Skip to content

feat(mcp): HTTP transport, Devin pack, verified fix, sampling/roots#15

Merged
alxxjohn merged 2 commits into
mainfrom
feat-mcp
Jun 19, 2026
Merged

feat(mcp): HTTP transport, Devin pack, verified fix, sampling/roots#15
alxxjohn merged 2 commits into
mainfrom
feat-mcp

Conversation

@alxxjohn

@alxxjohn alxxjohn commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

Overview

This branch turns codeguard into a more complete MCP-capable agent integration surface.
It adds a production-ready MCP server with stdio and Streamable HTTP transports, expands the MCP API beyond basic scan/explain flows, and introduces verified auto-fix workflows that can generate, verify, and optionally apply changes safely.

What’s New

MCP server expansion

  • Adds codeguard serve --mcp support for a broader MCP surface:
    • tools: scan, validate_config, validate_patch, explain, list_rules, verify_fix, propose_fix, apply_fix
    • resources: codeguard://rules, codeguard://config, codeguard://rules/{rule_id}
    • prompts: review-diff, triage-findings, explain-rule
  • Adds protocol negotiation support for current and compatibility MCP versions.
  • Adds tool annotations and structured output schemas so hosts can reason about destructive vs read-only actions.

Verified auto-fix flow

  • Adds verify_fix to validate a caller-supplied unified diff in an isolated workspace.
  • Adds propose_fix to generate a candidate fix and then verify it before returning it.
  • Adds apply_fix to verify a diff and only then write it to disk.
  • Adds fail-closed behavior for verification failures, including structured failure payloads with attempted diffs and remaining findings.
  • Adds optional user confirmation for apply_fix through MCP elicitation when the host supports it.

Server-initiated MCP client capabilities

  • Adds support for server-to-client sampling, roots, and elicitation.
  • Uses sampling to generate fixes via the connected client’s LLM when available.
  • Uses roots to widen allowed config_path confinement safely.
  • Caches client roots per connection and invalidates them on notifications/roots/list_changed.

Streamable HTTP transport

  • Adds codeguard serve --mcp --http for remote and cloud-hosted agents.
  • Supports:
    • JSON-RPC POST
    • SSE streaming for tools/call progress and server-initiated requests
    • session lifecycle via Mcp-Session-Id
    • optional bearer auth
    • request size and concurrency limits
    • health checks via /healthz
    • graceful shutdown

Agent and host integrations

  • Adds Devin integration examples and host scripts for both HTTP and stdio MCP setups.
  • Expands integration docs for MCP usage, transport behavior, and verified fix workflows.
  • Updates agent-facing docs to reflect the larger MCP feature set and supported host patterns.

Implementation Notes

  • Refactors the MCP CLI implementation into smaller transport-, tool-, prompt-, resource-, and fix-specific files.
  • Separates transport-neutral dispatch logic from HTTP/session/stream handling.
  • Adds shared client bridge, request correlation, progress, and path-confinement helpers.

Testing

  • Adds and expands MCP smoke coverage for:
    • stdio request/response flows
    • resources and prompts discovery
    • scan progress streaming
    • verified fix fail-closed behavior
  • Adds HTTP transport tests for:
    • initialize and capabilities
    • auth enforcement
    • SSE tool streaming
    • resource and prompt access
    • server-initiated sampling and roots
  • Adds helper-driven MCP tests to keep the end-to-end coverage readable and maintainable.

User Impact

  • Local editor and CLI-hosted agents can use codeguard as an MCP server over stdio.
  • Remote/cloud agents such as Devin can connect over HTTP.
  • Agents can now:
    • scan repos
    • validate candidate diffs before applying them
    • fetch rule/config resources directly
    • use built-in prompt workflows
    • request verified fixes with optional host-provided LLM support

Validation

  • MCP CLI package tests pass locally.
  • MCP integration tests pass, including HTTP transport coverage when run with localhost port binding available.

alxxjohn and others added 2 commits June 18, 2026 20:08
…streaming

Extend the MCP server beyond the stdio tools into a more complete,
agent-native surface (transport-agnostic core shared by both transports):

Transport & integration
- Streamable HTTP transport (serve --mcp --http): JSON for sync methods,
  SSE for tools/call, static bearer auth, /healthz, body/concurrency caps,
  graceful shutdown, session registry with eviction.
- Devin integration pack (examples/hooks/devin): HTTP + stdio onboarding,
  config examples, run/setup scripts.

Capabilities
- resources (codeguard://rules, codeguard://config, rules/{id} template),
  prompts (review-diff, triage-findings, explain-rule), logging.
- tool annotations (readOnly/destructive hints) + output schemas.

Verified auto-fix tools
- verify_fix (caller diff), propose_fix (generate via sampling or configured
  AI provider, then verify), apply_fix (verify then write the working tree,
  the one destructive tool; confirms via elicitation when supported).
- Failures return isError + structuredContent (attempted diff, remaining
  findings). Verification stays fail-closed.

Server->client requests (stdio + HTTP GET-SSE)
- sampling/createMessage, roots/list, elicitation/create via a shared
  serverRequester; client capabilities captured at initialize.
- roots feed config_path confinement and are cached per connection
  (invalidated on notifications/roots/list_changed).
- richer sampling request (includeContext + modelPreferences).

Streaming & security
- scan streams a per-section progress notification (core.ScanOptions
  OnSectionComplete fired in FinalizeSection).
- caller-supplied config_path is confined to the config dir, cwd, and client
  roots; out-of-tree paths rejected with a generic error (closes a remote
  arbitrary-file-read vector).

Tests cover stdio + HTTP transports, resources/prompts, streaming,
verify/apply fail-closed, and bidirectional sampling/roots round-trips.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@alxxjohn alxxjohn merged commit 44de1bb into main Jun 19, 2026
13 checks passed
@alxxjohn alxxjohn deleted the feat-mcp branch June 19, 2026 00:46
alxxjohn added a commit that referenced this pull request Jun 19, 2026
🤖 I have created a release *beep* *boop*
---


##
[0.5.0](v0.4.0...v0.5.0)
(2026-06-19)


### Features

* mcp server features
([2efd47c](2efd47c))
* **mcp:** HTTP transport, Devin pack, verified fix, sampling/roots
([#15](#15))
([44de1bb](44de1bb))
* **mcp:** HTTP transport, Devin pack, verified fix, sampling/roots,
streaming
([0bfab1d](0bfab1d))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant