.934Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-17T07:28:38.934Z
Learning: Applies to .agents/AGENTS.md : Document agent configurations and capabilities in AGENTS.md
Applied to files:
clients/web/apps/docs/src/content/docs/es/guides/configuration.mdopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/tasks.mdclients/web/apps/docs/src/content/docs/en/guides/configuration.md
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/providers/**/*.rs : Implement `Provider` trait in `src/providers/` and register in `src/providers/mod.rs` factory when adding a new provider
Applied to files:
clients/agent-runtime/src/providers/compatible.rsclients/agent-runtime/tests/mcp_runtime_e2e.rsclients/agent-runtime/src/config/mod.rsclients/agent-runtime/src/tools/mcp/client.rsclients/agent-runtime/src/providers/anthropic.rsclients/agent-runtime/tests/mcp_registry_integration.rsclients/agent-runtime/src/tools/traits.rs
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/channels/**/*.rs : Implement `Channel` trait in `src/channels/` with consistent `send`, `listen`, and `health_check` semantics and cover auth/allowlist/health behavior with tests
Applied to files:
clients/agent-runtime/src/channels/mod.rsclients/agent-runtime/tests/mcp_runtime_e2e.rsclients/agent-runtime/src/channels/telegram.rsclients/agent-runtime/tests/mcp_registry_integration.rs
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Include threat/risk notes and rollback strategy for security, runtime, and gateway changes; add or update tests for boundary checks and failure modes
Applied to files:
openspec/changes/archive/2026-03-03-support-mcps-agent-runtime/tasks.mdclients/web/apps/docs/src/content/docs/en/clients/agent-runtime/architecture.md
📚 Learning: 2026-02-17T07:28:38.934Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-17T07:28:38.934Z
Learning: Applies to .agents/AGENTS.md : Maintain comprehensive agent metadata including name, description, purpose, and capabilities
Applied to files:
clients/web/apps/docs/src/content/docs/en/guides/configuration.md
📚 Learning: 2026-02-17T07:28:38.934Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-17T07:28:38.934Z
Learning: Applies to .agents/AGENTS.md : Include version information and compatibility details for agents
Applied to files:
clients/web/apps/docs/src/content/docs/en/guides/configuration.md
🧬 Code graph analysis (14)
clients/agent-runtime/src/agent/agent.rs (3)
clients/agent-runtime/src/tools/mcp/adapter.rs (1)
name(59-61)clients/agent-runtime/src/tools/traits.rs (1)
name(37-37)clients/agent-runtime/src/approval/mod.rs (1)
structured_denial_text(66-68)
clients/agent-runtime/src/agent/tests.rs (2)
clients/agent-runtime/src/agent/dispatcher.rs (1)
serde_json(93-93)clients/agent-runtime/tests/agent_e2e.rs (2)
tool_response(164-169)text_response(157-162)
clients/agent-runtime/src/gateway/mod.rs (1)
clients/agent-runtime/src/approval/mod.rs (1)
structured_denial_payload(58-64)
clients/agent-runtime/tests/mcp_runtime_e2e.rs (4)
clients/agent-runtime/src/tools/mcp/adapter.rs (1)
name(59-61)clients/agent-runtime/src/tools/traits.rs (2)
name(37-37)name(67-69)clients/agent-runtime/src/tools/mcp/client.rs (1)
new(22-24)clients/agent-runtime/src/tools/mod.rs (1)
all_tools(105-132)
clients/agent-runtime/tests/mcp_policy_approval_parity.rs (2)
clients/agent-runtime/src/agent/dispatcher.rs (1)
evaluate_tool_risk(52-74)clients/agent-runtime/src/approval/mod.rs (1)
structured_denial_payload(58-64)
clients/agent-runtime/src/tools/mcp/mod.rs (2)
clients/agent-runtime/src/tools/mcp/adapter.rs (2)
name(59-61)from_manifest(20-36)clients/agent-runtime/src/tools/traits.rs (2)
name(37-37)name(67-69)
clients/agent-runtime/src/tools/mod.rs (1)
clients/agent-runtime/src/tools/mcp/mod.rs (1)
discover_tools(32-97)
clients/agent-runtime/tests/mcp_native_regression.rs (4)
clients/agent-runtime/src/tools/mcp/client.rs (1)
new(22-24)clients/agent-runtime/src/tools/mod.rs (1)
all_tools(105-132)clients/agent-runtime/src/tools/mcp/adapter.rs (1)
name(59-61)clients/agent-runtime/src/tools/traits.rs (2)
name(37-37)name(67-69)
clients/agent-runtime/src/tools/mcp/adapter.rs (2)
clients/agent-runtime/src/tools/mcp/normalize.rs (2)
normalize_tool_name(3-7)source_metadata(9-16)clients/agent-runtime/src/tools/traits.rs (9)
name(37-37)name(67-69)description(40-40)description(71-73)parameters_schema(43-43)parameters_schema(75-82)execute(46-46)execute(84-94)spec(49-56)
clients/agent-runtime/src/config/schema.rs (1)
clients/agent-runtime/tests/mcp_runtime_e2e.rs (1)
server(8-19)
clients/agent-runtime/tests/mcp_execution_limits.rs (3)
clients/agent-runtime/src/tools/mcp/client.rs (1)
new(22-24)clients/agent-runtime/src/tools/mcp/adapter.rs (5)
from_manifest(20-36)name(59-61)description(63-65)parameters_schema(67-69)execute(71-92)clients/agent-runtime/src/tools/traits.rs (8)
name(37-37)name(67-69)description(40-40)description(71-73)parameters_schema(43-43)parameters_schema(75-82)execute(46-46)execute(84-94)
clients/agent-runtime/tests/mcp_registry_integration.rs (2)
clients/agent-runtime/src/tools/traits.rs (2)
name(37-37)name(67-69)clients/agent-runtime/src/tools/mcp/mod.rs (1)
discover_tools(32-97)
clients/agent-runtime/tests/mcp_config_validation.rs (1)
clients/agent-runtime/src/config/schema.rs (16)
default(197-206)default(237-245)default(268-274)default(330-339)default(458-465)default(547-561)default(584-590)default(603-605)default(644-654)default(694-705)default(768-776)default(820-831)default(870-880)default(1020-1045)default(1065-1071)default(1111-1156)
clients/agent-runtime/src/onboard/wizard.rs (1)
clients/agent-runtime/src/config/schema.rs (16)
default(197-206)default(237-245)default(268-274)default(330-339)default(458-465)default(547-561)default(584-590)default(603-605)default(644-654)default(694-705)default(768-776)default(820-831)default(870-880)default(1020-1045)default(1065-1071)default(1111-1156)
🪛 LanguageTool
clients/web/apps/docs/src/content/docs/es/guides/configuration.md
[grammar] ~57-~57: Aquí puede haber un error.
Context: ...tes = 65536 ``` - mcp.enabled = false es el valor seguro por defecto y desacti...
(QB_NEW_ES)
[grammar] ~57-~57: Corrige la minúscula.
Context: ...es = 65536 ``` - mcp.enabled = false es el valor seguro por defecto y desactiva...
(QB_NEW_ES_OTHER_ERROR_IDS_REPLACEMENT_ORTHOGRAPHY_LOWERCASE)
[grammar] ~58-~58: Aquí puede haber un error.
Context: ...o/ejecucion MCP. - Las herramientas MCP usan namespace mcp.<server>.<tool>. - Las ...
(QB_NEW_ES)
[grammar] ~59-~59: Elimina la palabra o signo.
Context: ...visados y devuelven payload estructurado approval_required hasta recibir aproba...
(QB_NEW_ES_OTHER_ERROR_IDS_UNNECESSARY_SPACE)
[grammar] ~61-~61: Elimina la palabra o signo.
Context: ...nos siguen registrandose; los errores se registran con diagnosticos redactados. ...
(QB_NEW_ES_OTHER_ERROR_IDS_UNNECESSARY_SPACE)
openspec/changes/archive/2026-03-03-support-mcps-agent-runtime/proposal.md
[grammar] ~49-~49: Use a hyphen to join words.
Context: ...te config strictly at load time and fail safe for malformed or unsafe definitions...
(QB_NEW_EN_HYPHEN)
🪛 markdownlint-cli2 (0.21.0)
openspec/changes/archive/2026-03-03-support-mcps-agent-runtime/verify-report.md
[warning] 1-1: First line in a file should be a top-level heading
(MD041, first-line-heading, first-line-h1)
[warning] 8-8: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 9-9: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
[warning] 22-22: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
[warning] 30-30: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
[warning] 84-84: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 85-85: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
[warning] 96-96: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 97-97: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
[warning] 127-127: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 136-136: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 142-142: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 152-152: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 153-153: Fenced code blocks should be surrounded by blank lines
(MD031, blanks-around-fences)
[warning] 167-167: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 170-170: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
openspec/specs/mcp-runtime/spec.md
[warning] 20-20: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 26-26: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 32-32: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 43-43: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 49-49: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 55-55: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 66-66: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 72-72: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 78-78: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 89-89: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 95-95: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 101-101: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 112-112: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 118-118: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 124-124: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 135-135: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 141-141: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 147-147: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
openspec/changes/archive/2026-03-03-support-mcps-agent-runtime/specs/mcp-runtime/spec.md
[warning] 20-20: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 26-26: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 32-32: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 43-43: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 49-49: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 55-55: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 66-66: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 72-72: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 78-78: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 89-89: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 95-95: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 101-101: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 112-112: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 118-118: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 124-124: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 135-135: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 141-141: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
[warning] 147-147: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
Contributor
There was a problem hiding this comment.
Actionable comments posted: 31
♻️ Duplicate comments (6)
clients/web/apps/marketing/package.json (1)
25-25:⚠️ Potential issue | 🟠 MajorValidate Astro↔Vite major compatibility before keeping
vite: "catalog:".Line 25 now resolves
viteto the workspace catalog version (7.3.1). Please verify this is officially supported by the current Astro version used here; otherwise pinviteto the supported major for Astro apps to avoid build/runtime regressions.For Astro version 5.18.0, what Vite major versions are officially supported? Please provide the official Astro documentation link and the package peer dependency constraints.As per coding guidelines: "Look for behavioral regressions, missing tests, and contract breaks across modules."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@clients/web/apps/marketing/package.json` at line 25, Verify Astro 5.18.0's supported Vite major and update the "vite" entry in package.json accordingly: check the official Astro compatibility docs and the Astro 5.18.0 package peerDependencies (include the official docs URL and the exact peerDependency constraint string in your PR), confirm whether resolving "vite": "catalog:" (catalog v7.3.1) matches the supported Vite major for Astro 5.18.0, and if not replace "vite": "catalog:" with a pinned semver for the supported Vite major (e.g., "^X.0.0"). Ensure the PR description notes the verification results and include the Astro doc link and the peerDependency constraint found.openspec/changes/archive/2026-03-03-support-mcps-agent-runtime/proposal.md (1)
49-49:⚠️ Potential issue | 🟡 MinorHyphenate "fail-safe" for grammatical correctness.
The term should be "fail-safe" (hyphenated) in this context.
📝 Suggested fix
- - Validate config strictly at load time and fail safe for malformed or unsafe definitions. + - Validate config strictly at load time and fail-safe for malformed or unsafe definitions.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@openspec/changes/archive/2026-03-03-support-mcps-agent-runtime/proposal.md` at line 49, The phrase "Validate config strictly at load time and fail-safe for malformed or unsafe definitions." is missing a hyphen in "fail-safe"; update the text in the proposal line containing that phrase so it reads "Validate config strictly at load time and fail-safe for malformed or unsafe definitions." (i.e., ensure "fail-safe" is hyphenated) and commit the change where that exact sentence appears.clients/web/apps/docs/src/content/docs/es/guides/configuration.md (1)
57-62:⚠️ Potential issue | 🟡 MinorMejorar consistencia terminológica en español en la sección MCP.
El contenido técnico está bien, pero en documentación ES conviene evitar mezcla innecesaria de anglicismos visibles al usuario (
namespace,deny-by-default,payload) para mantener claridad y paridad editorial.✍️ Propuesta breve
-- Las herramientas MCP usan namespace `mcp.<server>.<tool>`. -- Las llamadas MCP son deny-by-default en flujos supervisados y devuelven payload estructurado +- Las herramientas MCP usan el espacio de nombres `mcp.<server>.<tool>`. +- Las llamadas MCP se bloquean por defecto en flujos supervisados y devuelven una respuesta estructurada `approval_required` hasta recibir aprobación explícita.As per coding guidelines
**/*.{md,mdx}: Verify technical accuracy and that docs stay aligned with code changes. For user-facing docs, check EN/ES parity or explicitly note pending translation gaps.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@clients/web/apps/docs/src/content/docs/es/guides/configuration.md` around lines 57 - 62, Reemplaza los anglicismos visibles en la sección MCP por términos en español para mantener consistencia editorial: cambia "namespace" por "espacio de nombres" y deja el ejemplo `mcp.<server>.<tool>` intacto; sustituye "deny-by-default" por "negación por defecto" y "payload" por "contenido" (o "datos") manteniendo la clave técnica `approval_required` literal (p. ej. `contenido "approval_required"`), y ajusta la frase que menciona `mcp.enabled = false` y los mensajes de errores redactados para usar la terminología traducida sin alterar los identificadores de configuración (`mcp.enabled`) ni las claves técnicas.clients/agent-runtime/src/tools/mcp/client.rs (1)
122-126:⚠️ Potential issue | 🟠 MajorCommand-path MCP calls still drop per-call arguments.
Line 125 still takes
_arguments, so non-mock command execution ignores tool inputs and can collapse tool behavior across calls.As per coding guidelines
**/*: Security first, performance second. Validate input boundaries, auth/authz implications, and secret management. Look for behavioral regressions, missing tests, and contract breaks across modules.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@clients/agent-runtime/src/tools/mcp/client.rs` around lines 122 - 126, The call_tool_from_command function currently ignores per-call arguments because the parameter is named _arguments (in call_tool_from_command), causing command-path MCP calls to drop inputs; update the function signature to use arguments (remove the leading underscore) and forward those serde_json::Value arguments into the tool/command execution path (e.g., pass into the code that builds/executes the command or deserializes into the command-specific struct used by execute/dispatch functions), adding input validation (size/type bounds and any auth/authz/secret checks) before forwarding to avoid security regressions and behavioral regressions across mocks and real calls.clients/agent-runtime/src/tools/mcp/adapter.rs (2)
99-110:⚠️ Potential issue | 🟠 MajorArgument validation is still shape-only and does not enforce the declared schema.
This path only checks
Object | Null, but it doesn’t validate key/type constraints againstself.parametersbefore dispatching to MCP.As per coding guidelines
clients/agent-runtime/src/tools/**/*.rs: ImplementTooltrait insrc/tools/with strict parameter schema, validate and sanitize all inputs, and return structuredToolResultwithout panics in runtime path.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@clients/agent-runtime/src/tools/mcp/adapter.rs` around lines 99 - 110, The current validation only accepts Object/Null but must enforce the declared parameter schema in self.parameters before calling MCP: update the branch that builds validated_args to (1) if args is Null treat as empty object only if all parameters are optional or have defaults otherwise return ToolResult { success: false, error: Some(...) }; (2) iterate self.parameters to ensure required keys exist, types match (string/number/boolean/array/object) and coerce or reject mismatched types; (3) drop any keys not declared in self.parameters (sanitize); and (4) on any validation failure return a structured ToolResult with success:false and a clear error string instead of panicking. Locate and change the code that references args/validated_args and use self.parameters to perform the schema checks and sanitization before dispatch.
52-70:⚠️ Potential issue | 🔴 CriticalUTF-8 truncation fallback can still panic in runtime path.
The fallback on Line 69 (
output[..max_body]) may slice at a non-char boundary when the first character is multibyte andmax_bodyis small, which can panic.Proposed UTF-8-safe truncation fix
- let truncated = if max_body >= bytes.len() { - output.clone() - } else { - output - .chars() - .take_while(|_| true) - .scan(0usize, |acc, c| { - let next = *acc + c.len_utf8(); - if next <= max_body { - Some(next) - } else { - None - } - }) - .last() - .map(|end| output[..end].to_string()) - .unwrap_or_else(|| output[..max_body].to_string()) - }; + let safe_end = output + .char_indices() + .map(|(idx, _)| idx) + .take_while(|idx| *idx <= max_body) + .last() + .unwrap_or(0); + let truncated = output[..safe_end].to_string();As per coding guidelines
**/*.rs: Focus on Rust idioms, memory safety, and ownership/borrowing correctness. Flag unnecessary clones, unchecked panics in production paths, and weak error context.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@clients/agent-runtime/src/tools/mcp/adapter.rs` around lines 52 - 70, The fallback slicing at output[..max_body] can panic on a UTF-8 boundary; change the fallback to use UTF-8-safe slicing: try output.get(..max_body) and if that returns None, find the previous valid char boundary using output.char_indices().take_while(|(i,_)| *i < max_body).last() to obtain a safe end index and slice output[..end] (or fall back to the first char or empty string if no boundary found); apply this change where truncated is computed (variables: truncated, output, max_body, bytes) to avoid any unchecked slicing.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.agents/skills/accessibility/SKILL.md:
- Around line 212-219: Replace the current rules that remove :focus and only
style :focus-visible: restore a baseline focus style by adding a :focus rule
that sets outline and outline-offset, add a :focus:not(:focus-visible) rule to
suppress that outline for pointer/mouse interactions, and keep the
:focus-visible rule for enhanced keyboard styling; update the selectors :focus,
:focus:not(:focus-visible), and :focus-visible accordingly so keyboard users
always get a visible focus ring while pointer focus remains visually suppressed.
In @.agents/skills/best-practices/SKILL.md:
- Around line 28-30: Update the protocol-relative example by removing the
checkmark and replacing the src value "//example.com/image.jpg" with an explicit
"https://example.com/image.jpg" or a same-origin relative path; also update the
accompanying comment text (the "✅ Protocol-relative (will use page's protocol)"
line) to no longer endorse protocol-relative URLs so the example and annotation
reflect using explicit HTTPS for external resources.
- Around line 80-82: Remove the deprecated X-XSS-Protection recommendation:
delete the "X-XSS-Protection: 1; mode=block" entry and any accompanying guidance
in SKILL.md, and replace it with guidance to use a strong
Content-Security-Policy (CSP) instead (recommend CSP with nonces/hashes and
example directives for script-src, object-src, and default-src), mention that
modern browsers ignore X-XSS-Protection and link to MDN/OWASP guidance for CSP
best practices.
In @.agents/skills/core-web-vitals/references/LCP.md:
- Line 35: Normalize blank lines around fenced code blocks and level-3 headings
by ensuring there is exactly one blank line before and after each
triple-backtick fence (```) and one blank line after each "###" heading; update
the LCP.md content where fenced blocks and "###" headings occur (look for
occurrences of ``` and headings like "### Nuxt") so that every fenced block is
surrounded by blank lines and every "###" heading is followed by a blank line,
applying the same change at all listed occurrences.
- Around line 15-20: Add a language identifier to the ASCII timeline code fence
by changing the opening triple-backtick to include "text" (or "plaintext") so
the block becomes ```text; update the fenced block that contains the ASCII
timeline "[ Server Response ][ Resource Load ][ Render ] ..." (the LCP
Time diagram) to use the language identifier to satisfy MD040.
In @.agents/skills/core-web-vitals/SKILL.md:
- Around line 402-405: The guidance currently shows using next/image with fill
but omits the sizes attribute; update the example using Image from 'next/image'
(the Image component with fill and priority props) to include a suitable sizes
string so browsers don't default to 100vw — e.g., add a sizes value that
reflects the image’s responsive layout (such as "100vw" for full-bleed on small
screens and a max-width breakpoint for larger viewports) so LCP loads
appropriate image widths instead of unnecessarily large assets.
- Around line 162-164: The snippet uses requestIdleCallback without feature
detection; update the code around requestIdleCallback and trackEvent to
feature-detect requestIdleCallback and fall back to setTimeout (or an equivalent
low-priority scheduling) when unavailable, e.g., check if
window.requestIdleCallback exists and call it, otherwise use setTimeout with a
short delay and invoke trackEvent from that branch to ensure cross-browser
behavior.
In @.agents/skills/performance/SKILL.md:
- Around line 290-297: Change the fenced code block for the virtualization
example from the incorrect "javascript" language to "css" so syntax highlighting
and tooling are correct; specifically update the fenced block that contains the
.virtual-list CSS (the block showing content-visibility and
contain-intrinsic-size with the comment "For lists > 100 items, render only
visible items") to begin with ```css instead of ```javascript.
In @.agents/skills/seo/SKILL.md:
- Around line 74-75: Replace the deprecated guidance that suggests using
rel="prev"/"next" for pagination with current best practices: instruct authors
to create crawlable sequential internal links using standard <a href> anchors
between pages, ensure each page has a unique URL pattern (e.g., query string or
path like ?page=2) and document that each paginated page should have a
self-referencing canonical (canonicals must point to the page itself, not to
page 1); optionally note that deeper pages may include a link back to page 1 to
reinforce the series start.
In @.agents/skills/web-quality-audit/scripts/analyze.sh:
- Around line 55-58: The current grep check in analyze.sh flags any occurrence
of 'http://' in a file which yields false positives; update the check to only
detect insecure resource links by matching attribute patterns like href= or src=
(e.g., grep -qE '(<[^>]+(href|src)=["'\'']http://|href=|src=)') for the variable
file and add the resulting warning to WARNINGS array as before; modify the
conditional around the grep that currently looks for 'http://' so it targets
href/src attribute uses instead, keeping the same WARNINGS+=("$file: Contains
non-HTTPS URLs") behavior.
- Around line 45-48: The current grep uses a PCRE negative lookahead '(?!...)'
with grep -E which doesn't support it; change the check so image tags are
detected with grep -E '<img[^>]*>' and then verify absence of alt attributes by
examining those tag matches (e.g., extract img tags and ensure none contain
'alt=') before appending to WARNINGS; alternatively, if your target systems
support PCRE, replace the failing pattern with grep -P and keep the negative
lookahead, but be sure to update the two-grep conditional around the file
variable and WARNINGS+=("$file: ...") accordingly.
- Around line 62-65: The loop that scans $TARGET uses a `find | while read`
pipeline which runs the while loop in a subshell so updates to the ISSUES and
WARNINGS arrays inside analyze_html are lost; change the loop to use process
substitution or redirect the find output into the while loop in the current
shell (e.g., `while IFS= read -r file; do analyze_html "$file"; done < <(find
"$TARGET" -name "*.html" -o -name "*.htm")`) so analyze_html (and mutations to
ISSUES and WARNINGS) execute in the main shell; keep using analyze_html,
preserve quoting, and ensure IFS/read flags are present to handle filenames
safely.
- Around line 73-91: The JSON construction in the analyze.sh output loop is
unsafe: escape array values from ISSUES and WARNINGS and quote loop indices to
avoid word-splitting; update the two for loops that iterate over "${!ISSUES[@]}"
and "${!WARNINGS[@]}" to use a safe quoting form for the index variable (e.g.,
"$i") and ensure each emitted string is properly JSON-escaped (handle
backslashes, double quotes and newlines) before printing; preferably replace the
manual echo assembly with a robust JSON generator (jq) if available or add a
small shell function to escape strings and use it when printing "${ISSUES[$i]}"
and "${WARNINGS[$i]}".
In @.github/workflows/sonarqube-analysis.yml:
- Around line 72-81: The workflow currently references mutable GitHub Action
refs dtolnay/rust-toolchain@HEAD and taiki-e/install-action@cargo-llvm-cov;
replace these with immutable commit SHAs to match the repository's SHA-pinned
pattern: locate the latest trusted commit SHAs for dtolnay/rust-toolchain and
taiki-e/install-action and update the `uses:` fields to
dtolnay/rust-toolchain@<commit-sha> and taiki-e/install-action@<commit-sha>,
respectively, ensuring you verify the commits are compatible with toolchain:
1.92 and the cargo-llvm-cov installer before committing.
- Around line 82-86: The Rust coverage step currently runs "cargo llvm-cov
--xml" and the pipeline imports it via the Java JaCoCo property
"sonar.coverage.jacoco.xmlReportPaths", causing Rust coverage to be ignored;
change the Generate Rust coverage run command (the step named "🧪 Generate Rust
coverage") to produce LCOV (use "cargo llvm-cov --lcov" or "cargo llvm-cov
report --lcov") and update the Sonar property reference (replace
"sonar.coverage.jacoco.xmlReportPaths" with "sonar.rust.lcov.reportPaths") to
point to the generated LCOV file (e.g., the existing
../../coverage/agent-runtime-coverage.lcov path).
In `@clients/agent-runtime/src/config/schema.rs`:
- Around line 2555-2582: validate_mcp_servers() currently checks server.command
and server.env values for NUL/empty but misses validating server.args and env
keys; update the validation block (the loop handling server.* near the checks
for command, startup_timeout_ms, call_timeout_ms, output_limit_bytes) to: 1)
iterate server.args and bail if any arg contains '\0'; 2) check each env key for
empty string and for containing '=' and bail with clear messages (similar style
to existing anyhow::bail calls) in addition to the existing NUL checks on keys
and values so invalid args or env names are rejected at config load rather than
spawn time.
In `@clients/agent-runtime/src/tools/mcp/client.rs`:
- Around line 141-179: The current use of child.wait_with_output() buffers the
entire stdout/stderr before truncation; change the implementation to stream
child.stdout and child.stderr asynchronously (read from child.stdout and
child.stderr as AsyncRead streams) while the process runs, enforce
truncation/limit on the fly using the existing enforce_output_limit() logic (or
replicate its behavior) so you stop reading once limits are reached, and still
apply redact_diagnostic() to captured stderr fragments; use tokio::time::timeout
around the overall async task that spawns the readers and awaits child.wait(),
then check the process exit via child.wait() (or wait_with_output replacement)
and produce the same error JSON payloads (mcp_timeout, mcp_transport_error)
using self.server.call_timeout_ms, self.server.name, name, and the
redacted/truncated stderr/stdout collected during streaming.
In `@clients/agent-runtime/src/tools/mod.rs`:
- Around line 294-295: The MCP-specific tests in
clients/agent-runtime/src/tools/mod.rs that assert MCP registration behavior
should be conditioned on the mcp-runtime feature so they don't run when that
code is compiled out; wrap the MCP-related test module(s) or the individual test
functions (the blocks around the assertions in the ranges you noted) with
#[cfg(feature = "mcp-runtime")] (or annotate each test with #[cfg(feature =
"mcp-runtime")]) so they only run when the McpConfig/McpServerConfig code paths
are present; look for the test modules or functions referencing
McpConfig/McpServerConfig (and imports like BrowserConfig, Config, MemoryConfig)
around the commented ranges and apply the cfg attribute there.
- Around line 71-85: The current redact_runtime_error function only replaces
exact environment variable values and thus can miss secrets; stop emitting raw
discovery/error payloads at warn/error level and instead log a non-sensitive
summary and a fully-sanitized string. Update redact_runtime_error to (1)
early-detect and mask known secret patterns via regexes (JWTs, long Base64
strings, API[-_]?KEYs, bearer tokens, hex/uuid-looking secrets, password= or
secret= inline), (2) replace any substring matching those patterns with
"[REDACTED]", and (3) if the sanitized output is unchanged but the original
string contains suspicious length/entropy (e.g., contiguous non-whitespace > 64)
return a generic "[REDACTED]" sentinel. Also change the logging site that
currently prints `error = %redacted` to avoid printing the raw error: log a
minimal contextual message and include only the sanitized/redacted output from
redact_runtime_error or the generic sentinel.
In `@clients/agent-runtime/tests/mcp_execution_limits.rs`:
- Around line 77-111: The test
native_tool_dispatch_still_works_with_mcp_limits_enabled only calls
NativeEcho.execute directly and therefore doesn't exercise the unified dispatch
path or MCP limit checks; update the test to register NativeEcho with the real
dispatcher used in production (invoke the module/function that performs tool
dispatch, e.g., the dispatcher or dispatch_tool entrypoint) and run the dispatch
call instead of calling NativeEcho.execute directly so the request flows through
the MCP limits code path and validates dispatcher-level behavior.
In `@clients/web/pnpm-workspace.yaml`:
- Line 16: The workspace pins conflicting versions of astro and vite:
astro@"5.18.0" requires Vite 6.x but vite is pinned to 7.3.1; to fix, make the
versions consistent in pnpm-workspace.yaml by either downgrading the vite entry
to a compatible 6.x range (e.g., ^6.4.1) so it matches astro@"5.18.0", or
upgrade the astro entry to a 6.x release that supports Vite 7; update the astro
or vite version string accordingly and run the lockfile install to verify
builds.
In `@openspec/changes/archive/2026-03-03-support-mcps-agent-runtime/design.md`:
- Around line 230-239: Update the "One server fails startup" table row to append
"and emit startup error event with redacted diagnostic to observer pipeline" to
the Behavior cell for that failure mode (row labeled "One server fails
startup"), and then update the Observability section to explicitly require
per-server startup success/failure logging and emission of a redacted
startup-error event to the observer pipeline (ensure the Observability text
references both success and failure logs and that diagnostics are redacted
before emission).
- Around line 282-292: Add a new "Security" row to the Testing Strategy table
that targets MCP trust-boundary risks: include tests for malformed server
responses and fuzzing of the stdio protocol parser, adversarial/malicious tool
metadata injection and adversarial tool definitions to test Name
normalization/collision logic and reserved ID handling, adversarial attempts to
bypass MCP adapter limits (timeout/output cap/resource exhaustion), and policy
enforcement checks across agent loop, channel loop, and gateway path to ensure
auth/authz and deny/approval outcomes remain secure under attack scenarios.
- Around line 293-308: Update the Rollback section to include concrete
verification steps: after setting mcp.enabled = false (or removing mcp.servers)
verify the tool registry returns only native tools by querying the tool registry
list and asserting no entries with the MCP namespace/identifier (references:
mcp.enabled, mcp.servers, namespaced registration), confirm behavior of
in-flight MCP calls by specifying whether the runtime should cancel or allow
completion (add a clear rule for "graceful termination" vs "allow to complete"
in the Identity/dispatch text and an implementation hook name like
onMcpRollback), and define log/metric checks to run post-rollback (e.g., ensure
mcp.registration.count == 0, no recent mcp.dispatch.* errors, and emit a
rollback-complete metric/log entry) so operators can programmatically confirm
rollback success.
- Around line 309-314: Resolve the two open security questions by (1) choosing
the secure-by-default option for v1: restrict MCP server secrets to
environment-variable references only; if you must support encrypted inline
values in config.toml, add a documented encryption spec (scheme, key derivation,
rotation policy, integration with secret management) and implement/verify key
handling before proceeding, and (2) decide gateway scope for v1: either gate MCP
in the gateway by enforcing the same MCP risk/approval checks used by the main
tool loop when gateway supports tool-enabled webhook paths, or explicitly
document the security boundary that excludes gateway from MCP and update the
design to show that exclusion and its rationale so no enforcement gaps remain.
- Around line 217-227: Update the Security Model / Defenses section to
explicitly cover stdio channel security: state that the stdio JSON-RPC client
will perform strict JSON-RPC schema validation with configurable size limits,
enforce input sanitization for all server responses (tool metadata and outputs),
implement parsing error handling that fails closed (returns a safe error without
exposing internal state), and use bounded buffers for stdio reads/writes to
prevent memory exhaustion and timing/side-channel leaks; reference MCP servers
as untrusted and mark the stdio/gateway/tools surface as high-risk so these
controls are applied consistently.
- Around line 130-135: The design's validation rules omit the exact
secret-detection logic; update the Validation rules section to explicitly state
that any env var whose key contains (case-insensitive) TOKEN, SECRET, PASSWORD,
API_KEY, or AUTH must be treated as secret and redacted in diagnostics, and
additionally that all values coming from MCP server `env` overrides are always
treated as secrets and redacted; reference the "Validation rules (load-time,
fail-safe)" paragraph and the MCP server `env` overrides language so
implementers know to apply both key-pattern redaction and unconditional
redaction of MCP-provided env values.
In `@openspec/changes/archive/2026-03-03-support-mcps-agent-runtime/proposal.md`:
- Around line 45-49: Update the configuration model for the mcp.servers
collection to add explicit command-path validation rules: require the server
command field to be an absolute path (no PATH lookup), disallow shell
metacharacters in the command and each entry of args, enforce
allowlist/approved-directory checks before permitting execution, and require
environment variable values to be sanitized (or validated against a safe
pattern) to prevent injection; reflect these constraints in the schema,
documentation for fields (command, args, env), and the strict config validation
logic so malformed or unsafe mcp.servers entries are rejected at load time.
- Around line 62-66: Update the "5. Execution hardening" section of the proposal
by adding explicit bullets for memory limits, file descriptor limits, and
process isolation; specifically, add a "Memory limits" item describing
per-server heap/RSS caps and how to enforce them (cgroups, RLIMIT_AS/RSS), a
"File descriptor limits" item describing per-server/instance FD caps and
enforcement (RLIMIT_NOFILE, per-process accounting) and monitoring, and a
"Process isolation" item recommending sandboxing options (separate process
groups, namespaces, containers) and fallback behavior; reference the existing
"Execution hardening" heading and its current bullets so the new items fit the
list and include suggested enforcement mechanisms and metrics to measure
compliance.
- Around line 131-141: Update the "## Risks" table under the Risks section to
add three explicit rows for the missing risks: add a row titled "Command
injection through server config" with Likelihood "High" and Mitigation "Absolute
path validation, arg sanitization, no shell execution, allowlist enforcement";
add a row titled "Resource exhaustion (memory/FD/CPU)" with Likelihood
"Medium/High" and Mitigation "Per-server memory/FD/CPU limits, process
isolation, monitoring/alerting"; and add a row titled "Insufficient audit trail
for security/compliance" with Likelihood "Medium" and Mitigation "Structured
logging of denials, policy decisions, MCP invocations; retention policy"—insert
these rows into the existing markdown table under the ## Risks header so they
align with the current columns and formatting and avoid duplicating the existing
"unsafe operations" entry.
- Around line 84-93: Update the "Security considerations" section to add
explicit mitigations for command execution and resource exhaustion: require
strict validation of MCP server command/args (e.g., absolute paths, forbid shell
metacharacters, enforce allowlists) to prevent command injection and path
traversal; mandate runtime resource controls (memory limits, file descriptor
caps, CPU quotas, and strict output limits) to defend against DoS; add audit
logging requirements for denials, policy violations, and anomalous behavior;
require rate limiting per MCP server/tool to limit call frequency; and mark
src/security/, src/gateway/, and src/tools/ as high-risk surfaces that must not
be granted broader filesystem or network execution scope without explicit
policy/approval checks.
---
Duplicate comments:
In `@clients/agent-runtime/src/tools/mcp/adapter.rs`:
- Around line 99-110: The current validation only accepts Object/Null but must
enforce the declared parameter schema in self.parameters before calling MCP:
update the branch that builds validated_args to (1) if args is Null treat as
empty object only if all parameters are optional or have defaults otherwise
return ToolResult { success: false, error: Some(...) }; (2) iterate
self.parameters to ensure required keys exist, types match
(string/number/boolean/array/object) and coerce or reject mismatched types; (3)
drop any keys not declared in self.parameters (sanitize); and (4) on any
validation failure return a structured ToolResult with success:false and a clear
error string instead of panicking. Locate and change the code that references
args/validated_args and use self.parameters to perform the schema checks and
sanitization before dispatch.
- Around line 52-70: The fallback slicing at output[..max_body] can panic on a
UTF-8 boundary; change the fallback to use UTF-8-safe slicing: try
output.get(..max_body) and if that returns None, find the previous valid char
boundary using output.char_indices().take_while(|(i,_)| *i < max_body).last() to
obtain a safe end index and slice output[..end] (or fall back to the first char
or empty string if no boundary found); apply this change where truncated is
computed (variables: truncated, output, max_body, bytes) to avoid any unchecked
slicing.
In `@clients/agent-runtime/src/tools/mcp/client.rs`:
- Around line 122-126: The call_tool_from_command function currently ignores
per-call arguments because the parameter is named _arguments (in
call_tool_from_command), causing command-path MCP calls to drop inputs; update
the function signature to use arguments (remove the leading underscore) and
forward those serde_json::Value arguments into the tool/command execution path
(e.g., pass into the code that builds/executes the command or deserializes into
the command-specific struct used by execute/dispatch functions), adding input
validation (size/type bounds and any auth/authz/secret checks) before forwarding
to avoid security regressions and behavioral regressions across mocks and real
calls.
In `@clients/web/apps/docs/src/content/docs/es/guides/configuration.md`:
- Around line 57-62: Reemplaza los anglicismos visibles en la sección MCP por
términos en español para mantener consistencia editorial: cambia "namespace" por
"espacio de nombres" y deja el ejemplo `mcp.<server>.<tool>` intacto; sustituye
"deny-by-default" por "negación por defecto" y "payload" por "contenido" (o
"datos") manteniendo la clave técnica `approval_required` literal (p. ej.
`contenido "approval_required"`), y ajusta la frase que menciona `mcp.enabled =
false` y los mensajes de errores redactados para usar la terminología traducida
sin alterar los identificadores de configuración (`mcp.enabled`) ni las claves
técnicas.
In `@clients/web/apps/marketing/package.json`:
- Line 25: Verify Astro 5.18.0's supported Vite major and update the "vite"
entry in package.json accordingly: check the official Astro compatibility docs
and the Astro 5.18.0 package peerDependencies (include the official docs URL and
the exact peerDependency constraint string in your PR), confirm whether
resolving "vite": "catalog:" (catalog v7.3.1) matches the supported Vite major
for Astro 5.18.0, and if not replace "vite": "catalog:" with a pinned semver for
the supported Vite major (e.g., "^X.0.0"). Ensure the PR description notes the
verification results and include the Astro doc link and the peerDependency
constraint found.
In `@openspec/changes/archive/2026-03-03-support-mcps-agent-runtime/proposal.md`:
- Line 49: The phrase "Validate config strictly at load time and fail-safe for
malformed or unsafe definitions." is missing a hyphen in "fail-safe"; update the
text in the proposal line containing that phrase so it reads "Validate config
strictly at load time and fail-safe for malformed or unsafe definitions." (i.e.,
ensure "fail-safe" is hyphenated) and commit the change where that exact
sentence appears.
ℹ️ Review info
Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 5c75e272-83c0-47f2-9486-3ba1ab537712
📒 Files selected for processing (26)
.agents/skills/accessibility/SKILL.md.agents/skills/accessibility/references/WCAG.md.agents/skills/best-practices/SKILL.md.agents/skills/core-web-vitals/SKILL.md.agents/skills/core-web-vitals/references/LCP.md.agents/skills/performance/SKILL.md.agents/skills/seo/SKILL.md.agents/skills/web-quality-audit/SKILL.md.agents/skills/web-quality-audit/scripts/analyze.sh.github/workflows/sonarqube-analysis.ymlclients/agent-runtime/src/approval/mod.rsclients/agent-runtime/src/config/schema.rsclients/agent-runtime/src/gateway/mod.rsclients/agent-runtime/src/tools/mcp/adapter.rsclients/agent-runtime/src/tools/mcp/client.rsclients/agent-runtime/src/tools/mod.rsclients/agent-runtime/tests/mcp_config_validation.rsclients/agent-runtime/tests/mcp_execution_limits.rsclients/agent-runtime/tests/mcp_registry_integration.rsclients/web/apps/docs/src/content/docs/es/guides/configuration.mdclients/web/apps/marketing/package.jsonclients/web/pnpm-workspace.yamlopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/design.mdopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/proposal.mdopenspec/changes/archive/2026-03-03-support-mcps-agent-runtime/specs/mcp-runtime/spec.mdopenspec/specs/mcp-runtime/spec.md
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (2)
clients/agent-runtime/src/tools/mcp/client.rs (2)
122-126:⚠️ Potential issue | 🟠 MajorForward tool identity and call arguments on the real command path.
Line 125 still drops
arguments(_arguments), and Lines 129–139 never passname/argumentsto the subprocess transport. That collapses tool-specific behavior for non-mock MCP calls.Proposed fix
async fn call_tool_from_command( &self, name: &str, - _arguments: serde_json::Value, + arguments: serde_json::Value, ) -> anyhow::Result<String> { + use tokio::io::AsyncWriteExt; use tokio::process::Command as TokioCommand; let mut command = TokioCommand::new(&self.server.command); command .args(&self.server.args) .envs(self.server.env.clone()) + .stdin(Stdio::piped()) .stdout(Stdio::piped()) .stderr(Stdio::piped()) .kill_on_drop(true); - let child = command + let mut child = command .spawn() .with_context(|| format!("failed to start MCP server '{}'", self.server.name))?; + + let request = json!({ "tool": name, "arguments": arguments }).to_string(); + if let Some(mut stdin) = child.stdin.take() { + stdin.write_all(request.as_bytes()).await?; + }Based on learnings: "Implement
Tooltrait insrc/tools/with strict parameter schema, validate and sanitize all inputs, and return structuredToolResultwithout panics in runtime path".Also applies to: 129-140
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@clients/agent-runtime/src/tools/mcp/client.rs` around lines 122 - 126, call_tool_from_command currently ignores the provided arguments (parameter named _arguments) and doesn't forward the tool name, collapsing behavior for non-mock MCP calls; update call_tool_from_command to accept and forward the actual arguments (rename _arguments to arguments) and pass both name and arguments through to the subprocess transport invocation used on the real command path so the subprocess receives the tool identity and payload instead of dropping them.
141-143:⚠️ Potential issue | 🟠 MajorAvoid buffering full subprocess output before limit enforcement.
Line 142 uses
wait_with_output(), which buffers full stdout/stderr in memory before any truncation. The configured output limit is enforced later inclients/agent-runtime/src/tools/mcp/adapter.rs:121-136, so this can still cause high transient memory usage.#!/bin/bash # Verify buffering happens in client and truncation happens downstream in adapter. rg -n -C3 'wait_with_output|output_limit_bytes|enforce_output_limit' \ clients/agent-runtime/src/tools/mcp/client.rs \ clients/agent-runtime/src/tools/mcp/adapter.rsAs per coding guidelines
clients/agent-runtime/src/**/*.rs: "Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency".Also applies to: 181-182
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@clients/agent-runtime/src/tools/mcp/client.rs`:
- Around line 48-49: The async call_tool path currently calls the synchronous
call_tool_mock_sleep which uses thread::sleep, blocking the async runtime;
change call_tool_mock_sleep to an async fn (e.g., async fn
call_tool_mock_sleep(...)->Result<...>) and replace
thread::sleep(Duration::from_millis(...)) with
tokio::time::sleep(Duration::from_millis(...)).await, then update the call site
in call_tool (the match arm for "__mcp_mock_sleep__") to await the result
(self.call_tool_mock_sleep(name, &arguments).await) and ensure any other
callers/signatures are adjusted accordingly; leave call_tool_mock_output as-is
if it remains synchronous or make it async and await it if needed.
---
Duplicate comments:
In `@clients/agent-runtime/src/tools/mcp/client.rs`:
- Around line 122-126: call_tool_from_command currently ignores the provided
arguments (parameter named _arguments) and doesn't forward the tool name,
collapsing behavior for non-mock MCP calls; update call_tool_from_command to
accept and forward the actual arguments (rename _arguments to arguments) and
pass both name and arguments through to the subprocess transport invocation used
on the real command path so the subprocess receives the tool identity and
payload instead of dropping them.
ℹ️ Review info
Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: dd5d1741-86f5-403f-800e-856f032d11f8
⛔ Files ignored due to path filters (1)
clients/web/pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (6)
clients/agent-runtime/src/tools/mcp/client.rsclients/web/apps/dashboard/src/App.vueclients/web/apps/dashboard/vite.config.jsclients/web/apps/marketing/src/layouts/MarketingLayout.astroclients/web/apps/marketing/src/pages/index.astroclients/web/apps/marketing/src/styles/global.css
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Cloudflare Pages
🧰 Additional context used
📓 Path-based instructions (8)
clients/agent-runtime/src/tools/**/*.rs
📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)
Implement
Tooltrait insrc/tools/with strict parameter schema, validate and sanitize all inputs, and return structuredToolResultwithout panics in runtime path
Files:
clients/agent-runtime/src/tools/mcp/client.rs
clients/agent-runtime/src/{security,gateway,tools}/**/*.rs
📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)
Treat
src/security/,src/gateway/,src/tools/as high-risk surfaces and never broaden filesystem/network execution scope without explicit policy checks
Files:
clients/agent-runtime/src/tools/mcp/client.rs
clients/agent-runtime/src/**/*.rs
📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)
clients/agent-runtime/src/**/*.rs: Never log secrets, tokens, raw credentials, or sensitive payloads in any logging statements
Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency
Files:
clients/agent-runtime/src/tools/mcp/client.rs
clients/agent-runtime/**/*.rs
📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)
Run
cargo fmt --all -- --check,cargo clippy --all-targets -- -D warnings, andcargo testfor code validation, or document which checks were skipped and why
Files:
clients/agent-runtime/src/tools/mcp/client.rs
clients/agent-runtime/src/{security,gateway,tools,config}/**/*.rs
📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)
Do not silently weaken security policy or access constraints; keep default behavior secure-by-default with deny-by-default where applicable
Files:
clients/agent-runtime/src/tools/mcp/client.rs
**/*.rs
⚙️ CodeRabbit configuration file
**/*.rs: Focus on Rust idioms, memory safety, and ownership/borrowing correctness.
Flag unnecessary clones, unchecked panics in production paths, and weak error context.
Prioritize unsafe blocks, FFI boundaries, concurrency races, and secret handling.
Files:
clients/agent-runtime/src/tools/mcp/client.rs
**/*
⚙️ CodeRabbit configuration file
**/*: Security first, performance second.
Validate input boundaries, auth/authz implications, and secret management.
Look for behavioral regressions, missing tests, and contract breaks across modules.
Files:
clients/agent-runtime/src/tools/mcp/client.rsclients/web/apps/dashboard/vite.config.jsclients/web/apps/dashboard/src/App.vueclients/web/apps/marketing/src/styles/global.cssclients/web/apps/marketing/src/pages/index.astroclients/web/apps/marketing/src/layouts/MarketingLayout.astro
**/*.vue
⚙️ CodeRabbit configuration file
**/*.vue: Enforce Vue 3 Composition API with <script setup>.
Ensure accessibility (A11y) and proper use of Tailwind CSS classes.
Check for proper prop validation and emitted events documentation.
Files:
clients/web/apps/dashboard/src/App.vue
🧠 Learnings (11)
📓 Common learnings
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/{security,gateway,tools,config}/**/*.rs : Do not silently weaken security policy or access constraints; keep default behavior secure-by-default with deny-by-default where applicable
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/{security,gateway,tools}/**/*.rs : Treat `src/security/`, `src/gateway/`, `src/tools/` as high-risk surfaces and never broaden filesystem/network execution scope without explicit policy checks
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/tools/**/*.rs : Implement `Tool` trait in `src/tools/` with strict parameter schema, validate and sanitize all inputs, and return structured `ToolResult` without panics in runtime path
Applied to files:
clients/agent-runtime/src/tools/mcp/client.rs
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/main.rs : Preserve CLI contract unless change is intentional and documented; prefer explicit errors over silent fallback for unsupported critical paths
Applied to files:
clients/agent-runtime/src/tools/mcp/client.rs
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/main.rs : Keep startup path lean and avoid heavy initialization in command parsing flow
Applied to files:
clients/agent-runtime/src/tools/mcp/client.rs
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/*.rs : Run `cargo fmt --all -- --check`, `cargo clippy --all-targets -- -D warnings`, and `cargo test` for code validation, or document which checks were skipped and why
Applied to files:
clients/agent-runtime/src/tools/mcp/client.rs
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/**/Cargo.toml : Do not add heavy dependencies for minor convenience; justify new crate additions
Applied to files:
clients/agent-runtime/src/tools/mcp/client.rs
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/providers/**/*.rs : Implement `Provider` trait in `src/providers/` and register in `src/providers/mod.rs` factory when adding a new provider
Applied to files:
clients/agent-runtime/src/tools/mcp/client.rs
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/{security,gateway,tools,config}/**/*.rs : Do not silently weaken security policy or access constraints; keep default behavior secure-by-default with deny-by-default where applicable
Applied to files:
clients/agent-runtime/src/tools/mcp/client.rs
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/**/*.rs : Never log secrets, tokens, raw credentials, or sensitive payloads in any logging statements
Applied to files:
clients/agent-runtime/src/tools/mcp/client.rs
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/{security,gateway,tools}/**/*.rs : Treat `src/security/`, `src/gateway/`, `src/tools/` as high-risk surfaces and never broaden filesystem/network execution scope without explicit policy checks
Applied to files:
clients/agent-runtime/src/tools/mcp/client.rs
📚 Learning: 2026-02-17T12:31:17.076Z
Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/src/**/*.rs : Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency
Applied to files:
clients/agent-runtime/src/tools/mcp/client.rs
🔇 Additional comments (10)
clients/web/apps/dashboard/vite.config.js (1)
5-13: No behavioral or security regression in this config update.This is formatting-only; plugin setup, alias resolution, and test environment are unchanged.
clients/web/apps/marketing/src/pages/index.astro (2)
5-20: Formatting-only update infeatureCardsis safe.No behavioral or security impact detected; content and rendering contract remain unchanged.
24-38: Formatting-only update intestimonialsis safe.This is a non-functional reformat; no user-visible behavior or policy/security posture changed.
clients/web/apps/marketing/src/layouts/MarketingLayout.astro (3)
7-8: Props typing change is safe.Formatting-only update in
Props; no contract or runtime behavior change.
12-13: Default prop assignments remain behaviorally equivalent.No security or rendering regression introduced here.
16-16: Canonical URL refactor preserves logic.Line 16 is a readability-only rewrite; output remains equivalent.
clients/web/apps/marketing/src/styles/global.css (2)
19-19: LGTM! Formatting-only change.The gradient property has been reformatted for readability with no behavioral impact.
524-543: LGTM! Formatting-only change.The keyframes blocks have been reformatted for consistency with no impact on animations.
clients/web/apps/dashboard/src/App.vue (1)
456-456: Unused-parameter rename is clean and behavior-safe.Line 456 (
parsed→_parsed) correctly documents intentional non-use and does not affect runtime behavior.clients/agent-runtime/src/tools/mcp/client.rs (1)
266-290: Good diagnostic redaction hardening for server-provided env values.Including
extra_envredaction closes a sensitive-data leakage path fromMcpServerConfig.env.As per coding guidelines
clients/agent-runtime/src/**/*.rs: "Never log secrets, tokens, raw credentials, or sensitive payloads in any logging statements".
This was referenced Mar 4, 2026
Merged
Merged
This was referenced Apr 10, 2026
Merged
Merged
This was referenced Apr 19, 2026
This was referenced Apr 29, 2026
8 tasks
8 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces structured denial payloads for tool calls that require explicit approval, with a particular focus on blocking "mcp." tools by default and providing machine-readable error responses. It also adds new tests to ensure these behaviors, updates the configuration to support MCP runtime, and improves code organization and safety checks around tool execution and approval.
Structured denial and tool approval logic:
structured_denial_payloadandstructured_denial_textinapproval/mod.rsto return a JSON object withcode,tool, andreasonfields when a tool call is denied, ensuring clients receive a machine-readable denial. Also added helpers to check if a tool requires explicit MCP approval.Testing and validation:
Configuration and feature updates:
mcp-runtimefeature by default inCargo.tomland added new MCP config types to the config module re-exports. [1] [2]config/schema.rsto useBTreeMapfor improved determinism.Miscellaneous:
channels/telegram.rsto expect success instead of error when finalizing a draft with oversized text and invalid message ID.SONARQUBE_ISSUES.mdfile.