LCORE-1219: up to date OpenAPI specifiction after MCP patch was merged

[tisnik]

Description

LCORE-1219: up to date OpenAPI specifiction after MCP patch was merged

Type of change

• Refactor
• New feature
• Bug fix
• CVE fix
• Optimization
• Documentation Update
• Configuration Update
• Bump-up service version
• Bump-up dependent library
• Bump-up library or tool used for development (does not change the final image)
• CI configuration change
• Konflux configuration change
• Unit tests improvement
• Integration tests improvement
• End to end tests improvement

Tools used to create PR

• Assisted-by: N/A
• Generated by: N/A

Related Tickets & Documents

• Related Issue #LCORE-1219

Summary by CodeRabbit

Release Notes

• New Features

  • Added endpoint to retrieve MCP server configurations and client authentication options.

• Documentation

  • Expanded API documentation with improved error handling details and new response models.
  • Deprecated rag_chunks field in query responses; use tool_results for tool execution data instead.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The pull request updates API documentation to introduce a new MCP server authentication endpoint, adds tool execution result tracking to query responses with deprecation of the legacy rag_chunks structure, and introduces new supporting models (RAGChunk, ToolResultSummary) in the OpenAPI specification.

Changes

Cohort / File(s)	Summary
MCP Authentication Endpoint docs/openapi.json, docs/openapi.md	Introduces GET /v1/mcp-auth/client-options endpoint returning a list of MCP servers and their accepted client authentication headers. Adds MCPClientAuthOptionsResponse and MCPServerAuthInfo schemas with 200/401/403/500 response documentation.
Query Response & Tool Results docs/openapi.md	Adds tool_results field to QueryResponse containing array of ToolResultSummary; marks rag_chunks field as deprecated with migration guidance. Introduces ToolResultSummary model with id, status, content, type, and round fields.
RAG Models & Documentation docs/openapi.md	Introduces RAGChunk model with content, source, and score fields; updates existing endpoint documentation (/v1/info, /v1/config, /authorized) with expanded error handling and behavioral clarifications.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Possibly related PRs

• LCORE-1169: Up-to-date OpenAPI documentation #1019: Modifies ToolResultSummary schema and associated query response structures, requiring consistency verification between this PR and concurrent model changes.
• Updated OpenAPI spec #884: Updates the same tool_results field in QueryResponse and ToolResultSummary model definitions, directly overlapping with this PR's changes.
• LCORE-632: Regenerated OpenAPI specification #590: Introduces RAGChunk model and modifies QueryResponse RAG-related fields, providing context for the deprecation and migration approach taken here.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title references updating OpenAPI specification documentation after an MCP patch merge, which matches the changeset of expanding OpenAPI docs with MCP-related endpoints and schemas.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@docs/openapi.json`:
- Line 500: Update the OpenAPI operation summary string to use consistent "MCP"
capitalization: locate the summary field currently set to "Get Mcp Client Auth
Options" and change it to "Get MCP Client Auth Options" so it matches the rest
of the spec.
- Line 105: The description for the /info endpoint mentions returning status 500
for Llama Stack connectivity issues but the OpenAPI responses only document 503;
update the description string for the /info (InfoResponse) endpoint to refer to
status 503 (or alternatively add a 500 response entry) so the documented error
status matches the responses section—locate the description text for the /info
(or /v1/info) operation and replace "status 500" with "status 503" (or add a 500
response object if you prefer to keep 500).

In `@docs/openapi.md`:
- Around line 481-485: The markdown responses table rows are missing trailing
pipe characters which violates MD055; update the table header separator and each
row (e.g., the header line "| Status Code | Description | Component |", the
separator "|-------------|-------------|-----------|", and the response rows for
200 and 401 such as "| 200 | Successful response |
[MCPClientAuthOptionsResponse](`#mcpclientauthoptionsresponse`) |" and "| 401 |
Unauthorized | [UnauthorizedResponse](`#unauthorizedresponse`) |") to include the
closing pipe so every table line ends with a pipe.

🧹 Nitpick comments (3)

docs/openapi.json (1)

6949-7006: Consider tightening MCP auth schemas for consistency.

If servers is always present (even when empty), mark it required and disallow extra properties to match most other schemas.

♻️ Suggested refactor

 "MCPClientAuthOptionsResponse": {
   "properties": {
     "servers": {
       "items": {
         "$ref": "#/components/schemas/MCPServerAuthInfo"
       },
       "type": "array",
       "title": "Servers",
       "description": "List of MCP servers that accept client-provided authorization"
     }
   },
+  "required": [
+    "servers"
+  ],
+  "additionalProperties": false,
   "type": "object",
   "title": "MCPClientAuthOptionsResponse",
   "description": "Response containing MCP servers that accept client-provided authorization.",
   "examples": [
     {
       "servers": [
         {
           "client_auth_headers": [
             "Authorization"
           ],
           "name": "github"
         },
         {
           "client_auth_headers": [
             "Authorization",
             "X-API-Key"
           ],
           "name": "gitlab"
         }
       ]
     }
   ]
 },
 "MCPServerAuthInfo": {
   "properties": {
     "name": {
       "type": "string",
       "title": "Name",
       "description": "MCP server name"
     },
     "client_auth_headers": {
       "items": {
         "type": "string"
       },
       "type": "array",
       "title": "Client Auth Headers",
       "description": "List of authentication header names for client-provided tokens"
     }
   },
+  "additionalProperties": false,
   "type": "object",
   "required": [
     "name",
     "client_auth_headers"
   ],
   "title": "MCPServerAuthInfo",
   "description": "Information about MCP server client authentication options."
 }

docs/openapi.md (2)

454-466: Capitalize “MCP” consistently in the endpoint title.

User-facing headings should match the acronym’s standard casing.

♻️ Suggested tweak

-> **Get Mcp Client Auth Options**
+> **Get MCP Client Auth Options**

---

5111-5133: Link array fields to their item models for clarity.

rag_chunks and tool_results now have dedicated models; referencing them here makes the schema easier to navigate.

♻️ Suggested tweak

-| rag_chunks | array | Deprecated: List of RAG chunks used to generate the response. |
+| rag_chunks | array | Deprecated: List of [RAGChunk](`#ragchunk`) used to generate the response. |
...
-| tool_results | array | List of tool results |
+| tool_results | array | List of [ToolResultSummary](`#toolresultsummary`) |

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Align /v1/info error status with responses.

Line 105 mentions status 500 for Llama Stack connectivity issues, but the documented responses list 503 only. This mismatch can confuse clients.

✏️ Suggested fix

-    HTTPException: with status 500 and a detail object
+    HTTPException: with status 503 and a detail object

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

"description": "Handle request to the /info endpoint.\n\nProcess GET requests to the /info endpoint, returning the\nservice name, version and Llama-stack version.\n\nRaises:\n HTTPException: with status 500 and a detail object\n containing `response` and `cause` when unable to connect to\n Llama Stack. It can also return status 401 or 403 for\n unauthorized access.\n\nReturns:\n InfoResponse: An object containing the service's name and version.",

"description": "Handle request to the /info endpoint.\n\nProcess GET requests to the /info endpoint, returning the\nservice name, version and Llama-stack version.\n\nRaises:\n HTTPException: with status 503 and a detail object\n containing `response` and `cause` when unable to connect to\n Llama Stack. It can also return status 401 or 403 for\n unauthorized access.\n\nReturns:\n InfoResponse: An object containing the service's name and version.",

🤖 Prompt for AI Agents

In `@docs/openapi.json` at line 105, The description for the /info endpoint
mentions returning status 500 for Llama Stack connectivity issues but the
OpenAPI responses only document 503; update the description string for the /info
(InfoResponse) endpoint to refer to status 503 (or alternatively add a 500
response entry) so the documented error status matches the responses
section—locate the description text for the /info (or /v1/info) operation and
replace "status 500" with "status 503" (or add a 500 response object if you
prefer to keep 500).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Use consistent “MCP” capitalization in the summary.

The summary uses “Mcp” while the rest of the spec uses “MCP”.

✏️ Suggested fix

-"summary": "Get Mcp Client Auth Options",
+"summary": "Get MCP Client Auth Options",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"summary": "Get Mcp Client Auth Options",
	"summary": "Get MCP Client Auth Options",

🤖 Prompt for AI Agents

In `@docs/openapi.json` at line 500, Update the OpenAPI operation summary string
to use consistent "MCP" capitalization: locate the summary field currently set
to "Get Mcp Client Auth Options" and change it to "Get MCP Client Auth Options"
so it matches the rest of the spec.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix table pipe style to satisfy markdownlint MD055.

The responses table is missing trailing pipes, which breaks the configured table style.

✅ Example fix

-| Status Code | Description | Component |
-|-------------|-------------|-----------|
-| 200 | Successful response | [MCPClientAuthOptionsResponse](`#mcpclientauthoptionsresponse`) |
-| 401 | Unauthorized | [UnauthorizedResponse](`#unauthorizedresponse`)
+| Status Code | Description | Component |
+|-------------|-------------|-----------|
+| 200 | Successful response | [MCPClientAuthOptionsResponse](`#mcpclientauthoptionsresponse`) |
+| 401 | Unauthorized | [UnauthorizedResponse](`#unauthorizedresponse`) |

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	| Status Code | Description | Component |
	|-------------|-------------|-----------|
	| 200 | Successful response | [MCPClientAuthOptionsResponse](#mcpclientauthoptionsresponse) |
	| 401 | Unauthorized | [UnauthorizedResponse](#unauthorizedresponse)
	| Status Code | Description | Component |
	|-------------|-------------|-----------|
	| 200 | Successful response | [MCPClientAuthOptionsResponse](`#mcpclientauthoptionsresponse`) |
	| 401 | Unauthorized | [UnauthorizedResponse](`#unauthorizedresponse`) |

🧰 Tools

🪛 markdownlint-cli2 (0.18.1)

484-484: Table pipe style
Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe

(MD055, table-pipe-style)

🤖 Prompt for AI Agents

In `@docs/openapi.md` around lines 481 - 485, The markdown responses table rows
are missing trailing pipe characters which violates MD055; update the table
header separator and each row (e.g., the header line "| Status Code |
Description | Component |", the separator
"|-------------|-------------|-----------|", and the response rows for 200 and
401 such as "| 200 | Successful response |
[MCPClientAuthOptionsResponse](`#mcpclientauthoptionsresponse`) |" and "| 401 |
Unauthorized | [UnauthorizedResponse](`#unauthorizedresponse`) |") to include the
closing pipe so every table line ends with a pipe.