feat: implement @model-translator/transformer (Sprint 1)#27
Merged
feat: implement @model-translator/transformer (Sprint 1)#27
Conversation
Build the core OpenAPI → MCP transformer engine: - Parse and validate OpenAPI 3.0.x and 3.1.x specs - Transform operations into MCP tool definitions with full parameter mapping - Deep $ref resolution with circular reference detection and memoization - allOf merging, oneOf/anyOf preservation, JSON Schema utilities - Flexible filtering by HTTP methods, path globs, and tags - Security hardened: prototype pollution, ReDoS, stack overflow, memory bomb protection - ESM + CJS dual output via tsup with TypeScript declarations - 171 tests at 96.54% coverage across 14 real-world API fixtures - Snapshot and performance tests included - Changesets configured for automated semver and npm publishing - CI runs on PRs + push to master; release workflow uses changesets/action - Full README with API reference, mapping rules, edge cases, and security docs - Architecture ADRs for pure-function design and security hardening
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (7)
WalkthroughIntroduces a comprehensive OpenAPI-to-MCP transformer engine as a new package, including parse, validate, resolve, and transform modules with security hardening. Adds changesets-based release management, updated GitHub Actions workflows, architectural documentation, and extensive test coverage with real-world API fixtures and snapshots. Changes
Sequence Diagram(s)sequenceDiagram
participant Client
participant Parse
participant Validate
participant Resolve
participant Transform
participant Output
Client->>Parse: parseSpec({ spec: unknown })
activate Parse
Parse->>Validate: validateSpec(spec)
activate Validate
Validate-->>Parse: { warnings: ParseWarning[] }
deactivate Validate
Parse->>Resolve: resolveRefs(spec)
activate Resolve
Resolve-->>Parse: { resolved: unknown, warnings: ParseWarning[] }
deactivate Resolve
Note over Parse: detectVersion(resolvedSpec)
Parse-->>Client: ParseResult { spec, version, warnings }
deactivate Parse
Client->>Transform: transformSpec({ spec: ResolvedOpenAPISpec, filters... })
activate Transform
Note over Transform: Iterate paths with filters<br/>(methods, paths glob, tags)
Note over Transform: For each operation:<br/>- Resolve tool name<br/>- Build input schema<br/>- Merge parameters<br/>- Extract request body
Note over Transform: Deduplicate tool names<br/>Collect warnings & metadata
Transform-->>Client: TransformResult { tools, warnings, metadata }
deactivate Transform
Client->>Output: MCPToolDefinition[]
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
added 4 commits
March 18, 2026 20:52
- Snyk Open Source: scans dependencies for known vulnerabilities - Snyk Code: static analysis for security issues in source code - Split security jobs into parallel (audit, gitleaks, trivy, snyk) - Added pnpm install before audit (was missing) - Security workflow now also runs on push to master
- CI: scope tests to transformer only (no postgres/redis needed) - CI: point coverage report action to packages/transformer working dir - Security: update gitleaks to gitleaks/gitleaks-action@v2 (old SHA was removed) - Security: use aquasecurity/trivy-action@master (pinned version had install issues) - Security: add continue-on-error for audit (pre-existing apps/web CVEs) - Security: add pnpm install before audit step
Contributor
Coverage Report for packages/transformer
File Coverage
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Merged
This was referenced Mar 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
@model-translator/transformerpackage — a pure-function library that transforms OpenAPI 3.0/3.1 specs into MCP tool definitionsprepublishOnly,.npmrc, keywords, repository, homepagechangesets/actionwith CI dependency gateTest plan
tsc --noEmit)npm pack --dry-runproduces correct 9-file tarball (25.8 KB)