feat: added grain mcp initial implementation #71
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🚀 Preview Deployments Ready!Your changes have been deployed to preview environments: 📦
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 16 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="grain/test-api.ts">
<violation number="1" location="grain/test-api.ts:9">
P0: **Critical Security Issue**: Hardcoded API key committed to repository. This secret is now exposed in git history and should be immediately revoked. Use the commented-out environment variable approach instead (`process.env.GRAIN_API_KEY`).</violation>
</file>
Reply to cubic to teach it or ask questions. Tag @cubic-dev-ai to re-run a review.
There was a problem hiding this comment.
2 issues found across 11 files (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="grain/server/lib/grain-client.ts">
<violation number="1" location="grain/server/lib/grain-client.ts:174">
P2: The new webhook methods duplicate fetch and error-handling logic instead of reusing the existing `get`/`post` helpers. Consider extending the helpers to accept an `includeApiVersion` parameter rather than bypassing them, which would improve maintainability.</violation>
</file>
<file name="grain/server/lib/postgres.ts">
<violation number="1" location="grain/server/lib/postgres.ts:28">
P1: Manual SQL escaping is problematic here. If `DATABASES_RUN_SQL` uses proper parameterized queries (which its API signature suggests), this escaping is unnecessary and could cause double-escaping issues. If it doesn't parameterize properly, this escaping is incomplete and gives a false sense of security.
Remove the manual sanitization and rely on the database binding's parameterization, or verify how `DATABASES_RUN_SQL` handles parameters.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
aline-pereira
force-pushed
the
feat/grain-mcp
branch
from
8c55c2b to
193dbe6
Compare
There was a problem hiding this comment.
1 issue found across 2 files (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="grain/server/lib/postgres.ts">
<violation number="1" location="grain/server/lib/postgres.ts:29">
P1: Missing null check on `response` after optional chaining. If `MESH_REQUEST_CONTEXT` or `state` is undefined, `response` will be `undefined`, and accessing `response.result` will throw a runtime error. Either add a null check or throw a meaningful error if the database binding is unavailable.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
There was a problem hiding this comment.
2 issues found across 3 files (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="grain/server/main.ts">
<violation number="1" location="grain/server/main.ts:63">
P2: Error handling wraps entire loop - one failing event prevents processing of all subsequent events. Consider moving try-catch inside the loop to handle each event independently and continue processing.</violation>
</file>
<file name="grain/app.json">
<violation number="1" location="grain/app.json:10">
P0: Removing the `DATABASE` binding will break webhook-based recording indexing. The server code (`server/main.ts` and `server/lib/postgres.ts`) still expects this binding to access `@deco/postgres` for indexing recordings. Either restore the binding or remove the database-dependent code.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| try { | ||
| console.log("[GRAIN_MCP] Handling events:", events.length); | ||
|
|
||
| for (const event of events) { |
There was a problem hiding this comment.
P2: Error handling wraps entire loop - one failing event prevents processing of all subsequent events. Consider moving try-catch inside the loop to handle each event independently and continue processing.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At grain/server/main.ts, line 63:
<comment>Error handling wraps entire loop - one failing event prevents processing of all subsequent events. Consider moving try-catch inside the loop to handle each event independently and continue processing.</comment>
<file context>
@@ -46,7 +47,46 @@ export interface Registry extends BindingRegistry {
+ try {
+ console.log("[GRAIN_MCP] Handling events:", events.length);
+
+ for (const event of events) {
+ console.log("[GRAIN_MCP] Processing event:", {
+ type: event.type,
</file context>
mcandeia
requested changes
Jan 7, 2026
|
|
||
| const grainClient = new GrainClient({ apiKey: grainToken }); | ||
|
|
||
| const webhookUrl = `${meshUrl}/events/grain_recording?sub=${connectionId}`; |
Contributor
There was a problem hiding this comment.
Suggested change
| const webhookUrl = `${meshUrl}/events/grain_recording?sub=${connectionId}`; | |
| const orgId = env.MESH_REQUEST_CONTEXT?.organizationId; | |
| const webhookUrl = `${meshUrl}/org/${orgId}/events/grain_recording?sub=${connectionId}`; |
| /** | ||
| * Event names that this MCP handles | ||
| */ | ||
| export const GRAIN_EVENTS = ["grain_recording"]; |
Contributor
There was a problem hiding this comment.
Suggested change
| export const GRAIN_EVENTS = ["grain_recording"]; | |
| export const GRAIN_EVENTS = ["public:grain_recording"]; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary by cubic
Initial Grain MCP implementation to browse and fetch Grain meeting recordings via MCP. Adds list/search and per-recording detail tools with API-key auth, plus automatic webhooks and database indexing.
New Features
Migration
Written for commit ff00cee. Summary will update on new commits.