Conversation
|
Caution Review failedThe pull request is closed. WalkthroughIntroduces a unified ToolCaller API, collection-style connection tools and schemas (renamed to COLLECTION_*), removes legacy React-Query collection hooks/docs, and adds a TanStack DB-backed collection system with persistent list-state, optimistic mutations, and related UI integrations. Several TanStack package versions were bumped. Changes
Sequence Diagram(s)sequenceDiagram
participant UI as Web Component
participant Hook as useConnections()
participant Collection as TanStack DB Collection
participant ToolCaller as createToolCaller()
participant MCP as MCP Server
rect rgb(230,250,230)
Note over UI,Collection: New flow — TanStack DB collection + ToolCaller
UI->>Hook: subscribe(listState)
Hook->>Collection: query(search, filters, sort)
alt collection empty / initialSync
Collection->>ToolCaller: invoke COLLECTION_CONNECTIONS_LIST
ToolCaller->>MCP: POST /mcp (or /mcp/{id}) with tool args
MCP-->>ToolCaller: { items: ConnectionEntity[] }
ToolCaller->>Collection: initialSync (write items)
end
Collection-->>Hook: live result set
Hook-->>UI: { data, isLoading }
alt user mutation (create/update/delete)
UI->>Collection: insert/update/delete (optimistic)
Collection->>ToolCaller: invoke COLLECTION_CONNECTIONS_*
ToolCaller->>MCP: POST tool + args
MCP-->>ToolCaller: confirmed result
ToolCaller->>Collection: commit or rollback, dispatch event
Collection-->>UI: mutation event (state updated)
end
end
Estimated code review effort🎯 4 (Complex) | ⏱️ ~70 minutes Areas needing extra attention:
Possibly related PRs
Suggested reviewers
Poem
Pre-merge checks and finishing touches❌ Failed checks (2 warnings, 1 inconclusive)
📜 Recent review detailsConfiguration used: CodeRabbit UI Review profile: CHILL Plan: Pro ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (38)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
tlgimenes
force-pushed
the
chore/collections
branch
from
d0d6408 to
65ce72a
Compare
Deploying decocms-admin-frontend with
|
| Latest commit: |
1c21c74
|
| Status: | ⚡️ Build in progress... |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 6
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
packages/bindings/src/well-known/collections.ts (1)
167-176: Unsafe cast toz.AnyZodObjectmay cause runtime issues.The cast
(entitySchema as unknown as z.AnyZodObject).partial()assumes the input schema is always an object schema. If a non-object schema is passed,.partial()will fail at runtime. Consider adding a runtime check or constraining the generic type more strictly.export function createCollectionUpdateInputSchema<T extends z.ZodTypeAny>( entitySchema: T, ) { + // Ensure entitySchema is an object schema before calling .partial() + if (!(entitySchema instanceof z.ZodObject)) { + throw new Error("createCollectionUpdateInputSchema requires a ZodObject schema"); + } return z.object({ id: z.string().describe("ID of the entity to update"), - data: (entitySchema as unknown as z.AnyZodObject) + data: entitySchema .partial() .describe("Partial entity data to update"), }); }
🧹 Nitpick comments (11)
apps/mesh/src/web/components/create-organization-dialog.tsx (1)
57-62: Consider wiring Zod into React Hook Form via a resolver instead of manualsafeParseYou’re already using Zod and React Hook Form; right now you validate manually in
onSubmitand also rely onform.formState.isValid. For cleaner, single‑source validation and better integration with<FormMessage />, consider:
- Adding a Zod resolver to
useFormbased oncreateOrgSchema, and- Letting RHF handle field errors, keeping
errorstate for server errors only.This would remove the manual
createOrgSchema.safeParseblock and surface validation messages directly on thenamefield.Also applies to: 68-78, 150-156
apps/mesh/src/web/hooks/use-list-state.ts (2)
46-54: Type assumption ondefaultSortKeymay not match genericT.The default value
"title"is assigned todefaultSortKeywhich is typed askeyof T. WhileBaseCollectionEntityincludes atitlefield, TypeScript cannot guarantee this at compile time sinceT extends BaseCollectionEntitymeansTcould have additional keys that might shadow or conflict with the default.Consider explicitly typing the default:
- defaultSortKey = "title", + defaultSortKey = "title" as keyof T,Alternatively, since
BaseCollectionEntityguaranteestitleexists, this is functionally safe but worth noting.
60-84: Consider unifying localStorage key patterns.The persistence keys use slightly different patterns:
- Filters:
${namespace}-${resource}(Line 61)- Filter bar visibility:
mesh-${resource}-filter-visible-${namespace}(Line 65)- View mode:
mesh-${resource}-${namespace}(Line 82)A consistent pattern like
mesh-${namespace}-${resource}-{suffix}would improve maintainability and debugging.apps/mesh/src/web/hooks/use-collections.ts (2)
100-143: Add safeguard against infinite pagination loops.The
while (true)loop relies onresult.hasMoreor empty items to terminate. If the API returnshasMore: truewith items indefinitely due to a bug, this could cause an infinite loop.Consider adding a maximum page limit:
async function fetchAllPages( queryOptions?: Record<string, unknown>, ): Promise<T[]> { const allItems: T[] = []; let offset = 0; const limit = pageSize; + const maxPages = 1000; // Safeguard against infinite loops + let pageCount = 0; while (true) { + if (pageCount++ >= maxPages) { + console.warn(`Reached max page limit (${maxPages}) for ${collectionName}`); + break; + } try {
365-400: Type safety reduced withunknown[]for conditions.The conditions array uses
unknown[](Line 365) and casts toParameters<typeof and>(Lines 380, 399). This loses type information from TanStack DB's query operators.Consider typing conditions more specifically:
- const conditions: unknown[] = []; + const conditions: ReturnType<typeof eq>[] = [];This provides better type safety while still being compatible with
andandoroperators.apps/mesh/src/web/routes/orgs/settings.tsx (1)
69-71: Type assertion can be avoided with better typing.The type assertion
as { items: ConnectionEntity[] }works but could be fragile if the API shape changes. Consider whethercreateToolCallercan be typed to return proper output types based on tool name, or extract the type from the output schema.apps/mesh/src/web/hooks/use-models-binding.ts (1)
22-30: Clean migration to unified tool caller.The refactor correctly uses
useMemowith an empty dependency array sincecreateToolCaller()returns a stable function without dependencies. The data shape update fromconnectionstoitemsaligns with the new collection-based API.Minor consideration: the type assertion
as { items: ConnectionEntity[] }works but loses type safety. If the tool's output schema is available, consider using proper generics or importing the output type directly.apps/mesh/src/tools/client.ts (1)
87-120: Good error handling and routing logic.The unified tool caller correctly:
- Routes to connection-specific or mesh API endpoints based on
connectionId- Includes
credentials: "include"for authentication- Handles HTTP errors explicitly
- Falls back from
structuredContentto rawresultif neededHowever, note the inconsistency with the
fetcherproxy (lines 35-71) which lackscredentials: "include"and HTTP error handling. Consider aligning both implementations for consistency.const response = await fetch(`/mcp`, { method: "POST", body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "tools/call", params: { name: tool, arguments: params, }, }), headers: { "Content-Type": "application/json", Accept: "application/json, text/event-stream", }, + credentials: "include", ...init, }); +if (!response.ok) { + throw new Error(`HTTP error! status: ${response.status}`); +} + const json = await parseSSEResponseAsJson(response);apps/mesh/src/tools/connection/schema.ts (1)
72-76: Consider replacingz.any()with a more specific schema for tools.Using
z.any()for the tools array loses type safety. Consider defining aToolDefinitionSchemaor at minimum usingz.unknown()which is slightly stricter.- tools: z - .array(z.any()) + tools: z + .array(z.object({ + name: z.string(), + description: z.string().optional(), + inputSchema: z.record(z.unknown()).optional(), + outputSchema: z.record(z.unknown()).optional(), + }))apps/mesh/src/web/routes/orgs/mcps.tsx (2)
1-7: Unifyuse-connectionsimports to a single module pathYou import
useConnections/ConnectionEntityfrom"@/web/hooks/use-connections"anduseConnectionsCollectionfrom"../../hooks/use-connections". This can create duplicate module identities depending on path mapping and also breaks import sorting.Recommend importing everything from the alias path:
-import { - useConnections, - type ConnectionEntity, -} from "@/web/hooks/use-connections"; +import { + useConnections, + type ConnectionEntity, + useConnectionsCollection, +} from "@/web/hooks/use-connections"; @@ -import { useConnectionsCollection } from "../../hooks/use-connections";Also applies to: 56-56
461-481: List state integration is clean; avoid unsafe cast forcollection.utilsWiring
listStatethroughResourceHeader, the card grid, andResourceTable(sort key/direction, filters, view mode) is cohesive and keeps UI state centralized. The conditional rendering (connections.length === 0, cards vs table) reads clearly.One improvement: the refresh handler currently relies on an untyped cast:
onRefresh={() => (collection.utils as { refetch?: () => void }).refetch?.() }To avoid this brittle cast, it would be better if
useConnectionsCollection(oruseConnections) exposed a properly typedrefetch/refreshfunction you can call directly, e.g.:const collection = useConnectionsCollection(); // ... onRefresh={collection.refetch}(or similar, depending on the actual API). That keeps the contract localized to the hook and prevents this component from depending on
utils’ internal shape.Also applies to: 470-471, 501-501, 511-511, 518-518, 532-532, 546-546, 608-613
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
bun.lockbis excluded by!**/bun.lockb
📒 Files selected for processing (36)
apps/mesh/package.json(2 hunks)apps/mesh/src/tools/client.ts(1 hunks)apps/mesh/src/tools/connection/create.ts(3 hunks)apps/mesh/src/tools/connection/delete.ts(1 hunks)apps/mesh/src/tools/connection/get.ts(2 hunks)apps/mesh/src/tools/connection/index.ts(1 hunks)apps/mesh/src/tools/connection/list.ts(5 hunks)apps/mesh/src/tools/connection/schema.ts(1 hunks)apps/mesh/src/tools/connection/update.ts(2 hunks)apps/mesh/src/tools/index.ts(1 hunks)apps/mesh/src/web/components/create-organization-dialog.tsx(1 hunks)apps/mesh/src/web/components/deco-chat-panel.tsx(4 hunks)apps/mesh/src/web/hooks/collections/EXAMPLES.md(0 hunks)apps/mesh/src/web/hooks/collections/MIGRATION_EXAMPLE.md(0 hunks)apps/mesh/src/web/hooks/collections/README.md(0 hunks)apps/mesh/src/web/hooks/collections/SUMMARY.md(0 hunks)apps/mesh/src/web/hooks/collections/index.ts(0 hunks)apps/mesh/src/web/hooks/collections/types.ts(0 hunks)apps/mesh/src/web/hooks/collections/use-collection-item.ts(0 hunks)apps/mesh/src/web/hooks/collections/use-collection-mutations.ts(0 hunks)apps/mesh/src/web/hooks/collections/use-collection-query.ts(0 hunks)apps/mesh/src/web/hooks/collections/use-connection-collections.ts(0 hunks)apps/mesh/src/web/hooks/collections/use-models-collection.ts(0 hunks)apps/mesh/src/web/hooks/collections/utils.ts(0 hunks)apps/mesh/src/web/hooks/use-collections.ts(1 hunks)apps/mesh/src/web/hooks/use-connections.ts(1 hunks)apps/mesh/src/web/hooks/use-list-state.ts(1 hunks)apps/mesh/src/web/hooks/use-models-binding.ts(3 hunks)apps/mesh/src/web/index.tsx(1 hunks)apps/mesh/src/web/routes/orgs/mcp-inspector.tsx(6 hunks)apps/mesh/src/web/routes/orgs/mcps.tsx(10 hunks)apps/mesh/src/web/routes/orgs/settings.tsx(3 hunks)apps/web/package.json(1 hunks)packages/bindings/README.md(1 hunks)packages/bindings/src/well-known/collections.ts(3 hunks)packages/sdk/package.json(1 hunks)
💤 Files with no reviewable changes (12)
- apps/mesh/src/web/hooks/collections/README.md
- apps/mesh/src/web/hooks/collections/EXAMPLES.md
- apps/mesh/src/web/hooks/collections/SUMMARY.md
- apps/mesh/src/web/hooks/collections/use-collection-item.ts
- apps/mesh/src/web/hooks/collections/index.ts
- apps/mesh/src/web/hooks/collections/types.ts
- apps/mesh/src/web/hooks/collections/use-collection-query.ts
- apps/mesh/src/web/hooks/collections/use-models-collection.ts
- apps/mesh/src/web/hooks/collections/use-connection-collections.ts
- apps/mesh/src/web/hooks/collections/use-collection-mutations.ts
- apps/mesh/src/web/hooks/collections/MIGRATION_EXAMPLE.md
- apps/mesh/src/web/hooks/collections/utils.ts
🧰 Additional context used
📓 Path-based instructions (10)
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (.cursor/rules/data-flow.mdc)
**/*.{ts,tsx,js,jsx}: MCP tools must be registered with strict typing using Tool interface with name, description, inputSchema (Zod), outputSchema (Zod), and handler
Tool handlers must explicitly call context.resourceAccess.grant() after authorization checks are passed
MCPClient calls must include proper HTTP headers with Authorization Bearer token and Content-Type application/json
React Query query keys must be defined using consistent patterns in a KEYS object with workspace and resource-specific parameters
React Query mutations must implement optimistic updates with onMutate, onError rollback, and cache invalidation using KEYS patterns
All MCP tool names must follow the pattern {RESOURCE}_{ACTION} (e.g., AGENTS_CREATE, THREADS_LIST)
Always use slug-based authorization for team resources instead of IDs when checking workspace/team access
Tool groups must automatically become virtual integrations accessible via i:{group-name} convention
Tool handlers must return objects instead of nullable primitives as per MCP requirements
**/*.{ts,tsx,js,jsx}: Use MicroDollar class for all monetary calculations to avoid floating-point precision issues - create instances via fromDollars(), fromCents(), or fromMicrodollarString() methods
Use string format for MicroDollar amounts: small amounts as '500000' (= $0.50), large amounts with underscores as '1_500000' (= $1.50), and negative amounts as '-1_500000' (= -$1.50)
Reference well-known plan IDs for standard tiers: FREE (00000000-0000-0000-0000-000000000001), STARTER (00000000-0000-0000-0000-000000000002), GROWTH (00000000-0000-0000-0000-000000000003), SCALE (00000000-0000-0000-0000-000000000004)
Remove trial credit system - do not use trial credit wallets, payer fields in transactions, or automatic trial credit rewards; all credit systems should be plan-based
**/*.{ts,tsx,js,jsx}: Use PascalCase for component and class names
Use camelCase for hooks and utility functions
Flag follow-up work with TODOs linked to issues
Files:
apps/mesh/src/web/hooks/use-connections.tsapps/mesh/src/web/index.tsxapps/mesh/src/tools/index.tsapps/mesh/src/tools/client.tsapps/mesh/src/tools/connection/schema.tsapps/mesh/src/tools/connection/update.tsapps/mesh/src/tools/connection/index.tsapps/mesh/src/tools/connection/delete.tsapps/mesh/src/web/hooks/use-list-state.tspackages/bindings/src/well-known/collections.tsapps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/web/components/create-organization-dialog.tsxapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/tools/connection/create.tsapps/mesh/src/tools/connection/get.tsapps/mesh/src/tools/connection/list.tsapps/mesh/src/web/hooks/use-models-binding.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/web/routes/orgs/settings.tsx
**/*.{ts,tsx,jsx}
📄 CodeRabbit inference engine (.cursor/rules/data-flow.mdc)
**/*.{ts,tsx,jsx}: Frontend hooks must use useSuspenseQuery for critical data and include proper loading and error state handling
All scoped API calls must include locator parameter for proper resource identification
Files:
apps/mesh/src/web/hooks/use-connections.tsapps/mesh/src/web/index.tsxapps/mesh/src/tools/index.tsapps/mesh/src/tools/client.tsapps/mesh/src/tools/connection/schema.tsapps/mesh/src/tools/connection/update.tsapps/mesh/src/tools/connection/index.tsapps/mesh/src/tools/connection/delete.tsapps/mesh/src/web/hooks/use-list-state.tspackages/bindings/src/well-known/collections.tsapps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/web/components/create-organization-dialog.tsxapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/tools/connection/create.tsapps/mesh/src/tools/connection/get.tsapps/mesh/src/tools/connection/list.tsapps/mesh/src/web/hooks/use-models-binding.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/web/routes/orgs/settings.tsx
**/*.{ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/react-ts.mdc)
**/*.{ts,tsx}: Write concise, maintainable, and technically accurate TypeScript code with relevant examples
Use functional and declarative programming patterns; avoid classes
Use descriptive variable names with auxiliary verbs (e.g., isLoading, hasError)
Favor named exports for functions
Use TypeScript for all code; prefer interfaces over types for their extendability and ability to merge
Avoid enums; use maps instead for better type safety and flexibility
Use functional components with TypeScript interfaces
Use the "function" keyword for pure functions to benefit from hoisting and clarity
Favor using the already-present UI components in thepackages/uifolder instead of creating custom components
Use useMemo for expensive computations in React components to optimize performance
Use useDeferredValue for search operations to prevent blocking user input
Always use UI Components from the design system (@deco/ui) and avoid creating custom components that duplicate design system functionality
Prefer React Hook Form over useState for form management with proper validation using zod
Avoid prop drilling with form data by using Form Context instead
Use design system Form components with proper error handling and validation messaging
Ensure stable references in dependency arrays by memoizing objects and arrays created inline
Implement consistent error and loading state handling in React components with proper UI feedback
For DOM manipulation features like theme editors, apply changes immediately to DOM while debouncing state persistence
Use custom events (window.dispatchEvent) for coordinating updates across unrelated components
Implement single-level undo that reverts to the saved state, not just the previous change
Use useSetThreadContextEffect to provide rules and tools to AI chat threads with explicit union types for TypeScript
Extract complex logic from JSX into separate components instead of using immediately invoked function expressions (IIFEs)Favor TypeScript ty...
Files:
apps/mesh/src/web/hooks/use-connections.tsapps/mesh/src/web/index.tsxapps/mesh/src/tools/index.tsapps/mesh/src/tools/client.tsapps/mesh/src/tools/connection/schema.tsapps/mesh/src/tools/connection/update.tsapps/mesh/src/tools/connection/index.tsapps/mesh/src/tools/connection/delete.tsapps/mesh/src/web/hooks/use-list-state.tspackages/bindings/src/well-known/collections.tsapps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/web/components/create-organization-dialog.tsxapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/tools/connection/create.tsapps/mesh/src/tools/connection/get.tsapps/mesh/src/tools/connection/list.tsapps/mesh/src/web/hooks/use-models-binding.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/web/routes/orgs/settings.tsx
**/*
📄 CodeRabbit inference engine (.cursor/rules/react-ts.mdc)
Use lowercase with dashes for directory names (e.g., components/auth-wizard)
Files:
apps/mesh/src/web/hooks/use-connections.tsapps/web/package.jsonapps/mesh/src/web/index.tsxpackages/sdk/package.jsonpackages/bindings/README.mdapps/mesh/src/tools/index.tsapps/mesh/src/tools/client.tsapps/mesh/src/tools/connection/schema.tsapps/mesh/src/tools/connection/update.tsapps/mesh/package.jsonapps/mesh/src/tools/connection/index.tsapps/mesh/src/tools/connection/delete.tsapps/mesh/src/web/hooks/use-list-state.tspackages/bindings/src/well-known/collections.tsapps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/web/components/create-organization-dialog.tsxapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/tools/connection/create.tsapps/mesh/src/tools/connection/get.tsapps/mesh/src/tools/connection/list.tsapps/mesh/src/web/hooks/use-models-binding.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/web/routes/orgs/settings.tsx
**/*.{js,ts,tsx,jsx,json}
📄 CodeRabbit inference engine (AGENTS.md)
Biome enforces two-space indentation and double quotes
Files:
apps/mesh/src/web/hooks/use-connections.tsapps/web/package.jsonapps/mesh/src/web/index.tsxpackages/sdk/package.jsonapps/mesh/src/tools/index.tsapps/mesh/src/tools/client.tsapps/mesh/src/tools/connection/schema.tsapps/mesh/src/tools/connection/update.tsapps/mesh/package.jsonapps/mesh/src/tools/connection/index.tsapps/mesh/src/tools/connection/delete.tsapps/mesh/src/web/hooks/use-list-state.tspackages/bindings/src/well-known/collections.tsapps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/web/components/create-organization-dialog.tsxapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/tools/connection/create.tsapps/mesh/src/tools/connection/get.tsapps/mesh/src/tools/connection/list.tsapps/mesh/src/web/hooks/use-models-binding.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/web/routes/orgs/settings.tsx
**/*.{js,ts,tsx,jsx}
📄 CodeRabbit inference engine (AGENTS.md)
Keep imports sorted
Files:
apps/mesh/src/web/hooks/use-connections.tsapps/mesh/src/web/index.tsxapps/mesh/src/tools/index.tsapps/mesh/src/tools/client.tsapps/mesh/src/tools/connection/schema.tsapps/mesh/src/tools/connection/update.tsapps/mesh/src/tools/connection/index.tsapps/mesh/src/tools/connection/delete.tsapps/mesh/src/web/hooks/use-list-state.tspackages/bindings/src/well-known/collections.tsapps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/web/components/create-organization-dialog.tsxapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/tools/connection/create.tsapps/mesh/src/tools/connection/get.tsapps/mesh/src/tools/connection/list.tsapps/mesh/src/web/hooks/use-models-binding.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/web/routes/orgs/settings.tsx
**/*.{ts,tsx,js,jsx,tailwind.config.ts,tailwind.config.js}
📄 CodeRabbit inference engine (AGENTS.md)
Keep Tailwind design tokens consistent via
plugins/ensure-tailwind-design-system-tokens.tsor risk build failure
Files:
apps/mesh/src/web/hooks/use-connections.tsapps/mesh/src/web/index.tsxapps/mesh/src/tools/index.tsapps/mesh/src/tools/client.tsapps/mesh/src/tools/connection/schema.tsapps/mesh/src/tools/connection/update.tsapps/mesh/src/tools/connection/index.tsapps/mesh/src/tools/connection/delete.tsapps/mesh/src/web/hooks/use-list-state.tspackages/bindings/src/well-known/collections.tsapps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/web/components/create-organization-dialog.tsxapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/tools/connection/create.tsapps/mesh/src/tools/connection/get.tsapps/mesh/src/tools/connection/list.tsapps/mesh/src/web/hooks/use-models-binding.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/web/routes/orgs/settings.tsx
**/package.json
📄 CodeRabbit inference engine (.cursor/rules/structure.mdc)
Use Bun for dependency management, task running, and TypeScript tooling
Files:
apps/web/package.jsonpackages/sdk/package.jsonapps/mesh/package.json
packages/**/*
📄 CodeRabbit inference engine (AGENTS.md)
Enforce kebab-case filenames in shared packages via
plugins/enforce-kebab-case-file-names.ts
Files:
packages/sdk/package.jsonpackages/bindings/README.mdpackages/bindings/src/well-known/collections.ts
**/components/**/*.{tsx,jsx}
📄 CodeRabbit inference engine (.cursor/rules/wallet.mdc)
**/components/**/*.{tsx,jsx}: Use the Protect component with plan-based checks (e.g., !plan.isAtSeatLimit) instead of feature-based checks to conditionally render UI features
Format monetary display values using MicroDollar.display() for currency strings (e.g., '$1.50') and MicroDollar.toDollars() for numeric values
Files:
apps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/web/components/create-organization-dialog.tsx
🧠 Learnings (36)
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to packages/sdk/src/hooks/**/*.ts : Create React Query hooks with `useQuery` for data fetching and `useMutation` for updates. Invalidate related query keys in `onSuccess` callback to keep data in sync
Applied to files:
apps/mesh/src/web/hooks/use-connections.tsapps/web/package.jsonpackages/sdk/package.jsonapps/mesh/package.jsonapps/mesh/src/web/hooks/use-list-state.tsapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/web/hooks/use-models-binding.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:07:07.931Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/structure.mdc:0-0
Timestamp: 2025-11-24T22:07:07.931Z
Learning: Applies to apps/web/src/**/*.{tsx,ts} : Use React 19 for UI development in the decocms admin shell and marketplace
Applied to files:
apps/web/package.jsonapps/mesh/src/web/index.tsxpackages/sdk/package.jsonapps/mesh/package.jsonapps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:07:07.931Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/structure.mdc:0-0
Timestamp: 2025-11-24T22:07:07.931Z
Learning: Applies to **/package.json : Use Bun for dependency management, task running, and TypeScript tooling
Applied to files:
apps/web/package.jsonapps/mesh/package.json
📚 Learning: 2025-11-24T22:07:56.973Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: docs/.cursor/rules/main.mdc:0-0
Timestamp: 2025-11-24T22:07:56.973Z
Learning: Applies to docs/server/**/*.ts : Use Zod for schema validation in tool inputSchema and outputSchema definitions
Applied to files:
apps/mesh/src/web/index.tsxapps/mesh/src/tools/connection/schema.tspackages/bindings/src/well-known/collections.tsapps/mesh/src/web/components/create-organization-dialog.tsxapps/mesh/src/tools/connection/create.ts
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : Create MCP API module files at path `packages/sdk/src/mcp/{feature}/api.ts` with proper imports from Zod, error handlers, storage, assertions, and context utilities
Applied to files:
apps/mesh/src/web/index.tsxapps/mesh/src/tools/client.tsapps/mesh/src/tools/connection/schema.tsapps/mesh/src/web/components/create-organization-dialog.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:05:44.343Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/deconfig.mdc:0-0
Timestamp: 2025-11-24T22:05:44.343Z
Learning: Applies to packages/sdk/src/mcp/deconfig/**/*.ts : Use full TypeScript interfaces for all data structures with generated RPC types for tool integration and Zod schema validation where needed
Applied to files:
apps/mesh/src/web/index.tsxapps/mesh/src/tools/index.tsapps/mesh/src/tools/client.tsapps/mesh/src/tools/connection/schema.tsapps/mesh/src/tools/connection/update.tsapps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/web/components/create-organization-dialog.tsxapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/tools/connection/create.tsapps/mesh/src/tools/connection/list.tsapps/mesh/src/web/hooks/use-models-binding.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/web/routes/orgs/settings.tsx
📚 Learning: 2025-11-24T22:07:07.931Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/structure.mdc:0-0
Timestamp: 2025-11-24T22:07:07.931Z
Learning: Applies to apps/web/src/**/*.{ts,tsx} : Use the SDK from `/packages/sdk` for data access, MCP integrations, and runtime helpers
Applied to files:
apps/mesh/src/web/index.tsxapps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : Use TypeScript interfaces and types to clearly define data structures alongside Zod schemas for runtime validation
Applied to files:
apps/mesh/src/web/index.tsxapps/mesh/src/tools/connection/schema.tspackages/bindings/src/well-known/collections.tsapps/mesh/src/web/components/create-organization-dialog.tsxapps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : Define table constants, query selection strings, and Zod schemas at the top of API modules before tool implementations
Applied to files:
apps/mesh/src/web/index.tsxapps/mesh/src/tools/index.tsapps/mesh/src/tools/client.tsapps/mesh/src/tools/connection/schema.tsapps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/web/components/create-organization-dialog.tsxapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/tools/connection/list.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/index.ts : Export all MCP API tools in `packages/sdk/src/mcp/index.ts` by importing the API module and adding tools to the `WORKSPACE_TOOLS` array
Applied to files:
apps/mesh/src/tools/index.tsapps/mesh/src/tools/client.tsapps/mesh/src/tools/connection/schema.tsapps/mesh/src/tools/connection/index.tsapps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/web/hooks/use-models-binding.tsapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : Use `createToolGroup` helper to organize related MCP tools with consistent naming, descriptions, and icons
Applied to files:
apps/mesh/src/tools/index.tsapps/mesh/src/tools/client.tsapps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/tools/connection/create.tsapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to packages/sdk/src/mcp/index.ts : Register project-scoped and org-level tools in the appropriate collection: PROJECT_TOOLS for project-scoped features, ORG_TOOLS for org-level features that don't need project context
Applied to files:
apps/mesh/src/tools/index.tsapps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/tools/connection/list.tsapps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/web/routes/orgs/settings.tsx
📚 Learning: 2025-11-24T22:05:44.343Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/deconfig.mdc:0-0
Timestamp: 2025-11-24T22:05:44.343Z
Learning: Applies to packages/sdk/src/mcp/deconfig/**/*.ts : Reuse merge() by composing diff() + transactionalWrite(), and reuse transactionalWrite() with internal method for different scenarios to promote code reuse and consistency
Applied to files:
apps/mesh/src/tools/index.tsapps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/web/hooks/use-models-binding.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:05:44.343Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/deconfig.mdc:0-0
Timestamp: 2025-11-24T22:05:44.343Z
Learning: Applies to packages/sdk/src/mcp/deconfig/**/*.ts : Implement diff operations supporting cross-namespace diffing and returning only differences (add/modify/delete) with prefix-aware functionality
Applied to files:
apps/mesh/src/tools/index.tsapps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:05:20.497Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/data-flow.mdc:0-0
Timestamp: 2025-11-24T22:05:20.497Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : MCP tools must be registered with strict typing using Tool interface with name, description, inputSchema (Zod), outputSchema (Zod), and handler
Applied to files:
apps/mesh/src/tools/client.tsapps/mesh/src/tools/connection/schema.tsapps/mesh/src/tools/connection/update.tsapps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/tools/connection/list.tsapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:07:56.973Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: docs/.cursor/rules/main.mdc:0-0
Timestamp: 2025-11-24T22:07:56.973Z
Learning: Applies to docs/server/main.ts : Define tools in server using `createTool` with id, description, inputSchema (Zod), outputSchema (Zod), and execute function
Applied to files:
apps/mesh/src/tools/client.tsapps/mesh/src/tools/connection/create.tsapps/mesh/src/tools/connection/get.tsapps/mesh/src/tools/connection/list.tsapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:05:20.497Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/data-flow.mdc:0-0
Timestamp: 2025-11-24T22:05:20.497Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Tool handlers must return objects instead of nullable primitives as per MCP requirements
Applied to files:
apps/mesh/src/tools/client.ts
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to packages/sdk/src/mcp/**/*.ts : Use drizzle for database operations in MCP tool handlers: `c.drizzle.update(organizations).set({...}).where(eq(...)).returning()`
Applied to files:
apps/mesh/src/tools/client.tsapps/mesh/src/tools/connection/schema.tsapps/mesh/src/tools/connection/update.tsapps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/tools/connection/list.tsapps/mesh/src/web/hooks/use-models-binding.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/web/routes/orgs/settings.tsx
📚 Learning: 2025-11-24T22:05:20.497Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/data-flow.mdc:0-0
Timestamp: 2025-11-24T22:05:20.497Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : All MCP tool names must follow the pattern {RESOURCE}_{ACTION} (e.g., AGENTS_CREATE, THREADS_LIST)
Applied to files:
apps/mesh/src/tools/client.ts
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : Define both input and output Zod schemas for MCP tools to validate and document parameter types and return values
Applied to files:
apps/mesh/src/tools/connection/schema.tspackages/bindings/src/well-known/collections.tsapps/mesh/src/tools/connection/create.ts
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to apps/web/src/components/**/{{feature}}-resource-list.tsx : Create resource list component that tracks native view visits using `useTrackNativeViewVisit()` with viewId, viewTitle, viewIcon, viewPath, and projectKey
Applied to files:
apps/mesh/src/web/hooks/use-list-state.tsapps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:56.132Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/react-ts.mdc:0-0
Timestamp: 2025-11-24T22:06:56.132Z
Learning: Applies to **/*.{ts,tsx} : Prefer React Hook Form over useState for form management with proper validation using zod
Applied to files:
apps/mesh/src/web/hooks/use-list-state.tsapps/mesh/src/web/components/create-organization-dialog.tsxapps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to apps/web/src/components/**/*.tsx : Use explicit union type syntax for `threadContextItems` in AI chat integration: `Array<{ id: string; type: 'rule'; text: string } | { id: string; type: 'toolset'; integrationId: string; enabledTools: string[] }>`
Applied to files:
apps/mesh/src/web/hooks/use-list-state.tsapps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to apps/web/src/components/chat/**/*.tsx : Invalidate related query caches when AI updates via tool calls. Use queryKey patterns like `['org-setting', org]` and refetch immediately: `queryClient.refetchQueries({ queryKey: [...] })`
Applied to files:
apps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/web/hooks/use-models-binding.tsapps/mesh/src/web/routes/orgs/settings.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to apps/web/src/components/**/*context-resources*.tsx : The IntegrationToolsetDisplay component automatically discovers and displays tools from an integration. Fetch tools via `useTools(integration.connection)` and render from the returned tools array
Applied to files:
apps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/web/hooks/use-models-binding.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/web/routes/orgs/settings.tsx
📚 Learning: 2025-11-24T22:06:56.132Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/react-ts.mdc:0-0
Timestamp: 2025-11-24T22:06:56.132Z
Learning: Follow established data patterns from MCP (Model Context Protocol) Tools for consistent data fetching
Applied to files:
apps/mesh/src/web/components/deco-chat-panel.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to packages/sdk/src/mcp/**/*.ts : For org-level features, do NOT accept `orgId` in tool input. Always auto-resolve org ID from context using `getOrgIdFromContext(c)` to ensure proper context binding
Applied to files:
apps/mesh/src/web/components/deco-chat-panel.tsxapps/mesh/src/web/components/create-organization-dialog.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:06:56.132Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/react-ts.mdc:0-0
Timestamp: 2025-11-24T22:06:56.132Z
Learning: Applies to **/*.{ts,tsx} : Use design system Form components with proper error handling and validation messaging
Applied to files:
apps/mesh/src/web/components/create-organization-dialog.tsxapps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:56.132Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/react-ts.mdc:0-0
Timestamp: 2025-11-24T22:06:56.132Z
Learning: Applies to **/*.{ts,tsx} : Avoid prop drilling with form data by using Form Context instead
Applied to files:
apps/mesh/src/web/components/create-organization-dialog.tsxapps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:05:44.343Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/deconfig.mdc:0-0
Timestamp: 2025-11-24T22:05:44.343Z
Learning: Applies to packages/sdk/src/mcp/deconfig/**/*.ts : Store Namespace Durable Object state in SQLite with two tables: namespace_state (current tree state and metadata) and patches (historical delta-based changes)
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:05:20.497Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/data-flow.mdc:0-0
Timestamp: 2025-11-24T22:05:20.497Z
Learning: Applies to **/*.{ts,tsx,jsx} : Frontend hooks must use useSuspenseQuery for critical data and include proper loading and error state handling
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:07:07.931Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/structure.mdc:0-0
Timestamp: 2025-11-24T22:07:07.931Z
Learning: Applies to apps/web/src/**/*.{tsx,ts} : Use shadcn/ui design system components from `/packages/ui` for shared UI elements
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:05:20.497Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/data-flow.mdc:0-0
Timestamp: 2025-11-24T22:05:20.497Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : React Query mutations must implement optimistic updates with onMutate, onError rollback, and cache invalidation using KEYS patterns
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to apps/web/src/components/**/{{feature}}-resource-list.tsx : Use `useMemo` to resolve viewId from team views based on title: `const view = views.find((v) => v.title === 'Feature Editor'); return view?.id`
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:56.132Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/react-ts.mdc:0-0
Timestamp: 2025-11-24T22:06:56.132Z
Learning: Applies to **/*.{ts,tsx} : Always use UI Components from the design system (deco/ui) and avoid creating custom components that duplicate design system functionality
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:56.132Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/react-ts.mdc:0-0
Timestamp: 2025-11-24T22:06:56.132Z
Learning: Applies to **/*.{ts,tsx} : Implement consistent error and loading state handling in React components with proper UI feedback
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
🧬 Code graph analysis (5)
apps/mesh/src/web/hooks/use-connections.ts (3)
apps/mesh/src/web/hooks/use-collections.ts (5)
createCollectionFromToolCaller(85-293)CollectionFilter(298-303)UseCollectionListOptions(308-321)useCollectionList(330-407)useCollectionItem(416-435)apps/mesh/src/tools/connection/index.ts (1)
ConnectionEntity(36-36)apps/mesh/src/tools/client.ts (1)
createToolCaller(87-121)
apps/mesh/src/tools/connection/schema.ts (2)
apps/mesh/src/tools/connection/index.ts (3)
ConnectionEntitySchema(34-34)ConnectionEntity(36-36)connectionToEntity(35-35)apps/mesh/src/web/hooks/use-connections.ts (1)
ConnectionEntity(85-85)
apps/mesh/src/tools/connection/update.ts (3)
apps/mesh/src/tools/connection/schema.ts (3)
ConnectionUpdateDataSchema(164-164)ConnectionEntitySchema(15-86)connectionToEntity(97-128)apps/mesh/src/tools/connection/index.ts (3)
ConnectionEntitySchema(34-34)connectionToEntity(35-35)CONNECTION_UPDATE(22-22)docs/examples/themed-view-example.jsx (1)
data(18-18)
apps/mesh/src/web/hooks/use-list-state.ts (5)
packages/bindings/src/well-known/collections.ts (1)
BaseCollectionEntity(363-363)packages/ui/src/components/filter-bar.tsx (1)
Filter(40-45)packages/ui/src/hooks/use-persisted-filters.ts (1)
usePersistedFilters(5-32)packages/ui/src/hooks/use-view-mode.ts (1)
useViewMode(6-37)packages/ui/src/hooks/use-sortable.ts (1)
useSortable(14-43)
apps/mesh/src/web/routes/orgs/mcps.tsx (5)
apps/mesh/src/tools/connection/schema.ts (2)
ConnectionEntitySchema(15-86)ConnectionEntity(91-91)apps/mesh/src/tools/connection/index.ts (2)
ConnectionEntitySchema(34-34)ConnectionEntity(36-36)apps/mesh/src/web/providers/project-context-provider.tsx (1)
useProjectContext(10-21)apps/mesh/src/web/hooks/use-list-state.ts (1)
useListState(46-113)apps/mesh/src/web/hooks/use-connections.ts (3)
ConnectionEntity(85-85)useConnectionsCollection(46-48)useConnections(66-69)
🪛 ast-grep (0.40.0)
apps/mesh/src/tools/connection/list.ts
[warning] 176-176: Regular expression constructed from variable input detected. This can lead to Regular Expression Denial of Service (ReDoS) attacks if the variable contains malicious patterns. Use libraries like 'recheck' to validate regex safety or use static patterns.
Context: new RegExp(^${pattern}$, "i")
Note: [CWE-1333] Inefficient Regular Expression Complexity [REFERENCES]
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
- https://cwe.mitre.org/data/definitions/1333.html
(regexp-from-variable)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: test
There was a problem hiding this comment.
Actionable comments posted: 3
♻️ Duplicate comments (2)
apps/mesh/src/tools/connection/update.ts (1)
75-84: TOCTOU issue properly resolved.The authorization check now correctly occurs before the mutation by first fetching the connection, verifying ownership, and only then applying the update. This addresses the security concern from the previous review.
apps/mesh/src/web/routes/orgs/mcps.tsx (1)
182-184: Clarify token update behavior for users.The conditional
if (data.connectionToken)means an empty token field preserves the existing token. There's currently no way to clear an existing token through the UI.Consider one of these approaches:
Document the behavior - Add helper text to the token field:
<FormLabel>Token (optional)</FormLabel> <FormDescription>Leave blank to keep existing token</FormDescription>Add explicit clear mechanism - Include a "Clear token" checkbox or button so users can intentionally remove a token
Based on past review comments.
🧹 Nitpick comments (1)
apps/mesh/src/tools/connection/list.ts (1)
281-292: Consider extracting binding resolution logic.The IIFE pattern for binding definition is functional but extracting this to a helper function would improve readability and testability.
Consider extracting to a helper:
function resolveBindingDefinition(binding: unknown): Binder { if (typeof binding === "string") { const wellKnownBinding = BUILTIN_BINDING_CHECKERS[binding.toUpperCase()]; if (!wellKnownBinding) { throw new Error(`Unknown binding: ${binding}`); } return wellKnownBinding; } return binding as Binder; } // Then in handler: const bindingDefinition: Binder | undefined = input.binding ? resolveBindingDefinition(input.binding) : undefined;
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (6)
apps/mesh/src/tools/connection/delete.ts(1 hunks)apps/mesh/src/tools/connection/list.ts(5 hunks)apps/mesh/src/tools/connection/update.ts(2 hunks)apps/mesh/src/web/hooks/use-collections.ts(1 hunks)apps/mesh/src/web/routes/orgs/mcp-inspector.tsx(6 hunks)apps/mesh/src/web/routes/orgs/mcps.tsx(12 hunks)
🧰 Additional context used
📓 Path-based instructions (7)
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (.cursor/rules/data-flow.mdc)
**/*.{ts,tsx,js,jsx}: MCP tools must be registered with strict typing using Tool interface with name, description, inputSchema (Zod), outputSchema (Zod), and handler
Tool handlers must explicitly call context.resourceAccess.grant() after authorization checks are passed
MCPClient calls must include proper HTTP headers with Authorization Bearer token and Content-Type application/json
React Query query keys must be defined using consistent patterns in a KEYS object with workspace and resource-specific parameters
React Query mutations must implement optimistic updates with onMutate, onError rollback, and cache invalidation using KEYS patterns
All MCP tool names must follow the pattern {RESOURCE}_{ACTION} (e.g., AGENTS_CREATE, THREADS_LIST)
Always use slug-based authorization for team resources instead of IDs when checking workspace/team access
Tool groups must automatically become virtual integrations accessible via i:{group-name} convention
Tool handlers must return objects instead of nullable primitives as per MCP requirements
**/*.{ts,tsx,js,jsx}: Use MicroDollar class for all monetary calculations to avoid floating-point precision issues - create instances via fromDollars(), fromCents(), or fromMicrodollarString() methods
Use string format for MicroDollar amounts: small amounts as '500000' (= $0.50), large amounts with underscores as '1_500000' (= $1.50), and negative amounts as '-1_500000' (= -$1.50)
Reference well-known plan IDs for standard tiers: FREE (00000000-0000-0000-0000-000000000001), STARTER (00000000-0000-0000-0000-000000000002), GROWTH (00000000-0000-0000-0000-000000000003), SCALE (00000000-0000-0000-0000-000000000004)
Remove trial credit system - do not use trial credit wallets, payer fields in transactions, or automatic trial credit rewards; all credit systems should be plan-based
**/*.{ts,tsx,js,jsx}: Use PascalCase for component and class names
Use camelCase for hooks and utility functions
Flag follow-up work with TODOs linked to issues
Files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/tools/connection/delete.tsapps/mesh/src/tools/connection/update.tsapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/tools/connection/list.ts
**/*.{ts,tsx,jsx}
📄 CodeRabbit inference engine (.cursor/rules/data-flow.mdc)
**/*.{ts,tsx,jsx}: Frontend hooks must use useSuspenseQuery for critical data and include proper loading and error state handling
All scoped API calls must include locator parameter for proper resource identification
Files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/tools/connection/delete.tsapps/mesh/src/tools/connection/update.tsapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/tools/connection/list.ts
**/*.{ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/react-ts.mdc)
**/*.{ts,tsx}: Write concise, maintainable, and technically accurate TypeScript code with relevant examples
Use functional and declarative programming patterns; avoid classes
Use descriptive variable names with auxiliary verbs (e.g., isLoading, hasError)
Favor named exports for functions
Use TypeScript for all code; prefer interfaces over types for their extendability and ability to merge
Avoid enums; use maps instead for better type safety and flexibility
Use functional components with TypeScript interfaces
Use the "function" keyword for pure functions to benefit from hoisting and clarity
Favor using the already-present UI components in thepackages/uifolder instead of creating custom components
Use useMemo for expensive computations in React components to optimize performance
Use useDeferredValue for search operations to prevent blocking user input
Always use UI Components from the design system (@deco/ui) and avoid creating custom components that duplicate design system functionality
Prefer React Hook Form over useState for form management with proper validation using zod
Avoid prop drilling with form data by using Form Context instead
Use design system Form components with proper error handling and validation messaging
Ensure stable references in dependency arrays by memoizing objects and arrays created inline
Implement consistent error and loading state handling in React components with proper UI feedback
For DOM manipulation features like theme editors, apply changes immediately to DOM while debouncing state persistence
Use custom events (window.dispatchEvent) for coordinating updates across unrelated components
Implement single-level undo that reverts to the saved state, not just the previous change
Use useSetThreadContextEffect to provide rules and tools to AI chat threads with explicit union types for TypeScript
Extract complex logic from JSX into separate components instead of using immediately invoked function expressions (IIFEs)Favor TypeScript ty...
Files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/tools/connection/delete.tsapps/mesh/src/tools/connection/update.tsapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/tools/connection/list.ts
**/*
📄 CodeRabbit inference engine (.cursor/rules/react-ts.mdc)
Use lowercase with dashes for directory names (e.g., components/auth-wizard)
Files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/tools/connection/delete.tsapps/mesh/src/tools/connection/update.tsapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/tools/connection/list.ts
**/*.{js,ts,tsx,jsx,json}
📄 CodeRabbit inference engine (AGENTS.md)
Biome enforces two-space indentation and double quotes
Files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/tools/connection/delete.tsapps/mesh/src/tools/connection/update.tsapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/tools/connection/list.ts
**/*.{js,ts,tsx,jsx}
📄 CodeRabbit inference engine (AGENTS.md)
Keep imports sorted
Files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/tools/connection/delete.tsapps/mesh/src/tools/connection/update.tsapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/tools/connection/list.ts
**/*.{ts,tsx,js,jsx,tailwind.config.ts,tailwind.config.js}
📄 CodeRabbit inference engine (AGENTS.md)
Keep Tailwind design tokens consistent via
plugins/ensure-tailwind-design-system-tokens.tsor risk build failure
Files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/tools/connection/delete.tsapps/mesh/src/tools/connection/update.tsapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/tools/connection/list.ts
🧠 Learnings (36)
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to packages/sdk/src/mcp/**/*.ts : Use drizzle for database operations in MCP tool handlers: `c.drizzle.update(organizations).set({...}).where(eq(...)).returning()`
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/tools/connection/update.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/tools/connection/list.ts
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/index.ts : Export all MCP API tools in `packages/sdk/src/mcp/index.ts` by importing the API module and adding tools to the `WORKSPACE_TOOLS` array
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:05:44.343Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/deconfig.mdc:0-0
Timestamp: 2025-11-24T22:05:44.343Z
Learning: Applies to packages/sdk/src/mcp/deconfig/**/*.ts : Use full TypeScript interfaces for all data structures with generated RPC types for tool integration and Zod schema validation where needed
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/tools/connection/update.tsapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to packages/sdk/src/mcp/**/*.ts : For org-level features, do NOT accept `orgId` in tool input. Always auto-resolve org ID from context using `getOrgIdFromContext(c)` to ensure proper context binding
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/tools/connection/delete.ts
📚 Learning: 2025-11-24T22:05:44.343Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/deconfig.mdc:0-0
Timestamp: 2025-11-24T22:05:44.343Z
Learning: Applies to packages/sdk/src/mcp/deconfig/**/*.ts : Reuse merge() by composing diff() + transactionalWrite(), and reuse transactionalWrite() with internal method for different scenarios to promote code reuse and consistency
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : Create MCP API module files at path `packages/sdk/src/mcp/{feature}/api.ts` with proper imports from Zod, error handlers, storage, assertions, and context utilities
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to packages/sdk/src/mcp/index.ts : Register project-scoped and org-level tools in the appropriate collection: PROJECT_TOOLS for project-scoped features, ORG_TOOLS for org-level features that don't need project context
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/tools/connection/list.ts
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : Define table constants, query selection strings, and Zod schemas at the top of API modules before tool implementations
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/tools/connection/list.ts
📚 Learning: 2025-11-24T22:05:44.343Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/deconfig.mdc:0-0
Timestamp: 2025-11-24T22:05:44.343Z
Learning: Applies to packages/sdk/src/mcp/deconfig/**/*.ts : Implement diff operations supporting cross-namespace diffing and returning only differences (add/modify/delete) with prefix-aware functionality
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to apps/web/src/components/chat/**/*.tsx : Invalidate related query caches when AI updates via tool calls. Use queryKey patterns like `['org-setting', org]` and refetch immediately: `queryClient.refetchQueries({ queryKey: [...] })`
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to apps/web/src/components/**/*.tsx : Use explicit union type syntax for `threadContextItems` in AI chat integration: `Array<{ id: string; type: 'rule'; text: string } | { id: string; type: 'toolset'; integrationId: string; enabledTools: string[] }>`
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : Use the `QueryResult` pattern with explicit type annotations for all database queries to enable type-safe mapping
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : Always scope database queries to workspace using workspace-scoped queries and check workspace access with `assertWorkspaceResourceAccess(c)`
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:05:20.497Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/data-flow.mdc:0-0
Timestamp: 2025-11-24T22:05:20.497Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : MCP tools must be registered with strict typing using Tool interface with name, description, inputSchema (Zod), outputSchema (Zod), and handler
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/tools/connection/list.ts
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to packages/sdk/src/hooks/**/*.ts : Create React Query hooks with `useQuery` for data fetching and `useMutation` for updates. Invalidate related query keys in `onSuccess` callback to keep data in sync
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/web/hooks/use-collections.tsapps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to apps/web/src/components/**/*context-resources*.tsx : The IntegrationToolsetDisplay component automatically discovers and displays tools from an integration. Fetch tools via `useTools(integration.connection)` and render from the returned tools array
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:07:56.973Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: docs/.cursor/rules/main.mdc:0-0
Timestamp: 2025-11-24T22:07:56.973Z
Learning: Applies to docs/server/main.ts : Define tools in server using `createTool` with id, description, inputSchema (Zod), outputSchema (Zod), and execute function
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsxapps/mesh/src/tools/connection/list.ts
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : For org-level operations, do NOT accept orgId in input - always auto-resolve from context using `getOrgIdFromContext(c)` and use org slug (not numeric ID) for authorization checks
Applied to files:
apps/mesh/src/tools/connection/delete.tsapps/mesh/src/tools/connection/update.ts
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to packages/sdk/src/mcp/**/*.ts : Use `assertTeamResourceAccess` with **org slug** (not org ID) for authorization checks: `await assertTeamResourceAccess('TEAMS_UPDATE', orgSlug, c)` where `orgSlug = c.locator?.org`
Applied to files:
apps/mesh/src/tools/connection/delete.tsapps/mesh/src/tools/connection/update.ts
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : Always check workspace access before performing workspace-scoped operations using `assertWorkspaceResourceAccess(c)` or `assertTeamResourceAccess()` with organization slug
Applied to files:
apps/mesh/src/tools/connection/update.ts
📚 Learning: 2025-11-24T22:05:44.343Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/deconfig.mdc:0-0
Timestamp: 2025-11-24T22:05:44.343Z
Learning: Applies to packages/sdk/src/mcp/deconfig/**/*.ts : Store Namespace Durable Object state in SQLite with two tables: namespace_state (current tree state and metadata) and patches (historical delta-based changes)
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : Use TypeScript interfaces and types to clearly define data structures alongside Zod schemas for runtime validation
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:07:07.931Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/structure.mdc:0-0
Timestamp: 2025-11-24T22:07:07.931Z
Learning: Applies to apps/web/src/**/*.{ts,tsx} : Use the SDK from `/packages/sdk` for data access, MCP integrations, and runtime helpers
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:05:44.343Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/deconfig.mdc:0-0
Timestamp: 2025-11-24T22:05:44.343Z
Learning: Applies to packages/sdk/src/mcp/deconfig/**/*.ts : Implement patch-based history storing only deltas (not full trees) to achieve O(1) tree updates in Namespace Durable Object
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : Prefer Drizzle ORM (via `c.drizzle`) for all new database code; avoid `c.db` (Supabase client) except for legacy existing queries
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:07:07.931Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/structure.mdc:0-0
Timestamp: 2025-11-24T22:07:07.931Z
Learning: Applies to apps/web/src/**/*.{tsx,ts} : Use React 19 for UI development in the decocms admin shell and marketplace
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:05:20.497Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/data-flow.mdc:0-0
Timestamp: 2025-11-24T22:05:20.497Z
Learning: Applies to **/*.{ts,tsx,jsx} : Frontend hooks must use useSuspenseQuery for critical data and include proper loading and error state handling
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:07:07.931Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/structure.mdc:0-0
Timestamp: 2025-11-24T22:07:07.931Z
Learning: Applies to apps/web/src/**/*.{tsx,ts} : Use shadcn/ui design system components from `/packages/ui` for shared UI elements
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:05:20.497Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/data-flow.mdc:0-0
Timestamp: 2025-11-24T22:05:20.497Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : React Query mutations must implement optimistic updates with onMutate, onError rollback, and cache invalidation using KEYS patterns
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to apps/web/src/components/**/{{feature}}-resource-list.tsx : Use `useMemo` to resolve viewId from team views based on title: `const view = views.find((v) => v.title === 'Feature Editor'); return view?.id`
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:56.132Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/react-ts.mdc:0-0
Timestamp: 2025-11-24T22:06:56.132Z
Learning: Applies to **/*.{ts,tsx} : Always use UI Components from the design system (deco/ui) and avoid creating custom components that duplicate design system functionality
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:56.132Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/react-ts.mdc:0-0
Timestamp: 2025-11-24T22:06:56.132Z
Learning: Applies to **/*.{ts,tsx} : Prefer React Hook Form over useState for form management with proper validation using zod
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:56.132Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/react-ts.mdc:0-0
Timestamp: 2025-11-24T22:06:56.132Z
Learning: Applies to **/*.{ts,tsx} : Use design system Form components with proper error handling and validation messaging
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:56.132Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/react-ts.mdc:0-0
Timestamp: 2025-11-24T22:06:56.132Z
Learning: Applies to **/*.{ts,tsx} : Avoid prop drilling with form data by using Form Context instead
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:56.132Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/react-ts.mdc:0-0
Timestamp: 2025-11-24T22:06:56.132Z
Learning: Applies to **/*.{ts,tsx} : Implement consistent error and loading state handling in React components with proper UI feedback
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to apps/web/src/components/**/{{feature}}-resource-list.tsx : Create resource list component that tracks native view visits using `useTrackNativeViewVisit()` with viewId, viewTitle, viewIcon, viewPath, and projectKey
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
🧬 Code graph analysis (1)
apps/mesh/src/web/routes/orgs/mcp-inspector.tsx (4)
apps/mesh/src/web/hooks/use-connections.ts (2)
useConnection(77-80)ConnectionEntity(85-85)apps/mesh/src/tools/connection/schema.ts (1)
ConnectionEntity(91-91)apps/mesh/src/tools/connection/index.ts (1)
ConnectionEntity(36-36)apps/mesh/src/tools/client.ts (1)
createToolCaller(87-121)
🪛 ast-grep (0.40.0)
apps/mesh/src/tools/connection/list.ts
[warning] 182-182: Regular expression constructed from variable input detected. This can lead to Regular Expression Denial of Service (ReDoS) attacks if the variable contains malicious patterns. Use libraries like 'recheck' to validate regex safety or use static patterns.
Context: new RegExp(^${escaped}$, "i")
Note: [CWE-1333] Inefficient Regular Expression Complexity [REFERENCES]
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
- https://cwe.mitre.org/data/definitions/1333.html
(regexp-from-variable)
🪛 GitHub Actions: Tests
apps/mesh/src/web/routes/orgs/mcp-inspector.tsx
[error] 42-42: Formatter would format this file. Run 'bun run fmt' to apply formatting fixes.
[error] 40-42: Formatter would have printed the following content: - import { useConnection, type ConnectionEntity } from "@/web/hooks/use-connections"; + import {
useConnection,
type ConnectionEntity,
} from "@/web/hooks/use-connections";
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Cloudflare Pages
🔇 Additional comments (15)
apps/mesh/src/tools/connection/list.ts (10)
1-24: LGTM!The file header, imports, and schema imports are well-organized and follow the coding guidelines. Zod 4 is correctly imported from
zod/v3.
25-38: LGTM!Helper functions for logging and built-in binding checkers are correctly implemented with appropriate error handling.
40-69: LGTM!The MCP client creation properly includes required HTTP headers with Authorization Bearer token and Content-Type application/json, following the coding guidelines.
71-131: LGTM!The MCP tool fetching function is well-implemented with a 3-second timeout to prevent hanging connections, comprehensive error handling, and proper client cleanup.
193-214: LGTM!The field value extraction function correctly maps collection field names to connection properties and safely handles nested paths with proper null checks.
216-251: LGTM!The sorting implementation correctly handles multiple sort criteria, null ordering, and type-specific comparisons while maintaining immutability.
253-265: LGTM!Schema definitions correctly use Zod 4 syntax with proper extension of the base collection schema and appropriate typing for the binding parameter.
377-403: LGTM!The filtering, sorting, and pagination implementation is correct and follows best practices. The handler properly applies where expressions, orderBy, and returns paginated results with totalCount and hasMore indicators.
407-410: LGTM!The deprecated alias maintains backward compatibility while clearly marking the old name as deprecated.
267-276: I'll help you verify the authorization flow in this tool handler. Let me examine the codebase to understand the pattern used for authorization and whether explicitgrant()calls are required aftercheck().
<function_calls>
#!/bin/bashSearch for tool handlers to see authorization patterns
rg -n "handler:\sasync.=>" apps/mesh/src/tools/ -A 5 -B 2 | head -100
</function_calls>
<function_calls>
#!/bin/bashCheck the specific file for the full handler implementation and any grant() calls
wc -l apps/mesh/src/tools/connection/list.ts
</function_calls>
<function_calls>
#!/bin/bashRead the full tool definition and handler
sed -n '267,410p' apps/mesh/src/tools/connection/list.ts
</function_calls>
<function_calls>
#!/bin/bashSearch for grant() calls in tool handlers across the codebase
rg ".grant()" apps/mesh/src/tools/ -B 3 -A 1 | head -80
</function_calls>
<function_calls>
#!/bin/bashLook for patterns of access.check() followed by grant()
rg -n "access.check()" apps/mesh/src/tools/ -A 5 | head -100
</function_calls>apps/mesh/src/web/hooks/use-collections.ts (2)
98-140: Good pagination and error handling implementation.The
fetchAllPagesfunction correctly handles pagination and gracefully degrades by returning partial results when errors occur. This ensures the collection remains usable even if later pages fail to load.
165-192: Excellent timestamp-based conflict resolution.The mutation handler correctly uses timestamp comparison to prevent stale server responses from overwriting newer local data. This is essential for maintaining consistency in optimistic updates.
apps/mesh/src/web/routes/orgs/mcps.tsx (3)
58-72: Clean form schema derivation from entity schema.Using
.pick()and.partial()on the entity schema ensures the form validation stays in sync with the underlying data model while allowing optional fields for editing.
152-209: Well-structured collection-based mutations with proper error handling.The delete, update, and insert operations consistently:
- Use the collection API for optimistic updates
- Await
tx.isPersisted.promiseto ensure server persistence- Handle errors with user-friendly toast notifications
This provides a smooth UX with automatic rollback on failure.
188-203: Remove stale comment; client-side field generation is safely handled by backend schema validation.The comment at lines 188-189 referencing "cast through unknown" no longer applies to the current code.
Client-side generation of
id,created_at,updated_at, andorganizationId(lines 191, 197-200) appears unnecessary, but is safely handled by the backend:
- Backend schema (
ConnectionCreateDataSchemainapps/mesh/src/tools/connection/schema.tslines 134-141) explicitly omits these fields with.omit(), marking them as "auto-generated by the server"- Backend handler (
DECO_COLLECTION_CONNECTIONS_CREATEinapps/mesh/src/tools/connection/create.tslines 44-81) setsorganizationIdfromorganization.id(line 64), not from client input, preventing privilege escalation- Schema validation rejects any extra fields not defined in the input schema
Remove the stale comment:
} else { - // Create new connection - cast through unknown because the insert API - // accepts ConnectionCreateInput but the collection is typed as ConnectionEntity + // Create new connection const tx = collection.insert({Consider simplifying client-side object to only include fields accepted by the backend schema (title, description, connectionType, connectionUrl, connectionToken, icon, appName, appId, connectionHeaders, oauthConfig, metadata) to improve clarity, though current code is functionally safe.
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
apps/mesh/src/web/routes/orgs/mcps.tsx (1)
215-216: Update stale comment about type casting.The comment mentions "cast through unknown" but there's no cast in the current code. Update the comment to accurately describe the current behavior.
- // Create new connection - cast through unknown because the insert API - // accepts ConnectionCreateInput but the collection is typed as ConnectionEntity + // Create new connection using the collection insert API const tx = collection.insert({
🧹 Nitpick comments (5)
apps/mesh/src/tools/connection/list.ts (3)
133-213: Filtering, LIKE handling, and ordering look solid; consider normalizing date fields and reusing field mapping.Overall this section is well-structured:
convertLikeToRegexconstrains patterns to literals,.and.*only, plus a max length of 100, which effectively addresses the earlier ReDoS concerns while keeping behavior close to SQLLIKE. The static warning aboutnew RegExpis acceptable here given the restricted token set and length check.Two refinements to consider:
- Date fields in comparisons and sorting
getFieldValuereturnsunknown, andcreatedAt/updatedAtonMCPConnectionareDate | string. InevaluateWhereExpressionandapplyOrderByyou may end up comparingDatevs string orDatevs number.To avoid surprising behavior (especially for
gt/gte/lt/lteand localeCompare), normalize known date fields ingetFieldValue:
- For
created_at/updated_at(mapped tocreatedAt/updatedAt), coerceDatevalues to ISO strings before returning.- That keeps comparisons consistent with what the collection schemas likely expect (ISO strings).
- Field mapping allocation
fieldMappingis recreated on everygetFieldValuecall. Hoisting it to a module‑level constant (e.g.,const FIELD_MAPPING = { … }) would avoid repeated allocations and make it easier to keep mappings in sync withConnectionEntitySchema.Functionally things look good; these are mostly about making behavior around dates more predictable and keeping the helper a bit leaner.
Also applies to: 216-274
279-288: Input/output schemas integrate well with collections; consider tightening thebindingtype.Using
CollectionListInputSchema.extendandcreateCollectionListOutputSchema(ConnectionEntitySchema)is a good way to stay aligned with the collections contract and reuse the public entity shape. That keeps this tool consistent with other DECO collection tools.One improvement to consider:
bindingis defined asz.union([z.object({}).passthrough(), z.string()])and then cast toBinderviainput.binding as unknown as Binder. If untrusted callers can hit this tool, that's effectively “any object” at runtime.- You might want to:
- Either narrow the object variant to the actual
Bindershape (e.g.,z.object({ tools: … }).passthrough()orz.custom<Binder>()), or- Restrict external callers to well‑known string bindings and keep the object form for internal wiring only.
That would give you better type safety and earlier failures if someone passes a malformed binder.
290-297: Handler flow and binding-aware list behavior look good; check resource access signaling and consider a few minor robustness tweaks.The overall handler wiring is coherent:
- Uses the new
DECO_COLLECTION_CONNECTIONS_LISTname and collection-aligned IO schemas.- Resolves either well‑known or custom bindings, derives a
bindingChecker, and only fetches MCP tools when needed.- Filters connections by binding via
bindingChecker.isImplementedBy, logs helpful debug information, then applieswhere,orderBy, and pagination before mapping throughconnectionToEntity.- Returns
{ items, totalCount, hasMore }and keeps a deprecatedCONNECTION_LISTalias for backward compatibility.A few targeted suggestions:
- resource access grant
- Project guidelines mention that MCP tool handlers should explicitly call
context.resourceAccess.grant()after authorization succeeds.- This handler currently does
await ctx.access.check();andrequireOrganization(ctx);only.- If
ctx.resourceAccess.grant(or similar) is part of your standard tool contract, consider adding an appropriate grant call here so downstream systems know this collection is allowed to be read. If that’s not required in this codepath, you can ignore this point. (Based on learnings, MCP tools are expected to register access explicitly.)
- Concurrency and failures when fetching tools
Promise.alloverconnectionsNeedingToolsis fine for typical org sizes, but if orgs can have many connections, you may want a simple concurrency limiter (e.g., batching or a small pool) to avoid a thundering herd against remote MCP servers.- If a single
fetchToolsFromMCPthrows unexpectedly, it will reject the entirePromise.all. You already catch errors insidefetchToolsFromMCPand returnnull, so this is mostly covered; just ensure any future changes don’t rethrow.
- Binding log and deprecation lifecycle
- The binding-aware log line is handy. Given you’ve added a deprecated alias
CONNECTION_LIST, consider adding a TODO with an issue reference for when to remove it, per repo guidelines on TODOs with linked issues.None of these are blockers; the current behavior should work as intended.
Also applies to: 322-353, 357-421, 423-425, 430-433
apps/mesh/src/web/routes/orgs/mcp-inspector.tsx (1)
43-47: Consolidate duplicate imports from the same module.Two separate import statements from
@/web/hooks/use-connectionscan be merged into one for cleaner code.-import { toast } from "sonner"; -import { - useConnection, - type ConnectionEntity, -} from "@/web/hooks/use-connections"; -import { useConnectionsCollection } from "@/web/hooks/use-connections"; +import { toast } from "sonner"; +import { + useConnection, + useConnectionsCollection, + type ConnectionEntity, +} from "@/web/hooks/use-connections";apps/mesh/src/web/routes/orgs/mcps.tsx (1)
209-211: Consider documenting token update semantics.The current logic preserves the existing token when the field is left blank, which is secure but may need clarification. Consider adding helper text on the token field (e.g., "Leave blank to keep existing token") to make this behavior explicit to users.
<FormField control={form.control} name="connectionToken" render={({ field }) => ( <FormItem> - <FormLabel>Token (optional)</FormLabel> + <FormLabel> + Token (optional) + {editingConnection && ( + <span className="text-xs text-muted-foreground ml-2"> + Leave blank to keep existing + </span> + )} + </FormLabel> <FormControl>
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (5)
apps/mesh/src/api/routes/models.ts(0 hunks)apps/mesh/src/tools/connection/delete.ts(1 hunks)apps/mesh/src/tools/connection/list.ts(5 hunks)apps/mesh/src/web/routes/orgs/mcp-inspector.tsx(7 hunks)apps/mesh/src/web/routes/orgs/mcps.tsx(13 hunks)
💤 Files with no reviewable changes (1)
- apps/mesh/src/api/routes/models.ts
🧰 Additional context used
📓 Path-based instructions (7)
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (.cursor/rules/data-flow.mdc)
**/*.{ts,tsx,js,jsx}: MCP tools must be registered with strict typing using Tool interface with name, description, inputSchema (Zod), outputSchema (Zod), and handler
Tool handlers must explicitly call context.resourceAccess.grant() after authorization checks are passed
MCPClient calls must include proper HTTP headers with Authorization Bearer token and Content-Type application/json
React Query query keys must be defined using consistent patterns in a KEYS object with workspace and resource-specific parameters
React Query mutations must implement optimistic updates with onMutate, onError rollback, and cache invalidation using KEYS patterns
All MCP tool names must follow the pattern {RESOURCE}_{ACTION} (e.g., AGENTS_CREATE, THREADS_LIST)
Always use slug-based authorization for team resources instead of IDs when checking workspace/team access
Tool groups must automatically become virtual integrations accessible via i:{group-name} convention
Tool handlers must return objects instead of nullable primitives as per MCP requirements
**/*.{ts,tsx,js,jsx}: Use MicroDollar class for all monetary calculations to avoid floating-point precision issues - create instances via fromDollars(), fromCents(), or fromMicrodollarString() methods
Use string format for MicroDollar amounts: small amounts as '500000' (= $0.50), large amounts with underscores as '1_500000' (= $1.50), and negative amounts as '-1_500000' (= -$1.50)
Reference well-known plan IDs for standard tiers: FREE (00000000-0000-0000-0000-000000000001), STARTER (00000000-0000-0000-0000-000000000002), GROWTH (00000000-0000-0000-0000-000000000003), SCALE (00000000-0000-0000-0000-000000000004)
Remove trial credit system - do not use trial credit wallets, payer fields in transactions, or automatic trial credit rewards; all credit systems should be plan-based
**/*.{ts,tsx,js,jsx}: Use PascalCase for component and class names
Use camelCase for hooks and utility functions
Flag follow-up work with TODOs linked to issues
Files:
apps/mesh/src/tools/connection/list.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/tools/connection/delete.tsapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
**/*.{ts,tsx,jsx}
📄 CodeRabbit inference engine (.cursor/rules/data-flow.mdc)
**/*.{ts,tsx,jsx}: Frontend hooks must use useSuspenseQuery for critical data and include proper loading and error state handling
All scoped API calls must include locator parameter for proper resource identification
Files:
apps/mesh/src/tools/connection/list.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/tools/connection/delete.tsapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
**/*.{ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/react-ts.mdc)
**/*.{ts,tsx}: Write concise, maintainable, and technically accurate TypeScript code with relevant examples
Use functional and declarative programming patterns; avoid classes
Use descriptive variable names with auxiliary verbs (e.g., isLoading, hasError)
Favor named exports for functions
Use TypeScript for all code; prefer interfaces over types for their extendability and ability to merge
Avoid enums; use maps instead for better type safety and flexibility
Use functional components with TypeScript interfaces
Use the "function" keyword for pure functions to benefit from hoisting and clarity
Favor using the already-present UI components in thepackages/uifolder instead of creating custom components
Use useMemo for expensive computations in React components to optimize performance
Use useDeferredValue for search operations to prevent blocking user input
Always use UI Components from the design system (@deco/ui) and avoid creating custom components that duplicate design system functionality
Prefer React Hook Form over useState for form management with proper validation using zod
Avoid prop drilling with form data by using Form Context instead
Use design system Form components with proper error handling and validation messaging
Ensure stable references in dependency arrays by memoizing objects and arrays created inline
Implement consistent error and loading state handling in React components with proper UI feedback
For DOM manipulation features like theme editors, apply changes immediately to DOM while debouncing state persistence
Use custom events (window.dispatchEvent) for coordinating updates across unrelated components
Implement single-level undo that reverts to the saved state, not just the previous change
Use useSetThreadContextEffect to provide rules and tools to AI chat threads with explicit union types for TypeScript
Extract complex logic from JSX into separate components instead of using immediately invoked function expressions (IIFEs)Favor TypeScript ty...
Files:
apps/mesh/src/tools/connection/list.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/tools/connection/delete.tsapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
**/*
📄 CodeRabbit inference engine (.cursor/rules/react-ts.mdc)
Use lowercase with dashes for directory names (e.g., components/auth-wizard)
Files:
apps/mesh/src/tools/connection/list.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/tools/connection/delete.tsapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
**/*.{js,ts,tsx,jsx,json}
📄 CodeRabbit inference engine (AGENTS.md)
Biome enforces two-space indentation and double quotes
Files:
apps/mesh/src/tools/connection/list.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/tools/connection/delete.tsapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
**/*.{js,ts,tsx,jsx}
📄 CodeRabbit inference engine (AGENTS.md)
Keep imports sorted
Files:
apps/mesh/src/tools/connection/list.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/tools/connection/delete.tsapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
**/*.{ts,tsx,js,jsx,tailwind.config.ts,tailwind.config.js}
📄 CodeRabbit inference engine (AGENTS.md)
Keep Tailwind design tokens consistent via
plugins/ensure-tailwind-design-system-tokens.tsor risk build failure
Files:
apps/mesh/src/tools/connection/list.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/tools/connection/delete.tsapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
🧠 Learnings (34)
📚 Learning: 2025-11-24T22:07:56.973Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: docs/.cursor/rules/main.mdc:0-0
Timestamp: 2025-11-24T22:07:56.973Z
Learning: Applies to docs/server/main.ts : Define tools in server using `createTool` with id, description, inputSchema (Zod), outputSchema (Zod), and execute function
Applied to files:
apps/mesh/src/tools/connection/list.tsapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:05:20.497Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/data-flow.mdc:0-0
Timestamp: 2025-11-24T22:05:20.497Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : MCP tools must be registered with strict typing using Tool interface with name, description, inputSchema (Zod), outputSchema (Zod), and handler
Applied to files:
apps/mesh/src/tools/connection/list.tsapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to packages/sdk/src/mcp/index.ts : Register project-scoped and org-level tools in the appropriate collection: PROJECT_TOOLS for project-scoped features, ORG_TOOLS for org-level features that don't need project context
Applied to files:
apps/mesh/src/tools/connection/list.tsapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : Define table constants, query selection strings, and Zod schemas at the top of API modules before tool implementations
Applied to files:
apps/mesh/src/tools/connection/list.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to packages/sdk/src/mcp/**/*.ts : Use drizzle for database operations in MCP tool handlers: `c.drizzle.update(organizations).set({...}).where(eq(...)).returning()`
Applied to files:
apps/mesh/src/tools/connection/list.tsapps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:05:44.343Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/deconfig.mdc:0-0
Timestamp: 2025-11-24T22:05:44.343Z
Learning: Applies to packages/sdk/src/mcp/deconfig/**/*.ts : Use full TypeScript interfaces for all data structures with generated RPC types for tool integration and Zod schema validation where needed
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:05:44.343Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/deconfig.mdc:0-0
Timestamp: 2025-11-24T22:05:44.343Z
Learning: Applies to packages/sdk/src/mcp/deconfig/**/*.ts : Reuse merge() by composing diff() + transactionalWrite(), and reuse transactionalWrite() with internal method for different scenarios to promote code reuse and consistency
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:05:44.343Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/deconfig.mdc:0-0
Timestamp: 2025-11-24T22:05:44.343Z
Learning: Applies to packages/sdk/src/mcp/deconfig/**/*.ts : Store Namespace Durable Object state in SQLite with two tables: namespace_state (current tree state and metadata) and patches (historical delta-based changes)
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:05:44.343Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/deconfig.mdc:0-0
Timestamp: 2025-11-24T22:05:44.343Z
Learning: Applies to packages/sdk/src/mcp/deconfig/**/*.ts : Implement diff operations supporting cross-namespace diffing and returning only differences (add/modify/delete) with prefix-aware functionality
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : Use TypeScript interfaces and types to clearly define data structures alongside Zod schemas for runtime validation
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:05:44.343Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/deconfig.mdc:0-0
Timestamp: 2025-11-24T22:05:44.343Z
Learning: Applies to packages/sdk/src/mcp/deconfig/**/*.ts : Implement patch-based history storing only deltas (not full trees) to achieve O(1) tree updates in Namespace Durable Object
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:07:07.931Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/structure.mdc:0-0
Timestamp: 2025-11-24T22:07:07.931Z
Learning: Applies to apps/web/src/**/*.{ts,tsx} : Use the SDK from `/packages/sdk` for data access, MCP integrations, and runtime helpers
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : Use the `QueryResult` pattern with explicit type annotations for all database queries to enable type-safe mapping
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to packages/sdk/src/hooks/**/*.ts : Create React Query hooks with `useQuery` for data fetching and `useMutation` for updates. Invalidate related query keys in `onSuccess` callback to keep data in sync
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:07:07.931Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/structure.mdc:0-0
Timestamp: 2025-11-24T22:07:07.931Z
Learning: Applies to apps/web/src/**/*.{tsx,ts} : Use React 19 for UI development in the decocms admin shell and marketplace
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:07:07.931Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/structure.mdc:0-0
Timestamp: 2025-11-24T22:07:07.931Z
Learning: Applies to apps/web/src/**/*.{tsx,ts} : Use shadcn/ui design system components from `/packages/ui` for shared UI elements
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:05:20.497Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/data-flow.mdc:0-0
Timestamp: 2025-11-24T22:05:20.497Z
Learning: Applies to **/*.{ts,tsx,jsx} : Frontend hooks must use useSuspenseQuery for critical data and include proper loading and error state handling
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to apps/web/src/components/**/*.tsx : Use explicit union type syntax for `threadContextItems` in AI chat integration: `Array<{ id: string; type: 'rule'; text: string } | { id: string; type: 'toolset'; integrationId: string; enabledTools: string[] }>`
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:06:56.132Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/react-ts.mdc:0-0
Timestamp: 2025-11-24T22:06:56.132Z
Learning: Applies to **/*.{ts,tsx} : Always use UI Components from the design system (deco/ui) and avoid creating custom components that duplicate design system functionality
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to apps/web/src/components/**/*context-resources*.tsx : The IntegrationToolsetDisplay component automatically discovers and displays tools from an integration. Fetch tools via `useTools(integration.connection)` and render from the returned tools array
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsxapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:05:20.497Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/data-flow.mdc:0-0
Timestamp: 2025-11-24T22:05:20.497Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : React Query mutations must implement optimistic updates with onMutate, onError rollback, and cache invalidation using KEYS patterns
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to apps/web/src/components/**/{{feature}}-resource-list.tsx : Use `useMemo` to resolve viewId from team views based on title: `const view = views.find((v) => v.title === 'Feature Editor'); return view?.id`
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:56.132Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/react-ts.mdc:0-0
Timestamp: 2025-11-24T22:06:56.132Z
Learning: Applies to **/*.{ts,tsx} : Prefer React Hook Form over useState for form management with proper validation using zod
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:56.132Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/react-ts.mdc:0-0
Timestamp: 2025-11-24T22:06:56.132Z
Learning: Applies to **/*.{ts,tsx} : Use design system Form components with proper error handling and validation messaging
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:56.132Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/react-ts.mdc:0-0
Timestamp: 2025-11-24T22:06:56.132Z
Learning: Applies to **/*.{ts,tsx} : Implement consistent error and loading state handling in React components with proper UI feedback
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to apps/web/src/components/**/{{feature}}-resource-list.tsx : Create resource list component that tracks native view visits using `useTrackNativeViewVisit()` with viewId, viewTitle, viewIcon, viewPath, and projectKey
Applied to files:
apps/mesh/src/web/routes/orgs/mcps.tsx
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : For org-level operations, do NOT accept orgId in input - always auto-resolve from context using `getOrgIdFromContext(c)` and use org slug (not numeric ID) for authorization checks
Applied to files:
apps/mesh/src/tools/connection/delete.ts
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to packages/sdk/src/mcp/**/*.ts : Use `assertTeamResourceAccess` with **org slug** (not org ID) for authorization checks: `await assertTeamResourceAccess('TEAMS_UPDATE', orgSlug, c)` where `orgSlug = c.locator?.org`
Applied to files:
apps/mesh/src/tools/connection/delete.ts
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to packages/sdk/src/mcp/**/*.ts : For org-level features, do NOT accept `orgId` in tool input. Always auto-resolve org ID from context using `getOrgIdFromContext(c)` to ensure proper context binding
Applied to files:
apps/mesh/src/tools/connection/delete.tsapps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/index.ts : Export all MCP API tools in `packages/sdk/src/mcp/index.ts` by importing the API module and adding tools to the `WORKSPACE_TOOLS` array
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:06:37.831Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/native-apps-and-views.mdc:0-0
Timestamp: 2025-11-24T22:06:37.831Z
Learning: Applies to apps/web/src/components/chat/**/*.tsx : Invalidate related query caches when AI updates via tool calls. Use queryKey patterns like `['org-setting', org]` and refetch immediately: `queryClient.refetchQueries({ queryKey: [...] })`
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : Create MCP API module files at path `packages/sdk/src/mcp/{feature}/api.ts` with proper imports from Zod, error handlers, storage, assertions, and context utilities
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : Use `createToolGroup` helper to organize related MCP tools with consistent naming, descriptions, and icons
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsx
📚 Learning: 2025-11-24T22:05:07.936Z
Learnt from: CR
Repo: decocms/admin PR: 0
File: .cursor/rules/api-development.mdc:0-0
Timestamp: 2025-11-24T22:05:07.936Z
Learning: Applies to packages/sdk/src/mcp/*/api.ts : Always scope database queries to workspace using workspace-scoped queries and check workspace access with `assertWorkspaceResourceAccess(c)`
Applied to files:
apps/mesh/src/web/routes/orgs/mcp-inspector.tsx
🧬 Code graph analysis (4)
apps/mesh/src/tools/connection/list.ts (3)
apps/mesh/src/storage/types.ts (1)
MCPConnection(149-173)packages/bindings/src/well-known/collections.ts (2)
WhereExpression(62-62)OrderByExpression(321-321)apps/mesh/src/tools/connection/schema.ts (2)
ConnectionEntitySchema(15-86)connectionToEntity(97-128)
apps/mesh/src/web/routes/orgs/mcps.tsx (4)
apps/mesh/src/tools/connection/schema.ts (2)
ConnectionEntitySchema(15-86)ConnectionEntity(91-91)apps/mesh/src/web/hooks/use-connections.ts (3)
ConnectionEntity(85-85)useConnectionsCollection(46-48)useConnections(66-69)apps/mesh/src/web/providers/project-context-provider.tsx (1)
useProjectContext(10-21)apps/mesh/src/web/hooks/use-list-state.ts (1)
useListState(46-113)
apps/mesh/src/tools/connection/delete.ts (4)
apps/mesh/src/core/define-tool.ts (1)
defineTool(85-205)packages/bindings/src/well-known/collections.ts (2)
CollectionDeleteInputSchema(192-194)createCollectionDeleteOutputSchema(199-205)apps/mesh/src/tools/connection/schema.ts (2)
ConnectionEntitySchema(15-86)connectionToEntity(97-128)apps/mesh/src/core/mesh-context.ts (2)
requireAuth(195-199)requireOrganization(171-176)
apps/mesh/src/web/routes/orgs/mcp-inspector.tsx (4)
apps/mesh/src/web/hooks/use-connections.ts (3)
useConnection(77-80)useConnectionsCollection(46-48)ConnectionEntity(85-85)apps/mesh/src/tools/connection/schema.ts (1)
ConnectionEntity(91-91)packages/ui/src/components/sonner.tsx (1)
toast(25-25)apps/mesh/src/tools/client.ts (1)
createToolCaller(87-121)
🪛 ast-grep (0.40.0)
apps/mesh/src/tools/connection/list.ts
[warning] 205-205: Regular expression constructed from variable input detected. This can lead to Regular Expression Denial of Service (ReDoS) attacks if the variable contains malicious patterns. Use libraries like 'recheck' to validate regex safety or use static patterns.
Context: new RegExp(^${pattern}$, "i")
Note: [CWE-1333] Inefficient Regular Expression Complexity [REFERENCES]
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
- https://cwe.mitre.org/data/definitions/1333.html
(regexp-from-variable)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Cloudflare Pages
🔇 Additional comments (9)
apps/mesh/src/web/routes/orgs/mcp-inspector.tsx (2)
89-91: LGTM on collection-based data fetching.The migration to
useConnectionhook andConnectionEntitytype is clean. The type assertionas ConnectionEntity | undefinedis appropriate given the hook returns an array where you need the first item.
279-283: LGTM on tool invocation migration.The switch to
createToolCaller(connectionId)from the legacy per-connection caller is consistent with the unified tool-calling API introduced in this PR.apps/mesh/src/tools/connection/delete.ts (2)
22-48: LGTM on the refactored delete handler.The handler now properly:
- Requires authentication and organization context upfront
- Checks authorization via
ctx.access.check()- Fetches the connection before deletion
- Verifies ownership against the current organization
- Returns the deleted entity using
connectionToEntityThis addresses the previous review concerns about missing org verification and variable ordering.
52-55: Good backwards compatibility with deprecation alias.The
CONNECTION_DELETEalias ensures existing consumers can migrate gradually while the JSDoc@deprecatedtag provides clear guidance.apps/mesh/src/web/routes/orgs/mcps.tsx (5)
68-82: Good schema derivation from ConnectionEntitySchema.Using
.pick()and.partial()to derive the form schema from the entity schema ensures consistency and follows DRY principles. As per coding guidelines, this properly uses Zod for form validation with React Hook Form.
84-107: Clean dialog state machine implementation.The reducer pattern for dialog state management is well-structured and handles the create/edit/delete modes cleanly. This avoids multiple
useStatecalls and makes state transitions predictable.
527-552: LGTM on ResourceHeader integration with listState.The ResourceHeader is properly wired to all listState methods for search, filtering, sorting, and view mode. This consolidates UI state management effectively.
184-195: LGTM on delete flow with proper error handling.The delete confirmation properly uses
collection.delete(id).isPersisted.promisewith catch for error handling via toast. The optimistic UI pattern with deferred error reporting is appropriate.
65-65: Thezod/v3import is valid and intentional.Zod 4 officially exposes versioned subpath entry points (
"zod/v3"and"zod/v4") to support backwards compatibility during migration. This import pattern is documented by the library authors as the recommended strategy for gradual API migration, so no action is needed.
- Updated connection tools to follow a unified naming convention (DECO_COLLECTION_). - Introduced new collection-compliant tools for creating, updating, deleting, and listing connections. - Refactored existing connection functions to utilize the new tool caller for improved API interaction. - Enhanced the schema for connections to align with collection binding compliance. - Updated various components and hooks to utilize the new connection structure and improve data handling. - Removed deprecated connection functions and streamlined the codebase for better maintainability. This refactor aims to improve the overall architecture and usability of connection management within the mesh application.
…n handling - Added authentication and organization context requirements to the connection deletion tool. - Updated connection update logic to verify ownership before allowing updates. - Enhanced regex pattern handling in the connection listing tool to prevent ReDoS attacks. - Refactored connection-related hooks and components to streamline deletion confirmation and state management. These changes aim to strengthen security and improve the user experience in managing connections within the application.
- Moved organization verification logic to ensure it occurs before fetching the connection entity in the deletion tool. - Enhanced regex pattern handling in the connection listing tool to use placeholders for wildcards, improving security against ReDoS attacks. These changes aim to strengthen the integrity of connection management and enhance overall application security.
tlgimenes
force-pushed
the
chore/collections
branch
from
0615209 to
b0b044a
Compare
- Updated connection tool names from DECO_COLLECTION_ to COLLECTION_ for better clarity and uniformity. - Adjusted related components and hooks to utilize the new naming convention. - Ensured deprecation warnings are in place for old tool names to guide users towards the new standard. These changes enhance the maintainability and usability of the connection management system.
2 participants
Summary by CodeRabbit
New Features
Bug Fixes
Refactor
Documentation
Chores
✏️ Tip: You can customize this high-level summary in your review settings.