feat: expose analysis and indexing tools over MCP#151
Conversation
The MCP server previously exposed only search_code, analyze_impact, get_symbol_context, and query_graph. Wire up the remaining read-only analysis use cases plus repository indexing so AI clients can reach the same capabilities as the CLI: - list_repositories (also serves as stats) - list_features / get_feature / get_impacted_features - file_uses (cross-repo / file dependency edges) - list_clusters / get_file_cluster / architecture_overview - index_repository Each tool delegates to the existing container use cases and serialises the domain result as JSON (architecture_overview returns Markdown). Update the server instructions and README tool table to match.
|
Linter diff in the way? Review this PR in Change Stack to focus on meaningful changes and expand context only when needed. Warning Review limit reached
More reviews will be available in 13 minutes and 8 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughThis PR extends the MCP server with nine new tools for repository analysis: listing repositories with language breakdowns, querying and filtering execution features, analyzing cross-repository file dependencies, inspecting code clusters, generating architecture overviews, and indexing repositories. Documentation and type contracts are added accordingly. ChangesMCP Server Tool Extension
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/connector/adapter/mcp/server.rs`:
- Around line 890-918: The index_repository handler currently passes arbitrary
input.path into use_case.execute; before calling execute, canonicalize the path
(std::fs::canonicalize) and verify it is contained within an allowlist of
trusted roots (e.g., a configured Vec<PathBuf> from
self.container.trusted_roots() or an admin-only gate like
self.container.admin_mode()); also reject paths that escape via symlinks by
comparing the canonicalized path with each allowed_root.canonicalize()? and
ensuring canonicalized_path.starts_with(allowed_root) — if validation fails
return an appropriate McpError (permission_denied or internal_error) instead of
calling use_case.execute, otherwise pass the canonicalized safe path to
use_case.execute.
- Around line 173-175: Clamp the incoming list_features.limit on the server to a
safe maximum instead of trusting the raw MCP param: introduce a
MAX_FEATURES_LIMIT constant and, where the request is handled (references: the
struct field with #[serde(default = "default_features_limit")] pub limit: usize
and the code paths that read list_features.limit), replace direct use of
input.limit with min(input.limit, MAX_FEATURES_LIMIT) and ensure
default_features_limit returns a sane default under that cap; apply the same
clamping change to the other occurrence mentioned (the second list_features
handling block around the other instance).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 1ef6583e-fef0-4e2a-90ec-faad572f5094
📒 Files selected for processing (2)
README.mdsrc/connector/adapter/mcp/server.rs
Address PR review feedback: - Clamp the caller-supplied list_features `limit` to a server-side MAX_FEATURES_LIMIT (100), mirroring search_code's MAX_LIMIT, so a huge value cannot trigger unbounded call-graph traversal and serialization. - Remove the index_repository tool. Indexing an arbitrary filesystem path over MCP is a data-exfiltration risk in public HTTP deployments; keep indexing a CLI-only operation.
2 participants
The MCP server previously exposed only search_code, analyze_impact,
get_symbol_context, and query_graph. Wire up the remaining read-only
analysis use cases plus repository indexing so AI clients can reach the
same capabilities as the CLI:
Each tool delegates to the existing container use cases and serialises
the domain result as JSON (architecture_overview returns Markdown).
Update the server instructions and README tool table to match.
Summary by CodeRabbit
Documentation
New Features