Skip to content

fix(frontend): encode scan id in "View Full Report" link (MCP-2125)#644

Merged
Dumbris merged 1 commit into
mainfrom
fix/mcp-2125-scan-report-link-encode
Jun 13, 2026
Merged

fix(frontend): encode scan id in "View Full Report" link (MCP-2125)#644
Dumbris merged 1 commit into
mainfrom
fix/mcp-2125-scan-report-link-encode

Conversation

@Dumbris

@Dumbris Dumbris commented Jun 12, 2026

Copy link
Copy Markdown
Member

Summary

Fixes Defect B of MCP-2123 (frontend lane): the Security-tab "View Full Report" link 404s for official-registry servers whose names contain a / (e.g. com.pulsemcp/google-flights).

Root cause

Scan ids embed the raw upstream server name, so the id contains a /:
scan-com.pulsemcp/google-flights-1781284446323229000.

The scan-report route is a single segment (/security/scans/:jobId), and the ServerDetail.vue link did not encode the id, so the / split the path and fell through to the catch-all 404.

Fix

  • Add a scanReportPath(jobId) helper in utils/serverRoute.ts that encodeURIComponent()s the id. vue-router v4 decodes the param back on read, so ScanReport.vue needs no manual decode (same class as MCP-1112 / serverDetailPath).
  • Use it in ServerDetail.vue (the bug) and Security.vue (DRY — it was already encoding inline; now shares the helper).
  • Audited all …/security/scans/${…} link sites; api.ts already encodes via getScanReportByJobId.

Tests

frontend/tests/unit/scan-report-route.spec.ts:

  • scanReportPath percent-encodes a /-containing scan id into a single path segment; leaves plain ids untouched.
  • Route round-trip: an encoded scan id resolves to the scan-report route (not the 404 catch-all) and decodes back to the original id.

Verification

  • npx vitest run → 19 files / 156 tests pass (incl. 3 new).
  • npx vue-tsc --noEmit → clean.
  • make build → frontend + Go binary build green (frontend is //go:embed-ed).

Scope

Frontend only (frontend/src/). Backend Defect A is fixed in PR #643.

Related #643

Scan ids embed the raw upstream server name, so official-registry
servers whose names contain '/' (e.g. com.pulsemcp/google-flights)
produce a scan id like scan-com.pulsemcp/google-flights-<ts> with a
'/' in it. The scan-report route (/security/scans/:jobId) is a single
segment, so the unencoded ServerDetail "View Full Report" link split
the path and fell through to the catch-all 404.

Add a scanReportPath() helper that percent-encodes the id (vue-router
v4 decodes it back on read, so ScanReport.vue needs no manual decode)
and use it in both ServerDetail.vue (the bug) and Security.vue (DRY;
was already encoding inline). Same class as MCP-1112 / serverDetailPath.

Adds a vitest covering the encoded link target and a route round-trip.

Related #643
@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying mcpproxy-docs with  Cloudflare Pages  Cloudflare Pages

Latest commit: 9c78586
Status: ✅  Deploy successful!
Preview URL: https://bf78b076.mcpproxy-docs.pages.dev
Branch Preview URL: https://fix-mcp-2125-scan-report-lin.mcpproxy-docs.pages.dev

View logs

@codecov-commenter

Copy link
Copy Markdown

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@github-actions

Copy link
Copy Markdown

📦 Build Artifacts

Workflow Run: View Run
Branch: fix/mcp-2125-scan-report-link-encode

Available Artifacts

  • archive-darwin-amd64 (28 MB)
  • archive-darwin-arm64 (25 MB)
  • archive-linux-amd64 (16 MB)
  • archive-linux-arm64 (14 MB)
  • archive-windows-amd64 (28 MB)
  • archive-windows-arm64 (24 MB)
  • frontend-dist-pr (0 MB)
  • installer-dmg-darwin-amd64 (21 MB)
  • installer-dmg-darwin-arm64 (19 MB)

How to Download

Option 1: GitHub Web UI (easiest)

  1. Go to the workflow run page linked above
  2. Scroll to the bottom "Artifacts" section
  3. Click on the artifact you want to download

Option 2: GitHub CLI

gh run download 27432756831 --repo smart-mcp-proxy/mcpproxy-go

Note: Artifacts expire in 14 days.

@mcpproxy-gatekeeper mcpproxy-gatekeeper Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gatekeeper approval — Codex review verdict: ACCEPT.

This approval is posted automatically by the MCPProxy Gatekeeper App on behalf of the Codex reviewer (verdict of record lives in the Paperclip review thread). Author≠approver satisfied; QA + CI gates enforced separately.

Auto-approved per Model B (MCP-1249).

@Dumbris Dumbris merged commit 2505c19 into main Jun 13, 2026
36 checks passed
@Dumbris Dumbris deleted the fix/mcp-2125-scan-report-link-encode branch June 13, 2026 17:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants