fix(server): standardize message server route naming

[standujar]

fix(server): standardize message server route naming

Problem

The api-client package was calling /message-servers/* routes that didn't exist on the server. The server had inconsistent naming with /servers/* routes instead.

Client calls:  POST /message-servers
Server had:    POST /servers          → 404!

Solution

• Renamed /servers/* → /message-servers/*
• Renamed :serverId → :messageServerId
• Added deprecated routes with forwarding for backward compatibility

Routes Changed

Old Route	New Route
POST /servers	POST /message-servers
GET /servers/:serverId/agents	GET /message-servers/:messageServerId/agents
POST /servers/:serverId/agents	POST /message-servers/:messageServerId/agents
DELETE /servers/:serverId/agents/:agentId	DELETE /message-servers/:messageServerId/agents/:agentId

Backward Compatibility

Old routes still work but log deprecation warnings:

[DEPRECATED] POST /servers is deprecated. Use POST /message-servers instead.

Tests

• Added 17 unit tests for route naming conventions
• All 420 server unit tests pass

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/message-servers-route-naming

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Claude encountered an error —— View job

---

I'll analyze this and get back to you.

[claude]

Claude finished @standujar's task —— View job

---

PR Review Complete ✅

Todo List:

• Read and analyze the test file
• Read and analyze the messageServers.ts changes
• Check for critical security issues
• Verify proper testing patterns and coverage
• Check TypeScript types and error handling
• Verify backward compatibility implementation
• Post comprehensive review feedback

Review Results

✅ No critical issues found - All security, testing, and compliance requirements met

💡 SUGGESTION: Enhance type safety → Consider: Create custom error classes instead of generic Error objects for better error handling

💡 SUGGESTION: Extract helper function → Consider: Create shared parameter forwarding logic for deprecated routes (lines 342-344, 360-362, 378-380)

Detailed Analysis

✅ Strengths

• Security: Proper UUID validation and RLS security checks prevent unauthorized access
• Testing: Comprehensive test suite with actual route integration tests (17 tests covering all endpoints)
• TypeScript: Good type safety with proper @elizaos/core imports and no any types
• Error Handling: Structured logging with detailed error context
• Backward Compatibility: Well-implemented deprecated route forwarding with proper warnings
• Code Structure: Clean separation of current vs deprecated routes
• Compliance: Uses bun:test, proper imports, functional patterns

✅ Test Quality

Tests verify actual route behavior with proper HTTP simulation, not just mock objects. Covers:

• UUID validation (400 errors)
• RLS security checks (403 errors)
• Required field validation (400 errors)
• Successful operations (200/201 responses)
• Backward compatibility forwarding

✅ Security Assessment

• No hardcoded keys or credentials
• Proper UUID validation prevents injection attacks
• RLS security model prevents cross-server access
• Structured error responses don't leak sensitive data

Overall Assessment: High-quality implementation with proper security, comprehensive testing, and backward compatibility. Ready for merge.

---

[claude]

Claude finished @standujar's task —— View job

---

PR Review: Standardize Message Server Route Naming ✅

Todo List:

• Read and analyze the test file
• Read and analyze the messageServers.ts changes
• Check for critical security issues
• Verify proper testing patterns and coverage
• Check TypeScript types and error handling
• Verify backward compatibility implementation
• Post comprehensive review feedback

---

Review Results

✅ No critical issues found - All security, testing, and compliance requirements met

💡 SUGGESTION: Enhance type safety → Consider: Create custom error classes instead of generic Error objects for better error handling

💡 SUGGESTION: Extract helper function → Consider: Create shared parameter forwarding logic for deprecated routes (lines 342-344, 360-362, 378-380)

Detailed Analysis

✅ Strengths

• Security: Proper UUID validation and RLS security checks prevent unauthorized access
• Testing: Comprehensive test suite with actual route integration tests (17 tests covering all endpoints)
• TypeScript: Good type safety with proper @elizaos/core imports and no any types
• Error Handling: Structured logging with detailed error context
• Backward Compatibility: Well-implemented deprecated route forwarding with proper warnings
• Code Structure: Clean separation of current vs deprecated routes
• Compliance: Uses bun:test, proper imports, functional patterns

✅ Test Quality

Tests verify actual route behavior with proper HTTP simulation, not just mock objects. Covers:

• UUID validation (400 errors)
• RLS security checks (403 errors)
• Required field validation (400 errors)
• Successful operations (200/201 responses)
• Backward compatibility forwarding

✅ Security Assessment

• No hardcoded keys or credentials
• Proper UUID validation prevents injection attacks
• RLS security model prevents cross-server access
• Structured error responses don't leak sensitive data

Overall Assessment: High-quality implementation with proper security, comprehensive testing, and backward compatibility. Ready for merge.

---

[claude]

Claude finished @standujar's task —— View job

---

PR Review: Standardize Message Server Route Naming ✅

Todo List:

• Read and analyze the test file
• Read and analyze the messageServers.ts changes
• Check for critical security issues
• Verify proper testing patterns and coverage
• Check TypeScript types and error handling
• Verify backward compatibility implementation
• Post comprehensive review feedback

---

Review Results

✅ No critical issues found - All security, testing, and compliance requirements met

💡 SUGGESTION: Enhance type safety → Consider: Create custom error classes instead of generic Error objects for better error handling

💡 SUGGESTION: Extract helper function → Consider: Create shared parameter forwarding logic for deprecated routes (lines 342-344, 360-362, 378-380)

Detailed Analysis

✅ Strengths

• Security: Proper UUID validation and RLS security checks prevent unauthorized access
• Testing: Comprehensive test suite with actual route integration tests (17 tests covering all endpoints)
• TypeScript: Good type safety with proper @elizaos/core imports and no any types
• Error Handling: Structured logging with detailed error context
• Backward Compatibility: Well-implemented deprecated route forwarding with proper warnings
• Code Structure: Clean separation of current vs deprecated routes
• Compliance: Uses bun:test, proper imports, functional patterns

✅ Test Quality

Tests verify actual route behavior with proper HTTP simulation, not just mock objects. Covers:

• UUID validation (400 errors)
• RLS security checks (403 errors)
• Required field validation (400 errors)
• Successful operations (200/201 responses)
• Backward compatibility forwarding

✅ Security Assessment

• No hardcoded keys or credentials
• Proper UUID validation prevents injection attacks
• RLS security model prevents cross-server access
• Structured error responses don't leak sensitive data

Overall Assessment: High-quality implementation with proper security, comprehensive testing, and backward compatibility. Ready for merge.

---