feat: Site Diagnostics agent with HAR capture#2892
Merged
Conversation
Contributor
🧪 BenchmarkShould we run the Virtual MCP strategy benchmark for this PR? React with 👍 to run the benchmark.
Benchmark will run on the next push after you react. |
Contributor
Release OptionsSuggested: Minor ( React with an emoji to override the release type:
Current version:
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
1 issue found across 12 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/api/routes/decopilot/built-in-tools/screenshot.ts">
<violation number="1" location="apps/mesh/src/api/routes/decopilot/built-in-tools/screenshot.ts:15">
P1: Restrict screenshot URLs to `http`/`https` before calling `page.goto` to prevent non-web scheme navigation.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
There was a problem hiding this comment.
2 issues found across 8 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/api/routes/decopilot/built-in-tools/browserless.ts">
<violation number="1" location="apps/mesh/src/api/routes/decopilot/built-in-tools/browserless.ts:41">
P1: URL validation allows private/local hosts, enabling SSRF-like internal network access through Browserless navigation.</violation>
</file>
<file name="packages/mesh-sdk/src/lib/constants.ts">
<violation number="1" location="packages/mesh-sdk/src/lib/constants.ts:340">
P2: The prompt tells the agent to extract links from `capture_har` output, but `capture_har` does not return page/sitemap body content. This creates an unexecutable discovery step.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
There was a problem hiding this comment.
2 issues found across 2 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/api/routes/decopilot/built-in-tools/capture-har.ts">
<violation number="1" location="apps/mesh/src/api/routes/decopilot/built-in-tools/capture-har.ts:312">
P2: CDP session leaks if `page.goto()` throws (e.g. navigation timeout). Wrap the body in `try/finally` to ensure `client.detach()` is always called, preventing lingering event listeners from polluting subsequent passes on the same page.</violation>
<violation number="2" location="apps/mesh/src/api/routes/decopilot/built-in-tools/capture-har.ts:450">
P2: Inconsistent property name for partial results: the error path returns `passResults` while the success path returns `passes: passResults`. Use the same key in both paths so partial results are discoverable under a consistent name.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
There was a problem hiding this comment.
1 issue found across 1 file (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/api/routes/decopilot/stream-core.ts">
<violation number="1" location="apps/mesh/src/api/routes/decopilot/stream-core.ts:373">
P1: Claude Code diagnostics currently constructs the full built-in toolset with a null provider; this can crash tool execution and exposes non-diagnostics built-ins unintentionally.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
There was a problem hiding this comment.
1 issue found across 3 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/api/routes/decopilot/built-in-tools/fetch-page.ts">
<violation number="1" location="apps/mesh/src/api/routes/decopilot/built-in-tools/fetch-page.ts:14">
P0: Validate and block private/internal target hosts before calling `fetch`; current input validation allows SSRF to internal network resources.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
vibegui
force-pushed
the
vibegui/site-diagnostics
branch
from
9c314aa to
a1bfe39
Compare
Contributor
There was a problem hiding this comment.
1 issue found across 9 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/web/components/home/agents-list.tsx">
<violation number="1" location="apps/mesh/src/web/components/home/agents-list.tsx:232">
P2: `hasDiagnostics` is computed from the top-5 `agents` list, so an existing Site Diagnostics agent that isn’t in the top 5 will be treated as missing and the recruit CTA will reappear. Check the full `virtualMcps` list instead.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
There was a problem hiding this comment.
2 issues found across 2 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/web/components/details/virtual-mcp/agent-capabilities.tsx">
<violation number="1" location="apps/mesh/src/web/components/details/virtual-mcp/agent-capabilities.tsx:202">
P2: The `screenshot` native capability description says it returns base64 image data, but the tool only returns a presigned URL and metadata.</violation>
<violation number="2" location="apps/mesh/src/web/components/details/virtual-mcp/agent-capabilities.tsx:320">
P1: `metadata.type` is used to index `NATIVE_TOOLS` without validating it is an own key, which can crash `NativeToolRows` on inherited object keys.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
There was a problem hiding this comment.
3 issues found across 11 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/api/routes/decopilot/built-in-tools/registration.test.ts">
<violation number="1" location="apps/mesh/src/api/routes/decopilot/built-in-tools/registration.test.ts:78">
P2: This test is environment-dependent and only validates one token state per run. Set/unset `BROWSERLESS_TOKEN` inside the test so both behaviors are asserted deterministically.</violation>
</file>
<file name="apps/mesh/src/api/routes/decopilot/built-in-tools/browserless.ts">
<violation number="1" location="apps/mesh/src/api/routes/decopilot/built-in-tools/browserless.ts:122">
P1: The connect timeout race can leak a late Browserless connection because timed-out `connectPromise` is not canceled or cleaned up.</violation>
</file>
<file name="apps/mesh/src/api/routes/decopilot/built-in-tools/index.ts">
<violation number="1" location="apps/mesh/src/api/routes/decopilot/built-in-tools/index.ts:71">
P1: The Claude Code fallback registers `subtask` with a null-cast provider, which causes a runtime failure when the tool is invoked.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
vibegui
force-pushed
the
vibegui/site-diagnostics
branch
from
85cfd67 to
f8ef73a
Compare
Contributor
There was a problem hiding this comment.
2 issues found across 12 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/tools/index.ts">
<violation number="1" location="apps/mesh/src/tools/index.ts:301">
P2: Avoid logging raw diagnostics tool arguments because they can contain cookies/headers and leak sensitive data into logs.</violation>
</file>
<file name="apps/mesh/src/api/app.ts">
<violation number="1" location="apps/mesh/src/api/app.ts:323">
P2: Avoid awaiting NATS-backed cache purges during startup, and re-run the purge when NATS becomes ready. As written, this await can delay startup/HMR when JetStream is slow, and it will silently skip purging if NATS isn’t ready (no onReady retry).
(Based on your team's feedback about treating NATS/JetStream as a soft dependency during startup.) [FEEDBACK_USED]</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
There was a problem hiding this comment.
1 issue found across 2 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/mcp-clients/virtual-mcp/index.ts">
<violation number="1" location="apps/mesh/src/mcp-clients/virtual-mcp/index.ts:161">
P2: Avoid logging connection_url values; they can include credentials or tokens. Keep the log to connection name/type or explicitly redact sensitive parts before logging.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
There was a problem hiding this comment.
1 issue found across 3 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/api/routes/decopilot/built-in-tools/capture-har.ts">
<violation number="1" location="apps/mesh/src/api/routes/decopilot/built-in-tools/capture-har.ts:59">
P3: Changing `passes` default to 2 makes the tool behavior inconsistent with its in-file description that still says default is 3 per device.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
There was a problem hiding this comment.
1 issue found across 2 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/api/routes/decopilot/built-in-tools/capture-har.ts">
<violation number="1" location="apps/mesh/src/api/routes/decopilot/built-in-tools/capture-har.ts:503">
P2: Returning a JSON string here changes the tool’s output type from object to string. Downstream consumers and the LLM will receive a quoted JSON blob instead of structured fields, which is inconsistent with other built-in tools.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
There was a problem hiding this comment.
2 issues found across 1 file (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="packages/mesh-sdk/src/lib/constants.ts">
<violation number="1" location="packages/mesh-sdk/src/lib/constants.ts:341">
P2: The new `NEVER fetch_page` rule conflicts with the two-phase workflow that fetches and then HAR-captures the same pages.</violation>
<violation number="2" location="packages/mesh-sdk/src/lib/constants.ts:390">
P2: Phase 2 currently makes `?__d` capture unconditional, but debug capture should only run when Deco indicators are detected.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
vibegui
force-pushed
the
vibegui/site-diagnostics
branch
from
45d54df to
b4251d3
Compare
Contributor
There was a problem hiding this comment.
2 issues found across 5 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/tools/index.ts">
<violation number="1" location="apps/mesh/src/tools/index.ts:299">
P1: Registering diagnostics with `dt.schema.shape` makes defaulted inputs effectively required for MCP clients; use a partial input schema so omitted defaulted fields still pass validation.</violation>
</file>
<file name="apps/mesh/src/api/routes/decopilot/built-in-tools/screenshot.ts">
<violation number="1" location="apps/mesh/src/api/routes/decopilot/built-in-tools/screenshot.ts:59">
P1: If `encryptionKey` is missing outside localMode, the HMAC key becomes an empty string, making presigned URLs forgeable. Fail fast when no secret is configured.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
There was a problem hiding this comment.
1 issue found across 1 file (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/api/routes/decopilot/built-in-tools/browserless.ts">
<violation number="1" location="apps/mesh/src/api/routes/decopilot/built-in-tools/browserless.ts:39">
P1: SSRF bypass via IPv4-mapped IPv6 addresses. An attacker can reach private networks using URLs like `http://[::ffff:127.0.0.1]/` because Node's `URL` parser normalises them to `[::ffff:7f00:1]`, which doesn't match the regex. IPv6 unique-local (`fc00::/7`) and link-local (`fe80::/10`) ranges are also unblocked.
Add a catch-all for IPv6 private ranges, or parse the hostname into a numeric representation and check the range numerically.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
There was a problem hiding this comment.
1 issue found across 1 file (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/api/routes/decopilot/built-in-tools/browserless.ts">
<violation number="1" location="apps/mesh/src/api/routes/decopilot/built-in-tools/browserless.ts:41">
P2: The `::ffff:` pattern blocks ALL IPv6-mapped IPv4 addresses, including public ones. Since Node.js normalizes `::ffff:8.8.8.8` to `[::ffff:808:808]`, this regex matches any mapped address — not just private ranges. To only block private IPs in mapped form, the pattern should enumerate the specific private hex ranges (e.g., `::ffff:7f00:`–`::ffff:7fff:` for 127.x, `::ffff:a00:`–`::ffff:aff:` for 10.x, etc.), or better yet, parse the mapped address and check it against the IPv4 rules.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
vibegui
force-pushed
the
vibegui/site-diagnostics
branch
from
1b4b369 to
1759012
Compare
Contributor
There was a problem hiding this comment.
1 issue found across 6 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/api/routes/decopilot/built-in-tools/browserless.ts">
<violation number="1" location="apps/mesh/src/api/routes/decopilot/built-in-tools/browserless.ts:107">
P2: `require("node:fs")` in this ESM file breaks local Chromium auto-discovery on Node, so local mode can incorrectly report no browser available.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
There was a problem hiding this comment.
3 issues found across 2 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="packages/mesh-sdk/src/lib/constants.ts">
<violation number="1" location="packages/mesh-sdk/src/lib/constants.ts:333">
P2: Requiring a preflight `capture_har` before every diagnostic conflicts with the fetch-only Phase 1 flow and adds avoidable browser overhead.</violation>
<violation number="2" location="packages/mesh-sdk/src/lib/constants.ts:344">
P2: The new browser setup instructions contradict actual behavior by saying local mode cannot run Lighthouse audits. This can cause the agent to skip valid local audits and give incomplete diagnostics.</violation>
</file>
<file name="apps/mesh/src/api/routes/decopilot/built-in-tools/lighthouse.ts">
<violation number="1" location="apps/mesh/src/api/routes/decopilot/built-in-tools/lighthouse.ts:205">
P1: Avoid building a shell command with user-provided URLs. `execSync(args.join(" ")` allows shell injection. Use execFileSync/spawn with an аргs array (shell: false) or properly escape the URL before execution.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
vibegui
force-pushed
the
vibegui/site-diagnostics
branch
3 times, most recently
from
bdd9982 to
2d773a1
Compare
tlgimenes
force-pushed
the
vibegui/site-diagnostics
branch
from
1b07c4e to
c68744e
Compare
Contributor
There was a problem hiding this comment.
1 issue found across 4 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/storage/virtual.ts">
<violation number="1" location="apps/mesh/src/storage/virtual.ts:248">
P2: `pinnedOnly` filtering is bypassed by always prepending Site Diagnostics, so pinned-only lists can include an unpinned agent.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
There was a problem hiding this comment.
1 issue found across 9 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="packages/mesh-sdk/src/lib/constants.ts">
<violation number="1" location="packages/mesh-sdk/src/lib/constants.ts:691">
P2: SITE_DIAGNOSTICS_MCP_URL points to a different host than the existing Site Diagnostics connection URL, so UI paths will connect to different services. Align the constant with the canonical endpoint used by getWellKnownSiteDiagnosticsConnection (or update both if the endpoint changed).</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…rvice - Update connection to HTTP type targeting site-diagnostics.decocache.com/api/mcp - Add isSiteDiagnostics() handling in VirtualMCPStorage and ConnectionStorage - Inject Site Diagnostics agent in virtual MCP list (always available) - Simplify recruit modal to navigate directly to well-known ID (no DB creation) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…-known MCP Remove synthetic well-known interceptors from storage layers (virtual.ts, connection.ts). The recruit modal now creates a real HTTP connection + virtual MCP via the standard APIs, making the agent fully editable and deletable through normal flows. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Move dynamic import to static import in virtual-mcp/index.ts - Extract SITE_DIAGNOSTICS_MCP_URL, SITE_DIAGNOSTICS_CONNECTION_DESCRIPTION, SITE_EDITOR_AGENT, SITE_DIAGNOSTICS_AGENT to mesh-sdk constants - Import shared constants in agents-list, agents-section, recruit-modal - Revert unrelated changes to storage/virtual.ts and virtual-mcp/index.tsx - Remove agent-capabilities.tsx (not needed) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…CS_AGENT.id Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sets up the diagnose tool as the pinned view and default main view with chatDefaultOpen: false, matching the desired agent layout config. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…tual MCP - agents-list: check full virtualMcps list (not top-5) for existing site-diagnostics agent; if found, navigate directly instead of opening recruit modal; deduplicate from the recent agents row - recruit modal: before creating a connection, check for an existing one with app_id "deco/site-diagnostics" and reuse it if found Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
tlgimenes
force-pushed
the
vibegui/site-diagnostics
branch
from
db2fd6d to
d5a4636
Compare
If a virtual MCP with metadata.type === 'site-diagnostics' already exists, navigate directly to it instead of creating a duplicate. The connection find-or-create was already idempotent; now the virtual MCP is too. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- agents-list: use SITE_DIAGNOSTICS_AGENT.id and .title instead of literals - Remove SITE_DIAGNOSTICS_INSTRUCTIONS constant (instructions live in the MCP) - Remove instructions from virtual MCP metadata on recruit Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove hardcoded constants for Site Diagnostics, Site Editor, and OpenRouter MCPs. Metadata (title, description, icon, URL) is now fetched from the deco registry at runtime via a new useRegistryApp hook. Only app IDs are kept as constants in WELL_KNOWN_APP_IDS. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The LIST tool expects a structured where expression with field/operator/value,
not a simple { appName } object. Switch to GET which accepts { name } directly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Site Diagnostics is a well-known app fetched from registry, not an org-scoped MCP connection. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
If an agent template is not found in the deco registry, it is simply not displayed rather than showing a fallback with missing metadata. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
1 issue found across 7 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/web/components/home/agents-list.tsx">
<violation number="1" location="apps/mesh/src/web/components/home/agents-list.tsx:252">
P2: Use the persisted diagnostics metadata type when checking for an existing agent. Matching against the registry item ID can miss existing Site Diagnostics agents and re-open the recruit path.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…n ID" This reverts commit 822595c.
This reverts commit 8468938.
This reverts commit 45b9c56.
- Add WELL_KNOWN_AGENT_TEMPLATES constants with id, appId, title, icon fallbacks in mesh-sdk, replacing hardcoded registry lookups at render - Create useNavigateToAgent hook for shared agent navigation + sidebar pinning logic across sidebar, home, and /agents route - Add Agent Templates section to /agents route below user agents - Fix recruit modal: verify app_id match on connections list response to avoid FK constraint errors from wrong connection matches - Remove extractConnectionData usage in recruit modal, use explicit connection fields instead Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
1 issue found across 8 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/mesh/src/web/components/home/site-diagnostics-recruit-modal.tsx">
<violation number="1" location="apps/mesh/src/web/components/home/site-diagnostics-recruit-modal.tsx:212">
P2: Guard against missing registry remote URLs before creating the HTTP connection. `remoteUrl ?? ""` can create an invalid connection with a blank URL, which violates the HTTP connection URL requirement and will fail validation later.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Set pinnedViews and layout.defaultMainView pointing to the "diagnose" tool so the agent opens with the diagnostics ext-app by default and chat panel closed. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…e mesh-sdk hooks Replace raw navigate() calls with useNavigateToAgent to ensure agents are pinned when navigated to. Refactor useRegistryApp to use useMCPClient + useMCPToolCallQuery instead of callRegistryTool. Pass existing diagnostics agent as prop to avoid redundant server query. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The merge with main introduced a second useNavigate call in ChatInput (handleAgentChange) that was missing the removed import. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Throw instead of creating an HTTP connection with a blank URL when the registry item has no remote URL configured. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…d string Replace hardcoded "site-diagnostics" with a lookup from the WELL_KNOWN_AGENT_TEMPLATES constant in agents-section.tsx. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
capture_harandscreenshotas built-in tools (run in-process via puppeteer-core + Browserless API, no MCP proxy)BROWSERLESS_TOKENenv var to functionExample report
https://github.com/decocms/context/issues/60
Changes
packages/mesh-sdk/src/lib/constants.ts— Site Diagnostics virtual MCP definition + agent instructionsapps/mesh/src/api/routes/decopilot/built-in-tools/capture-har.ts— HAR capture tool (compact analysis output, no raw HAR)apps/mesh/src/api/routes/decopilot/built-in-tools/screenshot.ts— Screenshot tool (saves to /tmp, no base64 in context)apps/mesh/src/storage/virtual.ts— Inject Site Diagnostics into virtual MCP list + findByIdapps/mesh/src/storage/connection.ts— Handle Site Diagnostics connection entity lookupapps/mesh/src/web/components/home/agents-list.tsx— Add Site Diagnostics button to home pageapps/mesh/src/web/components/chat/context.tsx— Support fallback for synthetic agents in setVirtualMcpIdTest plan
BROWSERLESS_TOKENin.env, runbun run devwww.farmrio.com.br) — should capture HARs and produce report🤖 Generated with Claude Code