Merged
Conversation
* CF * Create pnpm-lock.yaml * checkpoint * Update README.md * OAuth working and monolith split * ditch cache - jose as dev dependency - migrate to .jsonc * fix build runtime * rmv stats gen * rmv extra comments * single import code generation * replace auth validation with zod parse * revert to multiple code gen * add new plugins folder and split type definitions * remove auth, leave only middlewares * no destructuring objects!!! * extract cors building into single util * rmv cloudflare as adapter - handle build output natively * shared deps for cors * rmv jose dep * standard cf workflow * fix zod resolution compatible with workers * fix simpler injected_client_bundles check * server and transport resources correct cleanup * djb2 in uint32 fix * fix cors origin * validate for jsonrpc batch * iscloudflare defined var * fix lock * rmv unused ts directive * rollback generate-stats to fix ci * fix * rmv workers workos example --------- Co-authored-by: valebearzotti <valebearzotti1@gmail.com> Co-authored-by: Valentina Bearzotti <64658886+valebearzotti@users.noreply.github.com>
* compatible middlewares for cloudflare + custom module * disallow RegExp in cf config and pass strings straight through to JOSE
* upd cf dev to rebuild dev server * rmv extra log * concurrently run processes * upd lock
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Rspack Bundle Analysis
Main CompilerSource:
Total emitted JS: 6.31 MB Runtime CompilerSource:
Total emitted JS: 5.34 MB Package Footprint (npm pack + npm install)
|
Summary of ChangesHello @valebearzotti, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly expands the xmcp framework's deployment capabilities by integrating full support for Cloudflare Workers. It provides developers with the tools to build, develop, and deploy xmcp applications directly to the Cloudflare edge, leveraging a new example, dedicated CLI commands, and a refactored internal architecture optimized for the Workers environment. This enhancement broadens the reach and flexibility of xmcp applications. Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces comprehensive support for deploying xmcp servers to Cloudflare Workers. The changes are well-architected, with a clear separation between the Node.js and Cloudflare runtimes. The bundler configuration has been cleverly adapted to produce a single, optimized worker file, and the new stateless HTTP transport is a solid implementation for the edge environment. The addition of a Cloudflare example and updates to create-xmcp-app make it easy for developers to get started.
I've added a couple of review comments with suggestions for minor improvements, including a bug fix in the project scaffolding logic. Overall, this is an excellent feature addition that significantly expands the deployment options for xmcp.
Comment on lines
+68
to
+70
| if (!Array.isArray(tsconfig.compilerOptions.types)) { | ||
| return; | ||
| } |
There was a problem hiding this comment.
The current logic in ensureTsConfig will not add @cloudflare/workers-types to tsconfig.json if the compilerOptions.types array does not already exist. The function returns early if tsconfig.compilerOptions.types is not an array, which includes the case where it is undefined. This can lead to an incomplete setup for users who don't have a types array in their tsconfig.json.
The logic should be adjusted to handle cases where types is missing and create it, or when it exists, to add the new type if it's not already present.
Suggested change
| if (!Array.isArray(tsconfig.compilerOptions.types)) { | |
| return; | |
| } | |
| if (tsconfig.compilerOptions.types === undefined) { | |
| tsconfig.compilerOptions.types = []; | |
| } else if (!Array.isArray(tsconfig.compilerOptions.types)) { | |
| // If `types` exists but is not an array, we can't safely modify it. | |
| return; | |
| } |
Comment on lines
+23
to
+28
| return ( | ||
| `Weather in ${mockWeather.location}:\n` + | ||
| `Temperature: ${mockWeather.temperature}°C\n` + | ||
| `Conditions: ${mockWeather.conditions}\n` + | ||
| `Humidity: ${mockWeather.humidity}%` | ||
| ); |
There was a problem hiding this comment.
For improved readability and maintainability, consider using an array of strings joined by a newline character instead of string concatenation with +. This pattern is often cleaner when building multi-line strings.
Suggested change
| return ( | |
| `Weather in ${mockWeather.location}:\n` + | |
| `Temperature: ${mockWeather.temperature}°C\n` + | |
| `Conditions: ${mockWeather.conditions}\n` + | |
| `Humidity: ${mockWeather.humidity}%` | |
| ); | |
| return [ | |
| `Weather in ${mockWeather.location}:`, | |
| `Temperature: ${mockWeather.temperature}°C`, | |
| `Conditions: ${mockWeather.conditions}`, | |
| `Humidity: ${mockWeather.humidity}%`, | |
| ].join("\n"); |
Greptile Overview
|
| Filename | Overview |
|---|---|
| packages/xmcp/src/runtime/platforms/cloudflare/middlewares/jwt.ts | Added JWT authentication middleware for Cloudflare Workers with support for multiple key formats |
| packages/xmcp/src/runtime/platforms/cloudflare/worker.ts | Implemented stateless Cloudflare Workers fetch handler with middleware support, CORS, and MCP request handling |
| packages/xmcp/src/runtime/transports/http/web-stateless-http.ts | Created Web API-based stateless HTTP transport for Cloudflare Workers with JSON-RPC batching support |
| packages/xmcp/src/compiler/generate-import-code.ts | Implemented platform-specific import generation (static for Cloudflare, dynamic for Node.js) |
| packages/xmcp/src/cli.ts | Added --cf flag for Cloudflare Workers build and dev commands with CF_PAGES environment detection |
| packages/xmcp/package.json | Added cloudflare export, typesVersions, jose dependency, and included src in files array |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Comment on lines
+28
to
+32
| await verifyJwt(token, config); | ||
| return; | ||
| } catch { | ||
| return jsonUnauthorized("Unauthorized: Invalid or expired token"); | ||
| } |
There was a problem hiding this comment.
error details are silently swallowed, making debugging difficult
Suggested change
| await verifyJwt(token, config); | |
| return; | |
| } catch { | |
| return jsonUnauthorized("Unauthorized: Invalid or expired token"); | |
| } | |
| } catch (error) { | |
| console.error("[JWT Auth] Token verification failed:", error); | |
| return jsonUnauthorized("Unauthorized: Invalid or expired token"); | |
| } |
Prompt To Fix With AI
This is a comment left during a code review.
Path: packages/xmcp/src/runtime/platforms/cloudflare/middlewares/jwt.ts
Line: 28:32
Comment:
error details are silently swallowed, making debugging difficult
```suggestion
} catch (error) {
console.error("[JWT Auth] Token verification failed:", error);
return jsonUnauthorized("Unauthorized: Invalid or expired token");
}
```
How can I resolve this? If you propose a fix, please make it concise.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.