|
1 | | -# Backstage MCP Server TODO |
| 1 | +<!-- |
| 2 | +TODO.md — Task queue for document-driven development framework |
2 | 3 |
|
3 | | -## Current Status Assessment |
| 4 | +Rules: |
| 5 | +-- Tasks are defined using the task-template at `docs/templates/task-template.md`. |
| 6 | +- Each task MUST include the following fields: id, priority, summary, detailed_requirements, |
| 7 | + positive_behaviors, negative_behaviors, validations, status, owner (optional), created, updated. |
| 8 | +- Tasks in this file are the active queue (resumable and reorderable). When a task is completed, |
| 9 | + remove it from this file and add a corresponding entry under the `Unreleased` section of `CHANGELOG.md`. |
| 10 | +- Task IDs must be unique and use the prefix `T-` followed by a zero-padded number (e.g. `T-001`). |
| 11 | +--> |
4 | 12 |
|
5 | | -The repository has a well-structured foundation for an MCP server exposing Backstage CatalogAPI tools to LLMs. The core architecture includes: |
| 13 | +# TODO — Task Queue |
6 | 14 |
|
7 | | -- MCP server setup with StdioServerTransport |
8 | | -- Dynamic tool loading system with decorators |
9 | | -- Complete Backstage CatalogAPI client implementation |
10 | | -- Tool registration and validation framework |
| 15 | +This file is the canonical, human-manageable task queue for the Documentation-Driven Development framework in this repository. |
11 | 16 |
|
12 | | -However, several issues remain to be addressed for a fully functional MCP server. |
| 17 | +How to use |
13 | 18 |
|
14 | | -## Documentation and Usability |
| 19 | +- To add a task: copy the task template below, fill out the fields, and insert the task at the appropriate priority position. |
| 20 | +- To reorder tasks: move the task block to a new place in this file. Tasks are processed top-to-bottom unless otherwise prioritized. |
| 21 | +- To mark a task complete: remove the task block from this file and add a short summary (task id, summary, and link to PR/commit) to the `Unreleased` section of `CHANGELOG.md`. |
15 | 22 |
|
16 | | -### Completed work (cleared) |
| 23 | +Priority convention |
17 | 24 |
|
18 | | -The following major items were implemented and removed from the active backlog. They remain documented here for traceability and release notes. |
| 25 | +- P0 — Critical (blocker for release or security/compliance) |
| 26 | +- P1 — High (important for next release) |
| 27 | +- P2 — Medium (planned for upcoming work) |
| 28 | +- P3 — Low (nice-to-have) |
19 | 29 |
|
20 | | -- Authentication & security hardening (AuthManager, SecurityAuditor, input sanitization, rate limiting, multiple auth flows, audit logging). |
21 | | -- Performance improvements (LRU cache, TTL, pagination helper, JSON:API formatter, caching in `BackstageCatalogApi`). |
| 30 | +Task template reference |
22 | 31 |
|
23 | | -These are now treated as completed and no longer appear in the active task list below. |
| 32 | +See `docs/templates/task-template.md` for the canonical template and examples. The template below is a quick copy you can paste to create a task. |
24 | 33 |
|
25 | | -### Active Backlog — prioritized actionable tasks |
| 34 | +--- |
26 | 35 |
|
27 | | -This backlog prioritizes maintainability, safety, and developer productivity following Clean Code (Uncle Bob) and Martin Fowler's refactoring principles. |
| 36 | +id: T-001 |
| 37 | +priority: P1 |
| 38 | +status: open |
| 39 | +summary: Short one-line summary of the task |
| 40 | +owner: Unassigned |
| 41 | +created: 2025-09-14 |
| 42 | +updated: 2025-09-14 |
28 | 43 |
|
29 | | -Each item has a suggested priority, estimated effort (S/M/L), and a short rationale. |
| 44 | +detailed_requirements: |
30 | 45 |
|
31 | | -1. Introduce a logging abstraction (Priority: High, Effort: S) |
| 46 | +- Step 1: Do this. |
32 | 47 |
|
33 | | -- Create `src/logging/logger.ts` with `ILogger` and `ConsoleLogger`. |
34 | | -- Wire `ILogger` into `IToolRegistrationContext` and use it to replace `console.*` calls across tools and utils. |
35 | | -- Rationale: Centralizes logging, enables structured logs and easier tests. |
| 48 | +- Step 2: Do that. |
36 | 49 |
|
37 | | -2. Extract and formalize a cache interface (Priority: High, Effort: M) |
| 50 | +positive_behaviors: |
38 | 51 |
|
39 | | -- Add `ICacheManager` interface (get/set/del/wrap/stats). |
40 | | -- Make `src/cache/cache-manager.ts` implement `ICacheManager`. |
41 | | -- Update `BackstageCatalogApi` to accept `ICacheManager` via constructor (DI) with a sensible default. |
42 | | -- Rationale: Decouples caching from API client, allows swapping of strategies and easier testing. |
| 52 | +- The system should behave like this when correct. |
43 | 53 |
|
44 | | -3. Introduce a tool error-handling wrapper (Priority: High, Effort: S) |
| 54 | +negative_behaviors: |
45 | 55 |
|
46 | | -- Add `src/utils/tool-runner.ts` providing `runTool(handler, ctx)` which standardizes try/catch, logging and MCP error responses. |
47 | | -- Refactor one tool (example: `get_entities.tool.ts`) to use the wrapper; iterate to other tools after review. |
48 | | -- Rationale: Removes duplicated try/catch blocks and centralizes error format. |
| 56 | +- The system should NOT do this. |
49 | 57 |
|
50 | | -4. Remove/replace `any` usages and strengthen types (Priority: High, Effort: M) |
| 58 | +validations: |
51 | 59 |
|
52 | | -- Replace `z.any()` uses with `z.unknown()` or explicit schemas where possible. |
53 | | -- Replace `(...args: any[]) => any` in decorators & maps with well-typed `ToolClass`/generics. |
54 | | -- Update guards to use `unknown` and narrower function types (e.g., `(...args: unknown[]) => unknown`). |
55 | | -- Rationale: Improves compile-time safety and documents expectations. |
| 60 | +- Automated tests (unit/integration) to run and expected results. |
56 | 61 |
|
57 | | -5. Decouple responsibilities in `BackstageCatalogApi` (Priority: Medium, Effort: L) |
| 62 | +- Manual checks or QA steps. |
58 | 63 |
|
59 | | -- Separate HTTP/transport, caching, and presentation concerns: create a thin `HttpClient` wrapper for axios + interceptors; keep caching in a dedicated service and presentation in formatter modules. |
60 | | -- Accept dependencies by interface in the constructor (DI pattern) and add a small factory for production wiring. |
61 | | -- Rationale: SRP and testability; makes future enhancements (retry, circuit-breaker) easier. |
| 64 | +notes: |
62 | 65 |
|
63 | | -6. Avoid casting to concrete types for optional capabilities (Priority: Medium, Effort: S) |
| 66 | +- Any additional context or links to spec ids or planning.md sections. |
64 | 67 |
|
65 | | -- Add optional capabilities via interfaces or extend `IToolRegistrationContext` with `formatter?: IJsonApiFormatter` and feature-detection helpers. |
66 | | -- Prefer runtime type guards over `as any` casts. |
| 68 | +--- |
67 | 69 |
|
68 | | -7. Consolidate tool metadata and decorator typing (Priority: Medium, Effort: M) |
| 70 | +Active tasks |
69 | 71 |
|
70 | | -- Replace raw Map key/cast patterns in `src/decorators/tool.decorator.ts` and `src/utils/tool-metadata.ts` with strongly typed keys and generics so metadata carries param/return types where possible. |
71 | | - |
72 | | -8. Strengthen validation and schema evolution (Priority: Medium, Effort: M) |
73 | | - |
74 | | -- Add schema versioning metadata to tool definitions. |
75 | | - |
76 | | -- Create `src/utils/schema-version.ts` and a small migration helper for future Backstage API changes. |
77 | | - |
78 | | -9. Observability: metrics, health, and structured logs (Priority: Medium, Effort: M) |
79 | | - |
80 | | -- Add a lightweight metrics collector interface `IMetrics` and a basic Prometheus-compatible metrics exporter endpoint. |
81 | | - |
82 | | -- Add `/health` and `/metrics` endpoints to `server.ts` or a small observability module. |
83 | | - |
84 | | -10. CI / linting / pre-commit (Priority: Medium, Effort: S) |
85 | | - |
86 | | -- Tighten ESLint and TypeScript rules incrementally (e.g., `no-console` as warning->error in stages, `no-explicit-any` to warn then error). |
87 | | - |
88 | | -- Add pre-commit hook to run `npm run build` or `tsc --noEmit` and tests. |
89 | | - |
90 | | -11. Tests and contract tests (Priority: Medium, Effort: M) |
91 | | - |
92 | | -- Add unit tests for `ICacheManager`, `PaginationHelper`, and `JsonApiFormatter`. |
93 | | - |
94 | | -- Add a contract test ensuring tool loading and metadata validation. Add CI job for tests. |
95 | | - |
96 | | -12. Packaging, deployment, and docs (Priority: Low, Effort: M) |
97 | | - |
98 | | -- Add Dockerfile, basic deployment manifests, and a concise `RELEASE_NOTES.md` with completed items. |
99 | | - |
100 | | -- Improve README usage examples for JSON:API output and cache behavior. |
101 | | - |
102 | | -Notes: |
103 | | - |
104 | | -- Start small and iterate. Implement the logger (item 1) and the tool-runner (item 3) first — both are small, low-risk, and unlock many other refactors. |
105 | | - |
106 | | -- Use feature flags or runtime defaults when tightening rules (e.g., `no-explicit-any`) to avoid large breakages. |
107 | | - |
108 | | -Suggested immediate tasks (next two sprints): |
109 | | - |
110 | | -- Sprint 1 (2 weeks): Implement `ILogger`, implement `runTool` and refactor 3 most-used tools, introduce `ICacheManager` interface + update `BackstageCatalogApi` constructor. |
111 | | - |
112 | | -- Sprint 2 (2 weeks): Replace `any` in decorators and guards, add health/metrics endpoint, create CI pipeline with `tsc` and tests. |
113 | | - |
114 | | -## Development Workflow |
115 | | - |
116 | | -### 5. Build and Deployment |
117 | | - |
118 | | -**Problem**: Basic build script, no deployment configuration. |
119 | | - |
120 | | -**Impact**: Difficult to deploy and maintain. |
121 | | - |
122 | | -**Tasks**: |
123 | | - |
124 | | -- Add Docker support |
125 | | -- Create deployment scripts |
126 | | -- Add CI/CD pipeline configuration |
127 | | -- Package as NPM module if appropriate |
128 | | - |
129 | | -### 6. Development Tools |
130 | | - |
131 | | -**Problem**: Missing development conveniences. |
132 | | - |
133 | | -**Impact**: Slower development cycle. |
134 | | - |
135 | | -**Tasks**: |
136 | | - |
137 | | -- Add hot reload for development |
138 | | -- Create development scripts |
139 | | -- Add pre-commit hooks |
140 | | -- Setup VS Code workspace configuration |
141 | | - |
142 | | -## Priority Implementation Order |
143 | | - |
144 | | -1. **Critical Priority (Security)**: ✅ COMPLETED |
145 | | -2. **High Priority (Documentation)**: ✅ COMPLETED |
146 | | -3. **Medium Priority (Usability)**: ✅ COMPLETED |
147 | | -4. **Low Priority (Features)**: 2, 3, 4, 5, 6 |
148 | | - |
149 | | -## Production Readiness Criteria |
150 | | - |
151 | | -- **Security & Authentication** |
152 | | - - Multiple authentication methods supported (Bearer tokens, OAuth, API keys) |
153 | | - - Automatic token refresh and expiration handling |
154 | | - - Rate limiting and request sanitization implemented |
155 | | - - Security audit passed with no critical vulnerabilities |
156 | | - - Comprehensive audit logging for all operations |
157 | | - |
158 | | -- **Core Functionality** |
159 | | - - All tools load and register successfully |
160 | | - - Server can connect to Backstage instance via environment config |
161 | | - - All tests pass with >90% coverage |
162 | | - - Basic CRUD operations work through MCP |
163 | | - - Comprehensive documentation exists |
164 | | - |
165 | | -- **Performance & Reliability** |
166 | | - - Response times under 2 seconds for typical operations |
167 | | - - Proper error handling with meaningful messages |
168 | | - - Graceful degradation under load |
169 | | - - Health checks and monitoring endpoints |
170 | | - |
171 | | -- **Code Quality** |
172 | | - - Code follows TypeScript and linting best practices |
173 | | - - No security vulnerabilities in dependencies |
174 | | - - Comprehensive test suite with CI/CD integration |
175 | | - - Proper logging and observability |
| 72 | +<!-- Add tasks below. Keep the completed tasks out of this file and move to CHANGELOG.md -> Unreleased --> |
0 commit comments