Refactor MCP server responses and harden docs path handling

[zz-plant]

Motivation

• Reduce repeated boilerplate for MCP tool responses and make outputs consistent across tools.
• Prevent directory traversal when reading docs via the read_docs tool.
• Fix TypeScript typing issues around response payloads and tidy iteration/formatting in helper tools.

Description

• Added textResponse and errorResponse helpers and replaced repeated inline response objects with those helpers in scripts/mcp-server.ts.
• Hardened docs file resolution by switching to resolve and validating paths with sep to prevent directory traversal in the read_docs tool.
• Adjusted imports to include resolve and sep, added type: "text" as const to satisfy TypeScript, and cleaned up formatting/iteration in the component/project/dist listing tools.
• No functional changes to tool outputs beyond consistent response shaping and improved error messaging.

Testing

• Ran bun run check (which runs lint, unit tests, typecheck, astro:check, validate-json, and validate-glossary) and it completed successfully.
• Unit tests: 17 tests run across 7 files with 14 pass, 3 skipped, and 0 failed.
• tsc typecheck and other automated checks passed, and bunx prettier --write was applied to scripts/mcp-server.ts.

---

Codex Task

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	et3	e7300c0	Commit Preview URL Branch Preview URL	Jan 13 2026, 08:30 PM

[gemini-code-assist]

Summary of Changes

Hello @zz-plant, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on improving the robustness, consistency, and maintainability of the MCP server tools. It centralizes response handling to streamline output, significantly enhances the security of documentation access by preventing path traversal, and refines TypeScript typings and code formatting for better developer experience. These changes are primarily internal quality improvements and do not alter the functional output of the tools, only their internal implementation and error handling.

Highlights

• Response Standardization: Introduced textResponse and errorResponse helper functions to standardize and reduce boilerplate in MCP tool responses, ensuring consistent output formats across all tools.
• Security Hardening: Enhanced the read_docs tool by implementing node:path.resolve and validating paths with node:path.sep to prevent directory traversal vulnerabilities.
• TypeScript Improvements: Addressed TypeScript typing issues related to response payloads by adding type: "text" as const and tidied up iteration and formatting in various helper tools.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request effectively refactors the MCP server tool responses by introducing textResponse and errorResponse helpers, which significantly reduces boilerplate and improves consistency. The security hardening in the read_docs tool, by switching to path.resolve and improving the path validation, is a crucial improvement against directory traversal vulnerabilities. The code is now cleaner and more robust.

I've added a few suggestions to further improve the code by using more modern JavaScript features for conciseness and by parallelizing file system operations for better performance. Overall, these are great changes.

[gemini-code-assist]

For conciseness and better readability, you can use Array.fromAsync to collect the results of the async iterator from glob.scan() into an array directly. This avoids the manual loop and files.push().

Suggested change

	const files: string[] = [];
	for await (const file of glob.scan({ cwd: componentsDir })) {
	files.push(file);
	}
	const files = await Array.fromAsync(glob.scan({ cwd: componentsDir }));

[gemini-code-assist]

For conciseness and better readability, you can use Array.fromAsync to collect the results of the async iterator from glob.scan() into an array directly. This avoids the manual loop and files.push().

Suggested change

	const files: string[] = [];
	for await (const file of glob.scan({ cwd: pagesDir })) {
	files.push(file);
	}
	const files = await Array.fromAsync(glob.scan({ cwd: pagesDir }));