New optimisations

[mendaxfz]

No description provided.

[greptile-apps]

Greptile Summary

This PR adds remote MCP support and new read-only workflow tools. The main changes are:

• Optional bearer-token auth for streamable HTTP deployments.
• ChatGPT-compatible search and fetch tools for generic LinkedIn retrieval.
• Draft-only outreach tools for lead research, message drafting, follow-up planning, and risk review.
• README, Docker Hub docs, manifest, and tests updated for the new tools and auth option.

Confidence Score: 5/5

This looks safe to merge.

• No blocking issues found in the changed code.

_{Reviews (2): Last reviewed commit: "chore: ignore mcp bundle artifacts" | Re-trigger Greptile}

[greptile-apps]

Restrict fetched post URLs

fetch accepts post:<value>, turns absolute URLs into themselves, and then navigates the authenticated browser to that URL. A client can call fetch with post:https://attacker.example/, which makes this LinkedIn fetch tool browse arbitrary external pages instead of only LinkedIn post permalinks. Please validate that absolute post URLs use a LinkedIn host and the expected /feed/update/ path before passing them to extract_page.

Prompt To Fix With AI

This is a comment left during a code review.
Path: linkedin_mcp_server/tools/compat.py
Line: 214-215

Comment:
**Restrict fetched post URLs**

`fetch` accepts `post:<value>`, turns absolute URLs into themselves, and then navigates the authenticated browser to that URL. A client can call `fetch` with `post:https://attacker.example/`, which makes this LinkedIn fetch tool browse arbitrary external pages instead of only LinkedIn post permalinks. Please validate that absolute post URLs use a LinkedIn host and the expected `/feed/update/` path before passing them to `extract_page`.

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

Keep plans aligned

schedule includes every requested cadence day, but drafts is sliced from a fixed three-message list. When a client passes cadence_days=[1, 3, 7, 14], the response contains four schedule entries and only three drafts, so callers cannot pair each follow-up day with a message. Either cap or validate the cadence length, or generate one draft per requested day.

Prompt To Fix With AI

This is a comment left during a code review.
Path: linkedin_mcp_server/tools/outreach.py
Line: 235-237

Comment:
**Keep plans aligned**

`schedule` includes every requested cadence day, but `drafts` is sliced from a fixed three-message list. When a client passes `cadence_days=[1, 3, 7, 14]`, the response contains four schedule entries and only three drafts, so callers cannot pair each follow-up day with a message. Either cap or validate the cadence length, or generate one draft per requested day.

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

Validate character limits

max_chars is accepted without a lower bound, but this helper assumes it is positive. If a caller passes max_chars=0 or a negative value, the slice uses max_chars - 1 and returns a long string with ..., while the response still reports the requested limit. Tiny positive values can also return a string longer than the limit. Add input validation for max_chars or handle small bounds explicitly so draft and connection-note length guarantees hold.

Prompt To Fix With AI

This is a comment left during a code review.
Path: linkedin_mcp_server/tools/outreach.py
Line: 75-79

Comment:
**Validate character limits**

`max_chars` is accepted without a lower bound, but this helper assumes it is positive. If a caller passes `max_chars=0` or a negative value, the slice uses `max_chars - 1` and returns a long string with `...`, while the response still reports the requested limit. Tiny positive values can also return a string longer than the limit. Add input validation for `max_chars` or handle small bounds explicitly so draft and connection-note length guarantees hold.

How can I resolve this? If you propose a fix, please make it concise.