Skip to content

test: strengthen coding standards guardrails and consolidate allowlists#572

Draft
cursor[bot] wants to merge 2 commits into
mainfrom
cursor/mcp-server-coding-standards-5b94
Draft

test: strengthen coding standards guardrails and consolidate allowlists#572
cursor[bot] wants to merge 2 commits into
mainfrom
cursor/mcp-server-coding-standards-5b94

Conversation

@cursor

@cursor cursor Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Summary

Audited the codebase against docs/coding-standards.md (the canonical architecture rules). All 83 automated guardrail tests pass, and the full suite (2512 tests) passes after build.

This PR adds a small hardening layer to prevent future drift:

  • tests/coding-standards/allowed-tools.ts — single source of truth for the 11 fixed MCP tool names and handler file paths (previously duplicated across 6 test files)
  • AGENTS.md consistency checks — ensures agent guidance stays aligned with coding standards (11 tools, Zod v4, pnpm standards:check)

Standards compliance review

Rule Status Enforcement
11 consolidated tools only (no new registerTool) architecture.test.ts
Toolsets are pure data (no HarnessClient/Registry/logger) architecture.test.ts
Shared response extractors architecture.test.ts + structural-validation.test.ts
Scope model + no manual scope injection toolset-scope.test.ts, registry-contract.test.ts
identifierFields + operationPolicy on endpoints registry-contract.test.ts
Error handling (toMcpError / errorResult) error-handling.test.ts
No console.log() in src/ architecture.test.ts
Zod v4 + .describe() on inputs architecture.test.ts, registry-metadata.test.ts
Write ops require confirmation registry-metadata.test.ts
Singleton HarnessClient architecture.test.ts
File organization file-organization.test.ts

CI (.github/workflows/ci.yml) runs pnpm standards:check on every PR.

Note on standards snapshot

The automation prompt referenced an older snapshot (10 tools, Zod v3). The current canonical docs (docs/coding-standards.md, AGENTS.md) correctly document 11 tools (including harness_schema) and Zod v4.

Checklist

  • pnpm build passes
  • pnpm typecheck passes
  • pnpm test passes (2512 tests)
  • pnpm standards:check passes (83 tests)
  • No new MCP tool handlers
  • No console.log() in src/
Open in Web View Automation 

thisrohangupta and others added 2 commits July 7, 2026 11:07
Remote clients (e.g. the claude.ai connector) were being prompted to
re-authenticate very frequently. The connection was not actually expiring
— the server was losing the session and returning "Session not found",
which the client surfaces as a re-auth prompt. Two independent causes:

1. Multi-replica with a per-pod in-memory session store and no session
   affinity. Sessions live in a process-local Map, so a request
   load-balanced to a different replica than the one that initialized the
   session 404s. With 2 replicas this hit a large fraction of requests
   ("every prompt"). Set replicas to 1 and add Service sessionAffinity
   ClientIP; document that scaling out requires an externalized session
   store (SDK eventStore) plus sticky ingress.

2. Aggressive 5-minute idle session TTL reaped sessions during normal
   think-time (the connector holds no persistent SSE stream between
   prompts). Raise the default MCP_SESSION_TTL_MS to 30 minutes.

Also add HARNESS_MCP_TRUST_PROXY so per-IP rate limiting keys on the real
client behind a load balancer instead of bucketing all users together.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

AI-Session-Id: b8e26a07-057c-406c-bfde-245eb0c917ae
AI-Tool: claude-code
AI-Model: unknown
- Add tests/coding-standards/allowed-tools.ts as single source of truth
  for the 11 fixed MCP tool handlers and handler file paths
- Refactor coding-standards tests to import shared allowlists
- Add AGENTS.md consistency checks (11 tools, Zod v4, standards:check)
  to prevent regression to outdated 10-tool / Zod v3 snapshots
@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ thisrohangupta
❌ cursoragent
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants