docs(plans): draft agent-transports (MCP server v1 + HTTP API v1.x)

[SutuSebastian]

Summary

Per docs/README.md Rule 3, drafts the design for MCP server (v1) and HTTP API (v1.x) in one plan doc. They wrap the same logical operations (query / audit / recipe / context / validate / baseline ops) — settling the surface once means each transport inherits the same shape.

What the plan settles

Decision	v1
Which transport ships first	MCP only. Real demand today (we use it through Cursor / Claude Code); HTTP API is speculative until a concrete consumer asks.
Tool taxonomy	One MCP tool per CLI top-level operation. query, query_recipe, audit, save_baseline, baseline, list_baselines, drop_baseline, context, validate. Rejected: mega-cli tool, category-grouped tools.
Output shape	Verbatim from the CLI's --json envelope. No re-mapping. Future CLI envelope additions propagate to MCP automatically.
Audit composition	The AuditBaselineMap shape from PR #33 becomes the MCP baselines: {<deltaKey>: <name>} arg directly. resolveAuditBaselines is reused.
Resources	codemap://recipes (list + per-id), codemap://schema (DDL), codemap://skill (bundled SKILL.md text). Cached at server boot.
Naming	snake_case (matches MCP spec examples).
File layout	src/cli/cmd-mcp.ts (CLI dispatch) + src/application/mcp-server.ts (engine — tool registry, resource handlers). Mirrors the cmd-audit.ts ↔ audit-engine.ts seam from PR #33.
Dep	One new dep: @modelcontextprotocol/sdk.
Tracer-bullet sequence	7 commits: scaffold → query → query_recipe → audit → baseline ops → resources → docs+changeset. ~1 day.

Open questions (grill-me round before code)

• context and validate as MCP tools (both? just context?)
• Multi-statement SQL over MCP (semantic shift vs CLI)
• Resource caching strategy (boot-once vs per-call)
• save_baseline arg shape (one tool with optional sql/recipe vs two tools)

What's NOT in v1

• HTTP API — design points reserved (tool taxonomy + output shape transferable); ships when a concrete non-MCP consumer asks.
• Daemon mode for HTTP — even when HTTP ships, codemap stays one-shot per request unless a benchmark proves the spawn cost matters.
• Tool-level auth — agent host is the trust boundary.
• Re-indexing from MCP — auto-incremental-index in audit handles staleness for now; explicit index tool deferred until concrete demand.
• Streaming responses — point-in-time row sets; no streaming use case yet.

Composition with the recently shipped surface

This plan reuses every CLI primitive shipped in PRs #26 / #28 / #30 / #33:

• Tier A flags (--summary / --changed-since / --group-by / per-row actions) → tool-arg properties of the same name (snake_cased)
• B.6 baselines (--save-baseline / --baseline / --baselines / --drop-baseline) → 4 dedicated MCP tools
• B.7 symbols.visibility column → no MCP-specific change; reachable via query + SQL
• B.5 audit (--baseline <prefix> / --<delta>-baseline <name>) → baseline_prefix + baselines: {…} args on the audit tool

Test plan

• bun run check green (no behavior changed; pure docs).
• All cross-references resolve (plan → roadmap → architecture; plan → all four prior PRs by number).
• Plan calls itself out as Plan type per docs/README.md § Document Lifecycle — delete on ship, lift to architecture.md.
• Roadmap entry replaced with a single line pointing at the plan (avoids drift between roadmap one-liner and plan body).
• CI green.

Summary by CodeRabbit

• Documentation
  • Added a new agent transports plan document detailing MCP-first design for agents with tool definitions, input/output schemas, and resource specifications.
  • Updated roadmap to consolidate MCP and HTTP API transport strategies with unified tool taxonomy.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 652fbbb

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Warning

Rate limit exceeded

@SutuSebastian has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 38 minutes and 26 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f719216c-ae43-4ff8-8083-dac1f5ecc9f0

📥 Commits

Reviewing files that changed from the base of the PR and between eedd7ec and 652fbbb.

📒 Files selected for processing (2)

• docs/plans/agent-transports.md
• docs/roadmap.md

📝 Walkthrough

Walkthrough

This pull request introduces a comprehensive plan document for agent transports, defining a v1 MCP-first design with tools mirroring existing CLI operations (query, audit, validate, etc.). The roadmap is updated to consolidate previously separate MCP and HTTP API backlog items into a unified agent transports entry.

Changes

Cohort / File(s)	Summary
Agent Transports Planning docs/plans/agent-transports.md	New document specifying v1 MCP transport design, including tool surface (query, query_recipe, audit, validate, context), input/output schemas aligned to CLI flags, audit composition rules, MCP resources (recipes, schema, DDL), stdio JSON-RPC behavior, implementation dependencies, and rollout sequence.
Roadmap Consolidation docs/roadmap.md	Updates roadmap to merge separate MCP and HTTP API entries into unified "agent transports" entry, defining scope across both stdio (codemap mcp) and HTTP (codemap serve) with reference to dedicated plan document.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A warren of plans, now clearly drawn,
MCP tools spring forth with the dawn,
Query, audit, recipe in hand,
Schema and baselines across the land,
Roadmaps converge—hop toward the goal! 🌱

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: drafting a plan document for agent transports (MCP server v1 + HTTP API v1.x), which directly aligns with the two documentation files added/modified.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/plans-agent-transports

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 38 minutes and 26 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[SutuSebastian]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/plans/agent-transports.md`:
- Line 214: The documentation line describing the `query_recipe` tool contains a
typo: replace the word "surfaceing" with the correct "surfacing" in the sentence
that reads "separate tool surfaceing the recipe catalog" (referenced by the
`query_recipe` entry) so it reads "separate tool surfacing the recipe catalog";
keep the rest of the phrasing intact for clarity.
- Around line 16-18: The fenced bash example in docs/plans/agent-transports.md
contains a shell prompt marker ("$") which triggers markdownlint MD014; update
the fenced code block for the codemap query example (the line showing codemap
query --json "SELECT name, file_path FROM symbols WHERE name = 'X'") by removing
the leading "$ " so the block begins with the raw command and ensure the fence
is ```bash (no prompt) to make the snippet lint-safe.
- Around line 172-186: The Markdown table header separator row and the
`--save-baseline[=<name>]` row are malformed (an extra third column and stray
"--------------" text) which breaks rendering; edit the table so every row has
exactly two pipe-separated columns, fix the header separator to match two
columns (e.g., `| --- | --- |` with appropriate dashes), and collapse the broken
`--save-baseline[=<name>]` row into a single two-column row mapping it to
`save_baseline` tool with `name` + (`recipe` | `sql`) inputs; also remove any
stray third-column content so other rows like `--json`, `--summary`, `--recipe
<id>`, and `--print-sql <id>` remain correctly aligned.

In `@docs/roadmap.md`:
- Line 41: Replace the non‑canonical term "recipe" with the canonical tool name
"query_recipe" in the listed surface (the line that currently reads `query` /
`audit` / `recipe` / `context` / `validate` / baseline ops) so documentation
uses the exact symbol `query_recipe`; ensure any adjacent mentions (CLI verbs or
plan references) remain consistent with `query_recipe` to avoid cross‑doc
ambiguity.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 78ae2975-f45f-401f-8ec8-ab4c7ae0f361

📥 Commits

Reviewing files that changed from the base of the PR and between 114303f and eedd7ec.

📒 Files selected for processing (2)

• docs/plans/agent-transports.md
• docs/roadmap.md