[generate_manifest] deprecate the former workflow & improve the script

[GabrielDrapor]

PR Type

Enhancement

---

Description

• Improved manifest generation script with better installation validation

• Deprecated old workflow in favor of enhanced script

• Enhanced schema examples and validation process

• Added debug logging for installation validation

---

Diagram Walkthrough

flowchart LR
  A["Old Workflow"] -- "deprecated" --> B["Enhanced Script"]
  B -- "improved validation" --> C["Better Installation Detection"]
  B -- "enhanced examples" --> D["Accurate Schema Format"]

Loading

File Walkthrough

	Relevant files
Enhancement	get_manifest.py Enhanced manifest generation with better validation            scripts/get_manifest.py Enhanced installation validation with improved schema examples Added comprehensive Docker and NPX installation examples Simplified validation rules and improved error handling Added debug logging for before/after manifest comparison +67/-38
Configuration changes	mcp-server-info-bot.yml Deprecated workflow marking                                                            .github/workflows/mcp-server-info-bot.yml Marked workflow as deprecated in the name +1/-1

---

Summary by CodeRabbit

• New Features

  • Manifest now uses a unified installations array for setup entries, improving consistency across installation methods.
  • Enhanced validation enforces exact argument matching and clearer schema compliance.

• Documentation

  • Examples and guidance updated to illustrate the new installations array format and validation expectations.

• Refactor

  • Internal validation flow streamlined to build and persist cleaned installation entries.

• Chores

  • CI workflow renamed to indicate deprecation status; no behavioral changes to jobs or permissions.

[coderabbitai]

Walkthrough

Renames a GitHub Actions workflow display name to mark deprecation. Updates scripts/get_manifest.py to adopt an installations array format, adjust validation wording and processing, build cleaned_installations, reassign to manifest.installations when valid, and add before/after debug logging. No public function signatures changed.

Changes

Cohort / File(s)	Summary
Workflow metadata .github/workflows/mcp-server-info-bot.yml	Renamed workflow “name” from “MCP Server Info Bot” to “[DEPRECATED] MCP Server Info Bot”; no other changes.
Manifest generation/validation flow scripts/get_manifest.py	Switched to installations[] structure; updated validation instructions/rules (exact args), constructed cleaned_installations from validated entries, reassigned to manifest.installations when present, and added pre/post validation debug logs; no API surface changes.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer/CI
  participant GM as get_manifest.py
  participant VAL as Validator (API/LLM)
  participant SCH as Schema & Rules

  Dev->>GM: Run manifest generation
  GM->>GM: Build draft manifest
  GM->>GM: Log "Before: …"
  GM->>VAL: Submit validation request (expect installations[])
  VAL->>SCH: Check schema + exact-args rules
  SCH-->>VAL: Validated entries or errors
  VAL-->>GM: Validation result (installations[])
  alt Valid entries present
    GM->>GM: Build cleaned_installations
    GM->>GM: manifest.installations = cleaned_installations
  else No valid entries
    GM->>GM: Leave manifest.installations unchanged/empty
  end
  GM->>GM: Log "After: …"
  GM-->>Dev: Output final manifest

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat: add script and workflow for contributing registry #233 — Similar refactor to installations structure/validation and related generation workflow.
• [generate_manifest] improve registry workflow #244 — Adjusts manifest.installations handling/validation within generate/validate flow.

Suggested labels

Review effort 2/5

Poem

I thump my paws—install lists align,
Arrays of steps in tidy line.
Before and after, logs do chime,
Exact args set, we’re right on time.
The bot now marked to rest its head—
New carrots grown; old paths shed. 🥕✨

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch Jiarui/smart-registry-workflow

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[qodo-merge-pro]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 Security concerns Potential information exposure: The added before/after manifest prints may include environment variable names and values if present. While examples show placeholders, real runs could leak sensitive data into logs. Consider redacting env values or adding a debug flag to control verbosity.

⚡ Recommended focus areas for review Schema Consistency The installation examples embed environment variable placeholders as "${YOUR_API_KEY_HERE}" in the final installations output, which may not match your manifest schema expectations (previous examples used plain placeholders). Verify the registry schema requires or allows this interpolation style and that consumers will parse it correctly. "installations": [ {{ "type": "docker", "command": "docker", "args": [ "run", "-i", "--rm", "-e", "BRAVE_API_KEY", "mcp/brave-search" ], "env": {{ "BRAVE_API_KEY": "${{YOUR_API_KEY_HERE}}" }} }}, {{ "type": "npm", "command": "npx", "args": [ "-y", "@modelcontextprotocol/server-brave-search" ], "env": {{ "BRAVE_API_KEY": "${{YOUR_API_KEY_HERE}}" }} }} ] Prompt Robustness The new README-tagged example block mixes narrative markers like "" and "From the example README, you should get:". Ensure downstream LLM or parser handling this prompt won’t misinterpret these markers or return them verbatim in outputs. <README> Docker {{ "mcpServers": {{ "brave-search": {{ "command": "docker", "args": [ "run", "-i", "--rm", "-e", "BRAVE_API_KEY", "mcp/brave-search" ], "env": {{ "BRAVE_API_KEY": "YOUR_API_KEY_HERE" }} }} }} }} NPX {{ "mcpServers": {{ "brave-search": {{ "command": "npx", "args": [ "-y", "@modelcontextprotocol/server-brave-search" ], "env": {{ "BRAVE_API_KEY": "YOUR_API_KEY_HERE" }} }} }} }} </README> From the example README, you should get: {{ "installations": [ {{ "type": "docker", "command": "docker", "args": [ "run", "-i", "--rm", "-e", "BRAVE_API_KEY", "mcp/brave-search" ], "env": {{ "BRAVE_API_KEY": "${{YOUR_API_KEY_HERE}}" }} }}, {{ "type": "npm", "command": "npx", "args": [ "-y", "@modelcontextprotocol/server-brave-search" ], "env": {{ "BRAVE_API_KEY": "${{YOUR_API_KEY_HERE}}" }} }} ] }} Verbose Logging Printing full manifests before and after validation can bloat logs and expose sensitive env placeholders. Consider gated debug logging or truncation for large manifests. print(f"Before: {json.dumps(manifest, indent=2)}") manifest = validate_installations(manifest, args.repo_url) print(f"After: {json.dumps(manifest, indent=2)}")

[qodo-merge-pro]

CI Feedback 🧐

(Feedback updated until commit 709eae1)

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: codex

Failed stage: Run Codex [❌]

Failure summary: The action failed because the permission check for the GitHub App user qodo-merge-pro[bot] did not pass. - The script fetched the collaborator permission via gh api "/repos/${GITHUB_REPOSITORY}/collaborators/qodo-merge-pro[bot]/permission" | jq -r '.permission' and stored it in PERMISSION. - It then exited with status 1 because PERMISSION was neither admin nor write (if [[ "$PERMISSION" != "admin" && "$PERMISSION" != "write" ]]; then exit 1; fi). - This caused the step to fail with exit code 1.

Relevant error logs: 1: ##[group]Runner Image Provisioner 2: Hosted Compute Agent ... 116: ##[endgroup] 117: ##[group]Run set -euo pipefail 118: �[36;1mset -euo pipefail�[0m 119: �[36;1m�[0m 120: �[36;1mPERMISSION=$(gh api \�[0m 121: �[36;1m "/repos/${GITHUB_REPOSITORY}/collaborators/qodo-merge-pro[bot]/permission" \�[0m 122: �[36;1m | jq -r '.permission')�[0m 123: �[36;1m�[0m 124: �[36;1mif [[ "$PERMISSION" != "admin" && "$PERMISSION" != "write" ]]; then�[0m 125: �[36;1m exit 1�[0m 126: �[36;1mfi�[0m 127: shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0} 128: env: 129: GH_TOKEN: *** 130: ##[endgroup] 131: ##[error]Process completed with exit code 1. 132: Post job cleanup.

[qodo-merge-pro]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Organization best practice	Route debug logs to stderr Send debug/status logs to stderr so they don't contaminate stdout, which may be consumed as data by other tools. Use sys.stderr.write or the logging module with proper stream configuration. scripts/get_manifest.py [318-320] -print(f"Before: {json.dumps(manifest, indent=2)}") +sys.stderr.write(f"Before: {json.dumps(manifest, indent=2)}\n") manifest = validate_installations(manifest, args.repo_url) -print(f"After: {json.dumps(manifest, indent=2)}") +sys.stderr.write(f"After: {json.dumps(manifest, indent=2)}\n") Apply / Chat Suggestion importance[1-10]: 6 __ Why: Relevant best practice - Prefer reading and printing subprocess/application logs from stderr rather than stdout to avoid mixing logs with data output.	Low
Possible issue	Remove GitHub expression syntax Avoid embedding GitHub Actions expression syntax in JSON examples; many JSON parsers or downstream tools may treat ${{...}} specially or cause confusion. Use a plain placeholder string to ensure valid, portable JSON. scripts/get_manifest.py [207] -"BRAVE_API_KEY": "${{YOUR_API_KEY_HERE}}" +"BRAVE_API_KEY": "YOUR_API_KEY_HERE" Apply / Chat Suggestion importance[1-10]: 5 __ Why: The suggestion correctly identifies that using ${{...}} syntax is inconsistent with other examples in the file and could be confusing, so replacing it with a plain placeholder improves clarity.	Low
General	Fix schema rule wording The sentence is grammatically incorrect and could mislead the LLM; it should specify "arguments". Clarify to ensure the assistant preserves all arguments exactly as shown. scripts/get_manifest.py [234] -- Use exact argument from README (don't guess or modify) +- Use exact arguments from README (don't guess or modify) Apply / Chat Suggestion importance[1-10]: 2 __ Why: The suggestion proposes a minor grammatical correction from "argument" to "arguments", which is a valid but very low-impact improvement to the prompt text.	Low
More

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

scripts/get_manifest.py (1)

234-240: Resolve contradictory rules and correct return shape to an array.

The prompt says “Use exact arguments” but then forces “-y” for npx. Also it asks to return a map while examples show an array. Align the rules to avoid the model producing output your code rejects.

-CRITICAL RULES:
-- Use exact argument from README (don't guess or modify)
-- Match the schema format as shown in examples
+CRITICAL RULES:
+- Use exact arguments from README (don't guess or modify)
+- Match the schema format as shown in examples
 - Include ALL installation methods mentioned in README
 - Remove installation methods NOT mentioned in README
-- For npx: always use type "npm" with command "npx" and args ["-y", "package-name"]
+-- For npx: set type "npm" and command "npx"; use args exactly as shown in README (do not force "-y")
 
-Return ONLY: {"installations": {{...}}}
+Return ONLY: {"installations": []}

Additionally, update the validator to accept an array and not require “-y” unconditionally (outside the selected lines):

# In validate_installations(), replace mapping logic with list handling
validated = validated_data.get("installations")
if isinstance(validated, list):
    cleaned_installations = []
    for entry in validated:
        install_type = entry.get("type")
        if validate_installation_entry(install_type, entry):
            cleaned_installations.append(entry)
        else:
            print(f"⚠ Removing invalid {install_type} installation entry")
    if cleaned_installations:
        print("✓ Installations validated and corrected")
        manifest["installations"] = cleaned_installations
    else:
        print("⚠ No valid installations found, keeping original")
    return manifest

print("⚠ Validation failed, keeping original installations")
return manifest

# In validate_installation_entry(), relax npx rule and strengthen args length
if install_type == "npm":
    if entry.get("command") != "npx":
        return False
    args = entry.get("args", [])
    if not isinstance(args, list) or not args:
        return False
    # Do not force '-y'; just require the package is present somewhere
    if not any(isinstance(a, str) and a.startswith("@") for a in args):
        return False

🧹 Nitpick comments (1)

scripts/get_manifest.py (1)

318-320: Avoid dumping secrets to logs; redact env values in Before/After.

Manifests may include API keys in the env map. Redact before logging.

-print(f"Before: {json.dumps(manifest, indent=2)}")
+print(f"Before: {json.dumps(redact_manifest_for_logging(manifest), indent=2)}")
 manifest = validate_installations(manifest, args.repo_url)
-print(f"After: {json.dumps(manifest, indent=2)}")
+print(f"After: {json.dumps(redact_manifest_for_logging(manifest), indent=2)}")

Add this helper (outside the selected lines):

def redact_manifest_for_logging(m: dict) -> dict:
    def _redact(obj):
        if isinstance(obj, dict):
            redacted = {}
            for k, v in obj.items():
                if k == "env" and isinstance(v, dict):
                    redacted[k] = {ek: "<redacted>" for ek in v.keys()}
                else:
                    redacted[k] = _redact(v)
            return redacted
        if isinstance(obj, list):
            return [_redact(x) for x in obj]
        return obj
    return _redact(m)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between b32526b and 709eae1.

📒 Files selected for processing (2)

• .github/workflows/mcp-server-info-bot.yml (1 hunks)
• scripts/get_manifest.py (3 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.py

📄 CodeRabbit Inference Engine (CLAUDE.md)

Always format Python code with ruff.

Files:

• scripts/get_manifest.py

🪛 YAMLlint (1.37.1)

.github/workflows/mcp-server-info-bot.yml

[error] 1-1: syntax error: expected , but found ''

(syntax)

[coderabbitai]

⚠️ Potential issue

Quote the workflow name to fix YAML syntax error.

Unquoted square brackets are parsed as a flow sequence in YAML. YAMLlint’s error aligns with this. Quote the name to keep it a plain string.

-name: [DEPRECATED] MCP Server Info Bot
+name: "[DEPRECATED] MCP Server Info Bot"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	name: [DEPRECATED] MCP Server Info Bot
	name: "[DEPRECATED] MCP Server Info Bot"

🧰 Tools

🪛 YAMLlint (1.37.1)

[error] 1-1: syntax error: expected , but found ''

(syntax)

🤖 Prompt for AI Agents

.github/workflows/mcp-server-info-bot.yml lines 1-1: the workflow name contains
unquoted square brackets which YAML parses as a flow sequence; fix by
surrounding the entire name value in quotes (single or double) so it is treated
as a plain string, e.g., replace the unquoted name with a quoted string
containing the same text.

[coderabbitai]

⚠️ Potential issue

Fix f-string brace escaping; this block will not compile as written.

The multi-line f-string contains many literal JSON braces that aren’t escaped. Python requires doubling braces inside f-strings, otherwise you get a SyntaxError at import time. Also, the example/return-shape messaging mixes array vs. map forms for "installations". Replace the large JSON example with a prebuilt string and inject it via a single {examples_block} placeholder.

Apply this focused diff to eliminate the brace-escape problem and keep the string readable:

- INSTALLATION SCHEMA EXAMPLES:
-<README> Docker
-{
-  "mcpServers": {{
-    "brave-search": {{
-      "command": "docker",
-      "args": [
-        "run",
-        "-i",
-        "--rm",
-        "-e",
-        "BRAVE_API_KEY",
-        "mcp/brave-search"
-      ],
-      "env": {{
-        "BRAVE_API_KEY": "YOUR_API_KEY_HERE"
-      }}
-    }}
-  }}
-}
-NPX
-{
-  "mcpServers": {{
-    "brave-search": {{
-      "command": "npx",
-      "args": [
-        "-y",
-        "@modelcontextprotocol/server-brave-search"
-      ],
-      "env": {{
-        "BRAVE_API_KEY": "YOUR_API_KEY_HERE"
-      }}
-    }}
-  }}
-}
-</README>
-From the example README, you should get:
-{
-  "installations": [
-    {{
-      "type": "docker",
-      "command": "docker",
-      "args": [
-        "run",
-        "-i",
-        "--rm",
-        "-e",
-        "BRAVE_API_KEY",
-        "mcp/brave-search"
-      ],
-      "env": {{
-        "BRAVE_API_KEY": "${{YOUR_API_KEY_HERE}}"
-      }}
-    }},
-    {{
-      "type": "npm",
-      "command": "npx",
-      "args": [
-        "-y",
-        "@modelcontextprotocol/server-brave-search"
-      ],
-      "env": {{
-        "BRAVE_API_KEY": "${{YOUR_API_KEY_HERE}}"
-      }}
-    }}
-  ]
-}
+ INSTALLATION SCHEMA EXAMPLES:
+{examples_block}

Add this helper (outside the selected lines) before constructing payload inside validate_installations:

from textwrap import dedent  # at top-level imports

# inside validate_installations(), just before 'payload = {...}'
examples_block = dedent("""
<README> Docker
{
  "mcpServers": {
    "brave-search": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "BRAVE_API_KEY",
        "mcp/brave-search"
      ],
      "env": {
        "BRAVE_API_KEY": "YOUR_API_KEY_HERE"
      }
    }
  }
}
NPX
{
  "mcpServers": {
    "brave-search": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-brave-search"
      ],
      "env": {
        "BRAVE_API_KEY": "YOUR_API_KEY_HERE"
      }
    }
  }
}
</README>
From the example README, you should get:
{
  "installations": [
    {
      "type": "docker",
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "BRAVE_API_KEY",
        "mcp/brave-search"
      ],
      "env": {
        "BRAVE_API_KEY": "${YOUR_API_KEY_HERE}"
      }
    },
    {
      "type": "npm",
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-brave-search"
      ],
      "env": {
        "BRAVE_API_KEY": "${YOUR_API_KEY_HERE}"
      }
    }
  ]
}
""")

🤖 Prompt for AI Agents

In scripts/get_manifest.py around lines 157-223, the multi-line f-string
contains unescaped JSON braces causing SyntaxError; replace the large inline
f-string with a normal raw/regular string built via textwrap.dedent assigned to
examples_block just before constructing payload inside validate_installations,
add "from textwrap import dedent" to top-level imports, and then use the single
{examples_block} placeholder in the payload string instead of embedding the JSON
with braces directly so no f-string brace escaping is required.

[mcpm-semantic-release]

🎉 This PR is included in version 2.7.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀