Skip to content

fix(fastmcp-server): align template standards#665

Open
mberlofa wants to merge 3 commits into
mainfrom
fix/fastmcp-server-template-standards
Open

fix(fastmcp-server): align template standards#665
mberlofa wants to merge 3 commits into
mainfrom
fix/fastmcp-server-template-standards

Conversation

@mberlofa

@mberlofa mberlofa commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Summary

  • add centralized fastmcp-server.validate checks for invalid ingress, Gateway API, auth, source, autoscaling, and selector-label configurations
  • add networkPolicy.extraEgress support and schema coverage
  • number NOTES sections and move HTTPRoute validation into the shared validation template

Validation

  • helm unittest charts/fastmcp-server
  • helm lint --strict charts/fastmcp-server
  • make template-standards-check CHART=fastmcp-server
  • make standards-check CHART=fastmcp-server
  • make standards-guard CHART=fastmcp-server
  • make validate-chart CHART=fastmcp-server TIMEOUT=900: FULLY VALIDATED (16 layers)
  • make site-sync-check CHART=fastmcp-server
  • make release-check REPO=charts
  • make attribution-check REPO=charts

Site PR: helmforgedev/site#343
Issue: #633

Summary by CodeRabbit

  • New Features
    • Added Helm-time validation for required configuration combinations, with clearer failure messages.
    • Added support for optional extra egress rules in network policy configuration.
  • Bug Fixes
    • Updated HTTPRoute rendering so it no longer hard-fails when Gateway API parent references are missing; validation messaging is handled via chart validation.
  • Documentation
    • Reformatted deployment NOTES to improve readability and section structure.
  • Tests
    • Expanded chart test coverage for validation behavior, extra egress rendering, Gateway API route URL scheme, and HTTPRoute scenarios.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Standards Check (GR-079) — PASS

Every changed chart fully passes standards-check.

@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 69af5f04-9009-43f8-a222-f84b4061449f

📥 Commits

Reviewing files that changed from the base of the PR and between ed14e45 and 153fe37.

📒 Files selected for processing (11)
  • charts/fastmcp-server/templates/NOTES.txt
  • charts/fastmcp-server/templates/_helpers.tpl
  • charts/fastmcp-server/templates/httproute.yaml
  • charts/fastmcp-server/templates/networkpolicy.yaml
  • charts/fastmcp-server/templates/validate.yaml
  • charts/fastmcp-server/tests/httproute_test.yaml
  • charts/fastmcp-server/tests/networkpolicy_test.yaml
  • charts/fastmcp-server/tests/notes_test.yaml
  • charts/fastmcp-server/tests/validation_test.yaml
  • charts/fastmcp-server/values.schema.json
  • charts/fastmcp-server/values.yaml
💤 Files with no reviewable changes (2)
  • charts/fastmcp-server/tests/httproute_test.yaml
  • charts/fastmcp-server/templates/httproute.yaml
✅ Files skipped from review due to trivial changes (1)
  • charts/fastmcp-server/tests/networkpolicy_test.yaml
🚧 Files skipped from review as they are similar to previous changes (6)
  • charts/fastmcp-server/templates/networkpolicy.yaml
  • charts/fastmcp-server/values.schema.json
  • charts/fastmcp-server/tests/notes_test.yaml
  • charts/fastmcp-server/values.yaml
  • charts/fastmcp-server/templates/_helpers.tpl
  • charts/fastmcp-server/tests/validation_test.yaml

📝 Walkthrough

Walkthrough

Adds shared Helm validation for chart values, removes inline HTTPRoute parentRefs validation, adds NetworkPolicy egress support, and reformats NOTES output into numbered sections.

Changes

Chart validation, gateway route checks, and notes updates

Layer / File(s) Summary
Validation template definition
charts/fastmcp-server/templates/_helpers.tpl, charts/fastmcp-server/templates/validate.yaml
Adds the shared fastmcp-server.validate template and wires it into a renderable validation manifest.
Validation test suite
charts/fastmcp-server/tests/validation_test.yaml
Adds validation cases covering ingress, gateway API, auth, sources, autoscaling, and pod label constraints.
Gateway route checks
charts/fastmcp-server/templates/httproute.yaml, charts/fastmcp-server/tests/httproute_test.yaml, charts/fastmcp-server/tests/notes_test.yaml
Removes the inline HTTPRoute parentRefs guard, drops its old failure test, and adds a NOTES test for the gateway route scheme.
NetworkPolicy extraEgress support
charts/fastmcp-server/templates/networkpolicy.yaml, charts/fastmcp-server/values.schema.json, charts/fastmcp-server/values.yaml, charts/fastmcp-server/tests/networkpolicy_test.yaml
Adds optional egress policy rendering plus schema, default value, and test coverage for networkPolicy.extraEgress.
NOTES.txt reformatting
charts/fastmcp-server/templates/NOTES.txt
Renumbers the NOTES output into installation, access, gateway API routes, authentication, sources, and documentation sections.

Estimated code review effort: 3 (Moderate) | ~25 minutes

Possibly related PRs

  • helmforgedev/charts#641: Implements the same networkPolicy.extraEgress chart behavior and related rendering/test changes.
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the chart-wide template standard alignment work without unnecessary detail.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/fastmcp-server-template-standards

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🟢 Security Scan: fastmcp-server

Framework Score
MITRE + NSA + SOC2 90.90909%

✅ Security posture acceptable.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 75fabd34f3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread charts/fastmcp-server/templates/_helpers.tpl

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
charts/fastmcp-server/templates/networkpolicy.yaml (1)

17-27: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Minor: duplicate truthiness check on extraEgress.

.Values.networkPolicy.extraEgress is evaluated twice (once via if for the policyType, once via with for the egress block). Could consolidate into a single with block that sets both the policyType and the egress rules to avoid the duplicated condition.

♻️ Optional consolidation
   policyTypes:
     - Ingress
-    {{- if .Values.networkPolicy.extraEgress }}
-    - Egress
-    {{- end }}
+    {{- if .Values.networkPolicy.extraEgress }}
+    - Egress
+    {{- end }}
   ingress:
     - ports:
         - port: {{ .Values.server.port }}
           protocol: TCP
   {{- with .Values.networkPolicy.extraEgress }}
   egress:
     {{- toYaml . | nindent 4 }}
   {{- end }}

Not blocking, purely stylistic; logic is otherwise correct.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@charts/fastmcp-server/templates/networkpolicy.yaml` around lines 17 - 27, The
NetworkPolicy template currently checks .Values.networkPolicy.extraEgress twice,
once to add the Egress policy type and again to render the egress rules.
Consolidate this logic in the networkpolicy.yaml template by using a single with
block around extraEgress and have it emit both the policyType entry and the
egress section from the same condition, keeping the behavior in sync and
reducing duplicated truthiness checks.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@charts/fastmcp-server/templates/_helpers.tpl`:
- Around line 108-112: The `gatewayAPI.parentRefs` validation in
`fastmcp-server.validate` is running even when `gatewayAPI.enabled` is false, so
gate the `range .Values.gatewayAPI.parentRefs` / `fail` check behind the enabled
flag in `_helpers.tpl`. Also update the validation coverage by adding a test
case for the disabled path in the `templates/validate.yaml`-driven tests to
ensure leftover `parentRefs` entries do not fail when
`gatewayAPI.enabled=false`.

In `@charts/fastmcp-server/templates/NOTES.txt`:
- Around line 37-40: The Gateway API routes section in NOTES.txt is using the
wrong TLS source for the URL scheme. Update the template logic around the
gatewayAPI hostname range so it does not depend on `.Values.ingress.tls`;
instead use the Gateway API TLS configuration if available, or leave the scheme
unspecified when Gateway API TLS is not modeled separately. Keep the change
localized to the gatewayAPI notes rendering and the hostname/path output.

---

Nitpick comments:
In `@charts/fastmcp-server/templates/networkpolicy.yaml`:
- Around line 17-27: The NetworkPolicy template currently checks
.Values.networkPolicy.extraEgress twice, once to add the Egress policy type and
again to render the egress rules. Consolidate this logic in the
networkpolicy.yaml template by using a single with block around extraEgress and
have it emit both the policyType entry and the egress section from the same
condition, keeping the behavior in sync and reducing duplicated truthiness
checks.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 92a8ab29-ae01-471d-9d57-3875867b506d

📥 Commits

Reviewing files that changed from the base of the PR and between 870b4c7 and 75fabd3.

📒 Files selected for processing (10)
  • charts/fastmcp-server/templates/NOTES.txt
  • charts/fastmcp-server/templates/_helpers.tpl
  • charts/fastmcp-server/templates/httproute.yaml
  • charts/fastmcp-server/templates/networkpolicy.yaml
  • charts/fastmcp-server/templates/validate.yaml
  • charts/fastmcp-server/tests/httproute_test.yaml
  • charts/fastmcp-server/tests/networkpolicy_test.yaml
  • charts/fastmcp-server/tests/validation_test.yaml
  • charts/fastmcp-server/values.schema.json
  • charts/fastmcp-server/values.yaml
💤 Files with no reviewable changes (2)
  • charts/fastmcp-server/templates/httproute.yaml
  • charts/fastmcp-server/tests/httproute_test.yaml

Comment thread charts/fastmcp-server/templates/_helpers.tpl
Comment thread charts/fastmcp-server/templates/NOTES.txt
@mberlofa mberlofa force-pushed the fix/fastmcp-server-template-standards branch from 149c5ba to ed14e45 Compare July 4, 2026 13:22
@mberlofa mberlofa force-pushed the fix/fastmcp-server-template-standards branch from ed14e45 to 153fe37 Compare July 5, 2026 20:27
@mberlofa

mberlofa commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Reviewed the remaining CodeRabbit feedback across review threads and the review summary.

Current status:

  • gatewayAPI.parentRefs validation is gated by gatewayAPI.enabled, and the disabled path is covered by templates/validate.yaml tests.
  • Gateway API NOTES no longer derive the route scheme from ingress.tls; the existing NOTES test confirms the Gateway route remains http://... even when ingress TLS is configured.
  • Addressed the review-summary nitpick in networkpolicy.yaml by reusing a local $extraEgress reference for both policyTypes and egress rendering. The two render sites remain separate because Kubernetes YAML requires policyTypes and egress in different locations.

Validation:

  • make validate-chart CHART=fastmcp-server passed after rebasing on current origin/main
  • Result: fastmcp-server: FULLY VALIDATED (16 layers), including k3d GR-027 for all CI scenarios
  • make release-check REPO=charts passed with only the expected post-merge release confirmation warning
  • make attribution-check REPO=charts passed
  • git diff --check passed

Note: the extraEgress nitpick was posted in the review summary/body, not as an active review thread, so there is no thread ID to reply to or resolve for that specific item.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant