Skip to content

test: extend automated coding standards enforcement#414

Closed
cursor[bot] wants to merge 4 commits into
mainfrom
cursor/mcp-server-coding-standards-9951
Closed

test: extend automated coding standards enforcement#414
cursor[bot] wants to merge 4 commits into
mainfrom
cursor/mcp-server-coding-standards-9951

Conversation

@cursor

@cursor cursor Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Summary

Audits the codebase against docs/coding-standards.md and strengthens automated guardrails so architecture rules are enforced in CI via pnpm standards:check.

What was already compliant

The registry-driven model is in good shape:

  • 11 consolidated MCP tools only (harness_listharness_schema) — no stray server.registerTool() calls
  • Pure-data toolsets — no HarnessClient / MCP SDK / Registry imports in toolset files
  • Stdio safety — no console.log() in src/
  • Singleton HTTP clientHarnessClient constructed only in src/index.ts
  • Documented fetch() exceptions — log blob CDN URLs and audit webhooks only
  • Registry contract — valid scope, identifierFields, and operationPolicy on all CRUD operations
  • Zod v4 imports in tool handlers and config

Changes in this PR

New automated checks (tests/coding-standards/tool-handlers.test.ts)

  • Every inputSchema field has .describe() (including shared schemas like resourceScopeSchema)
  • Write/execute handlers wire confirmViaElicitation and expose confirm param
  • Standard isUserErrorerrorResultthrow toMcpError catch pattern on API-facing handlers
  • harness_list pagination defaults (page=0, size=20, max 100)
  • Read-only vs destructive MCP annotation hints

Extended registry contract tests

  • executeActions now verified for operationPolicy.risk + retryPolicy

Code fix

  • harness-schema.ts outer catch now follows the standard error mapping pattern instead of always returning errorResult

Docs alignment

  • Updated docs/coding-standards.md to reference confirm / elicitation (was stale confirmation: true)

Verification

pnpm standards:check  # 23 tests
pnpm build && pnpm typecheck && pnpm test  # 2153 tests

Known gaps (documented but not yet automated)

These remain manual review items for future guardrails:

  • Inline response extractors in some toolsets (e.g. knowledge-graph.ts, semantic-layer.ts)
  • listFilterFields on 15 get-only resources (should move to paramsSchema per standards)
  • passthrough usage volume (~200+) — acceptable only when API shape is already agent-facing
  • Toolset purity beyond forbidden imports (yaml, preflight HTTP in ccm.ts/scs.ts)
Open in Web View Automation 

thisrohangupta and others added 4 commits June 23, 2026 00:42
Update version across package.json, both manifest files, and the
release-metadata test that keeps them in sync.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

AI-Session-Id: 1b46c8db-abe4-4e9f-a38b-750362ead8ac
AI-Tool: claude-code
AI-Model: unknown
Expand automated architecture guardrails to cover:
- Global fetch() limited to documented exceptions (HarnessClient, log-resolver CDN blobs, audit webhooks)
- HarnessClient instantiation only in src/index.ts
- Zod v4 import convention in tool handlers and config
- Explicit openWorldHint annotations on all tool handlers
- No deprecated server.tool() usage
- Runtime registry contract checks (scope, identifierFields, operationPolicy)

Document fetch() exceptions in docs/coding-standards.md.

Co-authored-by: Rohan Gupta <thisrohangupta@users.noreply.github.com>
…apperKey scope injection

Add regression tests for high-blast-radius utilities and registry paths
that lacked focused coverage after recent merges:

- formatBodyPreview redacts content/content_base64 before write elicitation
- parseZipCsv and dashboardDataExtract handle store and deflate ZIP CSVs
- connector create injects org/project scope inside bodyWrapperKey wrapper
  and validates bodySchema fields against the wrapped payload

Co-authored-by: Rohan Gupta <thisrohangupta@users.noreply.github.com>
- Add tool-handlers.test.ts covering Zod .describe(), confirm wiring,
  error mapping pattern, pagination defaults, and MCP annotations
- Extend registry-contract.test.ts to verify executeActions operationPolicy
- Fix harness-schema.ts to use standard isUserError/toMcpError catch pattern
- Align docs/coding-standards.md confirm param naming with implementation

Co-authored-by: Rohan Gupta <thisrohangupta@users.noreply.github.com>
@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ thisrohangupta
❌ cursoragent
You have signed the CLA already but the status is still pending? Let us recheck it.

@thisrohangupta

Copy link
Copy Markdown
Collaborator

Closing as stale: merge conflicts with main and work superseded by merged PRs (#447, #446, #449, #469, #440, #398, etc.) or duplicate agent-generated attempts. Reopen from a fresh branch if still needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants