UiPath · radu-mocanu · Jul 21, 2025 · Jul 21, 2025 · Jul 21, 2025 · Jul 21, 2025
diff --git a/.github/workflows/publish.yml → .github/workflows/cd.yml b/.github/workflows/publish.yml → .github/workflows/cd.yml
@@ -9,7 +9,10 @@
       - pyproject.toml
 
 jobs:
+  lint:
+    uses: ./.github/workflows/lint.yml
+
   build:
     name: Build
     runs-on: ubuntu-latest


diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,22 @@
+name: CI
+
+permissions:
+  contents: read
+
+on:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - pyproject.toml
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  commit-lint:
+    if: ${{ github.event_name == 'pull_request' }}
+    uses: ./.github/workflows/commitlint.yml
+
+  lint:
+    uses: ./.github/workflows/lint.yml
diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml
@@ -0,0 +1,47 @@
+name: Commit Lint
+
+on:
+  workflow_call
+
+jobs:
+  commitlint:
+    name: Commit Lint
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        with:
+          node-version: 22
+
+      - name: Install Git
+        run: |
+          if ! command -v git &> /dev/null; then
+              echo "Git is not installed. Installing..."
+              sudo apt-get update
+              sudo apt-get install -y git
+          else
+              echo "Git is already installed."
+          fi
+
+      - name: Install commitlint
+        run: |
+          npm install conventional-changelog-conventionalcommits
+          npm install commitlint@latest
+          npm install @commitlint/config-conventional
+
+      - name: Configure
+        run: |
+          echo "export default { extends: ['@commitlint/config-conventional'] };" > commitlint.config.js
+
+      - name: Validate PR commits with commitlint
+        run: |
+          git fetch origin pull/${{ github.event.pull_request.number }}/head:pr_branch
+          npx commitlint --from ${{ github.event.pull_request.base.sha }} --to pr_branch --verbose
@@ -41,7 +41,7 @@
        run: |
          echo "export default { extends: ['@commitlint/config-conventional'] };" > commitlint.config.js
-      - name: Validate PR commits with commitlint
-        run: |
-          git fetch origin pull/${{ github.event.pull_request.number }}/head:pr_branch
-          npx commitlint --from ${{ github.event.pull_request.base.sha }} --to pr_branch --verbose
+      # Removed unsafe checkout and validation of untrusted PR branch.
+      # To safely lint PR commits, run this workflow from a 'pull_request' trigger and only on trusted refs.
+      # If needed, use artifacts to communicate results to privileged workflows.
+      # See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request for safe patterns.
@@ -41,7 +41,7 @@
        run: |
          echo "export default { extends: ['@commitlint/config-conventional'] };" > commitlint.config.js

-      - name: Validate PR commits with commitlint
-        run: |
-          git fetch origin pull/${{ github.event.pull_request.number }}/head:pr_branch
-          npx commitlint --from ${{ github.event.pull_request.base.sha }} --to pr_branch --verbose
+      # Removed unsafe checkout and validation of untrusted PR branch.
+      # To safely lint PR commits, run this workflow from a 'pull_request' trigger and only on trusted refs.
+      # If needed, use artifacts to communicate results to privileged workflows.
+      # See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request for safe patterns.
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -0,0 +1,53 @@
+name: Lint
+
+on:
+  workflow_call
+
+jobs:
+  # Job that runs when custom version testing is enabled - just completes successfully
+  skip-lint:
+    name: Skip Lint (Custom Version Testing)
+    runs-on: ubuntu-latest
+    if: contains(github.event.pull_request.labels.*.name, 'test-core-dev-version')
+    permissions:
+      contents: read
+    steps:
+      - name: Skip lint for custom version testing
+        run: |
+          echo "Custom version testing enabled - skipping normal lint process"
+          echo "This job completes successfully to allow PR merging"
+
+  # Job that runs normal lint process when custom version testing is NOT enabled
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    if: "!contains(github.event.pull_request.labels.*.name, 'test-core-dev-version')"
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup uv
+        uses: astral-sh/setup-uv@v5
+        with:
+          enable-cache: true
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version-file: ".python-version"
+
+      - name: Install dependencies
+        run: uv sync --all-extras
+
+      - name: Check static types
+        run: uv run mypy --config-file pyproject.toml .
+
+      - name: Check linting
+        run: uv run ruff check .
+
+      - name: Check formatting
+        run: uv run ruff format --check .
+
diff --git a/pyproject.toml b/pyproject.toml
@@ -64,6 +64,9 @@ line-ending = "auto"
 plugins = [
   "pydantic.mypy"
 ]
+exclude = [
+    "samples/.*"
+]
 
 follow_imports = "silent"
 warn_redundant_casts = true

diff --git a/samples/github-slack-agent/main.py b/samples/github-slack-agent/main.py
@@ -108,7 +108,9 @@ def system_prompt(state: AgentState) -> AgentState:
 _This review was generated automatically._
 """
 
-                        return [{"role": "system", "content": system_message}] + state["messages"]
+                        return [{"role": "system", "content": system_message}] + state[
+                            "messages"
+                        ]
 
                     agent = create_react_agent(
                         model,

diff --git a/samples/mcp-functions-agent/builder.py b/samples/mcp-functions-agent/builder.py
@@ -180,9 +180,7 @@ async def validator_agent(state: GraphState) -> GraphState:
                 **Example use case:** If the function reads files from disk, your setup function should create a temporary folder and write some files into it. Then, test the function against that folder path.
                 """
 
-                seeder = create_react_agent(
-                    model, tools=tools, prompt=test_case_prompt
-                )
+                seeder = create_react_agent(model, tools=tools, prompt=test_case_prompt)
 
                 test_result = await seeder.ainvoke(state)
 

diff --git a/samples/mcp-functions-server/server.py b/samples/mcp-functions-server/server.py
@@ -5,6 +5,7 @@
 # Initialize the MCP server
 mcp = FastMCP("Code Functions MCP Server")
 
+
 # Functions registry to track dynamically added code functions
 class FunctionRegistry:
     def __init__(self):

diff --git a/src/uipath_mcp/_cli/_runtime/_context.py b/src/uipath_mcp/_cli/_runtime/_context.py
@@ -53,10 +53,10 @@ class UiPathServerType(Enum):
         SelfHosted (3): Tunnel to externally hosted server
     """
 
-    UiPath = 0  # type: int # Processes, Agents, Activities
-    Command = 1  # type: int # npx, uvx
-    Coded = 2  # type: int # PackageType.MCPServer
-    SelfHosted = 3  # type: int # tunnel to externally hosted server
+    UiPath = 0  # Processes, Agents, Activities
+    Command = 1  # npx, uvx
+    Coded = 2  # PackageType.MCPServer
+    SelfHosted = 3  # tunnel to externally hosted server
 
     @classmethod
     def from_string(cls, name: str) -> "UiPathServerType":