Applying MCP annotations to TS components - batch 1/2

[GTFalcao]

Summary by CodeRabbit

• New Features

  • Added safety/usage annotations (destructive, open‑world, read‑only hints) across many actions for clearer workflow guidance; no runtime behavior changes.

• Bug Fixes

  • Minor description typos corrected in a few actions.

• Chores

  • Bumped numerous action and package versions to reflect metadata updates; updated dependencies for one component.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
pipedream-docs	Ignored			Oct 7, 2025 7:55pm
pipedream-docs-redirect-do-not-edit	Ignored			Oct 7, 2025 7:55pm

[coderabbitai]

Walkthrough

Batched edits across many components: mostly version bumps and addition of an annotations object (destructiveHint, openWorldHint, readOnlyHint). A few files include minor typo and error-message tweaks, some stricter typing imports/changes, package.json bumps, and an auth flow change (verdict_as_a_service.getClient → async token-based flow).

Changes

Cohort / File(s)	Summary of changes
Bulk: action metadata updates components/*/actions/*/*/*.ts, components/*/actions/*/*.ts	Many actions: version increments and addition of annotations: { destructiveHint, openWorldHint, readOnlyHint } in exported defineAction objects. Predominantly metadata-only edits.
Typing updates (Namely) components/namely/actions/create-user/create-user.ts, components/namely/actions/update-user/update-user.ts, components/namely/actions/get-user/get-user.ts	Added JSONValue import, bumped versions, added annotations; changed runtime body types from any → Record<string, JSONValue> for create/update.
Minor behavioral / error-message tweaks components/clientary/actions/create-estimate/create-estimate.ts, components/clientary/actions/create-invoice/create-invoice.ts, components/kanbanflow/actions/create-task/create-task.ts, components/formatting/actions/date-time-format/date-time-format.ts, components/formatting/actions/transform-case/transform-case.ts	Version/annotations added; simplified bare catch in some JSON parse handlers and adjusted ConfigurationError messages to include or reword original error messages.
Typo fixes + metadata components/data_axle_platform/actions/get-person-by-id/get-person-by-id.ts, components/lemon_squeezy/actions/*/*.ts	Corrected “Retrive” → “Retrieve” in descriptions; added annotations and bumped versions.
verdict_as_a_service: auth flow change components/verdict_as_a_service/app/verdict_as_a_service.app.ts	Replaced factory-based client creation with explicit ClientCredentialsGrantAuthenticator token retrieval, then create/connect Vaas with token; getClient() is now async.
Package.json bumps & deps components/clientary/package.json, components/formatting/package.json, components/kanbanflow/package.json, components/namely/package.json, components/nectar_crm/package.json, components/verdict_as_a_service/package.json	Package version increments; verdict_as_a_service dependency updates (gdata-vaas and @pipedream/types).

Sequence Diagram(s)

sequenceDiagram
    participant App as verdict_as_a_service.app
    participant Auth as ClientCredentialsGrantAuthenticator
    participant VaasLib as gdata-vaas (Vaas)

    rect rgb(235,248,255)
    note left of App: New async getClient() flow
    App->>Auth: request token (clientId, secret, tokenUrl)
    Auth-->>App: access token
    App->>VaasLib: create Vaas instance (url)
    App->>VaasLib: connect(token, url)
    VaasLib-->>App: connected Vaas instance
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• Applying MCP annotations to TS components - batch 2/2 #18668 — Mass addition of annotations and action version bumps across many TypeScript action files (same change pattern).

Suggested reviewers

• js07
• pipedream-component-development
• michelle0927

Poem

I hopped through code with whiskered care,
Tucked tiny hints in files everywhere.
Versions climbed and typos freed,
One async token took the lead.
— the rabbit, bright and light as air 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The pull request description is missing entirely and does not include the required “## WHY” section from the repository’s template, leaving the motivation for these changes undocumented.	Please complete the description by adding the “## WHY” section as specified in the template, explaining the purpose and motivation for applying MCP annotations to these components.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title clearly summarizes the main change by stating that MCP annotations are being applied to TypeScript components and indicates this is the first of two batches, making it concise and specific for teammates reviewing the history.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ts-mcp-annotations-1

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7846819 and 1590033.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• components/verdict_as_a_service/package.json (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Lint Code Base
• GitHub Check: pnpm publish
• GitHub Check: Publish TypeScript components
• GitHub Check: Verify TypeScript components

🔇 Additional comments (1)

components/verdict_as_a_service/package.json (1)

19-23: Validate the gdata-vaas major upgrade

Jumping from gdata-vaas ^2.2.7 to ^7.7.3 is a multi-major upgrade. Please confirm the runtime components have been exercised against 7.x (token auth flow, payload shapes, error handling) so we don’t ship a breaking package.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 11

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

components/clientary/actions/create-estimate/create-estimate.ts (1)

46-46: Fix unused catch variable.

The caught error variable err is defined but never used. Either remove it or use it in error logging/handling.

Apply this diff:

-      } catch (err) {
+      } catch {
         throw new ConfigurationError("`Estimate Items Attributes` must be a valid JSON Array string");
       }

🧹 Nitpick comments (2)

components/formatting/actions/compare-dates/compare-dates.ts (1)

12-17: LGTM!

The metadata update is appropriate. readOnlyHint: true correctly reflects the pure computational nature of date comparison.

Note: If openWorldHint is meant to indicate external API interactions, consider whether it should be false for pure computational actions like date comparison. However, defer to MCP specification if the hint has a different semantic meaning.

components/formatting/actions/set-default-value/set-default-value.ts (1)

8-13: LGTM!

The metadata update is applied consistently with the PR pattern.

Note: Consider whether readOnlyHint: false is semantically appropriate for a pure computational function that doesn't perform any writes. Similarly, if openWorldHint indicates external interactions, it might be false for pure value defaulting. Defer to MCP specification for the intended semantics of these annotations.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4a9092d and 08192f6.

📒 Files selected for processing (103)

• components/amplenote/actions/create-note/create-note.ts (1 hunks)
• components/amplenote/actions/create-task/create-task.ts (1 hunks)
• components/apitemplate_io/actions/account-information/account-information.ts (1 hunks)
• components/apitemplate_io/actions/create-image/create-image.ts (1 hunks)
• components/apitemplate_io/actions/create-pdf/create-pdf.ts (1 hunks)
• components/apitemplate_io/actions/delete-object/delete-object.ts (1 hunks)
• components/apitemplate_io/actions/list-objects/list-objects.ts (1 hunks)
• components/baserow/actions/create-row/create-row.ts (1 hunks)
• components/baserow/actions/delete-row/delete-row.ts (1 hunks)
• components/baserow/actions/get-row/get-row.ts (1 hunks)
• components/baserow/actions/list-rows/list-rows.ts (1 hunks)
• components/baserow/actions/update-row/update-row.ts (1 hunks)
• components/beehiiv/actions/create-subscriber/create-subscriber.ts (1 hunks)
• components/beehiiv/actions/list-all-publications/list-all-publications.ts (1 hunks)
• components/clientary/actions/create-client/create-client.ts (1 hunks)
• components/clientary/actions/create-estimate/create-estimate.ts (1 hunks)
• components/clientary/actions/create-expense/create-expense.ts (1 hunks)
• components/clientary/actions/create-invoice/create-invoice.ts (1 hunks)
• components/clientary/actions/create-task/create-task.ts (1 hunks)
• components/cloudmersive/actions/convert-to-pdf/convert-to-pdf.ts (1 hunks)
• components/cloudmersive/actions/screenshot-website/screenshot-website.ts (1 hunks)
• components/cloudmersive/actions/validate-email-address/validate-email-address.ts (1 hunks)
• components/coassemble/actions/create-new-course/create-new-course.ts (1 hunks)
• components/coassemble/actions/create-new-user/create-new-user.ts (1 hunks)
• components/coassemble/actions/send-course-invitation/send-course-invitation.ts (1 hunks)
• components/concord/actions/copy-contract/copy-contract.ts (1 hunks)
• components/concord/actions/create-draft-from-template/create-draft-from-template.ts (1 hunks)
• components/concord/actions/create-template/create-template.ts (1 hunks)
• components/concord/actions/request-signature/request-signature.ts (1 hunks)
• components/concord/actions/update-agreement-status/update-agreement-status.ts (1 hunks)
• components/currencyscoop/actions/convert-currency/convert-currency.ts (1 hunks)
• components/currencyscoop/actions/get-historical-rates/get-historical-rates.ts (1 hunks)
• components/currencyscoop/actions/get-latest-exchange-rates/get-latest-exchange-rates.ts (1 hunks)
• components/data_axle_platform/actions/get-person-by-id/get-person-by-id.ts (1 hunks)
• components/data_axle_platform/actions/search-companies/search-companies.ts (1 hunks)
• components/detrack/actions/create-job/create-job.ts (1 hunks)
• components/docupilot/actions/create-document/create-document.ts (1 hunks)
• components/expensify/actions/create-expense/create-expense.ts (1 hunks)
• components/expensify/actions/create-report/create-report.ts (1 hunks)
• components/expensify/actions/export-report-to-pdf/export-report-to-pdf.ts (1 hunks)
• components/expensify/actions/export-report/export-report.ts (1 hunks)
• components/expensify/actions/list-policies/list-policies.ts (1 hunks)
• components/formatting/actions/add-subtract-time/add-subtract-time.ts (1 hunks)
• components/formatting/actions/compare-dates/compare-dates.ts (1 hunks)
• components/formatting/actions/convert-html-to-markdown/convert-html-to-markdown.ts (1 hunks)
• components/formatting/actions/convert-html-to-text/convert-html-to-text.ts (1 hunks)
• components/formatting/actions/convert-json-to-string/convert-json-to-string.ts (1 hunks)
• components/formatting/actions/convert-markdown-to-html/convert-markdown-to-html.ts (1 hunks)
• components/formatting/actions/date-time-format/date-time-format.ts (1 hunks)
• components/formatting/actions/extract-by-regular-expression/extract-by-regular-expression.ts (1 hunks)
• components/formatting/actions/extract-email-address/extract-email-address.ts (1 hunks)
• components/formatting/actions/extract-number/extract-number.ts (1 hunks)
• components/formatting/actions/extract-phone-number/extract-phone-number.ts (1 hunks)
• components/formatting/actions/extract-url/extract-url.ts (1 hunks)
• components/formatting/actions/format-currency/format-currency.ts (1 hunks)
• components/formatting/actions/format-number/format-number.ts (1 hunks)
• components/formatting/actions/parse-json/parse-json.ts (1 hunks)
• components/formatting/actions/replace-text/replace-text.ts (1 hunks)
• components/formatting/actions/set-default-value/set-default-value.ts (1 hunks)
• components/formatting/actions/split-text/split-text.ts (1 hunks)
• components/formatting/actions/transform-case/transform-case.ts (1 hunks)
• components/formatting/actions/trim-whitespace/trim-whitespace.ts (1 hunks)
• components/formatting/actions/url-decode/url-decode.ts (1 hunks)
• components/formatting/actions/url-encode/url-encode.ts (1 hunks)
• components/google_my_business/actions/create-post/create-post.ts (1 hunks)
• components/google_my_business/actions/create-update-reply-to-review/create-update-reply-to-review.ts (1 hunks)
• components/google_my_business/actions/get-reviews-multiple-locations/get-reviews-multiple-locations.ts (1 hunks)
• components/google_my_business/actions/get-specific-review/get-specific-review.ts (1 hunks)
• components/google_my_business/actions/list-all-reviews/list-all-reviews.ts (1 hunks)
• components/google_my_business/actions/list-posts/list-posts.ts (1 hunks)
• components/google_recaptcha/actions/validate-recaptcha/validate-recaptcha.ts (1 hunks)
• components/google_workspace/actions/list-activities-by-admin/list-activities-by-admin.ts (1 hunks)
• components/google_workspace/actions/list-activities-by-event-and-admin/list-activities-by-event-and-admin.ts (1 hunks)
• components/google_workspace/actions/list-activities-by-event-name/list-activities-by-event-name.ts (1 hunks)
• components/google_workspace/actions/list-all-activities/list-all-activities.ts (1 hunks)
• components/infusionsoft/actions/create-order-item/create-order-item.ts (1 hunks)
• components/infusionsoft/actions/create-payment/create-payment.ts (1 hunks)
• components/infusionsoft/actions/get-company/get-company.ts (1 hunks)
• components/infusionsoft/actions/get-contact/get-contact.ts (1 hunks)
• components/kanbanflow/actions/create-task/create-task.ts (1 hunks)
• components/lemon_squeezy/actions/retrieve-customer/retrieve-customer.ts (1 hunks)
• components/lemon_squeezy/actions/retrieve-order/retrieve-order.ts (1 hunks)
• components/lemon_squeezy/actions/retrieve-product/retrieve-product.ts (1 hunks)
• components/lob/actions/cancel-postcard/cancel-postcard.ts (1 hunks)
• components/lob/actions/create-letter/create-letter.ts (1 hunks)
• components/lob/actions/create-postcard/create-postcard.ts (1 hunks)
• components/lob/actions/list-postcards/list-postcards.ts (1 hunks)
• components/lob/actions/retrieve-postcard/retrieve-postcard.ts (1 hunks)
• components/mailbluster/actions/create-lead/create-lead.ts (1 hunks)
• components/mailbluster/actions/create-new-order/create-new-order.ts (1 hunks)
• components/mailbluster/actions/create-product/create-product.ts (1 hunks)
• components/mailbluster/actions/get-lead/get-lead.ts (1 hunks)
• components/mailbluster/actions/get-product/get-product.ts (1 hunks)
• components/mailboxvalidator/actions/validate-email/validate-email.ts (1 hunks)
• components/mattermost/actions/post-message/post-message.ts (1 hunks)
• components/namely/actions/create-user/create-user.ts (1 hunks)
• components/namely/actions/get-user/get-user.ts (1 hunks)
• components/namely/actions/update-user/update-user.ts (1 hunks)
• components/nectar_crm/actions/create-appointment/create-appointment.ts (1 hunks)
• components/nectar_crm/actions/create-contact/create-contact.ts (1 hunks)
• components/nectar_crm/actions/create-sale-opportunity/create-sale-opportunity.ts (1 hunks)
• components/nectar_crm/actions/create-task/create-task.ts (1 hunks)
• components/neverbounce/actions/verify-email-address/verify-email-address.ts (1 hunks)

🧰 Additional context used

🪛 GitHub Actions: Pull Request Checks

components/clientary/actions/create-estimate/create-estimate.ts

[error] 46-46: ESLint: 'err' is defined but never used. (no-unused-vars)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: pnpm publish
• GitHub Check: Publish TypeScript components
• GitHub Check: Verify TypeScript components

🔇 Additional comments (97)

components/infusionsoft/actions/get-contact/get-contact.ts (1)

11-16: LGTM! Annotations accurately reflect the read-only GET operation.

The version bump and annotations are appropriate:

• destructiveHint: false correctly indicates no data deletion
• openWorldHint: true accurately reflects the external Infusionsoft API call
• readOnlyHint: true properly identifies this as a read-only operation

components/mailbluster/actions/get-lead/get-lead.ts (1)

9-14: LGTM! Annotations correctly reflect the action's behavior.

The version bump and annotations are appropriate for this read-only GET operation:

• destructiveHint: false correctly indicates no destructive operations
• openWorldHint: true correctly indicates external API interaction
• readOnlyHint: true correctly indicates no data mutations

components/mailbluster/actions/create-new-order/create-new-order.ts (1)

8-13: LGTM! MCP annotations correctly reflect the action's behavior.

The annotations accurately describe this action:

• destructiveHint: false ✓ Creates orders without deleting data
• openWorldHint: true ✓ Makes external API calls to Mailbluster
• readOnlyHint: false ✓ Performs write operations

Version bump to 0.0.2 is appropriate for this metadata addition.

components/google_workspace/actions/list-activities-by-event-name/list-activities-by-event-name.ts (1)

8-13: LGTM! Annotations are consistent with the action's behavior.

The version bump and added annotations are appropriate:

• destructiveHint: false correctly indicates this list operation doesn't modify data
• openWorldHint: true accurately reflects the external Google Workspace API call
• readOnlyHint: true properly describes the read-only nature of listing activities

components/concord/actions/create-draft-from-template/create-draft-from-template.ts (1)

11-16: LGTM! Annotations are semantically correct.

The version bump and added annotations align well with the action's behavior:

• destructiveHint: false — Creating a draft is non-destructive (no deletion or overwriting of existing data).
• openWorldHint: true — Correctly reflects that the action makes external API calls to Concord.
• readOnlyHint: false — Appropriate since the action writes data (creates a draft).

components/concord/actions/request-signature/request-signature.ts (1)

10-15: LGTM! Annotations are semantically correct.

The version bump and annotations metadata are appropriate for this action:

• destructiveHint: false correctly indicates the action doesn't delete or destroy data
• openWorldHint: true correctly reflects the external API call to Concord (line 47)
• readOnlyHint: false correctly indicates this is a state-changing operation (requesting a signature modifies state)

components/beehiiv/actions/list-all-publications/list-all-publications.ts (1)

8-13: LGTM! Annotations are semantically correct.

The MCP annotations accurately reflect this action's behavior:

• destructiveHint: false ✓ (read-only operation)
• openWorldHint: true ✓ (makes external API call)
• readOnlyHint: true ✓ (only lists publications)

Version bump to 0.0.3 is appropriate for this metadata addition.

components/concord/actions/copy-contract/copy-contract.ts (1)

11-16: LGTM! Annotations align with action behavior.

The version bump and added MCP annotations are appropriate:

• destructiveHint: false — correct, as the action creates a new contract without deleting existing resources
• openWorldHint: true — correct, as the action makes external API calls to the Concord service
• readOnlyHint: false — correct, as the action modifies state by creating a new agreement

components/detrack/actions/create-job/create-job.ts (1)

12-17: LGTM! Annotations accurately reflect the action's behavior.

The version bump and new annotations are appropriate:

• destructiveHint: false — Correct, this action creates jobs rather than deleting resources
• openWorldHint: true — Correct, this action calls the external Detrack API
• readOnlyHint: false — Correct, this action modifies external state by creating a job

components/currencyscoop/actions/get-historical-rates/get-historical-rates.ts (1)

8-13: LGTM! Annotations accurately reflect the action's behavior.

The version bump and MCP annotations are correctly applied:

• destructiveHint: false – appropriate, as the action only reads historical currency rates
• openWorldHint: true – correct, since it calls the external CurrencyBeacon API
• readOnlyHint: true – accurate, as the run method performs no state mutations

The metadata-only change aligns with the PR objective of applying MCP annotations across components.

components/docupilot/actions/create-document/create-document.ts (2)

13-13: LGTM!

The patch version bump is appropriate for a metadata-only change.

---

14-18: LGTM! Annotations are semantically correct.

The annotation values are appropriate for this action:

• destructiveHint: false - Creates new documents without modifying/deleting existing resources
• openWorldHint: true - Makes external API calls to Docupilot
• readOnlyHint: false - Performs write operations

components/infusionsoft/actions/create-order-item/create-order-item.ts (1)

10-15: LGTM! Annotations appear semantically correct.

The version bump and annotations addition align with the PR objectives. The annotation values are appropriate:

• destructiveHint: false — Correct, this action creates an order item (not destructive).
• openWorldHint: true — Correct, this action interacts with the external Infusionsoft API.
• readOnlyHint: false — Correct, this is a write operation.

If MCP annotation standards or documentation exist, verify these values align with the intended semantics for "create" operations.

components/namely/actions/get-user/get-user.ts (1)

6-11: LGTM! Annotations accurately describe the action's behavior.

The version bump and added annotations are appropriate. The annotations correctly characterize this GET operation as read-only and non-destructive while noting it interacts with an external API.

components/neverbounce/actions/verify-email-address/verify-email-address.ts (1)

12-17: LGTM! Annotations are semantically correct.

The version bump and MCP annotations align well with the action's behavior:

• destructiveHint: false ✓ (verification operation, no data modification)
• openWorldHint: true ✓ (external API call to NeverBounce)
• readOnlyHint: true ✓ (read-only email verification)

The patch version increment is appropriate for this metadata-only change.

components/google_workspace/actions/list-activities-by-event-and-admin/list-activities-by-event-and-admin.ts (1)

8-13: LGTM! Annotations correctly reflect the read-only nature of this action.

The version bump and MCP annotations are appropriate for this list operation:

• destructiveHint: false correctly indicates no mutations
• openWorldHint: true correctly indicates external API interaction (Google Workspace)
• readOnlyHint: true correctly indicates this is a retrieval-only operation

components/google_workspace/actions/list-activities-by-admin/list-activities-by-admin.ts (1)

8-13: LGTM! Annotations correctly reflect the read-only nature of this action.

The version bump and MCP annotations are appropriate for this list operation:

• destructiveHint: false correctly indicates no mutations
• openWorldHint: true correctly indicates external API interaction (Google Workspace)
• readOnlyHint: true correctly indicates this is a retrieval-only operation

components/formatting/actions/extract-by-regular-expression/extract-by-regular-expression.ts (1)

10-15: LGTM! Annotations accurately describe the action's behavior.

The version bump and added annotations are appropriate:

• destructiveHint: false correctly indicates this action doesn't delete or modify data
• openWorldHint: true appropriately reflects that the action handles arbitrary text input and regex patterns
• readOnlyHint: true accurately describes the action as purely transformational with no external state modifications or API calls

components/formatting/actions/split-text/split-text.ts (2)

13-13: LGTM!

The version bump from "0.0.5" to "0.0.6" is appropriate for metadata-only changes.

---

14-18: Verify annotation hint values for this action's behavior.

The openWorldHint: true and readOnlyHint: false values may need verification for this specific action. This action only performs local text splitting without external API calls or state mutations, so:

• openWorldHint: true seems potentially inconsistent (unless "open world" has a different meaning in the MCP context)
• readOnlyHint: false might be misleading since the action only reads inputs and returns processed results without writing/mutating state

Since this is part of a batch update applying the same hints to multiple actions, please confirm:

1. Is there documentation defining what each MCP annotation hint represents?
2. Are these specific hint values correct for a text-processing action with no external interactions?

components/google_recaptcha/actions/validate-recaptcha/validate-recaptcha.ts (2)

6-6: LGTM!

The patch version increment is appropriate for this metadata-only change.

---

7-11: Annotations accurately reflect the action's behavior.

The MCP annotations are semantically correct:

• destructiveHint: false - validation doesn't delete or permanently modify data
• openWorldHint: true - makes external API calls to Google reCAPTCHA
• readOnlyHint: true - validation is read-only with no mutations

components/google_my_business/actions/create-update-reply-to-review/create-update-reply-to-review.ts (1)

11-16: LGTM! Annotations are semantically appropriate for this action.

The version bump and addition of MCP annotations align with the PR objectives. The annotations correctly reflect the action's behavior:

• destructiveHint: true – Appropriate, as the action modifies external state (creates or updates review replies)
• openWorldHint: true – Correct, as it interacts with the Google My Business API
• readOnlyHint: false – Accurate, since this is a write operation

components/concord/actions/create-template/create-template.ts (1)

11-16: LGTM! Metadata update correctly describes action behavior.

The version bump and annotations addition are appropriate:

• destructiveHint: false is correct—creating a template doesn't destroy existing data
• openWorldHint: true is correct—action calls the external Concord API
• readOnlyHint: false is correct—action performs a write operation

components/data_axle_platform/actions/search-companies/search-companies.ts (1)

9-14: LGTM! MCP annotations accurately describe the action.

The version bump and added annotations correctly characterize this search action:

• destructiveHint: false ✓ (searches data without deleting/destroying)
• openWorldHint: true ✓ (calls external Data Axle Platform API)
• readOnlyHint: true ✓ (returns search results without modifying data)

components/lemon_squeezy/actions/retrieve-customer/retrieve-customer.ts (2)

6-6: LGTM!

The version bump from 0.0.1 to 0.0.2 is appropriate for adding metadata without changing runtime behavior.

---

7-11: LGTM! Annotations accurately reflect the action's behavior.

The annotations correctly describe this read-only customer retrieval operation:

• destructiveHint: false ✓ (retrieve doesn't delete/destroy data)
• openWorldHint: true ✓ (calls external Lemon Squeezy API)
• readOnlyHint: true ✓ (only reads data, no modifications)

components/formatting/actions/convert-markdown-to-html/convert-markdown-to-html.ts (1)

10-15: LGTM! Annotations accurately reflect the action's behavior.

The version bump and annotations are appropriate:

• The patch version increment is suitable for adding metadata.
• destructiveHint: false is correct since the action performs a pure transformation without destroying data.
• openWorldHint: true is correct as the action uses only local libraries (showdown, linkedom) with no external API calls.
• readOnlyHint: true is correct since the action doesn't modify any external state.

components/formatting/actions/transform-case/transform-case.ts (2)

12-12: LGTM: Version bump is appropriate.

The patch version increment (0.0.5 → 0.0.6) correctly reflects metadata-only changes without functional modifications.

---

13-17: Verify the readOnlyHint: false annotation.

The readOnlyHint: false annotation suggests this action performs write operations, but examining the code reveals only read and transformation operations:

• The run() method reads input and operation props
• Applies a case transformation (pure function)
• Exports metadata via $.export() (line 43)
• Returns the transformed string

No external state modifications (API calls, database writes, file operations) occur. Please verify whether readOnlyHint should be true instead, as this appears to be a read-only transformation action.

components/nectar_crm/actions/create-contact/create-contact.ts (1)

9-14: Verify annotations typing in @pipedream/types
Confirm that the annotations field is declared on the defineAction interface in your local node_modules/@pipedream/types (e.g., run npm install then grep -R "annotations" -n node_modules/@pipedream/types).

components/lob/actions/create-postcard/create-postcard.ts (1)

9-14: LGTM! Annotations correctly reflect the action's behavior.

The version bump and annotations are appropriate:

• destructiveHint: false — Creating a postcard doesn't destroy existing resources
• openWorldHint: true — Calls the external Lob API
• readOnlyHint: false — Creates new state

components/lob/actions/list-postcards/list-postcards.ts (1)

8-13: LGTM! Annotations correctly reflect the read-only nature of this action.

The annotations are semantically correct:

• readOnlyHint: true — Appropriately marks this as a read-only operation
• openWorldHint: true — Correctly indicates external API calls
• destructiveHint: false — Listing doesn't modify or delete resources

components/lob/actions/cancel-postcard/cancel-postcard.ts (1)

8-13: LGTM! Annotations correctly mark this as a destructive operation.

The destructiveHint: true annotation appropriately reflects that this action "completely removes a postcard from production," as stated in the description. The other annotations are also correct for a deletion operation via external API.

components/lob/actions/retrieve-postcard/retrieve-postcard.ts (1)

8-13: LGTM! Annotations correctly reflect the read-only nature of this retrieval action.

The annotations are semantically correct for a retrieval operation that reads a single resource via external API without side effects.

components/lob/actions/create-letter/create-letter.ts (1)

10-15: LGTM! Annotations correctly reflect the action's behavior.

The version bump and annotations are appropriate for a letter creation action:

• destructiveHint: false — Creating a letter doesn't destroy existing resources
• openWorldHint: true — Calls the external Lob API
• readOnlyHint: false — Creates new state

components/mailbluster/actions/create-lead/create-lead.ts (2)

8-13: LGTM! Version bump and annotation structure look good.

The version bump from "0.0.2" to "0.0.3" is appropriate for adding metadata. The annotations are well-formed, and the values appear correct for this action:

• openWorldHint: true correctly indicates external API interaction
• readOnlyHint: false correctly indicates a write operation

---

9-13: Keep destructiveHint set to false.
Ordinary overrides/updates aren’t considered “destructive” (only irreversible deletions warrant destructiveHint=true).

components/mattermost/actions/post-message/post-message.ts (2)

12-12: LGTM! Appropriate version bump.

The patch version increment from 0.0.3 to 0.0.4 is appropriate for metadata-only changes.

---

13-17: Confirm annotations typing in defineAction interface
Sandbox lacks installed dependencies; please manually verify that the annotations property is defined on the defineAction interface in @pipedream/types.

components/expensify/actions/export-report-to-pdf/export-report-to-pdf.ts (1)

7-12: Approve MCP annotations for export-report-to-pdf

Version bump and annotations are correct; exportReportToPDF only retrieves a file without creating persistent state.

components/google_workspace/actions/list-all-activities/list-all-activities.ts (2)

8-8: LGTM! Appropriate version bump.

The patch version increment (0.0.1 → 0.0.2) correctly reflects the non-breaking metadata additions.

---

9-13: Approve code changes. Annotations correctly describe this read-only action. Please manually verify that the annotations property and its hints (destructiveHint, openWorldHint, readOnlyHint) are defined in the @pipedream/types package to ensure type safety.

components/formatting/actions/format-number/format-number.ts (2)

14-14: LGTM: Appropriate version bump.

The patch version increment is suitable for this metadata-only change.

---

15-19: Verify annotation values for purely computational action.

The openWorldHint and readOnlyHint values may not accurately reflect this action's behavior. The code (lines 43-70) shows that this action:

• Performs only local number formatting operations
• Makes no external API calls, network requests, or I/O operations
• Doesn't modify any external state

Typically:

• openWorldHint: true indicates interaction with external systems
• readOnlyHint: false suggests the action modifies external state

For a purely computational action like this, consider:

• openWorldHint: false (no external interactions)
• readOnlyHint: true (no external state modifications)

Since this is part of a batch update, please verify whether these annotation values follow a project-wide standard or if they should be adjusted to match the action's actual behavior.

components/formatting/actions/extract-number/extract-number.ts (1)

10-10: Version bump looks appropriate.

The patch version increment (0.0.5 → 0.0.6) correctly reflects a metadata-only change with no runtime behavior modifications.

components/formatting/actions/extract-url/extract-url.ts (2)

10-10: LGTM! Version bump is appropriate.

The patch version increment from 0.0.5 to 0.0.6 is appropriate for metadata-only changes that don't alter runtime behavior.

---

11-15: Confirm openWorldHint:true for extract-url
This action only extracts URLs via regex (no external requests); verify that openWorldHint (which typically signals external interaction) is appropriate here.

components/apitemplate_io/actions/account-information/account-information.ts (1)

8-13: LGTM! Annotations correctly reflect read-only behavior.

The annotations are semantically correct for this account information retrieval action:

• readOnlyHint: true - appropriate for a GET operation
• destructiveHint: false - no data modification occurs
• openWorldHint: true - makes external API calls

components/clientary/actions/create-client/create-client.ts (1)

6-11: LGTM! Annotations correctly reflect create operation.

The annotations appropriately describe this client creation action:

• readOnlyHint: false - creates new data
• destructiveHint: false - creation doesn't modify/delete existing data
• openWorldHint: true - makes external API calls

components/currencyscoop/actions/get-latest-exchange-rates/get-latest-exchange-rates.ts (1)

8-13: LGTM! Annotations correctly reflect read-only data retrieval.

The annotations are semantically correct for this exchange rate retrieval action:

• readOnlyHint: true - fetches data without modification
• destructiveHint: false - no data changes occur
• openWorldHint: true - makes external API calls

components/coassemble/actions/create-new-user/create-new-user.ts (1)

6-11: LGTM! Annotations correctly reflect user creation.

The annotations appropriately describe this user creation action:

• readOnlyHint: false - creates new user data
• destructiveHint: false - creation doesn't modify/delete existing data
• openWorldHint: true - makes external API calls

components/clientary/actions/create-task/create-task.ts (1)

6-11: LGTM! Annotations correctly reflect task creation.

The annotations appropriately describe this task creation action:

• readOnlyHint: false - creates new task data
• destructiveHint: false - creation doesn't modify/delete existing data
• openWorldHint: true - makes external API calls

components/baserow/actions/update-row/update-row.ts (1)

14-19: LGTM! Annotations correctly reflect destructive update operation.

The annotations appropriately describe this row update action:

• readOnlyHint: false - modifies existing data
• destructiveHint: true - correctly flagged as destructive since updates overwrite existing row data
• openWorldHint: true - makes external API calls

Note: This is the only action in the batch with destructiveHint: true, which is correct for update operations that modify existing data.

components/mailbluster/actions/get-product/get-product.ts (1)

8-13: LGTM! Annotations correctly reflect read-only product retrieval.

The annotations are semantically correct for this product retrieval action:

• readOnlyHint: true - fetches product data without modification
• destructiveHint: false - no data changes occur
• openWorldHint: true - makes external API calls

components/clientary/actions/create-expense/create-expense.ts (1)

6-11: LGTM! Annotations correctly reflect expense creation.

The annotations appropriately describe this expense creation action:

• readOnlyHint: false - creates new expense data
• destructiveHint: false - creation doesn't modify/delete existing data
• openWorldHint: true - makes external API calls

components/expensify/actions/list-policies/list-policies.ts (1)

8-13: LGTM!

The version bump and MCP annotations addition are appropriate. readOnlyHint: true correctly reflects the read-only nature of this list operation.

components/currencyscoop/actions/convert-currency/convert-currency.ts (1)

9-14: LGTM!

The metadata update is correct. readOnlyHint: true properly indicates that currency conversion is a read-only operation with no side effects.

components/nectar_crm/actions/create-appointment/create-appointment.ts (1)

8-13: LGTM!

The annotations correctly reflect the operation semantics. readOnlyHint: false is appropriate for an appointment creation action.

components/cloudmersive/actions/screenshot-website/screenshot-website.ts (1)

10-15: LGTM!

The annotations are appropriate. readOnlyHint: false correctly indicates that this action generates a new screenshot resource.

components/apitemplate_io/actions/list-objects/list-objects.ts (1)

8-13: LGTM!

The metadata update is correct. readOnlyHint: true appropriately reflects the read-only nature of this list operation.

components/apitemplate_io/actions/create-pdf/create-pdf.ts (1)

8-13: LGTM!

The annotations correctly reflect the operation. readOnlyHint: false is appropriate for a PDF creation action.

components/expensify/actions/export-report/export-report.ts (1)

13-18: LGTM! Metadata update aligns with action behavior.

The version bump and annotations block correctly reflect the action's characteristics: it exports data via external API calls and writes files without destructive operations.

components/namely/actions/update-user/update-user.ts (1)

7-12: LGTM! Annotations correctly reflect update operation.

The destructiveHint: true appropriately flags this as a mutating operation since it updates user profile data. The other annotation values are consistent with the action's external API call behavior.

components/google_my_business/actions/list-all-reviews/list-all-reviews.ts (1)

11-16: LGTM! Read-only annotations are correct.

The annotations accurately characterize this as a non-destructive, read-only operation that makes external API calls.

components/cloudmersive/actions/convert-to-pdf/convert-to-pdf.ts (1)

16-21: LGTM! Annotations align with file conversion behavior.

The metadata correctly reflects that this action makes external API calls to Cloudmersive and writes output files without destructive operations on the source.

components/apitemplate_io/actions/create-image/create-image.ts (1)

9-14: LGTM! Annotations correctly describe image creation action.

The metadata appropriately reflects this action's behavior: it creates new resources via external API calls without destructive operations on existing data.

components/infusionsoft/actions/get-company/get-company.ts (1)

11-16: LGTM! Read-only annotation is accurate.

The annotations correctly characterize this as a non-destructive, read-only retrieval operation with external API calls.

components/beehiiv/actions/create-subscriber/create-subscriber.ts (1)

8-13: LGTM! Annotations reflect subscriber creation behavior.

The metadata correctly describes this action's characteristics: it creates new subscribers via external API calls. The destructiveHint: false is reasonable since the action adds new data without deleting or overwriting existing resources.

components/concord/actions/update-agreement-status/update-agreement-status.ts (1)

11-16: LGTM! Annotations correctly reflect the action semantics.

The annotations are appropriate for an update operation:

• destructiveHint: true correctly indicates this action modifies existing resource state
• openWorldHint: true correctly indicates external API interaction
• readOnlyHint: false correctly indicates a mutating operation

components/infusionsoft/actions/create-payment/create-payment.ts (1)

10-15: LGTM! Annotations correctly reflect the action semantics.

The annotations are appropriate for a create operation:

• destructiveHint: false correctly indicates this is an additive operation (creates new data without destroying existing data)
• openWorldHint: true correctly indicates external API interaction
• readOnlyHint: false correctly indicates a mutating operation

components/clientary/actions/create-invoice/create-invoice.ts (1)

7-12: LGTM! Annotations correctly reflect the action semantics.

The annotations are appropriate for a create operation:

• destructiveHint: false correctly indicates this is an additive operation
• openWorldHint: true correctly indicates external API interaction
• readOnlyHint: false correctly indicates a mutating operation

components/expensify/actions/create-report/create-report.ts (1)

7-12: LGTM! Annotations correctly reflect the action semantics.

The annotations are appropriate for a create operation:

• destructiveHint: false correctly indicates this is an additive operation
• openWorldHint: true correctly indicates external API interaction
• readOnlyHint: false correctly indicates a mutating operation

components/apitemplate_io/actions/delete-object/delete-object.ts (1)

8-13: LGTM! Annotations correctly reflect the action semantics.

The annotations are appropriate for a delete operation:

• destructiveHint: true correctly indicates this action removes existing data
• openWorldHint: true correctly indicates external API interaction
• readOnlyHint: false correctly indicates a mutating operation

components/mailboxvalidator/actions/validate-email/validate-email.ts (1)

12-17: LGTM! Annotations correctly reflect the action semantics.

The annotations are appropriate for a validation operation:

• destructiveHint: false correctly indicates no data destruction
• openWorldHint: true correctly indicates external API interaction
• readOnlyHint: true correctly indicates this is a read-only validation operation

components/namely/actions/create-user/create-user.ts (1)

7-12: LGTM! Annotations correctly reflect the action semantics.

The annotations are appropriate for a create operation:

• destructiveHint: false correctly indicates this is an additive operation
• openWorldHint: true correctly indicates external API interaction
• readOnlyHint: false correctly indicates a mutating operation

components/formatting/actions/convert-json-to-string/convert-json-to-string.ts (1)

8-13: LGTM! Annotations correctly reflect the action semantics.

The annotations are appropriate for a local formatting operation:

• destructiveHint: false correctly indicates no data destruction
• openWorldHint: false correctly indicates this is a local operation with no external API interaction
• readOnlyHint: true correctly indicates this is a pure data conversion operation

components/google_my_business/actions/create-post/create-post.ts (1)

15-20: LGTM! Annotations are correctly configured for a create action.

The annotations accurately reflect the action's behavior:

• destructiveHint: false - Creating a post is not a destructive operation
• openWorldHint: true - Appropriate for external API calls to Google My Business
• readOnlyHint: false - Correct for a mutation operation

components/coassemble/actions/send-course-invitation/send-course-invitation.ts (1)

6-11: LGTM! Annotations are appropriate for an enrollment action.

The version bump and annotations are correctly configured for this course invitation operation that mutates external state via the Coassemble API.

components/expensify/actions/create-expense/create-expense.ts (1)

6-11: LGTM! Annotations correctly reflect the expense creation operation.

The annotations are properly configured for this create action that calls the Expensify API.

components/google_my_business/actions/get-specific-review/get-specific-review.ts (1)

11-16: LGTM! Read-only annotation correctly set for a GET operation.

The annotations properly indicate this is a read-only operation (readOnlyHint: true) that retrieves data from the Google My Business API without modifying state.

components/cloudmersive/actions/validate-email-address/validate-email-address.ts (1)

10-15: LGTM! Annotations are correct for a validation action.

The read-only hint is appropriately set to true for this validation operation that queries the Cloudmersive API without side effects.

components/formatting/actions/extract-email-address/extract-email-address.ts (1)

10-15: Verify openWorldHint: true for local operations.

This action performs a local regex-based email extraction (line 28) without making external API calls. Setting openWorldHint: true may be incorrect if this hint is intended to indicate external system interactions.

Please confirm whether openWorldHint should be false for purely local text transformation operations.

components/google_my_business/actions/get-reviews-multiple-locations/get-reviews-multiple-locations.ts (1)

11-16: LGTM! Annotations properly configured for a batch read operation.

The read-only hint is correctly set for this operation that fetches reviews from multiple locations via the Google My Business API.

components/formatting/actions/convert-html-to-text/convert-html-to-text.ts (1)

9-14: Verify openWorldHint: true for local HTML conversion.

This action uses the html-to-text library (line 26) to perform a local HTML-to-text transformation without external API calls. Similar to the email extraction action, openWorldHint: true may be incorrect for this purely local operation.

Please verify the intended semantics of openWorldHint and confirm whether it should be false for actions that don't interact with external systems.

components/data_axle_platform/actions/get-person-by-id/get-person-by-id.ts (1)

9-14: LGTM! Metadata annotations align with action semantics.

The version bump and added annotations are appropriate for this read-only action that retrieves person data.

components/clientary/actions/create-estimate/create-estimate.ts (1)

7-12: LGTM! Metadata annotations align with action semantics.

The version bump and added annotations are appropriate for this action that creates estimates.

components/amplenote/actions/create-task/create-task.ts (1)

7-12: LGTM! Metadata annotations align with action semantics.

The version bump and added annotations are appropriate for this action that creates tasks.

components/lemon_squeezy/actions/retrieve-product/retrieve-product.ts (1)

6-11: LGTM! Metadata annotations align with action semantics.

The version bump and added annotations are appropriate for this read-only action that retrieves product data.

components/coassemble/actions/create-new-course/create-new-course.ts (1)

6-11: LGTM! Metadata annotations align with action semantics.

The version bump and added annotations are appropriate for this action that creates courses.

components/baserow/actions/delete-row/delete-row.ts (1)

13-18: LGTM! Metadata annotations correctly reflect destructive operation.

The version bump and added annotations are appropriate for this delete action. Correctly marks destructiveHint: true to indicate data deletion.

components/formatting/actions/url-decode/url-decode.ts (1)

8-13: LGTM! Metadata annotations added.

The version bump and added annotations are consistent with the broader PR changes.

components/baserow/actions/get-row/get-row.ts (1)

15-20: LGTM! Metadata annotations align with action semantics.

The version bump and added annotations are appropriate for this read-only action that retrieves row data.

components/baserow/actions/list-rows/list-rows.ts (1)

14-19: LGTM! Annotations are semantically correct.

The annotations accurately reflect that this action reads from an external Baserow API without destructive side effects.

components/baserow/actions/create-row/create-row.ts (1)

15-19: LGTM! Annotations are semantically correct.

The annotations accurately reflect that this action creates data via an external Baserow API with side effects.

components/formatting/actions/trim-whitespace/trim-whitespace.ts (1)

9-13: Update openWorldHint to false and confirm destructiveHint semantics
Only the world‐opening hint is incorrect for a pure in‐memory trim(); trimming whitespace remains a lossy transformation so keep destructiveHint: true (adjust if your team defines “destructive” differently).

components/formatting/actions/trim-whitespace/trim-whitespace.ts
 annotations: {
-  destructiveHint: true,
-  openWorldHint: true,
+  destructiveHint: true,
+  openWorldHint: false,
   readOnlyHint: false,
 },

components/nectar_crm/actions/create-sale-opportunity/create-sale-opportunity.ts (1)

9-9: LGTM! Appropriate version bump for metadata change.

The patch version increment from 0.0.1 to 0.0.2 is appropriate for a metadata-only change that adds annotations without altering runtime behavior.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

❓ Verification inconclusive

Verify that openWorldHint: true is correct for this computational action.

The visible code suggests this action performs purely local date/time arithmetic using the sugar library without making external API calls. However, since commonDateTime is imported and spread into the action (line 4), there may be hidden external call behavior.

Please verify that this action (or its inherited commonDateTime methods) actually makes external API calls to justify openWorldHint: true. If it's purely computational, consider setting openWorldHint: false.

---

🏁 Script executed:

#!/bin/bash
# Check if commonDateTime or related files make external HTTP/API calls
rg -n -C3 --type=ts -g '!**/node_modules/**' '\b(axios|fetch|http\.|https\.|request\(|get\(|post\()' components/formatting/common/date-time/

Length of output: 0

---

Set openWorldHint to false
No external API calls in this action or its commonDateTime utilities; it’s purely local date/time arithmetic.
components/formatting/actions/add-subtract-time/add-subtract-time.ts: openWorldHint: true → openWorldHint: false

🤖 Prompt for AI Agents

In components/formatting/actions/add-subtract-time/add-subtract-time.ts around
lines 21 to 26, update the action metadata to set openWorldHint to false;
replace the existing annotations block so that openWorldHint: true becomes
openWorldHint: false while leaving version and the other hints unchanged.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Incorrect openWorldHint for pure transformation.

This action performs a pure in-memory HTML-to-Markdown conversion using showdown and linkedom libraries without any external API calls or I/O. The openWorldHint should be false.

Apply this diff:

   annotations: {
     destructiveHint: false,
-    openWorldHint: true,
+    openWorldHint: false,
     readOnlyHint: true,
   },

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	annotations: {
	destructiveHint: false,
	openWorldHint: true,
	readOnlyHint: true,
	},
	annotations: {
	destructiveHint: false,
	openWorldHint: false,
	readOnlyHint: true,
	},

🤖 Prompt for AI Agents

In
components/formatting/actions/convert-html-to-markdown/convert-html-to-markdown.ts
around lines 11 to 15, the action annotation incorrectly sets openWorldHint:
true for a pure in-memory HTML-to-Markdown transformation; change openWorldHint
to false (leave destructiveHint and readOnlyHint as-is) so the annotations
accurately reflect no external/world access.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Incorrect openWorldHint for pure transformation.

This action performs a pure in-memory date formatting operation using the Sugar library without any external API calls or I/O. The openWorldHint should be false.

Apply this diff:

   annotations: {
     destructiveHint: false,
-    openWorldHint: true,
+    openWorldHint: false,
     readOnlyHint: false,
   },

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	annotations: {
	destructiveHint: false,
	openWorldHint: true,
	readOnlyHint: false,
	},
	annotations: {
	destructiveHint: false,
	openWorldHint: false,
	readOnlyHint: false,
	},

🤖 Prompt for AI Agents

In components/formatting/actions/date-time-format/date-time-format.ts around
lines 14 to 18, the action is a pure in-memory transformation and the
annotations incorrectly set openWorldHint: true; change openWorldHint to false
(leave destructiveHint and readOnlyHint as-is) so the annotations reflect no
external I/O or open-world effects.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify openWorldHint: true for local text processing.

The AI summary incorrectly states readOnlyHint: false when the code shows readOnlyHint: true (Line 14).

Additionally, openWorldHint: true seems unexpected for a purely computational text extraction action that:

• Operates on local string input
• Uses regex pattern matching
• Returns a computed result
• Makes no external calls or I/O operations

"Open world" typically suggests interaction with external systems or side effects beyond local computation. Please verify this value is intentional for this action.

If you need to verify the semantic intent of these annotations across the batch, consider checking the MCP specification or reviewing other similar text-processing actions in the codebase:

---

🏁 Script executed:

#!/bin/bash
# Description: Find other text extraction/formatting actions to compare annotation patterns

# Search for similar text processing actions with annotations
rg -A10 'defineAction\(' components/formatting/actions/ | rg -A10 'annotations:'

Length of output: 20733

---

Fix AI summary and confirm annotation

• AI summary incorrectly states readOnlyHint: false; it should be true.
• openWorldHint: true matches the pattern in other text-processing actions and can remain unchanged.

🤖 Prompt for AI Agents

In components/formatting/actions/extract-number/extract-number.ts around lines
11 to 15, the AI summary and confirmation for the annotations are inconsistent
with the actual annotations: update the AI summary to state readOnlyHint: true
(not false) and confirm the annotation block as written (destructiveHint: false,
openWorldHint: true, readOnlyHint: true); ensure the comment/text describing
these annotations matches those exact boolean values.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

readOnlyHint should be true for this formatter

This action only formats input and has no side effects, so the MCP hint ought to communicate that it’s safe/read‑only. Please flip readOnlyHint to true to keep the metadata consistent with behavior.

🤖 Prompt for AI Agents

In components/formatting/actions/format-currency/format-currency.ts around lines
12 to 17, the action metadata sets readOnlyHint: false even though the formatter
has no side effects; change readOnlyHint to true so the MCP metadata correctly
reflects that this action is read-only by flipping the boolean to true in the
annotations block.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

LGTM! Annotations are semantically correct.

The annotations accurately reflect the action's behavior:

• destructiveHint: false — appropriate for a read-only retrieval operation
• openWorldHint: true — correct, as the action calls the external Lemon Squeezy API
• readOnlyHint: true — accurate, since the action only retrieves data without modification

The version bump to 0.0.2 is appropriate for this metadata addition.

Optionally, verify that the annotations schema is properly defined in @pipedream/types version 0.3.2 (or whichever version is in use) to ensure type safety:

---

🏁 Script executed:

#!/bin/bash
# Description: Verify annotations type definition in @pipedream/types

# Search for annotations type definition in the types package
fd -e ts -e d.ts . node_modules/@pipedream/types | xargs rg -n "annotations" -A 3 -B 1

Length of output: 262639

---

Replace readOnlyHint with idempotentHint
The annotations schema declares idempotentHint, not readOnlyHint. In components/lemon_squeezy/actions/retrieve-order/retrieve-order.ts (around line 10), update:

readOnlyHint: true,

to

idempotentHint: true,

🤖 Prompt for AI Agents

In components/lemon_squeezy/actions/retrieve-order/retrieve-order.ts around
lines 6 to 11, the annotations object uses readOnlyHint which doesn't match the
schema; replace the readOnlyHint property with idempotentHint and set it to true
so the annotations key matches the declared schema and intent.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

LGTM! Annotations are semantically correct for this create action.

The annotations are appropriate:

• destructiveHint: false ✓ Creates a new resource without deleting/destroying existing data
• openWorldHint: true ✓ Makes external API calls to Nectar CRM
• readOnlyHint: false ✓ Modifies state by creating new records (not read-only)

Verify that these annotation fields are officially supported by the latest @pipedream/types package and align with MCP (Model Context Protocol) standards.

---

🌐 Web query:

What are the official MCP annotation hints (destructiveHint, openWorldHint, readOnlyHint) and are they part of the Pipedream TypeScript types package?

💡 Result:

Short answer

• The MCP (Model Context Protocol) standard defines tool annotations including readOnlyHint, destructiveHint, idempotentHint, openWorldHint (and a human-readable title). These are UX/safety hints describing whether a tool modifies state, may be destructive, is idempotent, or touches the “open world.” [1][2][3].
• Those annotations are part of the MCP spec / implementations, not a Pipedream-specific invention. Pipedream’s TypeScript docs point to the @pipedream/types package for component typing, but I could not find the MCP annotation fields (readOnlyHint / destructiveHint / openWorldHint) declared in the published @pipedream/types package docs or npm listing. In short: the annotations come from MCP; they are not documented as built-in types in @pipedream/types. [4][5]

Sources

1. MCP / Model Context Protocol — annotations list and meanings. [ModelContextProtocol / MCP docs]. (modelcontextprotocol.io)
2. Microsoft/GenAIScript MCP server docs — shows annotations and definitions (readOnlyHint, destructiveHint, idempotentHint, openWorldHint). (microsoft.github.io)
3. Multiple MCP implementations/docs summarizing the same annotation defaults and meanings (examples: FastMCP / Glama / others). (jsr.io)
4. Pipedream TypeScript components docs referencing @pipedream/types (package for component types) but not listing MCP annotations as part of that package. (pipedream.com)
5. npm / package listing for @pipedream/types. (package exists but I found no published index showing MCP annotation typings). (npmjs.com)

If you want, I can fetch the exact type declarations from the latest @pipedream/types release (index.d.ts) to confirm definitively whether those annotation fields are present in that package.

Citations:

• 1: https://modelcontextprotocol.io/legacy/concepts/tools?utm_source=openai
• 2: https://microsoft.github.io/genaiscript/reference/scripts/mcp-server/?utm_source=openai
• 3: https://jsr.io/%40glama/fastmcp?utm_source=openai
• 4: https://pipedream.com/docs/components/contributing/typescript/?utm_source=openai
• 5: https://www.npmjs.com/package/%40pipedream/types?utm_source=openai

---

🏁 Script executed:

#!/bin/bash
set -e
npm pack @pipedream/types
TARBALL=$(ls *.tgz | head -n1)
mkdir pkg
tar -xzf "$TARBALL" -C pkg
grep -R "openWorldHint" pkg/package/index.d.ts -n || echo "openWorldHint not found"
grep -R "destructiveHint" pkg/package/index.d.ts -n || echo "destructiveHint not found"
grep -R "readOnlyHint" pkg/package/index.d.ts -n || echo "readOnlyHint not found"

Length of output: 923

---

🏁 Script executed:

#!/bin/bash
set -e
# Search in the unpacked dist directory for annotation hints
grep -R "openWorldHint" pkg/package/dist/index.d.ts -n || echo "openWorldHint not found"
grep -R "destructiveHint" pkg/package/dist/index.d.ts -n || echo "destructiveHint not found"
grep -R "readOnlyHint" pkg/package/dist/index.d.ts -n || echo "readOnlyHint not found"

Length of output: 255

---

🏁 Script executed:

#!/bin/bash
set -e
npm pack @pipedream/types
TARBALL=$(ls *.tgz | head -n1)
echo "Tarball contents:"
tar -tzf "$TARBALL"

Length of output: 857

---

🏁 Script executed:

#!/bin/bash
set -e
# Search for annotation hints in the unpacked dist files
grep -R "openWorldHint" pkg/package/dist/index.d.ts -n || echo "openWorldHint not found"
grep -R "destructiveHint" pkg/package/dist/index.d.ts -n || echo "destructiveHint not found"
grep -R "readOnlyHint" pkg/package/dist/index.d.ts -n || echo "readOnlyHint not found"

Length of output: 255

---

#!/bin/bash
set -e
echo "Listing pkg directory structure:"
ls -R pkg

---

🏁 Script executed:

#!/bin/bash
set -e
grep -R "openWorldHint" pkg -n || echo "openWorldHint not found"
grep -R "destructiveHint" pkg -n || echo "destructiveHint not found"
grep -R "readOnlyHint" pkg -n || echo "readOnlyHint not found"

Length of output: 183

---

Add missing MCP annotation typings

The hints destructiveHint, openWorldHint, and readOnlyHint are part of the MCP spec but aren’t declared in @pipedream/[email protected], so this code will error under TypeScript. Extend or patch the ComponentAnnotations interface (or update @pipedream/types to a version that includes these fields) before merging.

🤖 Prompt for AI Agents

In
components/nectar_crm/actions/create-sale-opportunity/create-sale-opportunity.ts
around lines 10 to 14, the annotations object uses MCP fields destructiveHint,
openWorldHint, and readOnlyHint which are not declared in @pipedream/[email protected]
and will cause TypeScript errors; fix by adding appropriate typings before
merging — either update @pipedream/types to a version that includes these
fields, or locally augment the ComponentAnnotations interface (e.g., create a
declaration file in the project that extends the existing interface to include
destructiveHint?: boolean; openWorldHint?: boolean; readOnlyHint?: boolean) and
ensure the tsconfig includes that file so the annotations compile without
errors.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

components/nectar_crm/actions/create-sale-opportunity/create-sale-opportunity.ts (1)

9-13: Annotation values are semantically correct.

The MCP annotations are appropriate for this create action:

• destructiveHint: false ✓ Creates without destroying existing data
• openWorldHint: true ✓ Makes external API calls
• readOnlyHint: false ✓ Modifies state

Note: The type safety concern regarding these fields not being in @pipedream/[email protected] has already been flagged in the previous review.

🧹 Nitpick comments (2)

components/formatting/actions/transform-case/transform-case.ts (1)

46-48: Enhanced error message improves debuggability.

Including the original error message is a good improvement for troubleshooting.

Consider removing trailing whitespace on Line 47 for cleaner formatting:

-      throw new ConfigurationError(`**Parse error** - check your input and if the selected operation is correct.
-        
-${err.message}`);
+      throw new ConfigurationError(`**Parse error** - check your input and if the selected operation is correct.
+
+${err.message}`);

components/formatting/actions/parse-json/parse-json.ts (1)

23-23: Consider a more accurate return type.

The return type Promise<object> doesn't fully capture that JSON.parse can return primitives, arrays, or null. Consider using Promise<unknown> for better type accuracy, though the current implementation works for most common use cases.

Apply this diff if desired:

-  async run({ $ }): Promise<object> {
+  async run({ $ }): Promise<unknown> {

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 08192f6 and d4f3efc.

📒 Files selected for processing (22)

• components/clientary/actions/create-estimate/create-estimate.ts (2 hunks)
• components/clientary/actions/create-invoice/create-invoice.ts (2 hunks)
• components/clientary/package.json (1 hunks)
• components/data_axle_platform/actions/get-person-by-id/get-person-by-id.ts (1 hunks)
• components/formatting/actions/date-time-format/date-time-format.ts (2 hunks)
• components/formatting/actions/extract-number/extract-number.ts (1 hunks)
• components/formatting/actions/parse-json/parse-json.ts (1 hunks)
• components/formatting/actions/replace-text/replace-text.ts (1 hunks)
• components/formatting/actions/transform-case/transform-case.ts (2 hunks)
• components/formatting/actions/url-decode/url-decode.ts (1 hunks)
• components/formatting/actions/url-encode/url-encode.ts (1 hunks)
• components/formatting/package.json (1 hunks)
• components/kanbanflow/actions/create-task/create-task.ts (2 hunks)
• components/kanbanflow/package.json (1 hunks)
• components/lemon_squeezy/actions/retrieve-customer/retrieve-customer.ts (1 hunks)
• components/lemon_squeezy/actions/retrieve-order/retrieve-order.ts (1 hunks)
• components/lemon_squeezy/actions/retrieve-product/retrieve-product.ts (1 hunks)
• components/namely/actions/create-user/create-user.ts (2 hunks)
• components/namely/actions/update-user/update-user.ts (2 hunks)
• components/namely/package.json (1 hunks)
• components/nectar_crm/actions/create-sale-opportunity/create-sale-opportunity.ts (1 hunks)
• components/nectar_crm/package.json (1 hunks)

✅ Files skipped from review due to trivial changes (4)

• components/kanbanflow/package.json
• components/nectar_crm/package.json
• components/clientary/package.json
• components/formatting/package.json

🚧 Files skipped from review as they are similar to previous changes (9)

• components/clientary/actions/create-estimate/create-estimate.ts
• components/kanbanflow/actions/create-task/create-task.ts
• components/clientary/actions/create-invoice/create-invoice.ts
• components/formatting/actions/date-time-format/date-time-format.ts
• components/namely/actions/update-user/update-user.ts
• components/lemon_squeezy/actions/retrieve-order/retrieve-order.ts
• components/data_axle_platform/actions/get-person-by-id/get-person-by-id.ts
• components/formatting/actions/url-decode/url-decode.ts
• components/namely/actions/create-user/create-user.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Lint Code Base
• GitHub Check: Verify TypeScript components
• GitHub Check: Publish TypeScript components

🔇 Additional comments (13)

components/formatting/actions/url-encode/url-encode.ts (1)

8-13: LGTM! Annotations correctly reflect pure transformation.

The version bump and annotations are appropriate. The openWorldHint: false correctly indicates no external I/O occurs (the previous issue has been addressed), and both destructiveHint and readOnlyHint are accurate for this pure in-memory transformation.

components/lemon_squeezy/actions/retrieve-product/retrieve-product.ts (2)

6-11: LGTM! Annotations accurately reflect the action's behavior.

The version bump and MCP annotations are appropriate:

• destructiveHint: false is correct since this is a read-only retrieve operation
• openWorldHint: true accurately indicates external API interaction
• readOnlyHint: true aligns with the retrieval-only nature of the action

---

13-13: Good catch on the typo fix.

Correcting "Retrive" to "Retrieve" improves the documentation quality.

components/nectar_crm/actions/create-sale-opportunity/create-sale-opportunity.ts (1)

8-8: Version bump is appropriate.

The version increment from 0.0.1 to 0.0.2 correctly reflects the addition of metadata without runtime behavior changes.

components/formatting/actions/extract-number/extract-number.ts (2)

10-10: LGTM! Appropriate version bump.

The version increment from 0.0.5 to 0.0.6 is appropriate for adding metadata annotations.

---

11-15: LGTM! Annotations correctly reflect the action's behavior.

All three annotations are correctly configured for this local text-processing action:

• destructiveHint: false - Correct, no external state modification
• openWorldHint: false - Correct, performs purely local regex-based extraction with no external I/O
• readOnlyHint: true - Correct, reads input and returns computed result without side effects

components/lemon_squeezy/actions/retrieve-customer/retrieve-customer.ts (2)

6-6: LGTM!

The patch version bump is appropriate for adding metadata without changing functionality.

---

7-11: LGTM!

The annotations correctly characterize this retrieve action as non-destructive and read-only.

components/formatting/actions/replace-text/replace-text.ts (1)

12-17: Version bump and openWorldHint annotation look good. Verify destructiveHint and readOnlyHint semantics.

The version bump to 0.0.6 is appropriate for metadata additions, and openWorldHint: false correctly reflects that this action performs in-memory text transformations with no external system interactions.

However, please verify that destructiveHint: true and readOnlyHint: false align with Pipedream's MCP annotation semantics for pure transformation actions. This action:

• Accepts input parameters (text, pattern, replacement)
• Performs in-memory string replacements
• Returns a transformed result
• Does not modify persistent state or external systems

Typically, "destructive" implies irreversible modification of persistent data, and "read-only" means no writes to external systems. If Pipedream's MCP annotations follow different semantics (e.g., "destructive" for any data transformation, or "read-only" only when returning unmodified input), then the current values are correct.

components/formatting/actions/transform-case/transform-case.ts (2)

12-12: LGTM!

Version bump is appropriate for the addition of annotation metadata.

---

13-17: LGTM!

The MCP annotations are appropriate for this text transformation action. The hints correctly reflect that the action is non-destructive, operates in an open-world context, and performs computation rather than being purely read-only.

components/formatting/actions/parse-json/parse-json.ts (2)

8-8: LGTM!

The version bump is appropriate for adding the annotations metadata.

---

9-13: LGTM!

The annotations are correctly configured for this pure transformation action:

• destructiveHint: false - No external state modification
• openWorldHint: false - No external I/O or API calls (previously corrected from true)
• readOnlyHint: false - No external reads

The previous review concern about openWorldHint has been properly addressed.

[js07]

LGTM. Just made one minor optional suggestion.

[js07]

LGTM!

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d4f3efc and 12be095.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (5)

• components/clientary/actions/create-estimate/create-estimate.ts (2 hunks)
• components/clientary/actions/create-invoice/create-invoice.ts (2 hunks)
• components/verdict_as_a_service/actions/request-verdict-for-file/request-verdict-for-file.ts (1 hunks)
• components/verdict_as_a_service/app/verdict_as_a_service.app.ts (2 hunks)
• components/verdict_as_a_service/package.json (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• components/clientary/actions/create-invoice/create-invoice.ts
• components/clientary/actions/create-estimate/create-estimate.ts

🧰 Additional context used

🪛 GitHub Actions: Pull Request Checks

components/verdict_as_a_service/app/verdict_as_a_service.app.ts

[error] 31-31: ESLint: Missing trailing comma. (comma-dangle)

🪛 GitHub Check: Lint Code Base

components/verdict_as_a_service/app/verdict_as_a_service.app.ts

[failure] 31-31:
Missing trailing comma

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Publish TypeScript components
• GitHub Check: Verify TypeScript components
• GitHub Check: pnpm publish

🔇 Additional comments (3)

components/verdict_as_a_service/actions/request-verdict-for-file/request-verdict-for-file.ts (1)

8-13: LGTM!

The version bump and MCP annotations are appropriate for this file scanning action. The annotation values correctly indicate that the action makes external API calls (openWorldHint: true) but doesn't modify user data destructively.

components/verdict_as_a_service/app/verdict_as_a_service.app.ts (1)

21-37: Authentication flow refactor looks correct, but verify compatibility with gdata-vaas 7.7.3.

The refactored authentication flow correctly implements the ClientCredentialsGrantAuthenticator pattern, which is the recommended approach for server-to-server integrations. The async change is backward compatible since the caller already awaits getClient() at line 39.

However, verify that this implementation is compatible with gdata-vaas version 7.7.3, especially given concerns about that version's availability (see package.json review).

Based on learnings.

components/verdict_as_a_service/package.json (1)

19-19: Confirm gdata-vaas major version bump and pin is intended
The dependency was upgraded from ^2.2.7 to 7.7.3 (exact pin). Version 7.7.3 exists—please verify this major jump introduces no breaking changes and that exact pinning aligns with your versioning policy.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

components/verdict_as_a_service/app/verdict_as_a_service.app.ts (1)

28-36: Trailing comma issue resolved; authentication flow follows SDK best practices.

The missing trailing comma flagged in the previous review has been fixed on line 31. The new authentication flow correctly implements the recommended pattern from the gdata-vaas SDK documentation.

Based on learnings

Consider adding error handling to provide clearer diagnostics if authentication or connection fails:

 async getClient() {
   const {
     client_id: clientId,
     client_secret: secret,
     token_url: tokenUrl,
     vaas_url: url = VAAS_URL,
   } = this.$auth;
+  
+  try {
     const authenticator = new ClientCredentialsGrantAuthenticator(
       clientId,
       secret,
       tokenUrl,
     );
     const token = await authenticator.getToken();
     const vaas = new Vaas();
     await vaas.connect(token, url);
     return vaas;
+  } catch (error) {
+    throw new Error(`Failed to connect to VaaS: ${error.message}`);
+  }
 },

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 12be095 and 7846819.

📒 Files selected for processing (1)

• components/verdict_as_a_service/app/verdict_as_a_service.app.ts (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: pnpm publish
• GitHub Check: Lint Code Base
• GitHub Check: Verify TypeScript components
• GitHub Check: Publish TypeScript components

🔇 Additional comments (3)

components/verdict_as_a_service/app/verdict_as_a_service.app.ts (3)

7-7: LGTM!

The import of ClientCredentialsGrantAuthenticator is correct and necessary for the new authentication flow.

---

21-21: LGTM!

The async method signature is appropriate, as the new authentication flow requires awaiting token retrieval and connection establishment.

---

38-49: LGTM!

The method correctly awaits the async getClient() and properly handles resource cleanup in the finally block.

[js07]

LGTM