Conversation
Summary of ChangesHello @lvca, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the ArcadeDB server by integrating a new Multi-Cloud Protocol (MCP) server, alongside comprehensive API key and user/group management capabilities. The changes enable programmatic interaction with the server via API tokens and provide a more robust security framework, with corresponding updates to the ArcadeDB Studio for easier administration. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
🧪 CI InsightsHere's what we observed from your CI run for 6ac9b91. 🟢 All jobs passed!But CI Insights is watching 👀 |
There was a problem hiding this comment.
Code Review
This pull request introduces significant new functionality, including an MCP (Machine-Conversation Protocol) server for LLM integration, a robust API key management system, and a comprehensive security management UI in Studio for users, groups, and API tokens. The changes are well-structured, with clear separation of concerns between backend APIs, security logic, and the new MCP components. The inclusion of extensive tests for the new features is commendable. My review focuses on improving the robustness of the MCP command permission checks and fixing a minor bug in the new Studio UI.
| private static OperationType detectCypherOperation(final String upper) { | ||
| // Schema operations in Cypher | ||
| if (upper.contains("CREATE INDEX") || upper.contains("CREATE CONSTRAINT") || upper.contains("DROP INDEX") | ||
| || upper.contains("DROP CONSTRAINT")) | ||
| return OperationType.SCHEMA; | ||
|
|
||
| // Check for write clauses | ||
| final boolean hasCreate = upper.contains("CREATE") && !upper.contains("CREATE INDEX") && !upper.contains("CREATE CONSTRAINT"); | ||
| final boolean hasMerge = upper.contains("MERGE"); | ||
| final boolean hasSet = upper.contains(" SET "); | ||
| final boolean hasDelete = upper.contains("DELETE"); | ||
| final boolean hasRemove = upper.contains("REMOVE"); | ||
|
|
||
| if (hasDelete) | ||
| return OperationType.DELETE; | ||
| if (hasSet || hasMerge) | ||
| return OperationType.UPDATE; | ||
| if (hasCreate) | ||
| return OperationType.INSERT; | ||
|
|
||
| return OperationType.UNKNOWN; | ||
| } |
There was a problem hiding this comment.
The current implementation for detecting write clauses in Cypher queries uses String.contains(), which can lead to incorrect query classification. For example, a read-only query like MATCH (n) WHERE n.name = 'CREATE new things' RETURN n would be misclassified as an INSERT operation because it contains the string "CREATE". This could cause valid read queries to be blocked if insert operations are disabled.
To make the detection more robust, you should match against whole keywords, for example by using regular expressions with word boundaries (\bKEYWORD\b). This will prevent matching substrings within string literals or identifiers.
private static OperationType detectCypherOperation(final String upper) {
// Schema operations in Cypher
if (upper.matches(".*\\b(CREATE|DROP)\\s+(INDEX|CONSTRAINT)\\b.*"))
return OperationType.SCHEMA;
// Check for write clauses using regex for whole words to avoid matching substrings in literals
if (upper.matches(".*\\b(DELETE|REMOVE)\\b.*"))
return OperationType.DELETE;
if (upper.matches(".*\\b(SET|MERGE)\\b.*"))
return OperationType.UPDATE;
if (upper.matches(".*\\bCREATE\\b.*"))
return OperationType.INSERT;
return OperationType.UNKNOWN;
}| ' <a href="#" onclick="removeMCPUser(\'' + | ||
| escapeHtml(users[i]) + | ||
| "')\" class=\"text-white ms-1\"><i class=\"fa fa-times\"></i></a></span>"; |
There was a problem hiding this comment.
There appears to be a syntax error in the string concatenation for the onclick handler. An extra escaped double quote \" is present after the function call parenthesis, which will likely break the removeMCPUser function call by being rendered as a literal quote in the HTML.
| ' <a href="#" onclick="removeMCPUser(\'' + | |
| escapeHtml(users[i]) + | |
| "')\" class=\"text-white ms-1\"><i class=\"fa fa-times\"></i></a></span>"; | |
| ' <a href="#" onclick="removeMCPUser(\'' + | |
| escapeHtml(users[i]) + | |
| '\')" class="text-white ms-1"><i class="fa fa-times"></i></a></span>'; |
| public ApiTokenConfiguration(final String configPath) { | ||
| String path = configPath; | ||
| if (!path.endsWith(File.separator)) | ||
| path += File.separator; | ||
| this.filePath = path + FILE_NAME; |
There was a problem hiding this comment.
The file path is constructed by manually appending file separators. This can be brittle across different operating systems. Using java.nio.file.Paths.get() is a more modern and platform-independent way to construct file paths.
public ApiTokenConfiguration(final String configPath) {
this.filePath = java.nio.file.Paths.get(configPath, FILE_NAME).toString();
}
Code ReviewThis is a substantial PR adding three major features: MCP server integration, API tokens, and user/group management UI in Studio. Overall the implementation is solid and well-structured. Here are my findings: Security Concerns1. Expired API token returns wrong HTTP status (critical) 2. API token stored as plain prefix + UUID (low entropy concern) final String tokenValue = TOKEN_PREFIX + UUID.randomUUID();
3. MCP command-detection bypass via string matching limitations 4. MCP route 5. No rate limiting on API token creation Bugs / Correctness Issues6. existingUser.toJSON().put("databases", databases);
existingUser.toJSON().remove("_databaseCacheCleared");If 7. for (final Map.Entry<String, JSONObject> entry : tokens.entrySet()) {
...
tokens.remove(entry.getKey());
}While 8. 9. result.put("databases", new JSONArray(server.getDatabaseNames()));
Code Quality10. Fully-qualified class name in new com.arcadedb.serializer.json.JSONArray()The CLAUDE.md guidelines explicitly state: "don't use fully qualified names if possible, always import the class." 11. try (final FileWriter writer = new FileWriter(getConfigFile())) {This uses the platform default charset. Use 12. private static final String MCP_URL = "http://127.0.0.1:2480/api/v1/mcp";Other integration tests (e.g., Test Coverage Gaps
Minor Nits
|
Coverage summary from CodacySee diff coverage on Codacy
Coverage variation details
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: Diff coverage details
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: See your quality gate settings Change summary preferencesFootnotes
|
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #3481 +/- ##
==========================================
+ Coverage 63.15% 64.05% +0.89%
==========================================
Files 1299 1321 +22
Lines 86427 87621 +1194
Branches 17789 17965 +176
==========================================
+ Hits 54585 56127 +1542
+ Misses 24102 23615 -487
- Partials 7740 7879 +139 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
PR Review: MCP server + API Keys + User/Groups on StudioThis is a substantial PR adding three major features: an MCP (Model Context Protocol) server, API token authentication, and Studio UI for user/group management. The overall design is solid and the code follows project conventions well. Here are my findings: Security Concerns[Critical] Token value stored in plaintext on disk
[High] MCP command classification is bypassable for some query languages
[Medium] Synthetic group name uses human-readable token name In final String syntheticGroupName = "_apitoken_" + tokenName;If Correctness Issues[Medium] existingUser.toJSON().put("databases", databases);
existingUser.refreshDatabaseNames();
// ...
security.saveUsers();This modifies the in-memory user JSON directly before the save completes. A concurrent request reading the user between the [Low]
[Low] The method is not Code Quality[Medium] Redundant null check with contradictory comment In final var mcpConfig = server.getMCPConfiguration();
if (mcpConfig != null) { // comment: "safety guard (mcpConfig is always initialized)"If [Low] Unlike [Low] Import ordering in
[Low] HTTP 200 returned for resource creation
Test CoverageThe test coverage is comprehensive. A few gaps:
Studio / Frontend
Overall this is well-structured, thoughtfully designed code with good test coverage. The main items worth addressing before merging are: the plaintext token storage concern, the |
Code ReviewThis is a substantial PR adding three significant features: MCP server, API key authentication, and Studio User/Group management. Overall the implementation is well-structured. Here are my observations: Security Issues1. SHA-256 without salt for token hashing ( SHA-256 is used to hash API tokens without a salt. While API tokens are random (UUID-based) and long enough to resist brute-force, adding a salt is defense-in-depth best practice. Consider HMAC-SHA256 with a server-side secret to prevent offline attacks if the token file is exfiltrated. 2. The fallback for unclassified commands is to require all write permissions simultaneously, which is overly restrictive. A better approach would be to throw an explicit error saying the command cannot be classified, prompting the user to switch to a classified language/command. 3. Regex-based SQL/Cypher permission checking is bypassable ( The keyword detection using
The 4. Token prefix length reveals too much (
Design/Architecture Issues5. Race condition in synchronized (security) {
final ServerSecurityUser existingUser = security.getUser(name);
...
existingUser.toJSON().put("databases", databases);
existingUser.refreshDatabaseNames();
}
security.saveUsers(); // <- OUTSIDE the synchronized block
6. Some methods are 7. The original code returned database-specific groups OR the wildcard groups (fallback). The new code merges them. This is a semantic change that could alter existing security permissions for users who intentionally have different group configs for specific databases vs wildcard. This should be explicitly documented as a behavior change and ideally covered by a test. 8. The MCP config endpoint uses Code Quality Issues9. entry.put("tokenPrefix", token.getString("tokenPrefix", "") + "...");Presentational formatting (the 10. For password validation errors, 11. The handler calls Missing Tests12. MCP server has no integration tests The PR adds
13. assertThat(connection.getResponseCode()).isNotEqualTo(200);This accepts any non-200 response including 500 (server error). The test should assert a specific 403 or verify the error response body to confirm it's a permission error and not an unrelated server failure. Minor Issues14. Wildcard imports in The file uses 15. LogManager.instance().log(this, Level.INFO, "MCP %s (user=%s)", method, user.getName());MCP tools can be called frequently by AI agents. Consider 16. final DatabaseInternal db = (DatabaseInternal) httpServer.getServer().getDatabase(dbName);
security.updateSchema(db);
SummaryThe overall architecture is clean and the security fundamentals are sound (root-only access to management endpoints, token hashing, MCP disabled by default, no plaintext token persistence). The main concerns are:
|
Code ReviewThis is a substantial PR adding three major features: MCP server integration, API token authentication, and User/Group management via REST API. Overall, the code is well-structured and follows project conventions. Below is my detailed feedback. Security Concerns1. MCP endpoint authentication gap — In 2. Token stored as UUID — predictability concern final String tokenValue = TOKEN_PREFIX + UUID.randomUUID();
byte[] bytes = new byte[32];
SECURE_RANDOM.nextBytes(bytes);
final String tokenValue = TOKEN_PREFIX + HexFormat.of().formatHex(bytes);3. Tokens file in plain config directory — no file permission hardening
4. MCP In try (final ResultSet resultSet = database.command(language, command)) { ... }Commands are executed directly without an explicit transaction. ArcadeDB auto-commits in this case, but the behavior on error mid-command may differ. Consider wrapping in a transaction for consistency with the rest of the codebase and clearer error semantics. 5. Query injection: The MCP permission check is text-parsing-based, not semantic
The database-level security (user permissions via groups) provides the actual security layer, but the Correctness Issues6. synchronized (security) {
final ServerSecurityUser existingUser = security.getUser(name);
...
existingUser.toJSON().put("databases", databases);
existingUser.refreshDatabaseNames();
}
security.saveUsers();
7. public JSONObject getToken(final String plaintextToken) {
...
if (expiresAt > 0 && expiresAt < System.currentTimeMillis()) {
tokens.remove(hash);
save(); // ← disk write on every auth attempt with an expired token
return null;
}
...
}This causes a disk write on every authentication attempt with an expired token, which could be a DoS vector if an attacker repeatedly sends expired tokens. The 8.
public synchronized void updateFrom(final JSONObject json) { ... }Wait — it is 9. URL routing inconsistency: In .get("/server/api-tokens", new GetApiTokensHandler(this))But tests access Code Quality10. Raw string JSON in error responses Several handlers return raw JSON strings like: return new ExecutionResponse(400, "{\"error\":\"Token parameter is required\"}");This is inconsistent with the rest of the codebase which uses 11.
routes.addExactPath("/api/v1/mcp/config", exchange -> {
if (Methods.GET.equals(exchange.getRequestMethod()))
new GetMCPConfigHandler(...).handleRequest(exchange);
else
new PostMCPConfigHandler(...).handleRequest(exchange);
});Or document this pattern explicitly. 12.
13. The original code fell back to the Test Coverage14. Missing test: MCP disabled returns error There's no test verifying that when MCP is disabled, the endpoint returns the appropriate error. 15. Missing test: The race condition in point #6 is not covered by any test. 16. // Security error — may be 403 or 500 depending on where the exception is caught
assertThat(connection.getResponseCode()).isNotEqualTo(200);This could pass for unrelated errors (network, 404, etc.). Be more specific: Minor Observations
SummaryThe feature set is well-designed and broadly useful. The main items to address before merge are:
Good job on the test coverage — it's comprehensive for a new feature. |
Code Review: MCP Server + API Keys + User/Groups on StudioThis is a substantial and well-structured PR. The implementation is clean, consistent with the codebase conventions, and ships with solid integration test coverage. Here are the notes, organized by severity. Security Issues1. SHA-256 is not suitable for API token hashing ( SHA-256 is a fast hash, which makes it vulnerable to brute-force attacks if the token file is ever compromised. API tokens (like For static bearer tokens, a constant-time HMAC-SHA256 with a server-side secret key is the standard practice. Alternatively, using a slow hash (PBKDF2, bcrypt, or Argon2) would protect the stored hashes. Given that the tokens already have a long UUID component, the risk is low in practice, but worth noting for future token designs. 2.
3. MCP endpoint authentication relies on When MCP is disabled, Correctness Issues4. existingUser.toJSON().put("databases", databases);
existingUser.refreshDatabaseNames();This works only if 5. In Cypher/OpenCypher, 6. The regex patterns use word boundaries ( 7. The method exists but there is no scheduler registered to call it. Expired tokens are only removed lazily (on access via Code Quality Issues8. The fields are marked 9. New route URLs use The existing routes include 10. For consistency with REST conventions and with 11. LogManager.instance().log(this, Level.INFO, "MCP %s (user=%s)", method, user.getName());For production use, Minor Issues12. Not a bug, just a note on package organization. The other MCP handlers ( 13. Deleting a token via 14. The review shows TestsThe test coverage is good —
Missing test coverage:
SummaryThe core design is solid. The API token approach (one-time plaintext display, hash stored at rest) is correct. The MCP server being disabled by default with an explicit opt-in is the right default. The synthetic user/group construction for API token auth is clever. Main items to address before merge:
|
Coverage summary from CodacySee diff coverage on Codacy
Coverage variation details
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: Diff coverage details
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: See your quality gate settings Change summary preferences |
This allows to be more precise in MCP profiling
Code ReviewThis is a substantial PR that introduces an MCP server, API key authentication, and user/group management in Studio. The overall design is solid. Here are my findings: Security Concerns1. MCP routes have no authentication (critical) 2. if (trimmed.startsWith("mutation") || trimmed.startsWith("mutation "))
return Set.of(OperationType.CREATE, OperationType.UPDATE, OperationType.DELETE);The second condition ( 3. API token permissions not enforced in 4. Correctness Issues5. 6. 7. 8. Code Quality / Style9. Missing Apache 2.0 license headers
All source files in this repo have the Apache 2.0 header — please add them for consistency. 10. 11. 12. Test Coverage13. No test for API-token database scope enforcement 14. Minor
|
Code Review: MCP Server + API Keys + User/Groups on StudioThis is a substantial PR adding three major features: an MCP server, API key authentication, and user/group management in Studio. The overall design is sound — in particular, using semantic AST-based Security Concerns1.
// Missing in QueryTool.execute():
ExecuteCommandTool.checkPermission(database, query, language, config);2. The token is read from a query parameter ( 3.
4. SHA-256 is a fast hash — a token file, if stolen, could be brute-forced quickly against a short token namespace. Consider adding a failed-attempt counter per IP, or use PBKDF2/bcrypt for token hashing. Correctness Issues5. The refactored method now merges wildcard ( 6.
7. It's defined but there's no scheduled timer calling it. Expired tokens stay in memory (though rejected at access time) until the next Code Quality8.
9. GraphQL operation type detection is too coarse
10. MongoDB operation type detection uses fragile string matching
11. The MCP spec says notifications don't get a JSON-RPC response. HTTP 204 No Content is more semantically correct than Test Coverage12. Given the permission bypass described above, 13. This works because Minor Nits
|
PR Review: MCP server + API Keys + User/Groups on StudioThis is a substantial PR (~6K lines added) adding three major features: MCP server, API key management, and Studio UI for user/group management. The implementation is well-structured with solid security practices overall. Below are specific observations. MCP ServerPositives:
Issues / Suggestions:
API Token ManagementPositives:
Issues / Suggestions:
User/Group Management HTTP HandlersPositives:
Issues / Suggestions:
OperationType / Query EnginePositives:
Issues / Suggestions:
Test CoverageCoverage is comprehensive: One gap: no test for the brute-force lockout behavior in SummaryThe security fundamentals are solid: hashed token storage, root-only administration, semantic operation analysis via the query parser/AST rather than regex. Main items to address before merge:
|
PR Review: MCP Server + API Keys + User/Groups on StudioThis is a substantial PR adding three major features: an MCP (Model Context Protocol) server, API key authentication, and user/group management endpoints. Overall the implementation is well-structured and security-conscious, but there are several issues worth addressing. Security Issues1. Brute-Force Protection Key is Bypassable ( The attempt key is the hash prefix of the invalid token being submitted: final String attemptKey = ApiTokenConfiguration.hashToken(tokenValue).substring(0, 8);An attacker can bypass the lockout by slightly varying their guesses each time (e.g., appending a counter). Different invalid tokens hash to different prefixes, each with an independent counter — the lockout never triggers for any single "slot." The failure map should be keyed on the client IP address instead, which is the standard approach for rate-limiting. 2. Auth Order in if (!config.isEnabled())
return jsonRpcError(null, -32600, "MCP server is disabled"); // Before auth check!
if (payload == null)
return jsonRpcError(null, -32700, "Parse error"); // Before auth check!
if (user == null || !config.isUserAllowed(user.getName()))
return jsonRpcError(...);An unauthenticated request can probe whether MCP is enabled/disabled. The Additionally, 3. Expired Token Removal in if (expiresAt > 0 && expiresAt < System.currentTimeMillis()) {
tokens.remove(hash); // Does NOT call save()
return null;
}The expired token is removed from memory but not from disk. After a server restart it reappears. Either call Code Quality Issues4. GraphQL Mutation Detection is Fragile ( if (trimmed.startsWith("mutation") || trimmed.startsWith("mutation "))
Consider delegating to the actual GraphQL parser for accurate classification, consistent with how SQL uses the AST. 5. MongoDB Operation Detection Uses String Matching ( if (upper.contains("\"INSERT\"") || upper.contains("\"INSERTONE\"") ...)A value containing the word 6.
7. String name = getQueryParameter(exchange, "name");
if (name == null || name.isBlank())
name = payload.getString("name", "");Accepting the user name from either the query parameter or the request body is inconsistent with other handlers and creates ambiguity when both are present with different values. The OpenAPI spec documents a query parameter — the body fallback should be removed. 8. Logging Query Content at INFO Level ( LogManager.instance().log(this, Level.INFO, "MCP tools/call '%s' %s (user=%s)", toolName, formatArgs(args), ...);
Design Issues9. No Integration Test for MCP Server There are good tests for API tokens ( 10. Double Parsing in Both tools call Minor Issues
What's Good
|
PR Review: MCP server + API Keys + User/Groups on StudioThis is a large, well-structured PR that adds three major features: an MCP (Model Context Protocol) server, API token authentication, and REST endpoints for managing users/groups. The code quality is generally high with good security practices and solid test coverage. Here are my findings: SecurityPositives:
Issues:
Code Quality
Minor Issues
SummaryThis is a substantial and well-thought-out feature addition. The security-sensitive areas (token storage, brute-force protection, root-only admin endpoints) are handled correctly. The main concerns are:
The test coverage is excellent for the new REST endpoints and MCP configuration. Overall, good work. |
Code Review: MCP Server + API Keys + User/Groups on StudioThis is a substantial PR (~6600 additions) adding three major features: an MCP server, API key authentication, and user/group management in Studio. The overall approach is solid and well thought out. Here are my observations: Positive Highlights
Issues and SuggestionsSecurity1. MCP enabled/disabled status leaks to authenticated users The order in 2. final int limit = args.getInt("limit", DEFAULT_LIMIT);A caller could send 3. This is called on every authenticated request. If many expired tokens exist, this could become a write bottleneck under load. Consider deferring removal to Correctness4. Unlike 5. if (json.has("allowedUsers")) {
final JSONArray usersArray = json.getJSONArray("allowedUsers", null);
if (usersArray == null)
return; // silently ignores the remaining fields tooAn explicit 6. if (password.length() < 8)
throw new ServerSecurityException("User password must be at least 8 characters");
7.
8.
Minor Code Style / Design9. Only GET and POST are explicitly handled. PUT/DELETE requests fall through to the POST (config update) path silently. Consider returning 405 for unsupported methods. 10. The comment says this avoids the overhead of 11. Mixed Fields are individually Testing12. getServer(serverIndex).getSecurity().createUser("testuser", "testpass");The security.createUser(new JSONObject().put("name", "testuser").put("password", security.encodePassword("testpassword")));13. No MCP server integration tests Integration tests cover the API token feature well, but there are no tests for MCP HTTP handler functionality (e.g., SummaryWell-architected code that takes security seriously. The main action items:
The MCP server design is clean and the semantic operation type system is a solid foundation for fine-grained access control. |
Code ReviewThis is a substantial and well-structured PR that adds three major features: an MCP server, API key authentication, and Studio UI for user/group management. The overall design is sound. Below are my observations. Security1. Brute-force lockout uses token hash prefix as the key (ServerSecurity.java) The lockout key is // Current (collision-prone)
final String attemptKey = ApiTokenConfiguration.hashToken(tokenValue).substring(0, 8);
// Suggested
final String attemptKey = ApiTokenConfiguration.hashToken(tokenValue);2. Lockout window resets only when the lockout expires, not per request (ServerSecurity.java) The 3.
4. The synthetic user built for an API-token caller has no password. If any downstream code path calls 5. MCPConfiguration allows runtime toggling but no re-auth (MCPHttpHandler.java) The API Design6.
7. The tool receives Code Quality8. The Javadoc claims this avoids the overhead of 9. Duplicate permission-checking overloads in There are two 10. if (!configDir.exists())
configDir.mkdirs(); // return value not checkedIf 11. Wildcard imports in The file uses 12. The contract documented in the Javadoc says "Returns null if direct execution is not supported". Returning Test Coverage13. No test for the brute-force lockout
14. No test for token expiry during an active request The expiry cleanup in 15. MCP permission tests are unit tests only (MCPPermissionsTest.java)
Minor Nits
Overall this is a high-quality addition. The semantic operation-type classification via |
Code Review: MCP Server + API Keys + User/Groups on StudioThis is a substantial PR with three main areas of change: MCP server implementation, API token authentication, and user/group management APIs. Overall the code is well-structured and thought-out. Below are observations across quality, security, correctness, and test coverage. MCP ServerGood:
Issues / Suggestions:
API Token AuthenticationGood:
Issues / Suggestions:
User / Group Management APIsGood:
Issues / Suggestions:
OperationType / Query ClassificationGood:
Issues / Suggestions:
SingletonSet
Bolt Log Level ChangesThe INFO to FINE changes for debug-gated messages are correct. One note: one previously unconditional INFO log (successful BOLT version negotiation) was moved behind the Test CoverageOverall coverage is good. A few gaps:
SummaryThe MCP server design is solid, the security model is well thought-out, and the test coverage is substantial. Main areas for attention before merge:
|
Coverage summary from CodacySee diff coverage on Codacy
Coverage variation details
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: Diff coverage details
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: See your quality gate settings Change summary preferences |
Code ReviewThis is a substantial PR adding three major features: an MCP server, API key authentication, and user/group management in Studio. The overall approach is well-structured and security-conscious. Here are observations by category. SecurityPositive observations:
Concerns:
Code Quality
Performance
Test CoverageThe test coverage is good overall — Missing test scenarios:
Minor Nits
Overall this is solid, well-designed work. The security design around API tokens is particularly good. The main actionable items are: the |
PR Review: MCP Server + API Keys + User/Groups on StudioI've completed a thorough review of PR #3481. This is an excellent addition to ArcadeDB with solid implementation. Below are my findings organized by category. ✅ Overall AssessmentStrong Points:
Code Quality: High - follows project conventions and coding standards 🔒 Security ReviewExcellent Security Practices:
Security Considerations:Minor Issue - Logging Sensitive Data:
Note on Token Hashing:
🐛 Potential Bugs & Issues1. Race Condition in Token CleanupFile: 2. Missing Null ChecksFile: for (int i = 0; i < usersArray.length(); i++) {
String user = usersArray.getString(i);
if (user != null) users.add(user);
}3. Directory Creation Without Error HandlingFile: if (!configDir.exists() && !configDir.mkdirs())
throw new IOException("Failed to create config directory: " + configDir);⚡ Performance ConsiderationsPositive:
Concerns:1. Synchronization Overhead
2. JSON Serialization in Request Path
3. File I/O on Every Config Change
📊 Test CoverageExcellent Coverage:
Missing Test Cases:
🎨 Code Quality & Best PracticesFollowing Project Standards: ✅
Minor Style Issues:1. Inconsistent Error Handling // File: MCPConfiguration.java:80-83
catch (final IOException e) {
LogManager.instance().log(this, Level.WARNING, "Error loading...", e.getMessage());
} catch (final Exception e) {
LogManager.instance().log(this, Level.WARNING, "Corrupt MCP...", e.getMessage());
}Recommendation: Pass exception object, not message: LogManager.instance().log(this, Level.WARNING, "Error loading MCP configuration", e);2. Magic Numbers
3. String Concatenation in Loops
🌐 Studio (Frontend) ReviewNew Files:
Observations:Positive:
Concerns: 1. No XSS Protection Verification // Verify this function exists and properly escapes HTML
function escapeHtml(text) {
// Should escape <, >, &, ", '
}2. Password Validation 3. Sensitive Data in Browser 📝 Documentation & CommentsGood:
Missing:
🔧 Architectural Concerns1. Bolt Protocol Logging ChangeFiles: 2. Query Engine Interface ChangesFiles: 3. ServerSecurity Growing Complexity
🎯 Recommendations SummaryHigh Priority:
Medium Priority:
Low Priority (Nice to Have):
✨ ConclusionThis is a high-quality PR that adds significant value to ArcadeDB. The implementation demonstrates:
The issues identified are minor and mostly relate to defensive programming, documentation, and potential optimizations rather than critical bugs. Recommendation: ✅ APPROVE with minor follow-up items Great work on this feature! The MCP server integration and API token system will be valuable additions to ArcadeDB. Review conducted by Claude Code following ArcadeDB's CLAUDE.md guidelines |
Code Review for PR #3481: MCP Server + API Keys + User/Groups on StudioThis PR adds significant new functionality: an MCP (Model Context Protocol) server, API token authentication, and user/group management UI in Studio. Overall, the implementation is well-structured with good security practices and comprehensive test coverage. Below are my findings organized by category. ✅ StrengthsSecurity
Code Quality
Architecture
🔍 Issues FoundHigh PriorityNone identified - the code appears to be production-ready. Medium Priority
Low Priority
📋 RecommendationsGeneral
Testing
Performance
🎯 Compliance with CLAUDE.md
📊 SummaryThis is a high-quality PR that adds significant functionality with strong attention to security and code quality. The implementation demonstrates good architectural decisions and follows the project's conventions. The issues identified are minor and can be addressed in follow-up commits or accepted as-is given the low risk. Recommendation: ✅ APPROVE with optional improvements suggested above. The code is ready to merge. The suggested improvements are enhancements rather than blockers. Review performed by Claude Code on 2026-02-19 |
PR Review: MCP Server + API Keys + User/Groups ManagementI've completed a comprehensive review of this PR. Overall, this is excellent work with strong security practices, clean architecture, and comprehensive test coverage. 🎯 SummaryOverall Assessment: APPROVED ✅ This PR adds:
The implementation demonstrates thoughtful engineering with multiple defense-in-depth security measures, efficient design patterns, and comprehensive testing. 🔒 Security Review✅ Excellent Security Practices
|
* feat: new MCP server Issue #3460 * chore: moved MCP component from separate module into server * feat: created new api token to use for authentication and MCP server * feat: added users and groups UX in studio * chore: renamed some labels in studio * fix: all concerns from 2 reviews * fix: all findings from latest review * fix: keep token short version for reference * fix: improved discovery of operations types by query languages This allows to be more precise in MCP profiling * fix: implemented recommendation from latest review * fix: addressed latest review * Update the PR from the latest review * fix: implemented suggestions from ltest rview * fix: latest issues found from the review * chore: bolt protocol now logs only if bolt debug is true in global cfg * fix: implemented latest recommendation from review * fix: mcp server last fixed before merging * MCP minor fixes (cherry picked from commit 90665be)
Started with the MCP server, I ended up providing some missing pieces in Studio (manage users and groups). UX can be improved, but it's quite functional.
The MCP server works pretty well, I've tested with Claude desktop from my computer.
The MCP server has zero dependencies a few Kb of code, so I merged into the server. It's disabled by default.