fix(mcp): advertise provider-compatible tool schemas#123
Conversation
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
evaOS review status: completedPR: #123 - fix(mcp): advertise provider-compatible tool schemas evaOS review completed for this PR head. Automation note: agents should wait for this comment to reach PR URL: #123 Review URL: #123 (review) |
|
Warning Review limit reachedYou’ve reached a temporary PR review limit under our Fair Usage Limits Policy. Next review available in: 26 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Plus Run ID: 📒 Files selected for processing (8)
📝 WalkthroughWalkthroughThe MCP tool schemas remove root-level JSON Schema combinators. ChangesMCP schema compatibility and runtime validation
Estimated code review effort: 3 (Moderate) | ~20 minutes Sequence Diagram(s)sequenceDiagram
participant MCPClient
participant LocalBackend
participant RepositoryResolver
MCPClient->>LocalBackend: callTool with impact or api_impact parameters
LocalBackend->>LocalBackend: normalize aliases and validate lookup group
LocalBackend->>RepositoryResolver: resolve repository after valid parameters
RepositoryResolver-->>LocalBackend: repository resolution result
LocalBackend-->>MCPClient: tool result or validation error
Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Walkthrough
PR: #123 - fix(mcp): advertise provider-compatible tool schemas
Head: 2566bf6efeedf65bfca730c132f293edc4e5b270 into main. Review event: COMMENT.
Provider: GLM/Z.ai through ZCode (zcode-glm, zcode, model GLM-5.2).
Estimated review effort: 1/5 (~10 min)
Changed Files
| File | Status | Churn | Purpose | Risk |
|---|
Review Signal
No validated inline findings.
Dropped findings before posting: 0. High-severity findings: 0.
Risk Taxonomy
No finding categories.
Validation and Proof
1 required validation/proof recommendation(s) selected from changed files.
- required: TypeScript/web build or CI proof - Runtime TypeScript/web files or package/config files changed. Proof: npm run build; typecheck; focused Vitest; green GitHub check.
Proof status: missing - 1 required validation/proof recommendation(s) missing from PR metadata.
Profile validation hints: Call out stale index, wrong repo identity, memory growth, and destructive analyze behavior.
Profile proof expectations: Look for focused CLI, index, query, or migration proof.
Related Context
Related issues/PRs: #119.
Suggested labels: none.
Suggested reviewers: none from current metadata.
Review Settings Preview
- Profile: assertive
- Enabled sections: Review summary (inline_review); Walkthrough (inline_review); Changed-files table (walkthrough); Effort estimate (walkthrough); Related issues/PRs (walkthrough); Suggested labels (suggestion_only); Review status comment (sticky_status)
- Path instructions: none
- Label suggestions: gitnexus, code-intelligence, backend
- Reviewer suggestions: none
- Suggestion behavior: suggestions only; labels and reviewers are not auto-applied.
- Roadmap-only settings: auto-apply labels; auto-request reviewers; required status checks
Pre-merge checklist
- Inline comments target current RIGHT-side diff lines.
- No secret-like content survived into posted inline comments.
- REQUEST_CHANGES is only used when eligible P0/P1 findings survive validation.
- Required behavior proof is present or not applicable.
- Labels and reviewers are suggestions only; the bot did not auto-apply them.
|
Exact-head proof for |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@gitnexus/test/unit/mcp-http-transport.test.ts`:
- Around line 293-296: Update the teardown block’s finally handler to nest
client.close(), close(), and cleanup() in try/finally blocks, ensuring each
subsequent cleanup step runs even if an earlier one rejects.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: ec8d310f-ad7b-4e42-b0f7-f8a8448ba298
📒 Files selected for processing (9)
gitnexus/src/mcp/local/local-backend.tsgitnexus/src/mcp/tools.tsgitnexus/test/integration/mcp/server-startup.test.tsgitnexus/test/unit/calltool-dispatch.test.tsgitnexus/test/unit/mcp-http-transport.test.tsgitnexus/test/unit/mcp-read-only.test.tsgitnexus/test/unit/mcp-repository-policy.test.tsgitnexus/test/unit/server.test.tsgitnexus/test/unit/tools.test.ts
📜 Review details
⏰ Context from checks skipped due to timeout. (16)
- GitHub Check: tests / windows-latest (platform-sensitive) 2/3
- GitHub Check: tests / macos-latest (platform-sensitive) 2/3
- GitHub Check: tests / windows-latest (platform-sensitive) 1/3
- GitHub Check: tests / macos-latest (platform-sensitive) 1/3
- GitHub Check: tests / macos-latest (platform-sensitive) 3/3
- GitHub Check: tests / windows-latest (platform-sensitive) 3/3
- GitHub Check: tests / ubuntu / coverage 3/3
- GitHub Check: tests / ubuntu / coverage 1/3
- GitHub Check: tests / ubuntu / coverage 2/3
- GitHub Check: tests / benchmarks (GITNEXUS_BENCH)
- GitHub Check: tests / tree-sitter ABI (windows-latest)
- GitHub Check: tests / packaged install smoke (windows-latest)
- GitHub Check: tests / packaged install smoke (ubuntu-latest)
- GitHub Check: Build gitnexus-web
- GitHub Check: Build gitnexus
- GitHub Check: Analyze (javascript-typescript)
🧰 Additional context used
📓 Path-based instructions (3)
gitnexus/**
📄 CodeRabbit inference engine (.cursor/rules/100-monorepo.mdc)
For CLI (
gitnexus/): Run tests withnpm test, integration tests withnpm run test:integration, and type-check withnpx tsc --noEmit
Files:
gitnexus/test/unit/mcp-repository-policy.test.tsgitnexus/test/unit/mcp-read-only.test.tsgitnexus/test/unit/server.test.tsgitnexus/test/unit/calltool-dispatch.test.tsgitnexus/test/unit/mcp-http-transport.test.tsgitnexus/test/integration/mcp/server-startup.test.tsgitnexus/test/unit/tools.test.tsgitnexus/src/mcp/local/local-backend.tsgitnexus/src/mcp/tools.ts
gitnexus/**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
gitnexus/**/*.{ts,tsx}: Shared code undergitnexus/src/core/ingestion/must not name languages; provide language-specific behavior throughLanguageProvider/ScopeResolverhooks, implementing and registeringScopeResolverinSCOPE_RESOLVERS.
Before editing any function, class, or method, run GitNexus upstream impact analysis and report the blast radius; warn the user before proceeding when risk is HIGH or CRITICAL.
Use GitNexusquery({search_query: ...})to explore unfamiliar code andcontext({name: ...})for complete symbol context instead of grepping.
Never rename symbols with find-and-replace; use GitNexusrename, which understands the call graph.
Follow the configured ESLint rules for TypeScript, React Hooks, and unused imports; runnpx eslint .because no lint script is defined.
Use the documented GitNexus architecture and scope-resolution contracts when changing indexing, call-resolution, or inheritance behavior.
Files:
gitnexus/test/unit/mcp-repository-policy.test.tsgitnexus/test/unit/mcp-read-only.test.tsgitnexus/test/unit/server.test.tsgitnexus/test/unit/calltool-dispatch.test.tsgitnexus/test/unit/mcp-http-transport.test.tsgitnexus/test/integration/mcp/server-startup.test.tsgitnexus/test/unit/tools.test.tsgitnexus/src/mcp/local/local-backend.tsgitnexus/src/mcp/tools.ts
gitnexus/**/*.ts
📄 CodeRabbit inference engine (AGENTS.md)
Run CLI/core validation with
npm testandnpx tsc --noEmitwhen applicable.
Files:
gitnexus/test/unit/mcp-repository-policy.test.tsgitnexus/test/unit/mcp-read-only.test.tsgitnexus/test/unit/server.test.tsgitnexus/test/unit/calltool-dispatch.test.tsgitnexus/test/unit/mcp-http-transport.test.tsgitnexus/test/integration/mcp/server-startup.test.tsgitnexus/test/unit/tools.test.tsgitnexus/src/mcp/local/local-backend.tsgitnexus/src/mcp/tools.ts
🪛 ast-grep (0.44.1)
gitnexus/test/unit/mcp-http-transport.test.ts
[warning] 276-276: Express application should use Helmet
Context: express()
Note: [CWE-693] Protection Mechanism Failure (Express app without Helmet security headers).
(missing-helmet-typescript)
🔇 Additional comments (13)
gitnexus/src/mcp/tools.ts (3)
11-32: LGTM!
441-441: LGTM!Also applies to: 612-613
781-781: LGTM!Also applies to: 799-800
gitnexus/test/unit/tools.test.ts (2)
62-68: 📐 Maintainability & Code QualityRun the repository-mandated validation (confidence: 99%).
Please run
npm test,npm run test:integration,npx tsc --noEmit, andnpx eslint .before merging this TypeScript change. As per coding guidelines,gitnexus/**requires the test, integration-test, and type-check commands, whilegitnexus/**/*.{ts,tsx}requiresnpx eslint .because no lint script is defined.Source: Coding guidelines
155-161: LGTM!Also applies to: 169-171
gitnexus/src/mcp/local/local-backend.ts (2)
157-160: LGTM!Also applies to: 173-180, 198-209
162-170: 🎯 Functional CorrectnessVerify canonicalization of both impact aliases (confidence: 94%).
TOOL_REQUIRED_STRING_GROUPS.impactvalidates onlynormalized.target. This satisfies the advertisedtarget/name/symbolcontract only ifTOOL_STRING_ALIASES.impactcanonicalizes bothnameandsymboltotargetbefore this check. Otherwise valid{ name: ... }or{ symbol: ... }calls are rejected before repository resolution. Cover canonical, agreeing-alias, and conflicting-alias inputs, or make the required-group definition explicitly derive from the same alias metadata.gitnexus/test/unit/calltool-dispatch.test.ts (1)
382-398: LGTM!gitnexus/test/integration/mcp/server-startup.test.ts (1)
237-237: LGTM!Also applies to: 255-259
gitnexus/test/unit/mcp-http-transport.test.ts (1)
22-23: LGTM!Also applies to: 274-292
gitnexus/test/unit/mcp-read-only.test.ts (1)
74-76: LGTM!gitnexus/test/unit/mcp-repository-policy.test.ts (1)
279-283: LGTM!gitnexus/test/unit/server.test.ts (1)
101-103: LGTM!
|
Exact-head update: macOS CI on the prior head correctly exposed that the new required-selector guard rejected the existing |
evaOS review status: stale headPR: #123 - fix(mcp): advertise provider-compatible tool schemas evaOS review stopped because this queued head is no longer the live PR head. Automation note: agents should wait for this comment to reach PR URL: #123 Details: live=a6cfad62a74380c9a1e2dd26709d0d8beae24781 |
evaOS review status: completedPR: #123 - fix(mcp): advertise provider-compatible tool schemas evaOS review completed for this PR head. Automation note: agents should wait for this comment to reach PR URL: #123 Review URL: #123 (review) |
There was a problem hiding this comment.
Walkthrough
PR: #123 - fix(mcp): advertise provider-compatible tool schemas
Head: a6cfad62a74380c9a1e2dd26709d0d8beae24781 into main. Review event: COMMENT.
Provider: GLM/Z.ai through ZCode (zcode-glm, zcode, model GLM-5.2).
Estimated review effort: 1/5 (~10 min)
Changed Files
| File | Status | Churn | Purpose | Risk |
|---|
Review Signal
No validated inline findings.
Dropped findings before posting: 0. High-severity findings: 0.
Risk Taxonomy
No finding categories.
Validation and Proof
1 required validation/proof recommendation(s) selected from changed files.
- required: TypeScript/web build or CI proof - Runtime TypeScript/web files or package/config files changed. Proof: npm run build; typecheck; focused Vitest; green GitHub check.
Proof status: missing - 1 required validation/proof recommendation(s) missing from PR metadata.
Profile validation hints: Call out stale index, wrong repo identity, memory growth, and destructive analyze behavior.
Profile proof expectations: Look for focused CLI, index, query, or migration proof.
Related Context
Related issues/PRs: #119.
Suggested labels: none.
Suggested reviewers: none from current metadata.
Review Settings Preview
- Profile: assertive
- Enabled sections: Review summary (inline_review); Walkthrough (inline_review); Changed-files table (walkthrough); Effort estimate (walkthrough); Related issues/PRs (walkthrough); Suggested labels (suggestion_only); Review status comment (sticky_status)
- Path instructions: none
- Label suggestions: gitnexus, code-intelligence, backend
- Reviewer suggestions: none
- Suggestion behavior: suggestions only; labels and reviewers are not auto-applied.
- Roadmap-only settings: auto-apply labels; auto-request reviewers; required status checks
Pre-merge checklist
- Inline comments target current RIGHT-side diff lines.
- No secret-like content survived into posted inline comments.
- REQUEST_CHANGES is only used when eligible P0/P1 findings survive validation.
- Required behavior proof is present or not applicable.
- Labels and reviewers are suggestions only; the bot did not auto-apply them.
evaOS review status: completedPR: #123 - fix(mcp): advertise provider-compatible tool schemas evaOS review completed for this PR head. Automation note: agents should wait for this comment to reach PR URL: #123 Review URL: #123 (review) |
There was a problem hiding this comment.
Walkthrough
PR: #123 - fix(mcp): advertise provider-compatible tool schemas
Head: 85d6cab8b819aa9aa5b8da12547f8bc3851e10a0 into main. Review event: COMMENT.
Provider: GLM/Z.ai through ZCode (zcode-glm, zcode, model GLM-5.2).
Estimated review effort: 1/5 (~10 min)
Changed Files
| File | Status | Churn | Purpose | Risk |
|---|
Review Signal
No validated inline findings.
Dropped findings before posting: 0. High-severity findings: 0.
Risk Taxonomy
No finding categories.
Validation and Proof
1 required validation/proof recommendation(s) selected from changed files.
- required: TypeScript/web build or CI proof - Runtime TypeScript/web files or package/config files changed. Proof: npm run build; typecheck; focused Vitest; green GitHub check.
Proof status: missing - 1 required validation/proof recommendation(s) missing from PR metadata.
Profile validation hints: Call out stale index, wrong repo identity, memory growth, and destructive analyze behavior.
Profile proof expectations: Look for focused CLI, index, query, or migration proof.
Related Context
Related issues/PRs: #119.
Suggested labels: none.
Suggested reviewers: none from current metadata.
Review Settings Preview
- Profile: assertive
- Enabled sections: Review summary (inline_review); Walkthrough (inline_review); Changed-files table (walkthrough); Effort estimate (walkthrough); Related issues/PRs (walkthrough); Suggested labels (suggestion_only); Review status comment (sticky_status)
- Path instructions: none
- Label suggestions: gitnexus, code-intelligence, backend
- Reviewer suggestions: none
- Suggestion behavior: suggestions only; labels and reviewers are not auto-applied.
- Roadmap-only settings: auto-apply labels; auto-request reviewers; required status checks
Pre-merge checklist
- Inline comments target current RIGHT-side diff lines.
- No secret-like content survived into posted inline comments.
- REQUEST_CHANGES is only used when eligible P0/P1 findings survive validation.
- Required behavior proof is present or not applicable.
- Labels and reviewers are suggestions only; the bot did not auto-apply them.
|
Exact-head review follow-up: two provider-compatibility edge cases were found and fixed before merge.
Focused schema/dispatch/HTTP/group proof passes 317/317, TypeScript |
|
@evaos-code-review-bot re-review |
evaOS review status: completedPR: #123 - fix(mcp): advertise provider-compatible tool schemas evaOS review completed for this PR head. Automation note: agents should wait for this comment to reach PR URL: #123 Review URL: #123 (review) |
|
evaOS Code Review Bot queued a current-head review for Command: Safety boundary: command handling cannot approve, merge, repair, push branches, or expand repo permissions. |
|
Maintainer reviewer disposition for exact head |
There was a problem hiding this comment.
Walkthrough
PR: #123 - fix(mcp): advertise provider-compatible tool schemas
Head: 3d0daebd9738a7f53b71dae3a458b72550e9f766 into main. Review event: COMMENT.
Provider: GLM/Z.ai through ZCode (zcode-glm, zcode, model GLM-5.2).
Estimated review effort: 1/5 (~10 min)
Changed Files
| File | Status | Churn | Purpose | Risk |
|---|
Review Signal
No validated inline findings.
Dropped findings before posting: 0. High-severity findings: 0.
Risk Taxonomy
No finding categories.
Validation and Proof
1 required validation/proof recommendation(s) selected from changed files.
- required: TypeScript/web build or CI proof - Runtime TypeScript/web files or package/config files changed. Proof: npm run build; typecheck; focused Vitest; green GitHub check.
Proof status: missing - 1 required validation/proof recommendation(s) missing from PR metadata.
Profile validation hints: Call out stale index, wrong repo identity, memory growth, and destructive analyze behavior.
Profile proof expectations: Look for focused CLI, index, query, or migration proof.
Related Context
Related issues/PRs: #119.
Suggested labels: none.
Suggested reviewers: none from current metadata.
Review Settings Preview
- Profile: assertive
- Enabled sections: Review summary (inline_review); Walkthrough (inline_review); Changed-files table (walkthrough); Effort estimate (walkthrough); Related issues/PRs (walkthrough); Suggested labels (suggestion_only); Review status comment (sticky_status)
- Path instructions: none
- Label suggestions: gitnexus, code-intelligence, backend
- Reviewer suggestions: none
- Suggestion behavior: suggestions only; labels and reviewers are not auto-applied.
- Roadmap-only settings: auto-apply labels; auto-request reviewers; required status checks
Pre-merge checklist
- Inline comments target current RIGHT-side diff lines.
- No secret-like content survived into posted inline comments.
- REQUEST_CHANGES is only used when eligible P0/P1 findings survive validation.
- Required behavior proof is present or not applicable.
- Labels and reviewers are suggestions only; the bot did not auto-apply them.
CI Report✅ All checks passed Pipeline Status
Test Results
✅ All 14669 tests passed 62 test(s) skipped — expand for details
Code CoverageTests
📋 View full run · Generated by CI |
|
Maintainer waiver for exact head |
|
Merge audit: exact head |
Closes #119.
Summary
anyOf/oneOf/allOffrom every advertised MCP tool schemaimpact.target/name/symbolandapi_impact.route/fileThis generalizes upstream PR abhigyanpatwari#2489 for the fork's alias, policy, group-route, and transport surfaces.
Validation
npx tsc --noEmitgit diff --checkBoundaries
No index, embeddings, repository analysis, OpenClaw process, dependency, version, package, or release workflow is changed. The GitNexus MCP
detect_changesindex belongs to a different clone and cannot map this worktree; Git and filesystem diff are authoritative.