feat(mcpgen): capture top-level x-sire-scoping OpenAPI extension#8
Merged
Conversation
Adds MCPServer.Scoping (json.RawMessage) populated by Convert() from the spec's top-level `x-sire-scoping` extension via libopenapi doc.Extensions. mint treats the value as an opaque passthrough; the Sire API scoping layer (ADR 121) parses and enforces it. Absent/undecodable extension yields nil (fail-closed default-deny downstream). Unblocks api-side TS2.6 descriptor sourcing off the integration registry's parsed spec.
…heck) Pre-existing govulncheck failures (main last ran CI in April, before these CVEs published) that block all PRs: stdlib net/textproto/crypto/x509/ html/template/net (fixed in go 1.26.2-1.26.4), golang.org/x/net GO-2026-5026 (v0.55.0), go-jose/v4 (v4.1.4). govulncheck now reports no vulnerabilities. Aligns mint with the rest of the project (api go.work already requires 1.26.4).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Part 1 of E-WORKER-SCOPING TS2.6 (gate keystone), cross-repo path chosen by the founder.
What:
mcpgen.MCPServernow carries aScoping json.RawMessagefield, populated byConvert()from the spec's top-levelx-sire-scopingOpenAPI extension (read via libopenapidoc.Extensions). mint does not interpret the value — it is an opaque passthrough; the Sire API scoping layer (ADR 121) parses + enforces it downstream.Why:
MCPServerpreviously captured only Name/Version/Description/BaseURL/Tools/Auth — top-level extensions were dropped. The API's scoping enforcement resolver needs the descriptor to reach it off the parsed spec (the single-source-of-truth, ADR-faithful path). This change makes that possible.Resilience: an absent or undecodable extension yields
nilScoping (omitted from JSON), which downstream is treated as end-user-unavailable (fail-closed default-deny) — never an error during spec parsing.Tests: present (descriptor captured as canonical JSON) + absent (nil, omitted from marshaled output). Full mint suite green, gofmt/vet/golangci-lint clean.
Next: after this merges + a mint release (v1.7.8), the api side bumps the mint dep, implements an
integration.Registry-backedManifestSource, wires it in serve.go, and declares the Shopify Pattern-B reference descriptor.