Conversation
…Master H1) Swift is the primary brainlayer transport (.mcp.json.example defaults to socat UNIX-CONNECT:/tmp/brainbar.sock). It shipped with zero tool annotations while the Python server has 12/12. LLM clients couldn't distinguish destructive from read-only tools on the default transport. Now every Swift tool carries readOnlyHint, destructiveHint, idempotentHint, openWorldHint matching the Python server's READ_ONLY / WRITE / WRITE_IDEMPOTENT / DESTRUCTIVE taxonomy. Per cyberMaster OSS audit 2026-04-23, finding H1 in ~/Gits/cyber/docs.local/security/MASTER-findings-2026-04-23.md.
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 21 minutes and 24 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (3)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 10525d8836
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| [ | ||
| "name": "brain_search", | ||
| "description": "Search through past conversations and learnings. Hybrid semantic + keyword search.", | ||
| "annotations": MCPRouter.readOnlyAnnotations, |
There was a problem hiding this comment.
brain_search is now advertised with readOnlyHint=true, but this tool performs writes when unread_only=true is used with an agent ID: handleBrainSearch passes those flags into db.search(...), and the DB path updates delivery state via markDelivered(...) (last_delivered_seq). This misclassification can cause MCP clients to schedule it as side-effect-free (including concurrent execution with write-heavy tools), which risks lock contention and incorrect subscription state tracking.
Useful? React with 👍 / 👎.
1 participant
Summary
annotationsto all 11 Swift BrainBar tool declarations exposed bytools/listWhy
Swift BrainBar is the default brainlayer transport via
.mcp.json.example(socat UNIX-CONNECT:/tmp/brainbar.sock). It previously exposed tools with noToolAnnotations, so MCP clients on the primary transport could not distinguish read-only, write, or idempotent operations.Tool Annotation Matrix
brain_searchtruefalsetruefalseREAD_ONLYbrain_storefalsefalsefalsefalseWRITEbrain_recalltruefalsetruefalseREAD_ONLYbrain_entitytruefalsetruefalseREAD_ONLYbrain_digestfalsefalsefalsefalseWRITEbrain_updatefalsefalsetruefalseWRITE_IDEMPOTENTbrain_expandtruefalsetruefalseREAD_ONLYbrain_tagstruefalsetruefalseREAD_ONLYbrain_subscribefalsefalsefalsefalseWRITEbecause subscribe mutates live subscription state/generationbrain_unsubscribefalsefalsetruefalseWRITE_IDEMPOTENTbecause repeated unsubscribe is a no-opbrain_ackfalsefalsetruefalseWRITE_IDEMPOTENTbecause ack uses monotonicMAX(...)updatesValidation
swift build --package-path brain-barswift test --package-path brain-barRuntime Verify
tools/listverification skipped to avoid disrupting the local daemon.SocketIntegrationTests.testMCPToolsListOverSocketnow asserts annotations over the actual MCP socket path.Note
Low Risk
Low risk: this is an additive schema/metadata change to
tools/listplus new assertions in unit and socket integration tests; it doesn’t alter tool execution paths.Overview
Adds MCP
annotations(readOnlyHint,destructiveHint,idempotentHint,openWorldHint) to all 11 SwiftMCPRoutertool definitions returned bytools/list, using shared helper constants to classify tools as read-only, write, or idempotent-write.Locks the contract in with new tests that verify the expected annotation matrix both at the router level (
MCPRouterTests) and end-to-end over the Unix socket transport (SocketIntegrationTests).Reviewed by Cursor Bugbot for commit 10525d8. Bugbot is set up for automated code reviews on this repo. Configure here.
Note
Add MCP
ToolAnnotationsto all 11 tools inMCPRouterreadOnlyAnnotations,writeAnnotations,writeIdempotentAnnotations) in MCPRouter.swift, each encodingreadOnlyHint,destructiveHint,idempotentHint, andopenWorldHint.brain_search,brain_recall,brain_entity,brain_expand,brain_tags) are marked read-only/idempotent; write tools use write or write-idempotent annotations.Macroscope summarized 10525d8.