Skip to content

fix(mcp): sdk ^0.2.0 + drop cast bypasses + amount-unit cross-surface notes (audit SDK-pin, HL-03)#11

Merged
BarisSozen merged 1 commit into
mainfrom
fix/sdk-pin-amount-docs
Jun 10, 2026
Merged

fix(mcp): sdk ^0.2.0 + drop cast bypasses + amount-unit cross-surface notes (audit SDK-pin, HL-03)#11
BarisSozen merged 1 commit into
mainfrom
fix/sdk-pin-amount-docs

Conversation

@BarisSozen

@BarisSozen BarisSozen commented Jun 10, 2026

Copy link
Copy Markdown
Member

Audit Wave-3 PR-10 (mcp part). sdk bumped to the published 0.2.0; both as unknown as bypasses removed (one replaced by a typed TradeStatus enum input on list_my_trades); HL-03 cross-surface unit warnings added to the decimal amount descriptions, mirroring the integer-unit note now in intent-schema. tsc clean, 137/137.

🤖 Generated with Claude Code

@claude
fix(mcp): bump sdk to ^0.2.0, drop cast bypasses, pin amount-unit sem…
01f68d0 
…antics (audit SDK-pin + HL-03)

- @hashlock-tech/sdk ^0.1.4 -> ^0.2.0: the old pin forced 'as unknown as
  SwapClient' and a Parameters<...> cast that suppressed ALL structural
  checking at the facade boundary (type-drift risk flagged by the audit).
  Both casts removed; swapClient is now a plain typed assignment.
- list_my_trades status filter becomes the real TradeStatus enum (the
  free-string input was the reason for one cast and gave agents no
  guidance on valid states).
- HL-03: amount descriptions now carry the cross-surface warning — this
  MCP surface is raw DECIMAL strings; the intents surface (intent-schema/
  ai-sdk) is smallest-unit INTEGER strings. The two LLM-facing surfaces
  previously described the same logical field with opposite units and no
  cross-reference (1e18 mis-scale hazard for agents operating on both).

tsc clean, 137/137 tests.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jun 10, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@BarisSozen, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 50 minutes and 1 second. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: f5686381-2557-449e-b9dc-bbff8f91a76c

📥 Commits

Reviewing files that changed from the base of the PR and between 8593d58 and 01f68d0.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (2)
  • package.json
  • src/index.ts
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/sdk-pin-amount-docs

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@BarisSozen BarisSozen merged commit 39b917c into main Jun 10, 2026
1 of 4 checks passed
@BarisSozen BarisSozen deleted the fix/sdk-pin-amount-docs branch June 10, 2026 21:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@BarisSozen