feat(mcp): add workflow toolbox planner#533
Open
Khaostica wants to merge 2 commits into
Open
Conversation
superagent-security
Bot
added
the
contributor:verified
Contributor
|
Warning Review limit reached
More reviews will be available in 8 minutes and 45 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Repository UI (base), Organization UI (inherited) Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (7)
📝 WalkthroughWalkthroughAdds a new read-only MCP tool ChangesWorkflow Toolbox Planner Tool
Sequence Diagram(s)sequenceDiagram
participant Client
participant planWorkflowToolbox
participant SearchIndex
participant Scorer
Client->>planWorkflowToolbox: goal, category?, platform?, limit?
planWorkflowToolbox->>planWorkflowToolbox: Tokenize goal (stopword filter)
planWorkflowToolbox->>SearchIndex: Load search-index.json
SearchIndex-->>planWorkflowToolbox: entry catalog
planWorkflowToolbox->>Scorer: Filter catalog by category/platform
Scorer->>Scorer: Score entries (token match + category + platform + trust)
Scorer->>Scorer: Apply category diversity if requested
Scorer-->>planWorkflowToolbox: Ranked candidates
planWorkflowToolbox->>planWorkflowToolbox: Generate reasons, caveats, nextSteps
planWorkflowToolbox-->>Client: {entries, reasons, guidance, notes, count}
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related issues
Possibly related PRs
Suggested labels
Suggested reviewers
Poem
Important Pre-merge checks failedPlease resolve all errors before merging. Addressing warnings is optional. ❌ Failed checks (1 error)
✅ Passed checks (7 passed)
✨ Finishing Touches✨ Simplify code
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/mcp/src/registry.js`:
- Line 1955: The runtime path of planWorkflowToolbox currently calls
normalizeLimit(args.limit, 5) which allows up to 25 via normalizeLimit; update
the runtime to enforce the intended 1–10 bound by clamping the computed limit to
10 (e.g. call normalizeLimit with a max of 10 or apply
Math.min(normalizeLimit(...), 10)) so that planWorkflowToolbox cannot be invoked
with >10 even when called directly; reference normalizeLimit and
planWorkflowToolbox when making the change.
- Around line 1891-1893: The current token-length check increments score
(tokens.length === 0 -> score += 1), which improperly rewards candidates with
empty/weak tokenization; remove that increment and instead skip token-based
scoring when tokens.length === 0 so the algorithm falls back to guidance-only
evaluation. Locate the tokenization branch that references tokens and score in
the scoring loop (the tokens.length === 0 check) and change it to not modify
score (no score += 1) and ensure control flows to the guidance-only path (i.e.,
do not treat empty tokens as a positive match).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI (base), Organization UI (inherited)
Review profile: CHILL
Plan: Pro
Run ID: 011f2cba-398e-43d5-a2b3-a32f2d7ca0b7
📒 Files selected for processing (7)
packages/mcp/README.mdpackages/mcp/src/registry.d.tspackages/mcp/src/registry.jspackages/mcp/src/schemas.d.tspackages/mcp/src/schemas.jstests/mcp-http-route.test.tstests/mcp-server.test.ts
📜 Review details
⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: pipelock-advisory-scan
🧰 Additional context used
📓 Path-based instructions (1)
packages/mcp/**/*
📄 CodeRabbit inference engine (AGENTS.md)
MCP package behavior must live under
packages/mcp/
Files:
packages/mcp/README.mdpackages/mcp/src/schemas.d.tspackages/mcp/src/schemas.jspackages/mcp/src/registry.jspackages/mcp/src/registry.d.ts
🔇 Additional comments (7)
packages/mcp/src/schemas.d.ts (1)
29-29: LGTM!packages/mcp/src/schemas.js (1)
285-293: LGTM!Also applies to: 321-321
packages/mcp/src/registry.js (1)
87-87: LGTM!Also applies to: 248-253, 2150-2152
packages/mcp/src/registry.d.ts (1)
168-171: LGTM!Also applies to: 206-206
packages/mcp/README.md (1)
82-85: LGTM!tests/mcp-http-route.test.ts (1)
111-111: LGTM!tests/mcp-server.test.ts (1)
132-135: LGTM!Also applies to: 860-974
Khaostica
force-pushed
the
claude/sweet-yalow-a3e2b7
branch
from
c5baae0 to
9e4f9c4
Compare
Khaostica
force-pushed
the
claude/sweet-yalow-a3e2b7
branch
2 times, most recently
from
6ef3a72 to
c97b80b
Compare
superagent-security
Bot
removed
contributor:verified
Khaostica
force-pushed
the
claude/sweet-yalow-a3e2b7
branch
2 times, most recently
from
7d68dcd to
320e6ff
Compare
JSONbored
requested changes
May 28, 2026
Owner
JSONbored
left a comment
JSONbored
left a comment
There was a problem hiding this comment.
@Khaostica this MCP toolbox planner is close, but one runtime correctness issue should be fixed before merge.
- The query tokens are lowercased, but the searchable entry haystack is not consistently lowercased.
- That makes matching case-sensitive for titles/descriptions/brand text and can miss relevant workflow-toolbox results.
- Normalize the haystack to lowercase before token matching.
- Add a regression test where a lowercase user goal matches mixed-case title or description text.
- Expected validation: run the focused MCP workflow-toolbox tests plus the MCP package test lane.
- Please fix merge conflicts, and ensure CI passes fully.
Khaostica
force-pushed
the
claude/sweet-yalow-a3e2b7
branch
from
320e6ff to
de0cd41
Compare
JSONbored
requested changes
May 28, 2026
Owner
JSONbored
left a comment
JSONbored
left a comment
There was a problem hiding this comment.
Action: request changes
- The previous maintainer blocker is fixed: the planner haystack is now lowercased, there is a mixed-case regression test, merge conflicts are gone, and the MCP/required checks are green.
- One still-valid runtime contract issue remains before merge.
planWorkflowToolbox()still callsnormalizeLimit(args.limit, 6), andnormalizeLimit()allows up to 25. The tool contract is a 1-10 planner result bound, so direct runtime calls can exceed the public schema.- Please clamp this tool’s runtime limit to 10 and add/update a focused test proving
limit > 10returns at most 10 entries.
Khaostica
force-pushed
the
claude/sweet-yalow-a3e2b7
branch
from
c6e85ff to
b3683ae
Compare
dosubot
Bot
added
the
size:S
JSONbored
requested changes
May 30, 2026
Owner
JSONbored
left a comment
JSONbored
left a comment
There was a problem hiding this comment.
@Khaostica the MCP planner fixes look close, but this PR needs to stay scoped before merge.
- Keep this PR focused on
plan_workflow_toolboxand MCP tests. - Remove the unrelated changes to
scripts/resolve-pr-preview-url.mjsandtests/deployment-preview-url.test.ts, or move them to a separate PR with its own explanation. - Update the branch against current
mainso required checks rerun on the current base. - Keep the lowercase matching regression and runtime
limit <= 10coverage. - Re-run
pnpm test:mcpand the focused MCP tests after removing the unrelated files.
…ching
The workflow-toolbox planner lowercases query tokens but matched them
against entrySearchText, whose case-insensitivity was only implicit via
normalizeText. Make the guarantee explicit by lowercasing the joined
haystack so token matching cannot silently regress to case-sensitive and
miss relevant mixed-case titles, descriptions, or brand text.
Adds a regression test where a lowercase planner goal matches mixed-case
entry title ("CLUSTER") and description ("ROLLOUTS") text.
Validation: pnpm test:mcp (54 passed).
planWorkflowToolbox() called normalizeLimit(args.limit, 6), which allows up to 25, so direct runtime calls could exceed the 1-10 planner result bound enforced by the public input schema. Clamp the runtime limit to 10 and add a focused test proving limit > 10 returns at most 10 entries.
Khaostica
force-pushed
the
claude/sweet-yalow-a3e2b7
branch
from
01559eb to
1b76aeb
Compare
dosubot
Bot
added
size:XS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
plan_workflow_toolboxMCP tool that composes existing registry primitives into a bounded toolbox for a user goal.nextStepspointers to existing tools.What changed
plan_workflow_toolboxtoREAD_ONLY_TOOL_NAMES,TOOL_DEFINITIONS,TOOL_INPUT_SCHEMAS, the registry dispatcher, and.d.tstype surface.guidance[]payload instead of unrelated entries.preferDiverseCategories=true); tagged surfaced entries withcomplementary_categorywhen multiple categories are picked.query_match,category_match,same_platform,trusted_package,source_backed,has_safety_notes,has_privacy_notes,complementary_category.packages/mcp/README.md.Why
Closes #491.
Invariants
search-index.json; no fabricated source stats.{ readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: false }.MCP_PUBLIC_POLICYenvelope is applied by the existingwithPublicPolicywrapper; not bypassed.limitclamped to 1–10, token count capped at 12.Backward compatibility
apps/web/public/data/**,apps/web/src/generated/**,README.md, orapps/web/public/downloads/**.Visual impact
No visual impact — MCP tool surface only, no UI/route changes.
Validation
pnpm test:mcppnpm exec vitest run tests/mcp-server.test.ts tests/mcp-cli.test.ts tests/mcp-http-route.test.tspnpm validate:packagesgit diff --check