Skip to content

feat(mcp): add a loopover_get_bounty_advisory CLI mirror#6954

Merged
loopover-orb[bot] merged 1 commit into
JSONbored:mainfrom
jeffrey701:feat-mcp-bounty-advisory-cli-6736
Jul 17, 2026
Merged

feat(mcp): add a loopover_get_bounty_advisory CLI mirror#6954
loopover-orb[bot] merged 1 commit into
JSONbored:mainfrom
jeffrey701:feat-mcp-bounty-advisory-cli-6736

Conversation

@jeffrey701

Copy link
Copy Markdown
Contributor

Closes #6736

Problem

The MCP tool loopover_get_bounty_advisory (src/mcp/server.ts:2232, via getBountyAdvisory) mirrors the fully public REST route GET /v1/bounties/:id/advisory (src/api/routes.ts:3611, no auth gate). No CLI stdio tool exposed it, even though every other read-only report in this server already has a CLI mirror.

Fix

Add registerStdioTool("loopover_get_bounty_advisory", { inputSchema: { id: z.string().min(1) } }, ...) to loopover-mcp.js, proxying the same unauthenticated GET /v1/bounties/:id/advisory via apiGet (the id is encodeURIComponent-escaped so a reserved char can't break the path segment), plus its registry entry (category: "discovery"). It mirrors the remote tool's bountyShape exactly — a single cached-bounty id, no new route or fetch shape. The optional bounty <id> top-level alias is left out to keep the diff to the required surface.

Tests

New test/unit/mcp-cli-bounty-advisory.test.ts:

  1. the tool is registered in the stdio server's tool list;
  2. it proxies the id to the exact public GET /v1/bounties/:id/advisory path + verb (the proxy contract the remote tool wraps);
  3. it url-encodes an id containing reserved characters (acme/bounty 7acme%2Fbounty%207) so it can't escape the path segment;
  4. it rejects an empty id at the input-schema boundary, issuing no request;
    and never leaks a private/reward term in its output.

mcp-tool-rename-aliases.test.ts's exact tool-count assertions are updated 73 → 74 (asserted against both the live server and loopover-mcp tools --json).

Validation

  • npx vitest run test/unit/mcp-cli-bounty-advisory.test.ts test/unit/mcp-tool-rename-aliases.test.ts14/14 pass
  • Full MCP net → zero net-new failures vs the pristine baseline (Windows-only npm-registry/telemetry/file-mode cases only).
  • npm run typecheckclean (0 errors); npm run build:mcp passes; command-reference:check passes.
  • packages/loopover-mcp/** is outside the Codecov include (only src/** + the two workspace packages/**/src|lib roots), so this change carries no codecov/patch obligation.
  • Scope: 1 source file + 1 new test + 1 count update.

@jeffrey701
jeffrey701 requested a review from JSONbored as a code owner July 17, 2026 15:25
@superagent-security

Copy link
Copy Markdown
Contributor

Superagent didn't find any vulnerabilities or security issues in this PR.

@codecov

codecov Bot commented Jul 17, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.71%. Comparing base (8fa47d1) to head (62d5180).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #6954   +/-   ##
=======================================
  Coverage   93.71%   93.71%           
=======================================
  Files         685      685           
  Lines       68373    68373           
  Branches    18729    18729           
=======================================
  Hits        64074    64074           
  Misses       3302     3302           
  Partials      997      997           
Flag Coverage Δ
shard-1 43.75% <ø> (ø)
shard-2 36.80% <ø> (ø)
shard-3 32.79% <ø> (+0.06%) ⬆️
shard-4 34.59% <ø> (-0.03%) ⬇️
shard-5 32.13% <ø> (-0.01%) ⬇️
shard-6 45.75% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@loopover-orb loopover-orb Bot added the gittensor:feature Gittensor-scored feature linked to a feature issue — scores a 0.25x multiplier. label Jul 17, 2026
@loopover-orb

loopover-orb Bot commented Jul 17, 2026

Copy link
Copy Markdown

Tip

✅ LoopOver review result - approve/merge recommended

Review updated: 2026-07-17 15:33:59 UTC

3 files · 1 AI reviewer · no blockers · readiness 80/100 · CI green · clean

✅ Suggested Action - Approve/Merge

  • safe to merge

Review summary
This adds a small, well-scoped CLI mirror for the existing loopover_get_bounty_advisory MCP tool, proxying GET /v1/bounties/:id/advisory via apiGet with id URL-encoding, plus a registry entry and tool-count bump (73→74) that's updated consistently in the alias test. The pattern matches other existing CLI mirrors (e.g. monitor-open-prs) and the tests cover registration, proxy path/verb, URL-encoding of reserved characters, and empty-id rejection at the schema boundary. It closes #6736 and the diff stays tightly scoped to the required surface with no unrelated changes.

Nits — 3 non-blocking
  • The long-file smell on loopover-mcp.js (1833 lines) is pre-existing and not something this diff should be expected to fix, but it's worth tracking for a future split.
  • Consider extracting the FORBIDDEN_PUBLIC_TERMS regex used across CLI mirror tests into a shared test-support helper if it's duplicated in sibling test files, to avoid drift.
  • If a future PR adds the optional top-level `bounty <id>` alias mentioned in the description as intentionally omitted, it should get its own issue/PR rather than being bundled here.

Decision drivers

  • ✅ Code review — No blockers (1 reviewer)
  • ✅ Gate result — Passing (No configured blocker found.)
Context & advisory signals — never blocks the verdict
Signal Result Evidence
Linked issue ✅ Linked #6736
Related work ⚠️ 3 scoped overlaps Top overlaps are listed below; lower-confidence bulk is hidden.
Change scope ❌ 8/20 High review scope from cached public metadata (1 linked issue).
Validation posture ✅ 25/25 PR body includes validation/test evidence.
Contributor workload ✅ 10/10 Author activity: 134 registered-repo PR(s), 64 merged, 32 issue(s).
Contributor context ✅ Confirmed Gittensor contributor jeffrey701; Gittensor profile; 134 PR(s), 32 issue(s).
Improvement ✅ Minor risk: clean · value: minor · LLM: minor
Linked issue satisfaction

Partially addressed
The PR adds the required registerStdioTool for loopover_get_bounty_advisory proxying GET /v1/bounties/:id/advisory with a unit test, satisfying the core requirement and one deliverable checkbox, but explicitly omits the optional top-level `bounty <id>` alias the issue asked to 'consider' and does not include a test asserting output parity between the CLI and MCP surfaces as required by the Test Co

Review context
  • Author: jeffrey701
  • Role context: outside_contributor
  • Public audience mode: oss maintainer
  • Lane context: Repository is configured for direct PR review.
  • Public profile languages: TypeScript, Clojure, JavaScript, Rust
  • Official Gittensor activity: 134 PR(s), 32 issue(s).
  • Related work: Titles/paths share 8 meaningful terms. (issue #6735, issue #6737)
  • Related work: Titles/paths share 8 meaningful terms. (issue #6735, issue #6736)
  • Related work: Titles/paths share 8 meaningful terms. (issue #6735, issue #6747)
  • Additional title-only matches omitted; title-only overlap does not block.
Contributor next steps
  • Start here: Review top overlaps.
  • Then work through the remaining 2 steps in the Signals table above.
Signal definitions
  • Related work = same linked issue, overlapping active PRs, or title/path similarity.
  • Change scope = cached public metadata such as size labels, draft state, and review-burden hints.
  • Validation posture = whether the PR provides enough public validation/test evidence for maintainer review.
  • Contributor workload = public contributor activity and cleanup pressure, not a repo-wide quality failure.
  • Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.
🧪 Chat with LoopOver

Ask LoopOver a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.

  • @loopover ask &lt;question&gt; answers contribution-quality Q&A with source citations and freshness.
  • @loopover chat &lt;question&gt; answers in natural prose from cached decision-pack facts via local inference (maintainer/collaborator; read-only).
  • A plain-language @loopover mention with a real question is routed to the closest matching read-only command automatically — no exact syntax required.

Full command reference: https://loopover.ai/docs/loopover-commands

🧪 Experimental — new and may change.

🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed


💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by LoopOver, a quiet PR intelligence layer for OSS maintainers.

  • Re-run LoopOver review

@loopover-orb loopover-orb Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LoopOver approves — the gate is satisfied and CI is green.

@loopover-orb
loopover-orb Bot merged commit 7733371 into JSONbored:main Jul 17, 2026
16 checks passed
@github-actions github-actions Bot mentioned this pull request Jul 17, 2026
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gittensor:feature Gittensor-scored feature linked to a feature issue — scores a 0.25x multiplier.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

CLI mirror for loopover_get_bounty_advisory

1 participant