Canary #565
Merged
Canary #565
+9,203
−1,587
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* refactor: enhance layout structure in PromptsTab, ResourcesTab, and ToolsTab components - Wrapped header and content sections in a flex container to improve layout consistency and overflow handling. - Ensured that the UI remains responsive and visually organized across different tabs. * chore: changeset * feat: add enum input display in ToolInputForm component - Introduced a new Select dropdown for enum fields, allowing users to select from predefined options. - Implemented helper functions to resolve JSON schema references and normalize union types for better handling of input schemas.
* feat: Add OAuth examples and enhance authentication flow - Introduced new examples for OAuth integration using Auth0, Supabase, and WorkOS in the mcp-use package. - Added an OAuthCallback component to handle redirects after user authentication. - Enhanced the App component to include routing for OAuth callbacks. - Updated pnpm-lock.yaml and package.json to include the jose library for JWT handling. - Improved context management for HTTP requests to support OAuth flows. - Removed outdated notification example files to streamline the examples directory. * feat: Enhance MCP connection management and add notification examples - Added a `disconnect` method to the MCPConnection interface for better session management. - Updated McpConnectionWrapper to include new connection options for improved user experience. - Implemented connection cleanup logic in McpProvider to handle disconnections properly. - Introduced a new example demonstrating customized notifications for connected clients using the MCP server. - Added a WorkOS AuthKit OAuth example to showcase bearer token authentication and dynamic client registration. * feat: Enhance authentication documentation and add notifications section - Updated the TypeScript client authentication documentation to include new OAuth flow modes (Popup and Redirect). - Added examples for manual authentication triggers and OAuth callback handling. - Introduced a new notifications section in the server documentation with tips and examples for bidirectional notifications. - Included additional tips for complete implementation examples in both notifications and tools documentation. * lint & format * fix: Address linting issues and format code for consistency
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
railway-app
bot
temporarily deployed
to
inspector canary (mcp-use / production)
|
All alerts resolved. Learn more about Socket for GitHub. This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. |
* chore: clean up pnpm workspace and lock file by removing unused packages and examples * chore: update dependencies and improve example scripts - Updated zod and related dependencies to version 4.1.13 in pnpm-lock.yaml and package.json. - Enhanced example scripts by adding notes for required environment variables and removing dotenv imports for clarity. - Refactored code to use local utility functions for JSON schema conversion and UUID generation. - Cleaned up unused dependencies in package.json for the mcp-use package. * chore: update dependencies and improve package configurations - Added `zod` version 4.1.13 to package.json and pnpm-lock.yaml. - Removed unused dependencies from various package.json files in the create-mcp-use-app templates. - Simplified install arguments in the getInstallArgs function for package managers. - Enhanced error handling for optional dependencies in the McpUseProvider and connect-adapter files. - Refactored display functions to dynamically import optional dependencies for improved performance and user experience. * format & lint * chore: changeset
Contributor
Author
|
@claude review the pr |
Contributor
|
Claude finished @tonxxd's task —— View job PR Review: OAuth & MoreThis is a substantial and well-implemented PR that adds comprehensive OAuth 2.0/2.1 authentication to mcp-use. I've reviewed the implementation across 100 changed files and have feedback organized by category. 🎯 Overall AssessmentStatus: ✅ Ready to merge with minor recommendations This PR successfully delivers:
🔒 Security Review✅ Strengths
|
railway-app
bot
temporarily deployed
to
inspector canary (mcp-use / production)
* chore: clean up pnpm workspace and lock file by removing unused packages and examples * chore: update dependencies and improve example scripts - Updated zod and related dependencies to version 4.1.13 in pnpm-lock.yaml and package.json. - Enhanced example scripts by adding notes for required environment variables and removing dotenv imports for clarity. - Refactored code to use local utility functions for JSON schema conversion and UUID generation. - Cleaned up unused dependencies in package.json for the mcp-use package. * chore: update dependencies and improve package configurations - Added `zod` version 4.1.13 to package.json and pnpm-lock.yaml. - Removed unused dependencies from various package.json files in the create-mcp-use-app templates. - Simplified install arguments in the getInstallArgs function for package managers. - Enhanced error handling for optional dependencies in the McpUseProvider and connect-adapter files. - Refactored display functions to dynamically import optional dependencies for improved performance and user experience. * format & lint * chore: changeset * chore: update TypeScript configuration and clean up project files - Removed `.vercel/` from `.prettierignore` and `eslint.config.js` for consistency. - Deleted unused `.trigger` file to streamline project structure. - Adjusted `tsconfig.json` to maintain only necessary package paths. * chore: update pnpm workspace and package configurations - Added new example packages for mcp-use in the pnpm workspace, including client and server examples. - Updated package.json for mcp-use to reflect the new version of @modelcontextprotocol/sdk. - Enhanced McpUseProvider to dynamically load react-router-dom, improving error handling and user experience. - Refactored connect-adapter and mcp-server to utilize createRequire for dynamic imports, ensuring compatibility with user project directories. - Cleaned up pnpm-lock.yaml to include updated dependencies and improve overall project structure. * refactor: clean up whitespace and formatting in McpUseProvider, connect-adapter, and mcp-server files - Removed unnecessary blank lines to improve code readability. - Standardized formatting for better consistency across the codebase.
railway-app
bot
temporarily deployed
to
inspector canary (mcp-use / production)
- Implemented URL format validation in InspectorDashboard and ServerConnectionModal to ensure only valid protocols (http, https, ws, wss) are accepted. - Added error handling with user feedback using toast notifications for invalid URL formats. - Adjusted collapsedSize property in PromptsTab, ResourcesTab, and ToolsTab components for consistent UI behavior.
railway-app
bot
temporarily deployed
to
inspector canary (mcp-use / production)
railway-app
bot
temporarily deployed
to
inspector canary (mcp-use / production)
* Enhance create-mcp-use-app e2e tests (#561) * Add E2E tests for create-mcp-use-app with npm and yarn Co-authored-by: tonxipad <[email protected]> * feat: Add E2E tests for multiple create-mcp-use-app templates Co-authored-by: tonxipad <[email protected]> --------- Co-authored-by: Cursor Agent <[email protected]> Co-authored-by: tonxipad <[email protected]> * fix docs images * fix(inspector): enable minification for smaller build Use esbuild's built-in minifier (minify: true) instead of adding terser. Results in same compression (8.7MB -> 4.9MB, 44% reduction) with faster builds. * chore: changeset * remove test_app --------- Co-authored-by: Enrico Toniato <[email protected]> Co-authored-by: Cursor Agent <[email protected]> Co-authored-by: tonxipad <[email protected]> Co-authored-by: pietrozullo <[email protected]>
railway-app
bot
temporarily deployed
to
inspector canary (mcp-use / production)
railway-app
bot
temporarily deployed
to
inspector canary (mcp-use / production)
* feat(inspector): enhance ConfigurationDialog with model selection and password visibility toggle - Added a combobox for model selection using a Popover and Command components for improved user experience. - Implemented a button to toggle password visibility for the API key input field. - Updated imports to include necessary UI components for the new features. * fix(inspector): correct models and API keys display in inspector chat * feat(inspector): add checkbox support and enhance Markdown rendering - Introduced a new ListItem component to handle task list items with checkboxes in Markdown. - Updated the MarkdownRenderer to support custom table components and improved code block handling. - Added dependencies for @radix-ui/react-checkbox and updated package.json and pnpm-lock.yaml accordingly. - Refined styles in ChatHeader and ChatInputArea for better layout consistency.
railway-app
bot
temporarily deployed
to
inspector canary (mcp-use / production)
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
railway-app
bot
temporarily deployed
to
inspector canary (mcp-use / production)
libraries/typescript/packages/mcp-use/examples/server/oauth/workos/src/server.ts
Fixed
Show fixed
Hide fixed
…and update README for automatic dependency installation (#571)
Signed-off-by: Enrico Toniato <[email protected]>
…ensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Enrico Toniato <[email protected]>
…in permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Enrico Toniato <[email protected]>
* chore(dependencies): update ai package version and add overrides for sugarss - Updated ai package from version 4.3.19 to 5.0.104 in multiple package.json files. - Added sugarss override to package.json files in apps-sdk, mcp-ui, and starter templates for compatibility. * feat(ci): add typescript-deno-test workflow for Deno compatibility testing - Introduced a new CI job to test Deno compatibility for the mcp-use package. - Updated pnpm-lock.yaml and package.json files to reference the latest version of @modelcontextprotocol/sdk from a new URL. - Ensured dependencies are installed and built correctly before running Deno tests. * deno test * fix(ci): update package command from npm to pnpm for Deno testing * refactor(mcp-use): replace LangChainAdapter with createTextStreamResponse for AI SDK compatibility - Updated multiple files to use createTextStreamResponse instead of LangChainAdapter for creating data stream responses. - Enhanced README and example files to reflect the new usage pattern. - Adjusted tests to verify compatibility with the new response handling method. * tests: added deno tests * fix(create-mcp-use-app): parse PORT environment variable to number * tests: exclude deno from vitest
railway-app
bot
temporarily deployed
to
inspector canary (mcp-use / production)
railway-app
bot
temporarily deployed
to
inspector canary (mcp-use / production)
- Introduced steps to create and upload deployment markers for both canary and main branches in the TypeScript release workflow. - The markers indicate successful package publication and are retained for one day.
- Replaced LangChainAdapter with createTextStreamResponse for improved AI SDK compatibility. - Updated README and example files to reflect new usage patterns. - Added Deno compatibility tests and adjusted CI workflow for dependency management. - Fixed PORT environment variable parsing in create-mcp-use-app.
… triggers - Added a validation step to ensure that workflow runs triggered automatically are from the same repository, preventing potential security risks from forked repositories. - Updated conditions for deployment markers to incorporate the new validation step, ensuring only valid runs proceed to deployment.
* chore(cli): update package description for clarity and feature enhancement * fix(ci): update Deno testing workflow to ensure proper dependency installation and execution - Adjusted the CI workflow for Deno compatibility testing to ensure all dependencies are correctly installed before running tests. - Updated commands to use pnpm for consistency across the workflow.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Oauth & more