feat: adds mcp functionality to fullstack app#670
Merged
anthonydmays merged 4 commits intomainfrom Jul 11, 2025
Merged
Conversation
Signed-off-by: Anthony D. Mays <anthony@morganlatimer.com>
There was a problem hiding this comment.
Pull Request Overview
This PR integrates Model Context Protocol (MCP) functionality into the fullstack app by adding new API key–protected MCP routes and a standalone MCP server.
- Adds
isMcpApiRouteto skip Clerk auth on/api/mcpendpoints - Implements CRUD and debug routes under
app/api/mcp/todoswith simple API key authentication - Introduces a separate MCP server (
mcp-server) with tool handlers, API client, tests, and documentation
Reviewed Changes
Copilot reviewed 21 out of 22 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| lib/javascript/fullstack_demo/src/middleware.ts | Added isMcpApiRoute matcher and excluded MCP routes from Clerk protection |
| lib/javascript/fullstack_demo/src/app/api/mcp/todos/route.ts | Created GET/POST handlers with API key auth for todos |
| lib/javascript/fullstack_demo/src/app/api/mcp/todos/[id]/route.ts | Created DELETE/PATCH handlers, path parameter handling |
| lib/javascript/fullstack_demo/src/app/api/mcp/debug/route.ts | Added debug endpoint for MCP readiness |
| lib/javascript/fullstack_demo/mcp-server/src/index.ts | Built MCP server with tool definitions and request handlers |
| lib/javascript/fullstack_demo/mcp-server/src/api-client.ts | Implemented TodoApiClient for communicating with MCP API |
Files not reviewed (1)
- lib/javascript/fullstack_demo/mcp-server/package-lock.json: Language not supported
Comments suppressed due to low confidence (1)
lib/javascript/fullstack_demo/src/app/api/mcp/todos/[id]/route.ts:37
- The DELETE endpoint returns status 200 with a message body. For REST conventions, consider using status 204 No Content and an empty body instead.
return new Response('No content', { status: 200 });
Comment on lines
+47
to
+57
| export async function PATCH(request: Request) { | ||
| const userId = authenticateApiKey(request); | ||
|
|
||
| if (!userId) { | ||
| return new Response('Unauthorized - Invalid API Key', { status: 401 }); | ||
| } | ||
|
|
||
| const todo = await request.json(); | ||
|
|
||
| try { | ||
| const updatedTodo = await todoRepository.patch(todo, userId); |
There was a problem hiding this comment.
The PATCH handler doesn’t accept or extract the id path parameter, so it can’t target a specific todo. Update the signature to PATCH(request: Request, { params }: { params: { id: string } }) and use params.id.
Suggested change
| export async function PATCH(request: Request) { | |
| const userId = authenticateApiKey(request); | |
| if (!userId) { | |
| return new Response('Unauthorized - Invalid API Key', { status: 401 }); | |
| } | |
| const todo = await request.json(); | |
| try { | |
| const updatedTodo = await todoRepository.patch(todo, userId); | |
| export async function PATCH( | |
| request: Request, | |
| { params }: { params: { id: string } } | |
| ) { | |
| const userId = authenticateApiKey(request); | |
| if (!userId) { | |
| return new Response('Unauthorized - Invalid API Key', { status: 401 }); | |
| } | |
| const { id } = params; | |
| const todo = await request.json(); | |
| try { | |
| const updatedTodo = await todoRepository.patch(Number(id), todo, userId); |
Comment on lines
+211
to
+213
| console.error('[MCP] Getting todos...'); | ||
| const todos = await this.apiClient.getTodos(); | ||
| console.error(`[MCP] Retrieved ${todos.length} todos`); |
There was a problem hiding this comment.
[nitpick] Using console.error for standard informational messages may blur error vs info levels. Switch to console.log or use a logging library with levels.
Suggested change
| console.error('[MCP] Getting todos...'); | |
| const todos = await this.apiClient.getTodos(); | |
| console.error(`[MCP] Retrieved ${todos.length} todos`); | |
| console.log('[MCP] Getting todos...'); | |
| const todos = await this.apiClient.getTodos(); | |
| console.log(`[MCP] Retrieved ${todos.length} todos`); |
Signed-off-by: Anthony D. Mays <anthony@morganlatimer.com>
Signed-off-by: Anthony D. Mays <anthony@morganlatimer.com>
Signed-off-by: Anthony D. Mays <anthony@morganlatimer.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Anthony D. Mays anthony@morganlatimer.com