feat(mcp): add SSE transport, tools command, and multi-client install support#102
Merged
Conversation
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (2)
WalkthroughThis PR enhances command error handling with rich error rendering, adds optional positional ID arguments for entity actions with round-trippable flag serialization, treats task warning status as terminal, improves RPC entity-root handling to avoid duplicate endpoints, enables config-driven OpenAPI generation, and exposes SwaggerServer public methods for external HTTP mux composition. Dependency versions are also updated across the main and indirect require blocks. ChangesCommand Error Handling and Entity Action Improvements
Task Status and RPC/OpenAPI
Documentation and Dependencies
🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 9
🧹 Nitpick comments (1)
api/code_test.go (1)
272-285: ⚡ Quick winTighten this test to actually exercise the fallback path.
This assertion set can pass even when XML formatting succeeds, so it doesn’t prove panic/failed-format recovery. Consider validating
formatXMLBestEffortwith an input that deterministically hits fallback (or rename the test to avoid panic-specific semantics).🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@api/code_test.go` around lines 272 - 285, The test currently can pass even when XML formatting succeeds; update it to deterministically exercise the fallback path by either (A) calling formatXMLBestEffort directly with a crafted input that will trigger the fallback (e.g., an input that the XML formatter will fail on or that you special-case in formatXMLBestEffort for tests) and asserting it returns the original unformatted string, then verify Code.HTML() uses Chroma highlighting for that content, or (B) rename the test to remove "PanicFallsBack" if you don't want to assert fallback behavior; reference the existing TestCodeHTML_XMLFormatterPanicFallsBackToHighlightedContent, Code.HTML(), and formatXMLBestEffort when making the change so the test deterministically verifies the fallback path (or is renamed to match its assertions).
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@cobra_command.go`:
- Around line 291-293: The renderableError routine currently only follows the
single-error chain via errors.Unwrap(e) and thus misses causes inside
multi-error joins; update renderableError to detect and traverse both single
Unwrap() error and multi Unwrap() []error cases (or replace the loop with an
errors.As-style search) so api.TryTypedValue targets are found in joined
errors—specifically, modify the loop that checks api.TryTypedValue(e) to also,
when present, call Unwrap() []error and recursively inspect each child (or use
errors.As against the concrete type that TryTypedValue expects) to ensure all
renderable causes are discovered.
In `@examples/uber_demo/main.go`:
- Around line 1304-1313: showStackTrace reuses headersOnlyOpts (which includes
clicky.WithStackInclude("com.example.")) for NativeFrames, filtering out
non-com.example frames like sun.reflect.Native Method; fix by creating a
separate nativeOpts without WithStackInclude (e.g., nativeOpts :=
[]api.StackTraceOption{} and if opts.Max > 0 append
clicky.WithMaxStackFrames(opts.Max)), and use
clicky.StackTrace(javaNullPointerTrace, nativeOpts...) for the NativeFrames
return value instead of reusing headersOnlyOpts; keep headersOnlyOpts for
WithoutSource.
In `@formatters/html_formatter.go`:
- Around line 201-203: The type-assertion branch that handles
in.(*api.StackTrace) must guard against a typed nil before calling HTML(): check
that trace != nil after the assertion and return an appropriate value (e.g.,
fallback or nil, error) instead of calling trace.HTML() when trace is nil;
update the branch that currently returns f.wrapHTMLBody(trace.HTML()), nil to
first verify trace != nil and only then call trace.HTML(), referencing the
api.StackTrace type, the HTML() method, the trace local variable, and
f.wrapHTMLBody to locate and fix the code.
In `@Makefile`:
- Around line 8-10: The Makefile change swapped lazy-assignment (?=) for
immediate expansion (:=) on GIT_COMMIT, BUILD_DATE and LDFLAGS which would
clobber environment/cli overrides; restore the conditional behavior by keeping
?= for GIT_COMMIT and BUILD_DATE (or, if you need immediate expansion, guard the
change with an origin check like ifeq ($(origin GIT_COMMIT),undefined) before
assigning :=) and ensure LDFLAGS is only set in a guarded way so it doesn’t
overwrite an externally provided value; reference the variables GIT_COMMIT,
BUILD_DATE and LDFLAGS to locate and update the assignments.
In `@mcp/command.go`:
- Around line 279-280: The code unconditionally copies boolean zero-values from
initial.Security into config.Security (via config.Security.RequireConfirmation =
initial.Security.RequireConfirmation and config.Security.AuditLog =
initial.Security.AuditLog in NewCommandWithConfig), which overwrites persisted
settings when a partial Config is passed; change the model so presence can be
detected (e.g., make Security.RequireConfirmation and Security.AuditLog pointer
bools or add explicit "set" flags on the Security struct) and then update
NewCommandWithConfig to only assign these fields when the initial value is
present (non-nil or the corresponding "set" flag is true), leaving existing
config.Security values intact otherwise.
In `@mcp/discover_tools.go`:
- Around line 48-60: renderToolText currently dereferences tool and
tool.InputSchema without checks causing panics for nil entries; add guards at
the start of renderToolText to handle a nil *ToolDefinition and a nil
InputSchema: if tool is nil, append a short "No definition available" (or
similar) message and return; if tool.InputSchema is nil, treat properties as
empty (return "No parameters.") instead of indexing into it. Update references
to tool.Description and tool.InputSchema.Properties accordingly so the function
fails soft rather than crashing.
In `@mcp/install.go`:
- Around line 66-69: The code is using rootCmd.Use (which may include
args/placeholders) for identity/path lookup; change usages to the canonical
command name by calling rootCmd.Name() instead: set serverName := rootCmd.Name()
and pass rootCmd.Name() into resolveBinaryPath instead of rootCmd.Use (locate
these in the install flow where serverName and the resolveBinaryPath call are
defined).
In `@mcp/server.go`:
- Around line 330-339: The sameOriginOrNoOrigin function currently only compares
the parsed Origin host to r.Host which allows mismatched schemes; update it to
also derive the request scheme (use "https" when r.TLS != nil else "http") and
compare u.Scheme to that scheme in addition to comparing u.Host to r.Host. Use
case-insensitive comparison for scheme (e.g., strings.EqualFold) and keep using
strings.EqualFold for host comparison so both scheme and host must match; keep
the existing early-return behavior for empty Origin and parse errors.
In `@rpc/openapi_serve_integration_test.go`:
- Around line 789-795: The test currently picks an ephemeral port with
freeTCPPort and then starts the server via exec.Command(binaryPath, "openapi",
"serve", ...) which closes the listener before the child binds, leading to
TOCTOU flakiness; modify the startup in the test to wrap server launch (the
exec.Command + start/wait-for-bind sequence) in a retry loop: call freeTCPPort
to choose a port, attempt to start the server process (using the same args that
include "--port" and "--enable-executor"), detect bind/startup failure (e.g.,
process exits quickly or connection to 127.0.0.1:port is refused), kill/cleanup
the failed process, then pick a new port and retry a few times before failing
the test; apply the same retry logic around the other startup site referenced
(lines ~854-862) so intermittent "address already in use" errors are avoided.
---
Nitpick comments:
In `@api/code_test.go`:
- Around line 272-285: The test currently can pass even when XML formatting
succeeds; update it to deterministically exercise the fallback path by either
(A) calling formatXMLBestEffort directly with a crafted input that will trigger
the fallback (e.g., an input that the XML formatter will fail on or that you
special-case in formatXMLBestEffort for tests) and asserting it returns the
original unformatted string, then verify Code.HTML() uses Chroma highlighting
for that content, or (B) rename the test to remove "PanicFallsBack" if you don't
want to assert fallback behavior; reference the existing
TestCodeHTML_XMLFormatterPanicFallsBackToHighlightedContent, Code.HTML(), and
formatXMLBestEffort when making the change so the test deterministically
verifies the fallback path (or is renamed to match its assertions).
🪄 Autofix (Beta)
✅ Autofix completed
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: f593e2c4-8611-4534-b809-cedd1c110de7
⛔ Files ignored due to path filters (2)
examples/enitity/webapp/pnpm-lock.yamlis excluded by!**/pnpm-lock.yamlexamples/uber_demo/go.sumis excluded by!**/*.sum
📒 Files selected for processing (49)
.gitignoreMakefileapi/code.goapi/code_test.goapi/diff.goapi/diff_test.goapi/stacktrace.goapi/stacktrace_java.goapi/stacktrace_test.gocobra_command.gocobra_command_test.goentity.goentity_filters_test.goexamples/enitity/main.goexamples/enitity/webapp/package.jsonexamples/enitity/webapp/pnpm-workspace.yamlexamples/enitity/webapp/src/App.tsxexamples/enitity/webapp/src/index.cssexamples/enitity/webapp/src/main.tsxexamples/enitity/webapp/tsconfig.jsonexamples/enitity/webapp/vite.config.tsexamples/go.modexamples/uber_demo/main.goflags.goflags_test.goformatters/html_formatter.goformatters/html_react_formatter.goformatters/html_react_formatter_test.gogo.modmcp/builder.gomcp/builder_test.gomcp/command.gomcp/command_test.gomcp/config.gomcp/discover_tools.gomcp/discover_tools_test.gomcp/install.gomcp/install_test.gomcp/prompts.gomcp/registry.gomcp/registry_test.gomcp/server.gomcp/sse_test.gorpc/converter.gorpc/openapi.gorpc/openapi_serve_integration_test.gorpc/serve.gotask/task.gotask/task_status_test.go
💤 Files with no reviewable changes (1)
- examples/enitity/webapp/src/index.css
Comment on lines
+291
to
+293
| for e := err; e != nil; e = errors.Unwrap(e) { | ||
| if api.TryTypedValue(e) != nil { | ||
| return e, true |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
In Go (1.20+), does errors.Unwrap traverse errors that implement Unwrap() []error (e.g., errors.Join or fmt.Errorf with multiple %w), or only Unwrap() error?
💡 Result:
In Go (1.20+), the errors.Unwrap function only traverses errors that implement the Unwrap error method [1][2]. It does not traverse errors that implement Unwrap []error (such as those created by errors.Join) [1][3]. If you call errors.Unwrap on an error that implements only Unwrap []error, it will return nil [1][2]. While the errors.Is and errors.As functions are designed to handle both Unwrap error and Unwrap []error (performing a depth-first search through the error tree for the latter) [4][2][5], the errors.Unwrap function remains restricted to the standard linked-list style of unwrapping [1][3]. If you need to access multiple errors joined together, you must perform a type assertion to the interface that provides the Unwrap []error method [6]: if uw, ok:= err.(interface{ Unwrap []error }); ok { errs:= uw.Unwrap // process the slice of errors }
Citations:
- 1: https://go.dev/pkg/errors/?m=all%2Cold
- 2: https://pkg.go.dev/errors
- 3: errors: add support for wrapping multiple errors golang/go#53435
- 4: https://github.com/golang/go/blob/0fd7be7ee5f36215b5d6b8f23f35d60bf749805a/src/errors/wrap.go
- 5: https://julienlargetpiet.tech/articles/go-joining-errors-learn-with-examples.html
- 6: https://stackoverflow.com/questions/77037909/how-to-count-joined-errors-in-go-1-20
Handle joined/multi-error unwrapping in renderableError
renderableError walks only errors.Unwrap(e) (single Unwrap() error chain), so it will miss renderable causes reachable via Unwrap() []error (e.g., errors.Join(...) or fmt.Errorf with multiple %w). Switch to an errors.As-based approach for api.TryTypedValue’s target type, or explicitly traverse interface{ Unwrap() []error } in addition to Unwrap() error to keep rich error formatting consistent.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@cobra_command.go` around lines 291 - 293, The renderableError routine
currently only follows the single-error chain via errors.Unwrap(e) and thus
misses causes inside multi-error joins; update renderableError to detect and
traverse both single Unwrap() error and multi Unwrap() []error cases (or replace
the loop with an errors.As-style search) so api.TryTypedValue targets are found
in joined errors—specifically, modify the loop that checks api.TryTypedValue(e)
to also, when present, call Unwrap() []error and recursively inspect each child
(or use errors.As against the concrete type that TryTypedValue expects) to
ensure all renderable causes are discovered.
Comment on lines
+1304
to
+1313
| headersOnlyOpts := []api.StackTraceOption{clicky.WithStackInclude("com.example.")} | ||
| if opts.Max > 0 { | ||
| headersOnlyOpts = append(headersOnlyOpts, clicky.WithMaxStackFrames(opts.Max)) | ||
| } | ||
|
|
||
| return StackTraceShowcase{ | ||
| WithSource: clicky.StackTrace(javaSampleTrace, resolvedOpts...), | ||
| WithoutSource: clicky.StackTrace(javaNullPointerTrace, headersOnlyOpts...), | ||
| NativeFrames: clicky.StackTrace(javaNullPointerTrace, headersOnlyOpts...), | ||
| }, nil |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify that NativeFrames reuses filtered options and that the fixture includes native/unknown frames.
rg -n 'headersOnlyOpts|NativeFrames|WithStackInclude|javaNullPointerTrace|Native Method|Unknown Source|sun\.reflect' examples/uber_demo/main.goRepository: flanksource/clicky
Length of output: 941
🏁 Script executed:
# Inspect how clicky.WithStackInclude is implemented and how it filters frames in StackTrace.
rg -n "func\s+WithStackInclude|WithStackInclude\(" -S .
rg -n "WithStackInclude" -S . --glob='*.go'Repository: flanksource/clicky
Length of output: 1265
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Print the relevant implementation + option usage in stacktrace.go
sed -n '1,220p' api/stacktrace.go
echo "----"
sed -n '220,520p' api/stacktrace.goRepository: flanksource/clicky
Length of output: 15377
Fix NativeFrames filtering in showStackTrace
api.WithStackInclude restricts frame display (and source resolution) to classes matching the given prefixes. showStackTrace builds headersOnlyOpts with clicky.WithStackInclude("com.example.") and reuses it for both WithoutSource and NativeFrames (so frames from javaNullPointerTrace under sun.reflect.*—including Native Method / Unknown Source—won’t appear in NativeFrames).
💡 Suggested fix
headersOnlyOpts := []api.StackTraceOption{clicky.WithStackInclude("com.example.")}
+ nativeFrameOpts := []api.StackTraceOption{}
if opts.Max > 0 {
headersOnlyOpts = append(headersOnlyOpts, clicky.WithMaxStackFrames(opts.Max))
+ nativeFrameOpts = append(nativeFrameOpts, clicky.WithMaxStackFrames(opts.Max))
}
return StackTraceShowcase{
WithSource: clicky.StackTrace(javaSampleTrace, resolvedOpts...),
WithoutSource: clicky.StackTrace(javaNullPointerTrace, headersOnlyOpts...),
- NativeFrames: clicky.StackTrace(javaNullPointerTrace, headersOnlyOpts...),
+ NativeFrames: clicky.StackTrace(javaNullPointerTrace, nativeFrameOpts...),
}, nil📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| headersOnlyOpts := []api.StackTraceOption{clicky.WithStackInclude("com.example.")} | |
| if opts.Max > 0 { | |
| headersOnlyOpts = append(headersOnlyOpts, clicky.WithMaxStackFrames(opts.Max)) | |
| } | |
| return StackTraceShowcase{ | |
| WithSource: clicky.StackTrace(javaSampleTrace, resolvedOpts...), | |
| WithoutSource: clicky.StackTrace(javaNullPointerTrace, headersOnlyOpts...), | |
| NativeFrames: clicky.StackTrace(javaNullPointerTrace, headersOnlyOpts...), | |
| }, nil | |
| headersOnlyOpts := []api.StackTraceOption{clicky.WithStackInclude("com.example.")} | |
| nativeFrameOpts := []api.StackTraceOption{} | |
| if opts.Max > 0 { | |
| headersOnlyOpts = append(headersOnlyOpts, clicky.WithMaxStackFrames(opts.Max)) | |
| nativeFrameOpts = append(nativeFrameOpts, clicky.WithMaxStackFrames(opts.Max)) | |
| } | |
| return StackTraceShowcase{ | |
| WithSource: clicky.StackTrace(javaSampleTrace, resolvedOpts...), | |
| WithoutSource: clicky.StackTrace(javaNullPointerTrace, headersOnlyOpts...), | |
| NativeFrames: clicky.StackTrace(javaNullPointerTrace, nativeFrameOpts...), | |
| }, nil |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@examples/uber_demo/main.go` around lines 1304 - 1313, showStackTrace reuses
headersOnlyOpts (which includes clicky.WithStackInclude("com.example.")) for
NativeFrames, filtering out non-com.example frames like sun.reflect.Native
Method; fix by creating a separate nativeOpts without WithStackInclude (e.g.,
nativeOpts := []api.StackTraceOption{} and if opts.Max > 0 append
clicky.WithMaxStackFrames(opts.Max)), and use
clicky.StackTrace(javaNullPointerTrace, nativeOpts...) for the NativeFrames
return value instead of reusing headersOnlyOpts; keep headersOnlyOpts for
WithoutSource.
Comment on lines
+201
to
+203
| if trace, ok := in.(*api.StackTrace); ok { | ||
| return f.wrapHTMLBody(trace.HTML()), nil | ||
| } |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Locate relevant files
ls -R
rg -n "type StackTrace|func \\(.*StackTrace\\) HTML\\(" -S . || true
rg -n "html_formatter\\.go" -S . || true
fd -a "html_formatter.go" . || true
# Show the exact formatter code around the snippet lines
FILE="formatters/html_formatter.go"
if [ -f "$FILE" ]; then
echo "---- $FILE (context around lines 160-240) ----"
nl -ba "$FILE" | sed -n '160,240p'
fi
# Find api.StackTrace definition and HTML method implementation
# (Try common layouts first by searching for "type StackTrace" and "HTML()" closely)
echo "---- Search for api.StackTrace definition ----"
rg -n --hidden --no-ignore -S "type StackTrace struct|type StackTrace" . | head -n 50 || true
# Print the file(s) containing the HTML method for StackTrace
echo "---- Search for StackTrace.HTML ----"
rg -n --hidden --no-ignore -S "func \\(.*StackTrace\\) HTML\\(" . | head -n 50 || true
rg -n --hidden --no-ignore -S "func \\(\\*?api\\.StackTrace\\) HTML\\(" . | head -n 50 || true
rg -n --hidden --no-ignore -S "HTML\\(\\)\\s*string" . | head -n 50 || true
# If we found any HTML method, print its surrounding lines
# (Derive likely paths from ripgrep matches)
matches=$(rg -n --hidden --no-ignore -S "func \\(.*StackTrace\\) HTML\\(" . | awk -F: '{print $1}' | head -n 5)
for m in $matches; do
[ -f "$m" ] && echo "---- $m (around HTML) ----" && nl -ba "$m" | sed -n '1,220p'
doneRepository: flanksource/clicky
Length of output: 8188
🏁 Script executed:
#!/bin/bash
set -euo pipefail
FILE="formatters/html_formatter.go"
echo "---- $FILE lines 190-215 ----"
sed -n '190,215p' "$FILE" | cat -n
echo "---- $FILE lines 201-203 only ----"
sed -n '198,206p' "$FILE" | cat -n
echo "---- api/stacktrace.go: StackTrace.HTML receiver ----"
sed -n '1,120p' api/stacktrace.go | cat -n
rg -n "func \\(s StackTrace\\) HTML\\(" api/stacktrace.go || true
echo "---- api/stacktrace.go around HTML() ----"
HTML_LINE=$(rg -n "func \\(s StackTrace\\) HTML\\(" api/stacktrace.go | head -n1 | cut -d: -f1 || true)
if [ -n "${HTML_LINE:-}" ]; then
start=$((HTML_LINE-10))
end=$((HTML_LINE+10))
sed -n "${start},${end}p" api/stacktrace.go | cat -n
fiRepository: flanksource/clicky
Length of output: 8164
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Search for nil handling around StackTrace in formatter tests
rg -n "StackTrace" formatters/tests -S || true
rg -n "\\*api\\.StackTrace" -S . || true
rg -n "in\\.\\(\\*api\\.StackTrace\\)|in\\.\\(api\\.StackTrace\\)" -S formatters/html_formatter.go || true
# Search for constructing *api.StackTrace and passing nil somewhere
rg -n "new\\(api\\.StackTrace\\)|&api\\.StackTrace|\\*api\\.StackTrace" -S . || true
# Search for typed-nil patterns in tests
rg -n "var .*\\*api\\.StackTrace = nil|\\(\\*api\\.StackTrace\\)\\(nil\\)|\\*api\\.StackTrace\\)\\(nil\\)" -S . || trueRepository: flanksource/clicky
Length of output: 443
🏁 Script executed:
#!/bin/bash
set -euo pipefail
rg -n "StackTrace" formatters/tests -S || true
rg -n "\\*api\\.StackTrace" -S . || true
rg -n "in\\.\\(\\*api\\.StackTrace\\)|in\\.\\(api\\.StackTrace\\)" -S formatters/html_formatter.go || true
rg -n "new\\(api\\.StackTrace\\)|&api\\.StackTrace|\\*api\\.StackTrace" -S . || true
rg -n "var .*\\*api\\.StackTrace = nil|\\(\\*api\\.StackTrace\\)\\(nil\\)|\\*api\\.StackTrace\\)\\(nil\\)" -S . || trueRepository: flanksource/clicky
Length of output: 443
🏁 Script executed:
#!/bin/bash
set -euo pipefail
rg -n "StackTrace" formatters/tests -S || true
rg -n "\\*api\\.StackTrace" -S . || true
rg -n "in\\.\\(\\*api\\.StackTrace\\)|in\\.\\(api\\.StackTrace\\)" -S formatters/html_formatter.go || true
rg -n "new\\(api\\.StackTrace\\)|&api\\.StackTrace|\\*api\\.StackTrace" -S . || true
rg -n "var .*\\*api\\.StackTrace = nil|\\(\\*api\\.StackTrace\\)\\(nil\\)|\\*api\\.StackTrace\\)\\(nil\\)" -S . || trueRepository: flanksource/clicky
Length of output: 443
🏁 Script executed:
#!/bin/bash
set -euo pipefail
FILE="formatters/html_react_formatter.go"
echo "---- $FILE lines 230-270 ----"
sed -n '230,270p' "$FILE" | cat -nRepository: flanksource/clicky
Length of output: 1419
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Find wrapHTMLBody definition
rg -n "wrapHTMLBody" formatters/html_formatter.go formatters/*.go | head -n 50
FILE="formatters/html_formatter.go"
# Show definition area
if rg -n "func \\(f \\*?htmlFormatter\\) wrapHTMLBody|wrapHTMLBody\\(" "$FILE" >/dev/null; then
LINE=$(rg -n "wrapHTMLBody" "$FILE" | head -n 1 | cut -d: -f1)
start=$((LINE-30)); end=$((LINE+30))
sed -n "${start},${end}p" "$FILE" | cat -n
else
echo "wrapHTMLBody not found in $FILE"
fi
# Inspect other nil-pointer handling patterns in formatters/html_formatter.go
rg -n "if .*== nil" formatters/html_formatter.go | head -n 100
rg -n "return \"\", nil" formatters/html_formatter.go | head -n 50
rg -n "return nil" formatters/html_formatter.go | head -n 50Repository: flanksource/clicky
Length of output: 2890
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Find wrapHTMLBody definition
rg -n "wrapHTMLBody" formatters/html_formatter.go formatters/*.go | head -n 50
FILE="formatters/html_formatter.go"
# Show definition area
if rg -n "wrapHTMLBody\\(" "$FILE" >/dev/null; then
LINE=$(rg -n "wrapHTMLBody\\(" "$FILE" | head -n 1 | cut -d: -f1)
start=$((LINE-40)); end=$((LINE+40))
sed -n "${start},${end}p" "$FILE" | cat -n
else
echo "wrapHTMLBody not found in $FILE"
fi
# Inspect other nil-pointer handling patterns in formatters/html_formatter.go
echo "---- nil checks ----"
rg -n "== nil" "$FILE" | head -n 100 || true
echo "---- empty string returns ----"
rg -n "return \"\", nil" "$FILE" | head -n 50 || trueRepository: flanksource/clicky
Length of output: 3687
Guard nil *api.StackTrace before calling HTML()
api.StackTrace.HTML() uses a value receiver (func (s StackTrace) HTML() string), so trace.HTML() on a typed-nil *api.StackTrace panics due to the implicit dereference. Add a nil check in the in.(*api.StackTrace) branch.
Proposed fix
if trace, ok := in.(*api.StackTrace); ok {
+ if trace == nil {
+ return "", nil
+ }
return f.wrapHTMLBody(trace.HTML()), nil
}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| if trace, ok := in.(*api.StackTrace); ok { | |
| return f.wrapHTMLBody(trace.HTML()), nil | |
| } | |
| if trace, ok := in.(*api.StackTrace); ok { | |
| if trace == nil { | |
| return "", nil | |
| } | |
| return f.wrapHTMLBody(trace.HTML()), nil | |
| } |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@formatters/html_formatter.go` around lines 201 - 203, The type-assertion
branch that handles in.(*api.StackTrace) must guard against a typed nil before
calling HTML(): check that trace != nil after the assertion and return an
appropriate value (e.g., fallback or nil, error) instead of calling trace.HTML()
when trace is nil; update the branch that currently returns
f.wrapHTMLBody(trace.HTML()), nil to first verify trace != nil and only then
call trace.HTML(), referencing the api.StackTrace type, the HTML() method, the
trace local variable, and f.wrapHTMLBody to locate and fix the code.
Comment on lines
+8
to
+10
| GIT_COMMIT ?= $(shell git rev-parse --short HEAD 2>/dev/null || echo unknown) | ||
| BUILD_DATE ?= $(shell date -u +%Y-%m-%dT%H:%M:%SZ) | ||
| LDFLAGS ?= -X main.commit=$(GIT_COMMIT) -X main.date=$(BUILD_DATE) |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Verifies whether BUILD_DATE is re-evaluated within a single make invocation.
make -f Makefile -s --eval $'print-build-date:\n\t@echo first=$(BUILD_DATE)\n\t@sleep 1\n\t@echo second=$(BUILD_DATE)' print-build-dateRepository: flanksource/clicky
Length of output: 107
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== Makefile (lines 1-80) ==="
nl -ba Makefile | sed -n '1,80p'
echo
echo "=== Matches for key vars ==="
rg -n "GIT_COMMIT|BUILD_DATE|LDFLAGS|ldflags" Makefile || trueRepository: flanksource/clicky
Length of output: 153
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== Makefile (first 120 lines) ==="
cat -n Makefile | sed -n '1,120p'
echo
echo "=== rg hits for key vars ==="
rg -n "GIT_COMMIT|BUILD_DATE|LDFLAGS|ldflags" Makefile || trueRepository: flanksource/clicky
Length of output: 2841
Preserve conditional override behavior when changing expansion mode
BUILD_DATE/GIT_COMMIT/LDFLAGS are set with ?=, so changing them to := would overwrite values supplied via environment/make command line. Also, LDFLAGS is only used once (in the build target), so recursive re-evaluation isn’t a major practical issue here. If deterministic stamping is required, use := only when the variables are undefined (e.g., guard with ifeq ($(origin ...),undefined)), rather than replacing ?= outright.
🧰 Tools
🪛 checkmake (0.3.2)
[warning] 10-10: Variable "BUILD_DATE" possibly contains a timestamp and should be simply expanded.
(timestampexpanded)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@Makefile` around lines 8 - 10, The Makefile change swapped lazy-assignment
(?=) for immediate expansion (:=) on GIT_COMMIT, BUILD_DATE and LDFLAGS which
would clobber environment/cli overrides; restore the conditional behavior by
keeping ?= for GIT_COMMIT and BUILD_DATE (or, if you need immediate expansion,
guard the change with an origin check like ifeq ($(origin GIT_COMMIT),undefined)
before assigning :=) and ensure LDFLAGS is only set in a guarded way so it
doesn’t overwrite an externally provided value; reference the variables
GIT_COMMIT, BUILD_DATE and LDFLAGS to locate and update the assignments.
Comment on lines
+279
to
+280
| config.Security.RequireConfirmation = initial.Security.RequireConfirmation | ||
| config.Security.AuditLog = initial.Security.AuditLog |
Contributor
There was a problem hiding this comment.
Avoid unconditional overwrite of security booleans from partial initial config.
Line 279 and Line 280 always copy initial bool zero-values. If a caller passes a partial Config to NewCommandWithConfig, this can unintentionally disable confirmation/audit settings loaded from disk.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@mcp/command.go` around lines 279 - 280, The code unconditionally copies
boolean zero-values from initial.Security into config.Security (via
config.Security.RequireConfirmation = initial.Security.RequireConfirmation and
config.Security.AuditLog = initial.Security.AuditLog in NewCommandWithConfig),
which overwrites persisted settings when a partial Config is passed; change the
model so presence can be detected (e.g., make Security.RequireConfirmation and
Security.AuditLog pointer bools or add explicit "set" flags on the Security
struct) and then update NewCommandWithConfig to only assign these fields when
the initial value is present (non-nil or the corresponding "set" flag is true),
leaving existing config.Security values intact otherwise.
Comment on lines
+48
to
+60
| func renderToolText(name string, tool *ToolDefinition) api.Text { | ||
| t := api.Text{}. | ||
| Append(name, "font-bold text-yellow-400"). | ||
| Append("\n") | ||
|
|
||
| if tool.Description != "" { | ||
| t = t.Append(tool.Description, "text-gray-300").Append("\n") | ||
| } | ||
|
|
||
| props := tool.InputSchema.Properties | ||
| if len(props) == 0 { | ||
| return t.Append("No parameters.\n\n", "italic text-gray-500") | ||
| } |
Contributor
There was a problem hiding this comment.
Guard against nil tool definitions in renderer.
Line 53 assumes tool is non-nil. A nil entry in the input map will panic during discovery rendering; fail soft instead of crashing.
Proposed fix
func renderToolText(name string, tool *ToolDefinition) api.Text {
t := api.Text{}.
Append(name, "font-bold text-yellow-400").
Append("\n")
+ if tool == nil {
+ return t.Append("Tool definition unavailable.\n\n", "italic text-gray-500")
+ }
+
if tool.Description != "" {
t = t.Append(tool.Description, "text-gray-300").Append("\n")
}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| func renderToolText(name string, tool *ToolDefinition) api.Text { | |
| t := api.Text{}. | |
| Append(name, "font-bold text-yellow-400"). | |
| Append("\n") | |
| if tool.Description != "" { | |
| t = t.Append(tool.Description, "text-gray-300").Append("\n") | |
| } | |
| props := tool.InputSchema.Properties | |
| if len(props) == 0 { | |
| return t.Append("No parameters.\n\n", "italic text-gray-500") | |
| } | |
| func renderToolText(name string, tool *ToolDefinition) api.Text { | |
| t := api.Text{}. | |
| Append(name, "font-bold text-yellow-400"). | |
| Append("\n") | |
| if tool == nil { | |
| return t.Append("Tool definition unavailable.\n\n", "italic text-gray-500") | |
| } | |
| if tool.Description != "" { | |
| t = t.Append(tool.Description, "text-gray-300").Append("\n") | |
| } | |
| props := tool.InputSchema.Properties | |
| if len(props) == 0 { | |
| return t.Append("No parameters.\n\n", "italic text-gray-500") | |
| } |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@mcp/discover_tools.go` around lines 48 - 60, renderToolText currently
dereferences tool and tool.InputSchema without checks causing panics for nil
entries; add guards at the start of renderToolText to handle a nil
*ToolDefinition and a nil InputSchema: if tool is nil, append a short "No
definition available" (or similar) message and return; if tool.InputSchema is
nil, treat properties as empty (return "No parameters.") instead of indexing
into it. Update references to tool.Description and tool.InputSchema.Properties
accordingly so the function fails soft rather than crashing.
Comment on lines
+66
to
69
| serverName := rootCmd.Use | ||
|
|
||
| binPath, err := os.Executable() | ||
| binPath, err := resolveBinaryPath(rootCmd.Use) | ||
| if err != nil { |
Contributor
There was a problem hiding this comment.
Use rootCmd.Name() for identity/path lookup instead of rootCmd.Use.
Use can contain usage text (arguments/placeholders), which is unsafe for config keys and LookPath. Use the canonical command name.
Suggested fix
- serverName := rootCmd.Use
+ serverName := rootCmd.Name()
- binPath, err := resolveBinaryPath(rootCmd.Use)
+ binPath, err := resolveBinaryPath(rootCmd.Name())📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| serverName := rootCmd.Use | |
| binPath, err := os.Executable() | |
| binPath, err := resolveBinaryPath(rootCmd.Use) | |
| if err != nil { | |
| serverName := rootCmd.Name() | |
| binPath, err := resolveBinaryPath(rootCmd.Name()) | |
| if err != nil { |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@mcp/install.go` around lines 66 - 69, The code is using rootCmd.Use (which
may include args/placeholders) for identity/path lookup; change usages to the
canonical command name by calling rootCmd.Name() instead: set serverName :=
rootCmd.Name() and pass rootCmd.Name() into resolveBinaryPath instead of
rootCmd.Use (locate these in the install flow where serverName and the
resolveBinaryPath call are defined).
Comment on lines
+330
to
+339
| func sameOriginOrNoOrigin(r *http.Request) bool { | ||
| origin := r.Header.Get("Origin") | ||
| if origin == "" { | ||
| return true | ||
| } | ||
| u, err := url.Parse(origin) | ||
| if err != nil || u.Host == "" { | ||
| return false | ||
| } | ||
| return strings.EqualFold(u.Host, r.Host) |
Contributor
There was a problem hiding this comment.
Tighten same-origin validation to include scheme, not just host.
This currently allows Origin values with a different scheme as long as host/port match. For CSRF-style checks, compare both scheme and host.
Suggested fix
func sameOriginOrNoOrigin(r *http.Request) bool {
origin := r.Header.Get("Origin")
if origin == "" {
return true
}
u, err := url.Parse(origin)
if err != nil || u.Host == "" {
return false
}
- return strings.EqualFold(u.Host, r.Host)
+ reqScheme := "http"
+ if r.TLS != nil {
+ reqScheme = "https"
+ }
+ return strings.EqualFold(u.Host, r.Host) && strings.EqualFold(u.Scheme, reqScheme)
}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| func sameOriginOrNoOrigin(r *http.Request) bool { | |
| origin := r.Header.Get("Origin") | |
| if origin == "" { | |
| return true | |
| } | |
| u, err := url.Parse(origin) | |
| if err != nil || u.Host == "" { | |
| return false | |
| } | |
| return strings.EqualFold(u.Host, r.Host) | |
| func sameOriginOrNoOrigin(r *http.Request) bool { | |
| origin := r.Header.Get("Origin") | |
| if origin == "" { | |
| return true | |
| } | |
| u, err := url.Parse(origin) | |
| if err != nil || u.Host == "" { | |
| return false | |
| } | |
| reqScheme := "http" | |
| if r.TLS != nil { | |
| reqScheme = "https" | |
| } | |
| return strings.EqualFold(u.Host, r.Host) && strings.EqualFold(u.Scheme, reqScheme) | |
| } |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@mcp/server.go` around lines 330 - 339, The sameOriginOrNoOrigin function
currently only compares the parsed Origin host to r.Host which allows mismatched
schemes; update it to also derive the request scheme (use "https" when r.TLS !=
nil else "http") and compare u.Scheme to that scheme in addition to comparing
u.Host to r.Host. Use case-insensitive comparison for scheme (e.g.,
strings.EqualFold) and keep using strings.EqualFold for host comparison so both
scheme and host must match; keep the existing early-return behavior for empty
Origin and parse errors.
Comment on lines
+789
to
+795
| port := freeTCPPort(t) | ||
|
|
||
| // Start the server with fixed port and executor enabled | ||
| // Start the server with executor enabled. | ||
| cmd := exec.Command(binaryPath, "openapi", "serve", | ||
| "--port", fmt.Sprintf("%d", port), | ||
| "--enable-executor", | ||
| "--host", "localhost") | ||
| "--host", "127.0.0.1") |
Contributor
There was a problem hiding this comment.
Avoid TOCTOU flakiness in ephemeral port selection.
Line 789 reserves a port via freeTCPPort, but Lines 857-859 close the listener before the child process binds. Another process can grab that port in between, causing intermittent address already in use test failures. Add a retry loop around server startup (pick a new port and retry on bind/startup failure) to make this deterministic.
Also applies to: 854-862
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@rpc/openapi_serve_integration_test.go` around lines 789 - 795, The test
currently picks an ephemeral port with freeTCPPort and then starts the server
via exec.Command(binaryPath, "openapi", "serve", ...) which closes the listener
before the child binds, leading to TOCTOU flakiness; modify the startup in the
test to wrap server launch (the exec.Command + start/wait-for-bind sequence) in
a retry loop: call freeTCPPort to choose a port, attempt to start the server
process (using the same args that include "--port" and "--enable-executor"),
detect bind/startup failure (e.g., process exits quickly or connection to
127.0.0.1:port is refused), kill/cleanup the failed process, then pick a new
port and retry a few times before failing the test; apply the same retry logic
around the other startup site referenced (lines ~854-862) so intermittent
"address already in use" errors are avoided.
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
All alerts resolved. Learn more about Socket for GitHub. This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. |
Add support for including a hidden _id column in table rows for wrapped entities (entityWithID). The _id column is automatically added to the Columns() output and included in Row() and PrettyRow() data, but marked as hidden so it doesn't appear as a visible column in the UI. This allows the _id metadata to be available in row data while keeping the table display clean. Updates the HTML React formatter to handle cells that exist in row data but not in the column definitions. Adds comprehensive test coverage for all entity types (TableProvider, PrettyRow, and plain structs) to verify the _id column is properly included in the output data but hidden from the visible columns. Refs: entity wrapping, table formatting
Introduce comprehensive stack trace support with language-agnostic parsing, styled rendering, and extensible source resolution. Adds StackTrace, StackFrame types and ParseJavaStackTrace parser to api package, with public convenience wrappers in clicky root. Includes support for frame filtering, context lines, and max frame truncation. Also adds MultiFilter type for comma-separated flag values with include/exclude semantics, and fixes field value assignment to support type conversion in flags package. Updates cache debug output to use task.GatedStderr() instead of os.Stderr to prevent log lines from breaking interactive renderer frame accounting. Fixes recursive struct handling in OpenAPI schema generation by tracking visited types. Refs: stack trace rendering, source context, Java exception parsing
…port Add shiki syntax highlighter and transformers to webapp dependencies for code block rendering. Implement comprehensive stack trace parsing and display with source resolution for Java exceptions. Add new demo showcases for code samples, label badges, documentation links, and parsed stack traces with configurable context and filtering. Update import paths and module resolution to use published clicky-ui distribution. Reorganize webapp navigation with semantic HTML and icon support. Breaking changes: - Update TypeScript path aliases to reference dist files instead of src - Change clicky-ui import to use published api-explorer module - Update CSS import to use distributed styles.css Refs: Stack trace rendering feature, syntax highlighting integration
Introduce a Builder pattern for configuring MCP servers with a fluent API (NewMcpServer, WithExclude, WithInclude, AutoExpose, IgnoreParams, WithFormat, Build, Command). Add a built-in 'discover-tools' MCP tool that returns a formatted catalogue of all registered tools with their parameters, defaults, and constraints. Supports multiple output formats (markdown, ansi, plain) via FormatOptions. Add IgnoredParamRule and IgnoredParams config to strip parameters from MCP tool schemas (MCP-only, does not affect OpenAPI). Add Format config to apply server-wide format/color overrides to tool execution. Refactor config path functions to be per-application (GetConfigPathFor, GetPromptsPathFor) so multiple clicky-based MCP servers don't share config files. Maintain backward compatibility with legacy GetConfigPath/GetPromptsPath. Remove the special 'discover-tools' prompt and its inline handling from prompts.go and command.go, replacing it with the dedicated MCP tool. Remove Verbose flag from CommandOptions (use clicky's existing --loglevel/-v instead). Includes comprehensive tests for Builder, IgnoredParams application, discover-tools rendering, and registry builtins.
… support Implement Server-Sent Events (SSE) transport alongside stdio for MCP servers, enabling Claude Desktop and other clients to connect via HTTP. Add `mcp tools` subcommand to preview tool catalogue with format options. Expand `mcp install` to support Claude, Codex, Gemini, Copilot, and Cursor clients with per-client config writers (JSON for most, TOML for Codex). Refactor config merging into reusable `loadCommandConfig` and `mergeInitialConfig` helpers to support both serve and tools commands. Remove built-in discover-tools tool in favor of dedicated `mcp tools` command for cleaner separation of concerns. Add comprehensive tests for SSE round-trip, install permutations across clients/transports, and config merging logic.
Remove unused module entries from go.sum that are no longer referenced in the project. This reduces dependency bloat and improves build clarity. Also add examples/enitity/enitity to .gitignore to exclude the compiled binary from version control.
Add Diff type to api package supporting multiple output formats (plain, ANSI, HTML, Markdown) for rendering unified diffs between strings. Implement grouped flag help output in flags package with category-based organization (Logging, Tasks, Format) via FlagCategoryAnnotation. Add BindAllFlagsToCommand helper to bind flags and install grouped usage template. Update cobra_command.go error logging to use %w format and adjust skip level. Move fatih/color and go-difflib from indirect to direct dependencies in go.mod.
Add GIT_COMMIT and BUILD_DATE variables to Makefile that are injected into the binary at build time using ldflags. This allows the binary to report its commit hash and build timestamp. Also reorganize imports in example webapp to consolidate EntityExplorerApp import and remove unused path aliases from tsconfig and vite config.
…nization Extract repeated logic into reusable helper functions across multiple modules: - api/diff.go: Replace color library calls with ansiStyle() helper for ANSI formatting - api/stacktrace.go: Extract frameHasSource() and frameSourceLineNumber() to reduce duplication in source line handling - mcp/command.go: Improve tools command format handling to respect configured defaults - mcp/server.go: Extract flag manipulation helpers (setCommandFlag, lookupCommandFlag, resetCommandState) and add origin validation for SSE endpoints - mcp/install.go: Improve port handling and symlink resolution error handling - flags_test.go: Replace sectionAfter() with more robust flagSection() that stops at next heading - rpc/openapi_serve_integration_test.go: Use dynamic port allocation instead of fixed port Also includes: - Security: Add CORS origin validation and request size limits to SSE server - Accessibility: Replace role="tab" with aria-current in webapp navigation - Test coverage: Add tests for explicit source line numbers and configured format handling - Code quality: Improve error handling and reduce code duplication
Custom entity actions previously always required a positional <id> argument (cobra.ExactArgs(1)), even when the action's target is supplied entirely through flags. WithOptionalID() relaxes the generated command to cobra.MaximumNArgs(1), shows [id] instead of <id> in usage, and skips the "id is required" check in the action DataFunc. get/delete commands are unaffected.
…ter paths Add renderableError to detect and render errors implementing clicky interfaces (Pretty/Textable/Tree*) through the format pipeline instead of collapsing to Error(). This allows rich error formatting to honor --format flags. Add GenerateFromCobraWithConfig to support custom converter configs (path prefix, default method) when generating OpenAPI specs, ensuring generated paths match registered routes. Store converterCfg in SwaggerServer to reuse the same config for executor initialization and spec regeneration. Export handler methods (HandleOpenAPIJSON, HandleOpenAPIYAML, HandleEntities, HandleHealth, RegisterExecutionRoutes) and ConverterConfig() to allow callers to compose custom mux patterns and merge multiple OpenAPI specs. Fix entity-root command handling: skip duplicate list subcommands when parent is runnable, and infer GET method for entity-root commands (no verb, has entity annotation). Refs: improved error UX and OpenAPI spec consistency with executor routes
StatusWarning should be a terminal status that freezes the task's endTime and cancels its context, preventing the duration from continuing to tick after the task completes. Before this fix, Warning() left endTime zero, causing getDuration() to keep returning time.Now()-startTime on every render, producing an ever-growing elapsed counter even after the task's goroutine had returned. Adds regression test to verify all terminal states (Success, Failed, Warning) properly freeze endTime and cancel the task context.
Update Go module dependencies including: - flanksource packages (commons, gomplate, is-healthy, captain) - AWS SDK v2 packages - Kubernetes packages (api, client-go, apimachinery, apiextensions-apiserver, klog) - golang.org packages (crypto, sync, sys, term, text, tools, mod, net, oauth2, exp) - OpenTelemetry packages - Various other indirect dependencies These updates include bug fixes, security patches, and feature improvements across the dependency tree.
Update Go module dependencies including: - AWS SDK v2 components (ini → v4a) - charmbracelet packages (golden, xpty, conpty) - aymanbagabas/go-udiff (0.3.1 → 0.4.1) - Various other transitive dependencies - Remove unused flanksource/captain dependency These updates bring in bug fixes, performance improvements, and security patches from upstream projects.
moshloop
force-pushed
the
pr/mcp-improvements
branch
from
08d242d to
b9f1a94
Compare
Contributor
|
Note Autofix is a beta feature. Expect some limitations and changes as we gather feedback and continue to improve it. Fixes Applied SuccessfullyFixed 8 file(s) based on 9 unresolved review comments. A stacked PR containing fixes has been created.
Time taken: |
Replace comprehensive 1100+ line README with concise 280-line version that: - Leads with clear value proposition and module path - Provides quick install and CLI usage examples - Includes focused library usage examples for formatting, tasks, flags, OpenAPI/MCP, and middleware - Adds schema formatting section with example - Reorganizes package map for easier navigation - Consolidates development, testing, and examples sections - Removes redundant detailed documentation in favor of inline code examples - Maintains all essential information while improving readability This restructuring makes the README more accessible to new users while preserving reference material for advanced usage.
Update multiple indirect dependencies to their latest versions including: - flanksource/commons v1.51.0 → v1.51.3 - cert-manager/cert-manager v1.19.4 → v1.20.0 - charmbracelet/colorprofile v0.4.2 → v0.4.3 - flanksource/gomplate/v3 v3.24.77 → v3.24.78 - flanksource/is-healthy v1.0.86 → v1.0.87 - goccy/go-json v0.10.5 → v0.10.6 - golang/groupcache v0.0.0-20210331224755-41bb18bfe9da → v0.0.0-20241129210726-2c02b8208cf8 - itchyny/gojq v0.12.18 → v0.12.19 - itchyny/timefmt-go v0.1.7 → v0.1.8 - lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 → v0.0.0-20251013123823-9fd1530e3ec3 - mattn/go-runewidth v0.0.20 → v0.0.21 - ohler55/ojg v1.28.0 → v1.28.1 - olekukonko/tablewriter v1.1.3 → v1.1.4 - power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c → v0.0.0-20240221224432-82ca36839d55 - shoenig/go-m1cpu v0.1.6 → v0.1.7 - tklauser/go-sysconf v0.3.12 → v0.3.16 - tklauser/numcpus v0.6.1 → v0.11.0 - go.opentelemetry.io/otel v1.41.0 → v1.42.0 - go.opentelemetry.io/otel/trace v1.41.0 → v1.42.0 - go.yaml.in/yaml/v2 v2.4.3 → v2.4.4 - golang.org/x/crypto v0.48.0 → v0.49.0 - golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa → v0.0.0-20260312153236-7ab1446f8b90 - golang.org/x/net v0.51.0 → v0.52.0 - golang.org/x/sync v0.19.0 → v0.20.0 - golang.org/x/sys v0.41.0 → v0.42.0 - golang.org/x/term v0.40.0 → v0.41.0 - golang.org/x/text v0.34.0 → v0.35.0 - google.golang.org/genproto/googleapis/api and rpc - k8s.io packages v0.35.2 → v0.35.4 - k8s.io/klog/v2 v2.130.1 → v2.140.0 - sigs.k8s.io/gateway-api v1.5.0 → v1.5.1
|
🎉 This PR is included in version 1.21.10 |
This was referenced May 31, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
New Features
Bug Fixes
Improvements
Documentation
Tests