Bump version -> 2.4.0
What Changed
Manual bump to publish a new version with our API changes
2026-06-01vantage-sh/vantage-ts#18
Add update-cost-report tool
What Changed
Previously missed adding an update-cost-report tool.
Additionally nested all the cost report tools in a cost-report folder.
Testing Done
- Unit tests added
Note
Medium Risk
New destructive update tool can change saved cost reports via the API; layout/import moves are mechanical but touch many registered tools. No eval file appears in the diff though repo guidelines require one for new tools.
Overview
Adds update-cost-report, an MCP tool that PUTs to /v2/cost_reports/{token} with optional fields for title, VQL filter, groupings, dates, chart settings, folder, saved filters, business metrics, and report settings. It enforces paired previous-period and start/end dates and blocks mixing date_interval with explicit start/end dates via MCPUserError.
Relocates all cost-report tools from src/tools/ into src/tools/cost-reports/ (create, list, get, delete, forecast, update), adds a family index.ts, and switches the generated src/tools/index.ts to a single import "./cost-reports". Shared Zod for chart types, settings, business metrics, and create vs update defaults lives in schemas.ts; create-cost-report now imports those instead of inline duplicates.
Docs: writing-mcp-tools and AGENTS.md now require moving same-resource siblings into nested folders and document schemas.ts / cost-reports as the reference layout.
Reviewed by Cursor Bugbot for commit 67c53bc. Bugbot is set up for automated code reviews on this repo. Configure here.
2026-05-29vantage-sh/vantage-mcp-server#168
Update `agents` & `zod`
What Changed
Catching this repo up on the agents package. Through that process we have to migrate explicitly to zod v4. We're already using v4 everywhere so now we can drop the zod/v4 import for just zod.
Testing Done
- All lints / unit tests pass
- Tested again local agent harness to ensure everything still works
Note
Medium Risk
Major bumps to agents and Zod v4 plus a large lockfile refresh can affect runtime validation and agent/MCP behavior; changes are mostly dependency and import paths with no intentional tool logic edits.
Overview
This PR bumps core dependencies and standardizes Zod imports across the MCP server.
package.json raises agents from 0.3.10 to ^0.13.2, zod from v3 to ^4.4.3, and @modelcontextprotocol/sdk to 1.29.0. The npm overrides entry that pinned the MCP SDK is removed. package-lock.json is regenerated with the new transitive tree (including tooling pulled in by the newer agents stack).
Across src/tools/**, every former import … from "zod/v4" is switched to import … from "zod" (including registerTool, tests, and dateValidator). Tool schemas and API behavior are unchanged—this is an import and dependency alignment pass, not new MCP capabilities.
Reviewed by Cursor Bugbot for commit a4dec47. Bugbot is set up for automated code reviews on this repo. Configure here.
feat: Apply new skill to get-myself.
What Changed
Applies the writing-mcp-tools to the get-myself tool. Nests the tool in a directory and adds an output schema.
Testing Done
- Unit tests pass
- Tested locally that everything still works
Note
Low Risk
Read-only auth introspection tool relocation and doc/test updates only; no API or security behavior change in the diff.
Overview
Moves get-myself into a nested src/tools/current-user/ package (with index.ts and regenerated src/tools/index.ts) and fixes imports/paths in the tool and its tests. Tests now use the shared ../utils/testing helper and add an output-schema test table (valid /v2/me fixture) alongside existing success/failure execution cases; the tool description is tightened slightly.
AGENTS.md points the output-schema example at current-user/get-myself. The writing-mcp-tools skill drops the long outputSchema how-to, related checklist items, and the get-myself reference from the anatomy list—documentation now matches the default testTool 3-arg pattern unless output tests are explicitly used.
Reviewed by Cursor Bugbot for commit 815a137. Bugbot is set up for automated code reviews on this repo. Configure here.
Add Agent Skills for writing tools and evals.
What Changed
Adding two skills describing best practices for writing new tools and adding evals.
For writing new tools, the existing set of tools do not all conform to this skill at the moment. The plan is to apply this skill to the existing ones to create uniformity.
For evals, I have a bunch of local work I will put up in a separate PR to scaffold out the eval framework.
Note
Low Risk
Documentation-only changes; no application or tool runtime behavior is modified.
Overview
Adds agent skills under .agents/skills/ for writing MCP tools and writing evals, and rewires contributor docs so agents and humans follow those guides instead of copying legacy patterns.
writing-mcp-tools documents the target conventions: resource-nested tool layout, registerTool / testTool patterns, MCP annotation table (including create-* as non-destructive), minimal descriptions with strong zod .describe() strings, optional outputSchema, and a PR checklist tied to evals.
writing-evals documents the intended evalite workflow (per-file runs, committed evalite.db, prompt matrix, distractors, failure diagnosis) ahead of a follow-up PR that lands the eval harness.
AGENTS.md is replaced with a short router: links to the skills, invariants (zod/v4, pathEncode, MCPUserError, delete/204 behavior), explicit known drift warnings, and verification steps (evals not in CI).
README.md drops the old inline “add a tool” snippet in favor of pointing at the skills, adds a Running Evals section (baseline db, GitHub Pages UI, eval:export), and lists npm run eval* scripts.
Reviewed by Cursor Bugbot for commit 4a2e21d. Bugbot is set up for automated code reviews on this repo. Configure here.
Add Optional OTel Tracing
What Changed
Set up optional OTel tracing code so that we can create correlated traces back to our API server
Testing Done
- Tested locally exporting via
dd-agent - Updated Unit tests
Note
Medium Risk
Adds new tracing and context propagation across the Worker, Durable Object tool execution, and outbound API calls; while intended to be optional, it changes request handling and header injection paths that could affect observability and runtime behavior.
Overview
Adds optional OpenTelemetry/OTLP tracing to correlate Worker requests, MCP tool executions, and outbound Vantage API calls.
The Worker fetch is now wrapped with tracer.wrapFetchHandler, forwards the active traceparent/tracestate into downstream MCP/Durable Object requests, and callApi now uses tracer.traceFetch for traced outbound HTTP calls. Tool registration (registerTool) now creates per-tool spans (parented from incoming request headers) and passes env/waitUntil through the tool execution context.
Introduces a new src/tracing module (span lifecycle, OTLP JSON payload builder/exporter, sampling/config via OTEL_* env vars), adds .dev.vars.example entries for these vars, and adds comprehensive unit tests plus a vitest.config.ts include pattern.
Reviewed by Cursor Bugbot for commit c6f47ed. Bugbot is set up for automated code reviews on this repo. Configure here.
Add AppEnv type
What Changed
Sorry for noise! I reformatted a couple HTML blocks and regenerated the workers-configuration.d.ts which created a huge diff.
What I actually changed
- Added
src/env.tsand theAppEnvtype which extends the generatedEnv.
This change is a preface for some work I'm doing to add a bunch of optional environment variable for tracing. This change also removed a bunch of as RequiredEnv casts
Note
Medium Risk
Touches OAuth login/callback flow by switching cookie sameSite/secure behavior to depend on ENVIRONMENT, which could affect authentication if the variable is misconfigured. Remaining changes are mostly type-safety and HTML reformatting noise.
Overview
Introduces src/env.ts with an AppEnv type (a typed ENVIRONMENT plus the generated Env) and updates the worker and OAuth handlers to use it, removing the bespoke RequiredEnv type and related as ... casts.
OAuth consent cookie options now derive sameSite/secure from c.env.ENVIRONMENT instead of a hardcoded development constant. Also adds tmp/* to .gitignore and reformats the consent/homepage HTML templates (no behavioral intent).
Reviewed by Cursor Bugbot for commit 47a8e95. Bugbot is set up for automated code reviews on this repo. Configure here.
Add allowed labels to Chart
What Changed
I bumped the agent version in #64 but I forgot to include updating new variables in the Chart. This PR properly exposes VANTAGE_ALLOWED_LABELS
2026-05-08vantage-sh/helm-charts#65
chore: Bump agent appVersion to 1.2.2.
What Changed
- Bumped version: 1.5.1
- Bumped appVersion: "1.2.2"
2026-05-08vantage-sh/helm-charts#64
Fix the publishing workflow
What Changed
Fixing the publishing workflow. Same approach as on the MCP Server vantage-sh/vantage-mcp-server#97
2026-05-05vantage-sh/vantage-ts#7
Add Biome
What Changed
- Adding Biome formatter to match our other projects
- Updated test script to allow pointing at localhost
- Added latest API changes to get CI to pass
NOTE: This isn't affecting the auto generated files
2026-05-05vantage-sh/vantage-ts#6
Change Biome formatting / Fix lint warnings
What Changed
- Changed the Biome formatter to match the rest of our projects
- Fixed other lint warnings
Note
Low Risk
Tooling-only configuration changes (formatter/blame settings) with no runtime behavior impact beyond code style enforcement.
Overview
Aligns Biome formatting defaults by switching to 2-space indentation and updating lineWidth to 120 (moved under javascript.formatter), with the config files re-formatted accordingly.
Adds .git-blame-ignore-revs to ignore the formatter-only commit in git blame, and reindents commitlint.config.js to match the new style.
Reviewed by Cursor Bugbot for commit 89a4453. Bugbot is set up for automated code reviews on this repo. Configure here.
2026-04-30vantage-sh/vantage-mcp-server#116
Add auto-merge to housekeeping
I would like us to set up auto approval to the house keeping PRs, such as #111 so that we don't have to remember to merge them. First step is to set the PR to be on auto merge. Then we'll need to set up functionality to automatically add an approval
Note
Low Risk
Small change to release automation that only adds an extra gh CLI call; primary risk is unintended auto-merging if branch/PR targeting is misconfigured.
Overview
After creating the automated-bump version PR, generate-version-pr.ts now runs gh pr merge --auto --squash to enable auto-merge for that PR, reducing manual housekeeping.
The change only affects the post-creation step of the existing release automation; dry-run behavior remains unchanged.
Reviewed by Cursor Bugbot for commit a84b88a. Bugbot is set up for automated code reviews on this repo. Configure here.
Housekeeping (Round 2)
What Changed
Added --provenance to link the package publish back to the Action, that is a new publish flag available in NPM 11 - https://docs.npmjs.com/cli/v11/commands/npm-publish#provenance
Upgraded the action to use Node 24 and pinned the current latest version of npm 11
Note
Medium Risk
Changes the release/publish GitHub Actions workflow (Node/npm versions and npm publish flags), which could affect package publishing and tagging if the environment or provenance requirements are misconfigured.
Overview
Updates the Housekeeping GitHub Actions workflow to use newer action versions (actions/setup-node@v6 and actions/checkout@v6) and standardizes on Node.js 24.
Adjusts the publish job to install a pinned npm 11.12.1 and publishes the package with npm publish --provenance to attach build provenance during release.
Reviewed by Cursor Bugbot for commit e6f17bd. Bugbot is set up for automated code reviews on this repo. Configure here.
Housekeeping GitHub Action is failing
The housekeeping GitHub Action is failing, example https://github.com/vantage-sh/vantage-mcp-server/actions/runs/23961485934/job/69892166909
Run npm install -g npm@latest
npm error code MODULE_NOT_FOUND
npm error Cannot find module 'promise-retry'
npm error Require stack:
Instead of installing the latest npm, which appears to fail on a transitive dependency of promise-retry, we'll rely on the npm we get from setup-node.
Note
Low Risk
Low risk workflow-only change; publishing behavior is unchanged aside from relying on the npm version provided by actions/setup-node, which could affect CI if that npm version differs from latest.
Overview
Fixes the failing Housekeeping GitHub Action by removing the step that globally updates npm to npm@latest during the publish job.
The workflow now relies on the npm version bundled with actions/setup-node before running npm ci and the existing tag/publish logic.
Written by Cursor Bugbot for commit 414b7ce. This will update automatically on new commits. Configure here.
Add `get-cost-report` and `delete-cost-report`
As the title says. Tested locally by creating a cost report, updating it, getting it to see the updated data, and then deleting it
COMPLETES ENG-1765, ENG-1827, ENG-1828
Note
Medium Risk
Introduces a new destructive endpoint wrapper (delete) and surfaces backend errors to users; incorrect usage could lead to irreversible deletions, though the change is small and covered by tests.
Overview
Adds two new MCP tools for cost reports: get-cost-report (GET /v2/cost_reports/:token) and delete-cost-report (DELETE /v2/cost_reports/:token), both using pathEncode for token safety.
Both tools convert API failures into MCPUserError and include Vitest coverage for success/error responses; the tools are registered via the auto-generated src/tools/index.ts (with delete-cost-report marked destructive).
Written by Cursor Bugbot for commit b7637b8. This will update automatically on new commits. Configure here.
2026-02-19vantage-sh/vantage-mcp-server
Add additional folder tools
Fills in the missing folder tools
Tested locally - created a new folder, updated the title, fetched the information about it, and then deleted it.
COMPLETES ENG-1772, ENG-1841, ENG-1842, ENG-1843
Note
Medium Risk
Mostly additive tooling and tests, but the callApi change affects all API calls and could change behavior for any endpoint that legitimately returns 204 or previously failed JSON parsing on empty bodies.
Overview
Adds new Folder tools: get-folder, update-folder, and destructive delete-folder, each calling the /v2/folders/{token} endpoints and surfacing API failures as MCPUserError (with new Vitest coverage).
Updates the shared callApi helper to treat HTTP 204 No Content as a successful response returning data: undefined, and loosens the test harness API-call typing to allow undefined success data (needed for DELETE).
Written by Cursor Bugbot for commit 30ff369. This will update automatically on new commits. Configure here.
Update the README with publishing instructions and bump version
Adding some info on publishing practices and bumping the version to include new Anomaly data
2026-02-18vantage-sh/vantage-ts#2
Anomaly tools
Handful of tools for Anomalies. Tested locally that I can fetch an Anomaly and update it's status
COMPLETES ENG-1797, ENG-1799
Note
Low Risk
Adds isolated new tool endpoints with straightforward request/response plumbing and tests; minimal impact on existing behavior aside from tool registration.
Overview
Adds two new tools: get-anomaly (read-only) to fetch an anomaly alert by token via GET /v2/anomaly_alerts/:token, and update-anomaly to update an alert’s status (active/archived/ignored) with optional feedback via PUT /v2/anomaly_alerts/:token.
Registers both tools in the auto-generated src/tools/index.ts, and adds Vitest coverage that validates argument schemas and that non-ok API responses are surfaced as MCPUserError payloads.
Written by Cursor Bugbot for commit 48d1519. This will update automatically on new commits. Configure here.
2026-02-17vantage-sh/vantage-mcp-server#69
Migrate to zod/v4
Move to V4 to keep up to date
2026-01-22vantage-sh/vantage-mcp-server#58
SchemaStatements#truncate_tables skips engines that cannot be truncated
What Changed?
I added
#build_truncate_statements- Update the functionality to filter out engines that cannot be truncated- Added unit test to ensure functionality
- Added
clickhouse/minitest.rbas a helper similar toclickhouse/rspec.rb
Motivation
In our production app we're using database_cleaner to do the truncation and taking advantage of it's except functionality (DatabaseCleaner.strategy = [:truncation, except: %w[widgets]]) to filter out specific tables. I'm hoping to remove our dependency on database_cleaner and allow clickhouse-activerecord to manage the truncation.
The pattern used here follows the ActiveRecord implementation. We currently rely on the abstract implementation for #truncate and #truncate_tables - active_record/connection_adapters/abstract/database_statements.rb.
Postgres and Sqlite use this same pattern to adjust their truncation methods
postgresql/database_statements.rb- Overridesbuild_truncate_statementsto truncate all tables in a single statementsqlite3/database_statements.rb- Overridesbuild_truncate_statementto useDELETE FROMsince SQLite doesn't supportTRUNCATE
Added test for creating and updating budget periods
Related to vantage-sh/core#13141
This test fails against master without the above PR merged in. With the changes, this test passes.
COMPLETES ENG-466
2025-07-02vantage-sh/terraform-provider-vantage#127
feat(zero-schema): Add runtime assertion for all relationship tables in createSchema
Thank you @arv for the work on #3477. It pointed me in the direction of where to look code wise. I wanted to expand the work that was done to resolve the issue I ran into where defining a destSchema for a table that isn't referenced in schema.tables causes an error.
I added test cases for two potential ways to have a missing table. If anyone can think of other scenarios I can gladly write more tests.
My only question about adding this, while I think it improves the DX and will help people to ensure their schema is valid, is there any concern about runtime cost and having createSchema doing this additional work?
2025-01-07rocicorp/mono#3481
Update @code-hike/lighter to 1.0.0
I was trying to use bright to highlight the gleam language. Everything was in place in tm-grammars to do that, bright just needed to be able to access the newer languages. Updating to the latest release of lighter gives us access to the newer version of tm-grammars.
I'm not super familiar with lighter, but it also has a pinned exact version of tm-grammars, currently set to "1.16.2". It may be a good idea to relax that requirement so that new languages that get added can be accessed without having to publish newer versions.
2024-10-03code-hike/bright#45
Changes to the incremental responses
Fixes: #203
Preface: This is my first exposure to working with these Node objects on the server side so I'm not entirely sure if what I've done is correct.
I changed the way the incremental responses are sent back to the client. In the issue I noted
for await (const chunk of httpGraphQLResponse.body.asyncIterator) {
body.push(chunk);
}
this await is stopping the server from incrementally delivering the responses and instead they're all delivered at once.
These changes allow the responses to be streamed back instead of all at once.
The logs in the client now show
what is data? {book: {…}} false 12:22:18
what is data? {book: {…}} false 12:22:19
Where the second book: {} has the deferred data and is delivered 1 second after the first in which the 1 second is hard coded in my project using this package.
2024-07-19apollo-server-integrations/apollo-server-integration-next#204