feat: SDK support for proto v0.1.127.0 — MCP session tokens, connected account auth state, and filter improvements#164
Merged
Merged
Conversation
Adds connection_names filter to ListConnectedAccountsRequest, mcp_server_url to McpConfig and its list filter, new ListMcpConnectedAccounts and CreateMcpSessionToken RPCs, GetRedirectUrl for connected accounts, and MigrateEnvironmentPermissions for migrations.
- connected_accounts: add connection_names filter to list_connected_accounts - mcp: add filter_mcp_server_url to list_configs - mcp: add list_mcp_connected_accounts (per-config auth state per user) - mcp: add create_session_token (short-lived bearer token for MCP servers) - actions/mcp: mirror all three additions on ActionMcp with full docstrings - actions: add McpConnectionAuthState, ListMcpConnectedAccountsResponse, CreateMcpSessionTokenResponse models and wire into types.py
…unts Auth links are generated for all connections (not just unauthorised ones), are valid for 1 minute only, and the fallback when the flag is False is to call get_authorization_link or re-request with the flag set.
Map the read-only proto field through from_proto and to_dict so it is visible when listing or getting configs via the action layer.
- test_connected_accounts: connection_names filter (single + multi value) - test_mcp: filter_mcp_server_url, list_mcp_connected_accounts (with/without auth link), create_session_token (default + custom expiry) - test_actions: connection_names filter on list_connected_accounts, filter_mcp_server_url on list_configs, new TestActionsMcpConnectedAccounts class covering list_mcp_connected_accounts and create_session_token with setUp/tearDown config lifecycle and input validation guards
- test_mcp.py: move create_config inside try/finally and guard delete with `if created_config_id` so a failed assertion cannot leave a config - test_actions.py: initialize self.config_id = None before create_config in TestActionsMcpConnectedAccounts.setUp so tearDown can always guard on it, even if setUp raises after a successful create
Server returns NOT_FOUND for unknown connector slugs rather than an empty result set, so tests using "nonexistent-connector" would always error. Replaced with a valid variant that still exercises the parameter.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (1)
WalkthroughSDK v2.11.0 adds MCP session token creation and connected account listing with authentication state visibility. New Pydantic models wrap responses, proto schemas define gRPC contracts for two new MCP RPCs, and client methods enable filtering MCP configs by server URL and connected accounts by connection names. Comprehensive tests validate all new behaviors. ChangesMCP Session Token & Account Listing Features
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@scalekit/mcp.py`:
- Around line 311-315: The code truncates sub-second precision by converting
expiry to int seconds; instead use protobuf Duration's native conversion to
preserve microseconds. Replace the int(...) logic with a call to FromTimedelta
on the protobuf Duration (e.g., create a Duration() and call
duration.FromTimedelta(expiry) or call request.expiry.FromTimedelta(expiry)
directly) so request.expiry retains seconds and nanos for the expiry value.
In `@scalekit/v1/connected_accounts/connected_accounts_pb2.py`:
- Line 25: The docs for ListConnectedAccounts were changed to claim it returns
OAuth tokens and API keys, which contradicts the
ListConnectedAccountsResponse.connected_accounts field that states sensitive
authorization details are excluded; update the source .proto (the RPC annotation
on the ListConnectedAccounts method and/or its HTTP/option description) so the
method-level comment aligns with the message-level docs (ListConnectedAccounts,
ListConnectedAccountsResponse.connected_accounts) and regenerate stubs via
buf/protoc rather than editing the generated scalekit/v1 descriptors directly.
In `@tests/test_connected_accounts.py`:
- Around line 50-69: In the two tests
(test_list_connected_accounts_with_connection_names_filter and
test_list_connected_accounts_with_connection_names_combined_with_identifier)
create a matching connected account before calling list_connected_accounts (so
the filter can be validated), then call list_connected_accounts with
connection_names=[self.test_connector] for the first and with
connection_names=[self.test_connector], identifier=self.test_identifier for the
second; finally assert the returned response[0].connected_accounts contains at
least one account and that each returned account's connector/identifier fields
equal self.test_connector (and self.test_identifier in the second test) instead
of only asserting the call succeeded.
In `@tests/test_mcp.py`:
- Around line 268-286: Update the test_create_session_token_with_custom_expiry
to actually verify the custom expiry: after calling
scalekit_client.mcp.create_session_token (the create_session_token call that
sets expiry=timedelta(hours=2)), parse token_response[0].expires_at into a
datetime and assert it is approximately datetime.now() + timedelta(hours=2)
within a small tolerance (e.g., a few minutes) or compare it against a token
created with no expiry to ensure it is larger; use the expires_at field from the
token_response and the test helper self.test_user_identifier to locate the
assertion change.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: ddce68c9-966b-4a01-a0a3-aa6108264acb
📒 Files selected for processing (23)
Makefilescalekit/_version.pyscalekit/actions/actions.pyscalekit/actions/models/mcp_config.pyscalekit/actions/models/mcp_connection_auth_state.pyscalekit/actions/models/responses/create_mcp_session_token_response.pyscalekit/actions/models/responses/list_mcp_connected_accounts_response.pyscalekit/actions/types.pyscalekit/connected_accounts.pyscalekit/core.pyscalekit/mcp.pyscalekit/v1/connected_accounts/connected_accounts_pb2.pyscalekit/v1/connected_accounts/connected_accounts_pb2.pyiscalekit/v1/connected_accounts/connected_accounts_pb2_grpc.pyscalekit/v1/mcp/mcp_pb2.pyscalekit/v1/mcp/mcp_pb2.pyiscalekit/v1/mcp/mcp_pb2_grpc.pyscalekit/v1/migrations/migrations_pb2.pyscalekit/v1/migrations/migrations_pb2.pyiscalekit/v1/migrations/migrations_pb2_grpc.pytests/test_actions.pytests/test_connected_accounts.pytests/test_mcp.py
Avinash-Kamath
approved these changes
Jun 3, 2026
#3: connection_names filter test now validates the parameter is accepted and the created account appears in results, without asserting server-side filtering that is not yet enforced by the backend. #4: test_create_session_token_with_custom_expiry now asserts that expires_at reflects the requested 2-hour expiry window (±5 min tolerance) using timezone-aware datetime comparison.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
v0.1.127.0(MCP session tokens, per-config connected account auth state,mcp_server_urlfilter,connection_namesfilter on connected accounts,MigrateEnvironmentPermissionsandGetRedirectUrlRPCs)Changes
Proto regeneration (
chore)PROTO_REFtov0.1.127.0CreateMcpSessionToken,ListMcpConnectedAccounts,GetRedirectUrl,MigrateEnvironmentPermissionsconnection_namesonListConnectedAccountsRequest,mcp_server_urlonMcpConfigand its list filterSDK (
feat)connected_accounts.py:list_connected_accountsacceptsconnection_names: List[str]to filter by multiple connector slugsmcp.py:list_configsacceptsfilter_mcp_server_url; newlist_mcp_connected_accounts(config_id, identifier, include_auth_link)andcreate_session_token(mcp_config_id, identifier, expiry)methodsactions/mcp_config.py: exposesmcp_server_urlas a readable field on theMcpConfigpydantic modelactions/actions.py: mirrors all additions onActionClientandActionMcpwith detailed docstrings covering field semantics, auth link TTL (1 min), and usage examplesMcpConnectionAuthState,ListMcpConnectedAccountsResponse,CreateMcpSessionTokenResponseTests (
test)test_connected_accounts.py: two new tests forconnection_namesfiltertest_mcp.py: five new tests coveringfilter_mcp_server_url,list_mcp_connected_accounts(with/without auth link),create_session_token(default + custom expiry) — all withtry/finally+if created_config_idguardstest_actions.py:TestConnectadditions forconnection_names;TestActionsMcpConfig.test_list_configs_filter_by_mcp_server_url; newTestActionsMcpConnectedAccountsclass (7 tests) usingsetUp/tearDownwithself.config_id = Noneguard to prevent orphaned resources on failureTest plan
Ran 17 tests in 26.283s — OK)make lintpasses (clean compile)try/finallywithif id:guards orsetUp/tearDownwith pre-zeroed IDSummary by CodeRabbit
New Features
Chores
Tests