Merged
Conversation
- Added new internal API endpoint for documentation tools, allowing actions such as listing available docs, searching, and fetching specific documentation by ID. - Updated environment configuration to support optional internal secret for enhanced security. - Refactored existing search functionality to utilize the new docs tools API instead of the previous MCP server. - Improved error handling and response parsing for documentation-related requests. - Expanded documentation to clarify the relationship between the new tools and existing API functionalities. This update streamlines the documentation access process and enhances the overall developer experience.
- Introduced error capturing for failed HTTP requests in the docs tools API, improving debugging capabilities. - Updated the API response for unsupported methods to include an 'Allow' header, clarifying the expected request type. These changes enhance the robustness of the documentation tools integration and improve developer experience.
- Updated the key name in the capabilities section of the API documentation to follow a consistent naming convention, improving clarity and maintainability.
The .gitmodules was updated in d22593d to point at apps/backend/src/private/implementation, but the gitlink entry (mode 160000) was never added to the tree. This caused `git clone --recurse-submodules` to silently skip the private submodule. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…on for docs tools - Added `STACK_DOCS_INTERNAL_BASE_URL` to backend `.env` and `.env.development` files for AI tool bundle configuration. - Removed references to `STACK_INTERNAL_DOCS_TOOLS_SECRET` from backend and docs environment files and validation logic from the docs tools API route. - Introduced a new `.env` file for the docs app with essential configuration variables.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughAdds SpacetimeDB-backed MCP call logging and review: backend logging, async automated QA review, verified-QA prompt augmentation, SpacetimeDB schema/reducers, admin APIs, and a new internal Next.js MCP-review app with bindings and tooling. Changes
Sequence Diagram(s)sequenceDiagram
participant Client as Client (AI request)
participant Backend as Backend (AI query route)
participant Logger as McpLogger
participant DB as SpacetimeDB
participant Reviewer as QA Reviewer (OpenRouter)
Client->>Backend: POST /api/latest/ai/query (body + mcpCallMetadata)
activate Backend
Backend->>Backend: getVerifiedQaContext()
Backend->>Backend: call model (generate/stream)
Backend->>Logger: logMcpCall(...) (async)
Logger->>DB: conn.reducers.log_mcp_call(...)
DB-->>Logger: ack
Backend-->>Client: return/stream response (includes conversationId)
deactivate Backend
Backend->>Reviewer: reviewMcpCall(...) (async)
activate Reviewer
Reviewer->>DB: read mcp_call_log row
Reviewer->>Reviewer: build evaluation prompt + verified QA context
Reviewer->>Reviewer: call OpenRouter/Claude
Reviewer->>DB: conn.reducers.update_mcp_qa_review(...)
DB-->>Reviewer: updated
deactivate Reviewer
sequenceDiagram
participant Admin as Internal Tool UI
participant API as Backend (mcp-review)
participant Auth as Auth check
participant DB as SpacetimeDB
Admin->>API: POST /api/latest/internal/mcp-review/{action}
activate API
API->>Auth: inspect user.client_read_only_metadata.approved
alt non-dev and not approved
Auth-->>API: forbidden
API-->>Admin: 403 Forbidden
else
Auth-->>API: authorized
API->>DB: conn.reducers.{action}(..., token)
DB-->>API: success
API-->>Admin: 200 { success: true }
end
deactivate API
Estimated Code Review Effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly Related PRs
Suggested Reviewers
Poem
🚥 Pre-merge checks | ❌ 3❌ Failed checks (2 warnings, 1 inconclusive)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Contributor
Greptile SummaryThis PR introduces a full LLM MCP observability and QA pipeline: every Confidence Score: 5/5Safe to merge — prior security issues are resolved and the two remaining findings are non-blocking quality improvements All P0/P1 concerns from previous rounds (unguarded reducers, fixed-sleep synchronization, debug console.log) have been addressed. The two new findings are P2: the unbounded subscription is a future scalability concern not a current breakage, and the silent error swallowing only affects an internal tool's UX apps/backend/src/lib/ai/mcp-logger.ts — subscription scope should be revisited before call log volume grows significantly Important Files Changed
Sequence DiagramsequenceDiagram
participant U as User/MCP Client
participant D as docs MCP route
participant B as Backend /api/latest/ai/query
participant S as SpacetimeDB
participant QA as QA Reviewer (OpenRouter)
participant DW as deepwiki MCP
U->>D: ask_stack_auth(question, reason, userPrompt, conversationId?)
D->>S: getVerifiedQaContext() — iterate publishedToQa rows
S-->>D: verified Q&A pairs
D->>B: POST /query/generate {messages, mcpCallMetadata}
B-->>D: {finalText, conversationId}
D-->>U: text + [conversationId: ...]
Note over B,S: async (fire-and-forget)
B->>S: logMcpCall(correlationId, question, response, ...)
B->>QA: reviewMcpCall(logPromise, correlationId, ...)
QA->>S: await logPromise (ensures row exists)
QA->>DW: generateText with deepwiki tools
DW-->>QA: QA review result (JSON)
QA->>S: updateMcpQaReview(correlationId, score, flags, ...)
participant IT as Internal Tool UI
IT->>S: subscribe SELECT * FROM mcp_call_log
S-->>IT: live rows (all logs + QA scores)
IT->>B: POST /internal/mcp-review/update-correction
B->>S: updateHumanCorrection(token, ..., publish=true)
Prompt To Fix All With AIThis is a comment left during a code review.
Path: apps/backend/src/lib/ai/mcp-logger.ts
Line: 26
Comment:
**Unbounded subscription loads all rows into memory**
The backend subscribes to `SELECT * FROM mcp_call_log`, which maintains an in-memory replica of every call log row for the lifetime of the process. `getVerifiedQaContext()` then iterates the entire replica on every `docs-ask-ai` / `command-center-ask-ai` request just to filter for `publishedToQa = true` rows. As call volume grows, both memory usage and iteration time increase proportionally — with no bound.
A narrower subscription scoped to published rows would fix the hot-path iteration, and a separate connection for the QA context read-path would avoid coupling the logging connection to it:
```ts
.subscribe("SELECT * FROM mcp_call_log WHERE publishedToQa = true");
```
How can I resolve this? If you propose a fix, please make it concise.
---
This is a comment left during a code review.
Path: apps/internal-tool/src/app/app-client.tsx
Line: 155-161
Comment:
**Silent error swallowing despite comment claiming UI feedback**
All three action callbacks (`onSaveCorrection`, `onMarkReviewed`, and `onDelete`) catch errors with `/* errors are surfaced by UI state */` but never update any state — so failures are silently dropped. Users clicking "Mark Reviewed" or "Delete" on a slow/failed backend call get no indication that the action failed.
Consider propagating the error or using a local `errorMessage` state similar to what `AddManualQa.tsx` already does.
How can I resolve this? If you propose a fix, please make it concise.Reviews (2): Last reviewed commit: "Merge branch 'dev' into llm-mcp-flow" | Re-trigger Greptile |
Contributor
|
Promptless prepared a documentation update related to this change. Triggered by PR #1321 - LLM MCP Flow Updates MCP setup documentation to highlight the new conversation context feature that preserves follow-up question context. Adds a changelog entry for the feature. |
Open
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
New Features
Documentation
Chores