feat(mcp): codemap mcp — agent-transports v1 (Tracer 1 of 7)

[SutuSebastian]

Summary

Implements docs/plans/agent-transports.md v1 (lifted into docs/architecture.md § MCP wiring and the agent rule + skill on ship per Rule 2). Exposes codemap's structural-query surface to agent hosts (Claude Code, Cursor, Codex, generic MCP clients) as JSON-RPC tools over stdio — eliminates the bash round-trip on every agent invocation.

Status: Ready for review. All 7 tracers shipped; all 5 plan § 12 grill questions settled (recorded inline in the plan before deletion, mirrored in the agent rule + skill).

Surface (one tool per CLI verb plus MCP-only query_batch, all snake_case)

Tool	Purpose
query	One read-only SQL statement. Same envelope as codemap query --json.
query_batch	MCP-only — N statements in one round-trip. Items are string | {sql, summary?, changed_since?, group_by?}; batch-wide-defaults + per-statement-overrides. Per-statement errors isolated.
query_recipe	Bundled recipe by id; recipe actions attach to each row.
audit	{baseline_prefix, baselines} → {head, deltas}. Auto-runs incremental index unless no_index.
save_baseline	Polymorphic — {name, sql? | recipe?} with runtime exclusivity check.
list_baselines / drop_baseline	Catalog ops.
context	Project-bootstrap envelope (saves 4-5 query calls at session start).
validate	On-disk SHA-256 vs indexed files.content_hash.

Resources (lazy-cached on first read_resource): codemap://recipes, codemap://recipes/{id}, codemap://schema, codemap://skill.

Grill round (plan § 12) — all 5 settled

1. context AND validate? Both — validate costs ~10 LOC and unlocks "codemap doctor" agents.
2. Multi-statement SQL? query (one-statement, CLI parity) plus query_batch (MCP-only, polymorphic items, batch-wide-defaults + per-statement-overrides). Rejected ;-delimited batches in query (would need a SQL tokenizer + diverge output shape).
3. Resource caching? Lazy memoise on first read_resource — constant for server-process lifetime.
4. Naming? snake_case throughout (matches MCP spec, GitHub MCP, Cursor built-ins). CLI stays kebab — translation at MCP-arg layer.
5. save_baseline shape? One polymorphic tool with runtime exclusivity check (mirrors single CLI --save-baseline=<name> verb). Rejected two-tools-split.

Tracer-bullet sequence (per plan § 11)

• 1 — scaffold — cmd-mcp.ts + mcp-server.ts skeletons; ping stub; @modelcontextprotocol/sdk dep
• 2 — query + query_batch — pure executeQuery engine extracted to src/application/query-engine.ts
• 3 — query_recipe — recipe SQL + actions threading
• 4 — audit + context + validate — reuses runAudit, buildContextEnvelope, computeValidateRows
• 5 — save_baseline + list_baselines + drop_baseline — polymorphic save with runtime exclusivity
• 6 — resources — 4 resources, lazy-cached
• 7 — docs — architecture / glossary / README / rule + skill across .agents/ and templates/agents/ (Rule 10); plan deleted (Rule 2); minor changeset

Architecture

Mirrors the cmd-audit.ts ↔ audit-engine.ts seam from PR #33:

• src/cli/cmd-mcp.ts — CLI shell (argv, --help, dispatch from main.ts)
• src/application/mcp-server.ts — engine (tool registry, resource handlers, SDK wiring)
• src/application/query-engine.ts — pure transport-agnostic engine extracted from printQueryResult's JSON branch (used by both MCP and codemap query --json going forward)

Bootstrap once at server boot; tool handlers reuse existing engine entry-points (executeQuery, runAudit, buildContextEnvelope, …) — no duplicate business logic.

Test plan

• bun run check green on every push (29 new MCP tests via @modelcontextprotocol/sdk's InMemoryTransport — full integration coverage of every tool + resource + the polymorphic / error / inheritance edges)
• bun src/index.ts mcp --help prints usage
• Manual smoke test via npx @modelcontextprotocol/inspector bun src/index.ts mcp (post-merge — won't gate review)
• CI green

Self-audit before pushing for review

• ✅ .agents/ rules respected (tracer-bullets, verify-after-each-step, concise-comments swept on Tracer 7, docs-governance Rules 2 / 9 / 10)
• ✅ Performance: bootstrap-once, lazy resources, per-batch changed_since memoisation, isolated per-statement errors
• ✅ Architecture: clean engine seam, per-tool registration, isEnginePayloadError helper to dedup type-guards
• ⚠️ Known follow-ups (deferred — separate PRs):
  • Lift 4 cli/* imports (resolveAuditBaselines, buildContextEnvelope, computeValidateRows, query-recipes) into application/ — currently documented layer-reversals
  • Server-lifetime changed_since cache (currently per-tool-call) — needs staleness-invalidation story before it's safe
  • Pool DB connection (currently openDb/closeDb per tool call) — measure first; bun:sqlite open is microseconds
  • Split mcp-server.ts when it crosses ~1000 lines (currently 770)

Composition with the recently shipped surface

Reuses every CLI primitive from PRs #26 / #28 / #30 / #33. HTTP API (codemap serve) stays in roadmap backlog — design points (tool taxonomy + output shape) reserved in architecture.md § MCP wiring so HTTP inherits them when its turn comes.

Summary by CodeRabbit

Release Notes

• New Features

  • Added codemap mcp command to expose Codemap functionality as JSON-RPC tools over stdio
  • Introduced batch query capability executing multiple statements in a single request with per-statement error isolation
  • Enabled MCP resource access for recipes, schema, and skill documentation with automatic caching

• Dependencies

  • Added @modelcontextprotocol/sdk

[changeset-bot]

🦋 Changeset detected

Latest commit: 02b316d

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@stainless-code/codemap	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Warning

Rate limit exceeded

@SutuSebastian has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 44 minutes and 43 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 15698ce3-5cc6-41be-b3b8-d55b75d8d2ed

📥 Commits

Reviewing files that changed from the base of the PR and between 3fe2eb8 and 02b316d.

📒 Files selected for processing (12)

• .agents/rules/codemap.md
• .agents/skills/codemap/SKILL.md
• README.md
• docs/architecture.md
• docs/glossary.md
• src/application/mcp-server.test.ts
• src/application/mcp-server.ts
• src/application/query-engine.test.ts
• src/application/query-engine.ts
• src/cli/cmd-mcp.ts
• templates/agents/rules/codemap.md
• templates/agents/skills/codemap/SKILL.md

📝 Walkthrough

Walkthrough

This PR implements a complete MCP (Model Context Protocol) server for codemap, exposing structural query, audit, and baseline management functionality as JSON-RPC tools over stdio. It includes a new query engine, MCP server wiring, CLI integration, comprehensive tests, and extensive documentation updates spanning architecture, glossary, and agent integration templates.

Changes

Cohort / File(s)	Summary
Core MCP Server Implementation src/application/mcp-server.ts, src/application/mcp-server.test.ts	Introduces createMcpServer and runMcpServer functions that expose 9 MCP tools (query, query_batch, query_recipe, audit, context, validate, save_baseline, list_baselines, drop_baseline) with Zod validation, memoized git diff resolution, lazy-cached resources (codemap://recipes*, codemap://schema, codemap://skill), and consistent CLI-shaped response envelopes. Comprehensive test suite validates tool behavior, error isolation, baseline lifecycle, and resource discovery.
Query Execution Engine src/application/query-engine.ts, src/application/query-engine.test.ts	Adds pure executeQuery and executeQueryBatch functions that run SQL statements, optionally filter by changed files, apply recipe actions, group results, and return --json envelope shapes with per-statement error isolation. Tests verify filtering, grouping, summary mode, and batch execution.
CLI Command Wiring src/cli/cmd-mcp.ts, src/cli/cmd-mcp.test.ts, src/cli/bootstrap.ts, src/cli/main.ts	Introduces parseMcpRest, printMcpCmdHelp, and runMcpCmd to handle codemap mcp command dispatch. Updates bootstrap help text and CLI main dispatcher to recognize and route the mcp command. Tests verify parsing, help display, and error handling.
Core Documentation docs/architecture.md, docs/glossary.md, docs/roadmap.md	Documents MCP server architecture (bootstrap flow, tool/resource mapping, git memoization), adds glossary entries for MCP and query_batch semantics, and refocuses roadmap to separate MCP (completed v1) from deferred HTTP codemap serve API.
Plan & Changeset Migration .changeset/agent-transports-mcp-scaffold.md, docs/plans/agent-transports.md	Records new @stainless-code/codemap minor release with MCP feature and @modelcontextprotocol/sdk^1.29.0 dependency. Removes detailed agent-transports plan (now superseded by architecture/glossary docs).
Agent Integration Documentation .agents/rules/codemap.md, .agents/skills/codemap/SKILL.md, templates/agents/rules/codemap.md, templates/agents/skills/codemap/SKILL.md, README.md	Adds agent-facing documentation defining MCP tool surface (tool arguments, output shapes, error handling), resource URIs, and launch instructions. Mirrors content across both .agents/ active rules and templates/ source templates.
Dependencies package.json	Adds @modelcontextprotocol/sdk@^1.29.0 runtime dependency.

Sequence Diagram

sequenceDiagram
    actor Agent as Agent Host
    participant CLI as CLI Bootstrap
    participant MCP as MCP Server
    participant Engine as Query/Audit Engine
    participant DB as Database

    Agent->>CLI: codemap mcp (with --root, --config)
    CLI->>CLI: Parse & validate arguments
    CLI->>MCP: runMcpServer(opts)
    MCP->>MCP: bootstrapForMcp() - init codemap once
    MCP->>MCP: Create McpServer with StdioServerTransport
    MCP-->>Agent: Ready for JSON-RPC requests over stdin/stdout

    Agent->>MCP: {"jsonrpc":"2.0", "method":"query", "params":{...}}
    MCP->>MCP: Validate inputs with Zod
    MCP->>MCP: Memoize git diff for changed_since (if needed)
    MCP->>Engine: executeQuery(opts)
    Engine->>DB: Execute SQL statement
    DB-->>Engine: Row results
    Engine->>Engine: Apply grouping/summary/recipe actions
    Engine-->>MCP: QueryResultPayload (or {error})
    MCP->>MCP: Wrap in CLI --json envelope
    MCP-->>Agent: {"jsonrpc":"2.0", "result":{"content":[...]}}

    Agent->>MCP: {"jsonrpc":"2.0", "method":"query_batch", "params":{statements:[...]}}
    MCP->>Engine: executeQueryBatch(statements)
    Engine->>Engine: Map each statement through executeQuery
    Engine-->>MCP: Array<QueryResultPayload | ExecuteQueryError>
    MCP-->>Agent: Per-statement results (errors isolated)

Loading

Estimated Code Review Effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly Related PRs

• feat: codemap audit v1 (B.5) — structural-drift command with per-delta baselines #33: Implements audit and query engine entry points (runAudit, computeDelta, executeQuery) that the MCP server directly reuses for tool handlers.
• feat(query): --save-baseline / --baseline (B.6) — snapshots in .codemap.db #30: Implements baseline save/list/drop functionality that is exposed via MCP's save_baseline, list_baselines, and drop_baseline tools.
• feat(cli): codemap validate / context / --performance, four new query recipes, friendlier no-DB error #23: Modifies CLI bootstrap and main dispatcher, which this PR extends with the new mcp command routing and help text.

Suggested Labels

enhancement, documentation

Poem

🐇 Protocol hops through stdio streams,
Tools and resources paint agent dreams,
Query batches bundled, baselines preserved—
JSON envelopes perfectly curved! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 43.75% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: implementing an MCP server for codemap as part of agent-transports v1. It clearly specifies the feature ('codemap mcp'), the scope ('agent-transports v1'), and identifies this as Tracer 1 of a multi-step rollout.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/agent-transports-mcp

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 44 minutes and 43 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[SutuSebastian]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 8

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/architecture.md`:
- Around line 128-129: The claim that "per-statement errors are isolated" is too
broad because failures resolving changed_since currently abort the whole request
in registerQueryBatchTool(); either narrow the docs to say isolation only
applies to SQL/engine/runtime failures (leave
registerQueryBatchTool/executeQueryBatch unchanged), or change
registerQueryBatchTool() to resolve each item's changed_since inside the
per-item loop with a try/catch so failures produce a per-slot {error} result
(matching executeQueryBatch's per-statement semantics) and continue processing
other items; update the changed-since memoisation logic so the per-(root,ref)
cache is consulted/filled inside that per-item resolution path.

In `@docs/glossary.md`:
- Around line 246-252: The docs incorrectly state snake_case “matches MCP spec”;
update the glossary entries for `codemap mcp` and `query_batch` to say that tool
input/output keys use snake_case as a Codemap convention (not a protocol
requirement). Edit the wording around "Tool input/output keys are snake_case"
to: e.g., "Tool input/output keys use snake_case (a Codemap convention); CLI
stays kebab — translation at the MCP-arg layer." Keep references to `codemap
mcp`/`query_batch` and the implementation files `src/cli/cmd-mcp.ts` and
`src/application/mcp-server.ts` so readers can find the code paths that perform
the kebab↔snake translations.

In `@README.md`:
- Around line 113-117: Reword the README wording that implies “one tool per CLI
verb” to explicitly mark that query_batch is an MCP-only tool: update the
sentence around "codemap mcp" and the tools list so it reads something like
“codemap mcp — JSON-RPC on stdio (MCP-only tools listed below); most commands
map to one CLI verb, except MCP-only tools such as query_batch.” Ensure the
symbol query_batch is named and that the phrase "one tool per CLI verb" is
adjusted to avoid implying query_batch is a normal CLI verb.

In `@src/application/mcp-server.ts`:
- Around line 245-254: The current batch handler returns immediately on a single
changed_since resolution error (using jsonError) which aborts the entire batch;
instead, change the logic in the anonymous handler (the function that calls
makeChangedFilesResolver, mergeBatchItem and resolveChanged) so that when
resolveChanged(merged.changed_since) yields an error object you do not return
early but record an item-level error into the resolved array (preserving the
original statement order) — e.g., push a BatchStatementResolved entry
representing the per-statement error (including the error payload) and continue
processing subsequent statements; apply the same per-item error-capture fix to
the similar block around resolveChanged handling at the 262-267 region so each
statement can succeed/fail independently.
- Line 132: Add a concise JSDoc block above the exported createMcpServer
function that documents its purpose, the shape and required/optional properties
of the ServerOpts parameter, and what the returned McpServer represents and
guarantees (e.g., lifecycle methods or interfaces it implements); reference the
createMcpServer function name and the ServerOpts/McpServer types in the
description and include parameter (`@param`) and return (`@returns`) tags so the
exported API is clearly specified for consumers and tooling.

In `@src/application/query-engine.ts`:
- Around line 40-51: Add short JSDoc comments above the exported types to
document their public API: describe QueryResultPayload as the possible shapes
returned from executeQuery (array of records, count-only object, grouped results
with GroupByMode and groups array, or grouped key/count pairs) and document
ExecuteQueryError as the error object returned on failure with an error string
field; update the comments located near the exported symbols QueryResultPayload
and ExecuteQueryError to follow the project’s public API documentation style.
- Around line 59-66: The code calls db.query(opts.sql) in executeQuery without
enforcing read-only semantics, allowing mutations; change executeQuery to open
the DB in read-only mode or enable SQLite's query-only mode before executing
caller SQL (e.g., call openDb with a readOnly flag or call db.exec("PRAGMA
query_only = ON") on the returned handle), and validate/escape opts.sql only
accepts read-only statements (e.g., starts with SELECT/PRAGMA) as a second-line
defense; update references in executeQuery (and openDb if needed) to use the
read-only option so the engine cannot perform DROP/DELETE/UPDATE from opts.sql.

In `@src/cli/cmd-mcp.ts`:
- Around line 35-38: Update the MCP command help text in the src/cli/cmd-mcp.ts
module (the command definition / help string for the "mcp" command) to reflect
the current surface: list the available verbs (query, query_recipe, audit,
baseline ops, context, validate, plus ping) instead of saying "Tracer 1 only
ships the ping stub", and remove or replace the pointer to
docs/plans/agent-transports.md with either an accurate docs link or omit it;
edit the help/description string used by the command registration (the variable
or literal passed into the command builder for "mcp") so running "codemap mcp
--help" shows the correct commands and guidance.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: eeaa1775-73e4-4580-b2a8-7b682567a8aa

📥 Commits

Reviewing files that changed from the base of the PR and between 7718691 and 3fe2eb8.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (19)

• .agents/rules/codemap.md
• .agents/skills/codemap/SKILL.md
• .changeset/agent-transports-mcp-scaffold.md
• README.md
• docs/architecture.md
• docs/glossary.md
• docs/plans/agent-transports.md
• docs/roadmap.md
• package.json
• src/application/mcp-server.test.ts
• src/application/mcp-server.ts
• src/application/query-engine.test.ts
• src/application/query-engine.ts
• src/cli/bootstrap.ts
• src/cli/cmd-mcp.test.ts
• src/cli/cmd-mcp.ts
• src/cli/main.ts
• templates/agents/rules/codemap.md
• templates/agents/skills/codemap/SKILL.md

💤 Files with no reviewable changes (1)

• docs/plans/agent-transports.md