Draft: Modernize exmxc MCP implementation (codex/exmxc-mcp-modernization)#46
Merged
Merged
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
exmxc-workers | 940adb7 | Jul 16 2026, 12:33 AM |
…y, workerd-safe drift check
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
lib/registry.js) so generated surfaces cannot drift from the canonical source.Description
BUILD.versionto2.3.0andBUILD.releasedto2026-07-15, addedMCP_PROTOCOL_VERSIONS, moved per-tool OpenAPI parameter metadata intolib/registry.js, and introducedSCHEMA_RESOURCESandMCP_RESOURCESderived fromDATASETSand registry entries; derived counts: 10 tools, 12 MCP resources.worker.jswith a Workers-native MCP route implementing Accept/Content-Type/Origin/CORS rules, per-request protocol-version validation, resources/list and resources/read support,tools/list/tools/callbehavior driven by the registry,structuredContentemission only for protocol-valid objects, and route-class cache policies vialib/http.js(no-store,no-cache, controlled public`).POST /api/ai-jobs-signalbearer auth usingADS_SIGNAL_KEY, strict POST body checks and no-store caching for paid paths, and introducedvalidateAuditTarget()with HTTPS-only, no-credentials, no IP-literal, no-localhost/special-hosts and length checks before calling the upstream audit service inlib/queries.js.package.json(type: "module") and placeholderpackage-lock.jsonwith dependencies:@modelcontextprotocol/sdk@^1.26.0,agents@^0.0.117,ajv@^8.17.1,zod@^3.25.76; devDeps:@cloudflare/vitest-pool-workers@^0.8.69,vitest@^3.2.4,wrangler@^4.24.3. Added scripts:lint,test,test:workers,validate:json,registry:check,deploy:dry-run; added Workers live acceptance and registry-check scripts and GitHub workflows (.github/workflows/ci.ymland updateddeploy.yml) that gate deploy on verification.lib/registry.js,worker.js,lib/http.js,lib/queries.js,package.json,package-lock.json,.github/workflows/ci.yml,.github/workflows/deploy.yml,scripts/*(live-acceptance, build/check scripts),tests/registry.test.mjs,registry/*(packet/server/SUBMISSION),README.md,SYSTEM_MAP.md.workers/root-discovery/remained untouched; no secrets (e.g. ANTHROPIC_API_KEY or ADS_SIGNAL_KEY) were placed in source files beyond usage of binding names.Testing
scripts/source-check.mjs/rg) passed locally (no occurrences of retired terms or embedded secret assignments in non-exempt paths).tests/registry.test.mjs,scripts/check-registry-packet.mjs,vitestconfig), but the Node/npm-based verification battery could not be executed here because the environment lackednpm/nodeand outbound GitHub access. The CI workflows are present and will run these scripts when executed on GitHub Actions.npm ci,npm run lint,npm test,npm run test:workers,npm run validate:json,npm run registry:check, andnpm run deploy:dry-runcould not run because/bin/bash: line 1: npm: command not foundin this container; network calls to GitHub API (preflight to verify PRs Update name in Wrangler configuration file to match deployed Worker #3, Add ENTITY, Four Forces exposure, and AI Power Index datasets plus SYSTEM_MAP.md #9, Add AI Power datasets, entity/four-forces datasets, and system map #10, Add Four Forces exposure and AI Power Index dataset v1 #20 andgit fetch origin) failed withCONNECT tunnel failed, response 403so preflight PR checks and pushing/creating a real Draft PR could not be completed here.Next steps for reviewers / merge preparation
npm installto produce a real lockfile, then run the full verification battery:npm ci,npm run lint,npm test,npm run test:workers,npm run validate:json,npm run registry:check,npm run deploy:dry-runand inspect GitHub Actions CI on the pushed Draft PR head.McpServerfrom@modelcontextprotocol/sdkandcreateMcpHandlerfrom the Cloudflare agents/mcp package per the public SDK lifecycle; remove any placeholder Worker-native transport only after the SDK integration is validated.Codex Task