Conversation
|
🧪 Testing To try out this version of the SDK, run: Expires at: Wed, 11 Mar 2026 20:28:14 GMT |
e2f1f5a to
75460ab
Compare
75460ab to
5b23bcc
Compare
5b23bcc to
8174c95
Compare
8174c95 to
0659a21
Compare
0659a21 to
fab7b9d
Compare
fab7b9d to
778d927
Compare
778d927 to
990b768
Compare
990b768 to
1c2c521
Compare
Moves the code-mode execution to an endpoint in the Stainless API.
1c2c521 to
fc63120
Compare
fc63120 to
2b60546
Compare
2b60546 to
2c3af15
Compare
2c3af15 to
5c1e56b
Compare
| method: 'GET', | ||
| headers: { ...(stainlessApiKey && { Authorization: stainlessApiKey }) }, | ||
| }, | ||
| ); |
There was a problem hiding this comment.
Network error in instruction fetch crashes entire server
High Severity
fetchLatestInstructions gracefully handles HTTP error responses (!response.ok) with a fallback, but if fetch() itself throws (network error, DNS failure, timeout), the exception propagates unhandled. Since getInstructions is called inside newMcpServer during server construction — which in HTTP mode sits outside the try-catch in newServer — a network blip to the Stainless instructions API makes the entire MCP server unable to handle any requests. The old newMcpServer was synchronous and never made network calls, so this is a newly introduced failure path.
Additional Locations (1)
This comment has been minimized.
This comment has been minimized.
83d87fb to
2977665
Compare
2977665 to
b4be8cc
Compare
b4be8cc to
8b4e3a7
Compare
8b4e3a7 to
afd603a
Compare
afd603a to
9c19b51
Compare
9c19b51 to
e12ba3d
Compare
e12ba3d to
33c4d50
Compare
| import { McpOptions } from './options'; | ||
|
|
||
| export const parseAuthHeaders = (req: IncomingMessage): Partial<ClientOptions> => { | ||
| export const parseClientAuthHeaders = (req: IncomingMessage, required?: boolean): Partial<ClientOptions> => { |
There was a problem hiding this comment.
Unused variable value in auth header parsing
Low Severity
The value variable is computed from the authorization header but never referenced. The Bearer case on line 13 re-slices the header string independently instead of using value. This is dead code that adds confusion about the intended parsing logic.
|
Bugbot Autofix prepared fixes for 1 of the 1 bugs found in the latest run.
Or push these changes by commenting: Preview (e8798a8b42)diff --git a/packages/mcp-server/src/auth.ts b/packages/mcp-server/src/auth.ts
--- a/packages/mcp-server/src/auth.ts
+++ b/packages/mcp-server/src/auth.ts
@@ -10,7 +10,7 @@
const value = req.headers.authorization.slice(scheme.length + 1);
switch (scheme) {
case 'Bearer':
- return { apiKey: req.headers.authorization.slice('Bearer '.length) };
+ return { apiKey: value };
default:
throw new Error(
'Unsupported authorization scheme. Expected the "Authorization" header to be a supported scheme (Bearer).', |
33c4d50 to
ca6befa
Compare
You can now disable the code tool via a flag, in case your server only needs access to the search_docs capability (useful for coding agents).
updates the agent prompt to prevent a common TypeScript error when accessing object keys
ca6befa to
3047775
Compare
3047775 to
9dfc23f
Compare



Automated Release PR
0.1.0-alpha.10 (2026-02-28)
Full Changelog: v0.1.0-alpha.9...v0.1.0-alpha.10
⚠ BREAKING CHANGES
node /path/to/mcp/serverornpx package-namewill invoke code tools: changing your command to one of these is likely all you will need to do.Features
streamableHTTPApp(a033b07)Bug Fixes
jq_filterto base API (b41959f)Performance Improvements
Chores
actions/github-script(7ada191)compilerOptions.baseUrlfrom tsconfig.json (6e1f08a)actions/checkoutversion (76cea61)docs_searchtool at other URLs (efd6160)Documentation
Refactors
This pull request is managed by Stainless's GitHub App.
The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.
For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.
🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions