Skip to content

mcp: relocate enterprise-mcp as the public mcp revamp (apps/mcp)#1196

Closed
ishaanxgupta wants to merge 30 commits into
mainfrom
graphite-base/1192
Closed

mcp: relocate enterprise-mcp as the public mcp revamp (apps/mcp)#1196
ishaanxgupta wants to merge 30 commits into
mainfrom
graphite-base/1192

Conversation

@ishaanxgupta

@ishaanxgupta ishaanxgupta commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

mcp: relocate enterprise-mcp as the public mcp revamp (apps/mcp)

Replaces the old apps/mcp with the enterprise-mcp code (functionality unchanged). package.json: worker supermemory-mcp, catalog deps pinned to explicit versions, portless dev:app. wrangler: name supermemory-mcp, route mcp.supermemory.ai, DO EnterpriseMCP. Builds + boots + OAuth discovery/401/worker-to-api verified locally.

Co-Authored-By: Claude Opus 4.8 (1M context) noreply@anthropic.com

fix: format CSS file to pass Biome CI check

Co-Authored-By: Claude Opus 4.5 noreply@anthropic.com

mcp: rename EnterpriseMCP -> SupermemoryMCP (DO class + branding)

Functionality unchanged; just the name. The DO class is now SupermemoryMCP, which matches the existing supermemory-mcp worker's v1 migration -> the cutover is a no-op, no DO session reset. Demo/mock 'enterprise buyers' text left as-is.

Co-Authored-By: Claude Opus 4.8 (1M context) noreply@anthropic.com

fix: format ternary expression to pass Biome CI check

Co-Authored-By: Claude Opus 4.5 noreply@anthropic.com

mcp: rename listContainerTags tool to listSpaces (consumer-facing)

Consumers think in "spaces", not "container tags". Renames the tool to
listSpaces and updates its description + text output to say "spaces".
Internal plumbing is unchanged: the client method listContainerTags() and
the structuredContent.containerTags key (widget contract) keep their names.

fix mcp oauth resource metadata

fix mcp root transport alias

Merge main into MCP revamp PR

Resolve MCP revamp conflicts by keeping the new server layout, deleting legacy root MCP files, and carrying forward API timeout handling into the new auth/client modules.

Fix MCP widget dark mode readability

Make the widget fall back to dark tokens when the host does not provide an explicit theme, and expand workspace memory count labels from mem/mems to memory/memories.

Co-authored-by: Ishaan Gupta ishaankone@gmail.com

Fix Biome CSS formatting in tokens.css

Consolidate multi-line shadow values to single lines to match Biome formatting rules.

Co-Authored-By: Claude Opus 4.5 noreply@anthropic.com

style(mcp): align widget UI with Nova theme

style(mcp): solidify widget form surfaces

style(mcp): align graph widget surface

fix(mcp): resolve Biome lint and format errors

  • Fix CSS specificity order: move .mcp-widget-glow base rule before
    override selector to satisfy noDescendingSpecificity
  • Remove invalid aria-label from header element
  • Add aria-hidden="true" to decorative SVG instead of role="img"
  • Format multi-line shadow values on single lines per Biome

Co-Authored-By: Claude Opus 4.5 noreply@anthropic.com

Align MCP widget cards with web theme

Preview Cursor MCP widget shell in studio

Use neutral hover states for MCP cards

Use Supermemory loader in MCP widget

Remove icons from MCP workspace cards

Match MCP workspace cards to web style

Match MCP permission pill to web card

Remove MCP status card borders

Match MCP confirmation card style

Polish MCP widget UI

Fix Biome formatting in Button.tsx

Co-Authored-By: Claude Opus 4.5 noreply@anthropic.com

Match MCP widget typography to web

Avoid picker scroll for short workspace lists

Hide picker scrollbar chrome

Tighten MCP picker card spacing

Constrain MCP picker card width


Session Details

  • Session: View Session
  • Requested by: Unknown
  • Address comments on this PR. Add (aside) to your comment to have me ignore it.

Prasanna721 and others added 30 commits June 19, 2026 09:55
Replaces the old apps/mcp with the enterprise-mcp code (functionality unchanged). package.json: worker supermemory-mcp, catalog deps pinned to explicit versions, portless dev:app. wrangler: name supermemory-mcp, route mcp.supermemory.ai, DO EnterpriseMCP. Builds + boots + OAuth discovery/401/worker-to-api verified locally.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Functionality unchanged; just the name. The DO class is now SupermemoryMCP, which matches the existing supermemory-mcp worker's v1 migration -> the cutover is a no-op, no DO session reset. Demo/mock 'enterprise buyers' text left as-is.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Consumers think in "spaces", not "container tags". Renames the tool to
listSpaces and updates its description + text output to say "spaces".
Internal plumbing is unchanged: the client method listContainerTags() and
the structuredContent.containerTags key (widget contract) keep their names.
Resolve MCP revamp conflicts by keeping the new server layout, deleting legacy root MCP files, and carrying forward API timeout handling into the new auth/client modules.
Make the widget fall back to dark tokens when the host does not provide an explicit theme, and expand workspace memory count labels from mem/mems to memory/memories.

Co-authored-by: Ishaan Gupta <ishaankone@gmail.com>
Consolidate multi-line shadow values to single lines to match Biome formatting rules.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix CSS specificity order: move .mcp-widget-glow base rule before
  override selector to satisfy noDescendingSpecificity
- Remove invalid aria-label from header element
- Add aria-hidden="true" to decorative SVG instead of role="img"
- Format multi-line shadow values on single lines per Biome

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
❌ Deployment failed
View logs
supermemory-mcp 440e9e9 Jul 03 2026, 03:24 PM

@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
supermemory-app 440e9e9 Commit Preview URL

Branch Preview URL
Jul 03 2026, 03:25 PM

Copy link
Copy Markdown
Contributor Author

How to use the Graphite Merge Queue

Add the label Main to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

@ishaanxgupta

Copy link
Copy Markdown
Contributor Author

Closing accidental Graphite synthetic-base PR created while repairing stack metadata. The intended replacement PR is #1195 stacked above #1193.

@vorflux vorflux Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Summary

Reviewed — found 4 issue(s). This PR relocates and revamps apps/mcp, replacing the previous MCP worker/UI with a new server tree, auth/cache plumbing, tools/resources, and React widget studio. I reviewed the diff for deployability, type safety, MCP routing/OAuth compatibility, and runtime risks.

Findings

apps/mcp/wrangler.jsonc

  1. The new AUTH_CACHE KV binding uses a placeholder namespace id, so wrangler deploy is not deployable as committed.

apps/mcp/src/widget/hooks/useViewState.ts

  1. The cleanup unregisters @modelcontextprotocol/ext-apps callbacks by assigning undefined, which breaks the configured check-types script.

apps/mcp/src/widget/hooks/useHostContext.ts

  1. The cleanup also assigns undefined to app.onhostcontextchanged, causing the same type-check failure.

apps/mcp/src/server/index.ts

  1. GET / is shadowed by the health route before the intended root MCP alias can handle it.
  2. OAuth protected-resource metadata hardcodes the production MCP resource, breaking non-production/custom-host clients.

Verdict

⚠️ Changes requested. The PR currently has deploy-blocking configuration and type-check failures, plus MCP/OAuth compatibility regressions that should be fixed before landing.


Review with Vorflux

Comment thread apps/mcp/wrangler.jsonc
],

"kv_namespaces": [
{ "binding": "AUTH_CACHE", "id": "REPLACE_WITH_KV_NAMESPACE_ID" }

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This placeholder namespace id makes the Worker undeployable as committed: wrangler deploy will reject REPLACE_WITH_KV_NAMESPACE_ID (or bind to a nonexistent namespace). Since AUTH_CACHE is optional in the code, either remove the binding until the namespace exists or commit the real per-environment KV namespace ids.

}

return () => {
app.ontoolinput = undefined

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

check-types now runs tsc --noEmit -p tsconfig.widget.json, but these @modelcontextprotocol/ext-apps handler properties are typed as callbacks, not undefined. Assigning undefined in cleanup fails type checking for app.ontoolinput, app.ontoolinputpartial, app.ontoolcancelled, and app.ontoolresult; use no-op callbacks or the supported unregister API instead.

app.onhostcontextchanged = handler
return () => {
if (app.onhostcontextchanged === handler) {
app.onhostcontextchanged = undefined

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This cleanup has the same type-safety issue: app.onhostcontextchanged is typed as requiring a callback, so assigning undefined makes the package check-types script fail. Please unregister with a supported API or restore a no-op callback.

}),
)

app.get("/", (c) => {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because app.get("/") is registered before app.all("/"), Hono handles GET / with this JSON health response and never reaches handleMcpRequest(c, "/mcp"). Streamable HTTP/SSE MCP clients configured with the root URL will fail their GET /; move health to another path or route MCP-aware root requests before the health handler.

const apiUrl = c.env.API_URL || DEFAULT_API_URL

return c.json({
resource: DEFAULT_MCP_RESOURCE,

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

resourceMetadata() always advertises https://mcp.supermemory.ai/mcp, while the WWW-Authenticate challenge is derived from the incoming host. Dev, staging, tunnel, and custom-domain clients will see a protected resource that does not match their actual MCP URL; derive resource from the request host/proto or an environment-configured MCP_URL as the previous implementation did.

@vorflux

vorflux Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Testing

Manual/static validation was performed under the review constraint that no automated unit, integration, E2E, CI, or other test suites be run. The widget studio could be started and rendered after setup, but validation found issues with the dev script, local MCP auth challenge scheme, and the Studio light/dark theme toggle.

Commands run:

bun install --frozen-lockfile
cd apps/mcp && bun run dev
bun run dev:widget --host 0.0.0.0
session update-preview-url --url localhost:5173
port expose --port 5173
__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS=hfjikvuio71n.preview.us1.vorflux.com bun run dev:widget --host 0.0.0.0
PORT=8788 bun run dev:app
curl -i http://localhost:8788/
curl -i http://localhost:8788/.well-known/oauth-protected-resource
curl -i http://localhost:8788/.well-known/oauth-protected-resource/mcp
curl -i http://localhost:8788/mcp

Result:

apps/mcp dev script failed:
$ portless
/usr/bin/bash: line 1: portless: command not found
error: script "dev" exited with code 127

Public widget studio preview after allowed-host retry:
status=200 type=text/html bytes=827

GET /mcp without auth returned 401, but local Wrangler advertised:
WWW-Authenticate: Bearer resource_metadata="https://localhost:8788/.well-known/oauth-protected-resource/mcp"

Screenshots:

Recordings:

Preview URL used: https://hfjikvuio71n.preview.us1.vorflux.com/studio.html

Verdict

⚠️ Issues found. Manual/static validation found a broken apps/mcp dev entrypoint and local OAuth challenge mismatch; the widget studio rendered successfully only after using the direct widget dev command and Vite allowed-host override.


Attached Images and Videos

mcp-widget-studio-public-default-fixed.png

mcp-widget-studio-dark.png

mcp-widget-studio-dark-narrow.png

mcp-widget-studio-light-toggle-after-dark.png

mcp-widget-studio-workspace-popover-retry.png

mcp-widget-studio-cursor-views-1.png

mcp-widget-studio-cursor-views-2.png

mcp-widget-studio-public-default.png

🎥 View recording: mcp-widget-studio-manual-fixed.webm

🎥 View recording: mcp-widget-studio-secondary-states.webm

🎥 View recording: mcp-widget-studio-manual.webm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants