feat(mcp): add a maintain audit-feed CLI mirror for loopover_get_agent_audit_feed#6933
Conversation
…t_audit_feed (JSONbored#6733) The agent audit feed was reachable over MCP (loopover_get_agent_audit_feed) and REST (GET /v1/repos/:owner/:repo/agent/audit-feed) but not from the CLI. Adds `maintain audit-feed [--since ISO] [--limit N] [--pull N]`, a thin proxy over that same route, following the maintain precision / onboarding-pack subcommand shape. The API enforces maintainer authorization and validates every query param, so the CLI forwards them verbatim rather than re-deciding locally; omitted flags are omitted from the query so the route applies its own defaults. --json re-serializes the payload untouched, giving output parity with the REST/MCP surfaces; the free-form detail is sanitized on the plain-text path only, like onboarding-pack's dump. Also updates printMaintainHelp, the completion spec's maintain list, and the PowerShell completer assertion that pins it. Closes JSONbored#6733
|
Superagent didn't find any vulnerabilities or security issues in this PR. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #6933 +/- ##
=======================================
Coverage 93.71% 93.71%
=======================================
Files 685 685
Lines 68358 68358
Branches 18726 18726
=======================================
Hits 64059 64059
Misses 3302 3302
Partials 997 997
Flags with carried forward coverage won't be shown. Click here to find out more. |
|
Tip ✅ LoopOver review result - approve/merge recommendedReview updated: 2026-07-17 14:32:35 UTC
Review summary Nits — 5 non-blocking
Decision drivers
Context & advisory signals — never blocks the verdict
Linked issue satisfactionAddressed Review context
Contributor next steps
Signal definitions
🧪 Chat with LoopOverAsk LoopOver a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.
Full command reference: https://loopover.ai/docs/loopover-commands 🧪 Experimental — new and may change. 🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed 💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →. Checked by LoopOver, a quiet PR intelligence layer for OSS maintainers.
|
Summary
The agent audit feed was reachable over MCP (
loopover_get_agent_audit_feed) and REST (GET /v1/repos/:owner/:repo/agent/audit-feed), but not from the CLI — it wasn't amongmaintain's subcommands. This adds:a thin proxy over that same route, following the
maintain precision/onboarding-packsubcommand shape (the precedent the issue names).Design
sincemust be ISO-8601,limit1–200,pulla positive integer — so the flags are forwarded verbatim and a bad value surfaces as the route's own 400 detail. Re-validating here would be a second, drifting copy of rules the route already owns.--jsonre-serializes the API payload untouched via the sharedemit, so the CLI and REST/MCP surfaces return the same bytes for the same input. Only the plain-text rendering is CLI-local.pullNumberis echoed only on the?pull=branch, so the header readsowner/repofor the repo-wide feed andowner/repo#7when scoped.nulldetailis dropped from the line rather than printed as"null".Per the
#6261convention noted onprecision: every field is the API's own, and the composed line reaches the terminal only on the plain-text path, where the route has already sanitizeddetailbefore it left the server.Two things the CLI surface required beyond the subcommand
Neither is in the issue's deliverables, but both are load-bearing — the change is incomplete and CI-red without them:
COMPLETION_SPEC'smaintainlist (loopover-mcp.js:95) enumerates subcommands for shell completion. Withoutaudit-feedthere, the command exists but never tab-completes.mcp-cli-basics.test.ts:224pins the generated PowerShell completer's exact'maintain' = @(…)string, so it fails the moment that list changes. Updated to match. I checked the other shells (bash/zsh/fish) — only PowerShell's list is pinned; the rest are generated dynamically and needed nothing.Tests
Three cases in
mcp-cli-maintain.test.ts, mirroringprecision's existing pattern, driven through the real CLI against the fixture server:null-detail line is asserted to render without a trailing"null".--since/--limit/--pullare asserted to arrive at the route (the fixture echoes the received query), plus the#7-scoped header. This is the issue's "output parity between the mirrored surfaces for identical input" requirement.The fixture server gained an
audit-feedhandler that mirrors the route's two real shapes (repo-wide vs?pull=-scoped) and echoes the query it received, which is what makes the pass-through assertions meaningful rather than self-referential.Validation
mcp-cli-maintain,mcp-cli-basics,mcp-cli-completion-spec— the last two because the shared harness and the completion spec both changed.node --checkon the CLI entrypoint passes ·npm run typecheck— 0 errors ·eslint— 0 errors/0 warnings ·git diff --checkclean · rebased on latestmain, no base conflict.Codecov scope, checked rather than assumed: the root
vitest.config.tscoverage.includeissrc/**,packages/loopover-engine/src/**, andpackages/loopover-miner/lib/**—packages/loopover-mcp/**is not listed, so the 99% patch gate does not reach this file. Flagging that explicitly so a reviewer isn't puzzled by the absent signal; the subcommand is fully covered by the three tests above regardless.One pre-existing failure, not mine — verified, not assumed:
command-reference:checkreportscommand-reference.tsstale, and does so identically on cleanmainwith my work stashed (a local line-ending artifact). Regenerating produces a zero-content diff, and the generator reports the same "9 maintainer-only" command count before and after — it enumerates top-level commands, notmaintainsubcommands — so no regenerated file belongs in this diff.Scope
packages/,test/).site/,CNAME, orlovablechanges.Safety
GETproxy with no write path.audit-feedso it stays accurate.Closes #6733