Skip to content

Add Gate-ready scaffold assets#12

Merged
haasonsaas merged 1 commit intomainfrom
jh/mcp-openapi-gate-scaffold
Apr 13, 2026
Merged

Add Gate-ready scaffold assets#12
haasonsaas merged 1 commit intomainfrom
jh/mcp-openapi-gate-scaffold

Conversation

@haasonsaas
Copy link
Copy Markdown
Collaborator

@haasonsaas haasonsaas commented Apr 13, 2026

Summary

  • generate Gate connector assets alongside init and generate scaffolds
  • add a Gate MCP allowlist policy for OpenAPI-derived tools when the spec is known
  • cover the new Gate scaffold output in CLI tests

Testing

  • npm run check
  • npm test
  • git diff --check

@cursor
Copy link
Copy Markdown

cursor bot commented Apr 13, 2026
edited
Loading

PR Summary

Low Risk
Low risk: changes are limited to generated scaffold output and CLI tests, with no impact on core request handling or runtime behavior.

Overview
Both init and generate now emit a gate/ scaffold containing a ready-to-run connector.yaml and gate/README.md for running the Streamable HTTP MCP server behind Gate.

When generating from an OpenAPI spec, the scaffold also includes a gate/policies/mcp_tool_allowlist.rego policy that allowlists the OpenAPI-derived tool names, and the generated project README.md is updated to mention the Gate gateway. CLI tests are expanded to assert the new Gate outputs.

Reviewed by Cursor Bugbot for commit 505c94e. Bugbot is set up for automated code reviews on this repo. Configure here.

@haasonsaas haasonsaas merged commit 101e8e9 into main Apr 13, 2026
5 checks passed
@haasonsaas haasonsaas deleted the jh/mcp-openapi-gate-scaffold branch April 13, 2026 23:55
cursor[bot]
cursor bot reviewed Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

Bugbot Autofix is ON, but it could not run because the branch was deleted or merged before autofix could start.

Reviewed by Cursor Bugbot for commit 505c94e. Configure here.

src/server.ts
lines.push(
"",
"policies:",
" - path: \"gate/policies/mcp_tool_allowlist.rego\"",
Copy link
Copy Markdown

@cursor cursor bot Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Policy path includes wrong directory prefix in connector YAML

Medium Severity

The policy path in the generated connector.yaml is gate/policies/mcp_tool_allowlist.rego, but connector.yaml itself lives inside the gate/ directory. The actual policy file is written to gate/policies/mcp_tool_allowlist.rego relative to the project root, which means relative to the config file it's just policies/mcp_tool_allowlist.rego. If Gate resolves this path relative to the config file's directory (a common convention), it would look for gate/gate/policies/mcp_tool_allowlist.rego, which doesn't exist. The generated README also instructs running from a Gate checkout, not the project root, so CWD-based resolution would also fail.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 505c94e. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@haasonsaas