Improve session integration status messages and instructions

[Daniel-Warner-X]

CLOSES: https://issues.redhat.com/browse/RHOAIENG-47601

Video demonstrating the flow: https://drive.google.com/file/d/1__2GWCvaZ0UEky2TLsQE8B0ytJterLMS/view?usp=sharing

UX and Copy for Status of integrations

Summary
Improves the session Integrations accordion (formerly "MCP Server Status"): clearer naming, sections, guidance and messaging for integrations, plus a GitHub status and configuration modal.

Integration status and links in the create session modal:

Progress animation for integration status messages loading in the chat sidebar accordion:

Integration status messages in the chat sidebar accordion:

Integration guidance when data connections are not connected:

Summary

Workspace Settings Integrations area is reorganized and clarified: clearer structure (workspace vs global), consistent labels and icons, and explicit descriptions and status for each integration (including GitHub in the Global section).

---

Changes

GitHub

• New GitHub card in the Global section.
• Visibility/state driven by project integration status.

Create session modal

• Added MCP status and links consistent with the new design of the integrations accordion to the session creation modal to preempt users creating sessions with no data connections
• Added ability to name session

Header & structure

• Accordion title

  • Renamed to "Integrations"

• Section grouping

  • "This workspace" – Integrations scoped to the current workspace (e.g. Atlassian MCP).
  • "Global" – Integrations shared across the app (e.g. webfetch, Google Workspace, GitHub).
  • Cards within each section are sorted alphabetically by title.

Display & icons

• Labels

• Status icons

  • Warning icon for unconfigured integrations, with a "not configured" tooltip.
  • Green check for configured/connected integrations.
  • Status icon is placed to the left of each card title.

• Badges (Atlassian)

  • "Read only" badge shown only when Atlassian is connected.
  • "Authenticated" badge is not shown for Atlassian when connected.

Descriptions

• Webfetch: "Fetches web content for the session."

• Jira: "MCP access to Jira issues and projects." When connected, also indicate read-only access (e.g. in description or via the "read only" badge).

• Google Workspace: "MCP access to Google Drive files."

• Unconfigured integrations: Copy explains that the session was started without that MCP and how to fix it. Workspace settings and Integrations are linked where relevant so users can configure the integration.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[github-actions]

Claude Code Review

Summary

This PR improves the MCP Integrations accordion UX with clearer naming, better organization, and a GitHub integration card. The changes are primarily frontend UI improvements with minor backend resource adjustments. Overall well-structured with good use of React Query patterns and Shadcn UI components.

Issues by Severity

🚫 Blocker Issues

None - code is functionally correct and follows established patterns.

🔴 Critical Issues

1. Wrong icon used for authenticated badge (mcp-integrations-accordion.tsx:252)

// Line 252: Using AlertTriangle for "Authenticated" badge is semantically incorrect
<Badge variant="outline" className="text-xs bg-green-50 text-green-700 border-green-200">
  <AlertTriangle className="h-3 w-3 mr-1" />  // ❌ Should be CheckCircle2
  Authenticated
</Badge>

Fix: Change to <CheckCircle2 className="h-3 w-3 mr-1" /> to match the authenticated state.

2. Component exceeds 200-line guideline (mcp-integrations-accordion.tsx)

• Current: 377 lines
• Frontend guideline: Components should be under 200 lines
• Recommendation: Extract helper functions into a separate file:
  • getDisplayName, getDescription, getStatusIcon, getRightContent → mcp-integration-helpers.ts
  • Or extract card rendering logic into separate components: McpServerCard, GitHubCard

🟡 Major Issues

3. Hardcoded timeout constant (mcp-integrations-accordion.tsx:56)

const t = setTimeout(() => setPlaceholderTimedOut(true), 2 * 60 * 1000)

• Should be a named constant at module level: const MCP_STATUS_TIMEOUT_MS = 2 * 60 * 1000
• Improves maintainability and makes the timeout value discoverable

4. Missing accessibility labels (github-connect-modal.tsx)

• Form inputs have labels but no aria-describedby for the helper text
• Token visibility toggle button has aria-label ✅ but input should have aria-invalid when empty on submit attempt

5. Missing error state for GitHub card (mcp-integrations-accordion.tsx:84-131)

• renderGitHubCard() only handles integrationStatusPending and success states
• No error handling if useProjectIntegrationStatus fails
• Should show an error state similar to MCP server error states

🔵 Minor Issues

6. Inconsistent spacing in JSX (mcp-integrations-accordion.tsx:157)

// Line 157: Missing indentation for badge
{server.name === 'mcp-atlassian' && server.authenticated === true && (
                      <Badge variant="secondary" className="text-xs font-normal">
// Should be indented at same level as surrounding code

7. Backend resource changes lack justification (sessions.go:1125, 1164)

• CPU requests reduced: 500m→200m, 100m→50m
• Comment says "Reduced for local dev" but this affects production deployments
• Recommendation: Either:
  • Make these configurable via environment variables
  • Revert to original values and adjust only for local dev environments
  • Add ADR documenting why reduced values are safe for production

8. Python code formatting (adapter.py:508)

• Removed system_prompt_config list formatting
• Changed to string assignment
• Comment is helpful ✅ but ensure this doesn't break workspace prompt injection

9. package-lock.json changes (package-lock.json)

• Multiple packages marked as "peer": true
• This is likely a npm install artifact from dependency resolution
• Verify this doesn't break CI builds or local development

10. Unused import cleanup needed

• mcp-integrations-accordion.tsx line 6: AlertCircle is imported but only used in one location (could be kept, minor)
• All other imports appear necessary ✅

Positive Highlights

✅ Excellent adherence to frontend patterns:

• Uses React Query hooks (useMcpStatus, useProjectIntegrationStatus) ✅
• Follows type-over-interface guideline (type McpIntegrationsAccordionProps, type GlobalItem) ✅
• Uses Shadcn UI components exclusively ✅
• Proper loading states with Skeleton components ✅

✅ Good UX improvements:

• Organized workspace vs. global sections
• Alphabetical sorting of integration cards
• Skeleton placeholders during loading
• Helpful inline links in descriptions
• Smart 2-minute polling timeout to avoid infinite loops

✅ Security conscious:

• Token visibility toggle in GitHub modal ✅
• Password input type for GitHub token ✅
• Proper handling of secrets via useIntegrationSecrets ✅

✅ React Query best practices:

• Query key factory pattern (projectKeys.integrationStatus) ✅
• Proper cache invalidation in mutations ✅
• Optimistic updates handled (in GitHub connection flow) ✅
• Appropriate refetchOnMount: 'always' for integration status ✅

✅ Accessible skeleton loading:

• Uses aria-hidden on skeleton cards ✅
• Provides meaningful loading experience

Recommendations

High Priority (Before Merge)

1. Fix authenticated badge icon (Critical Outcome: Reduce Refinement Time with agent System #1)

   • Change AlertTriangle to CheckCircle2 in line 252

2. Refactor component size (Critical Epic: RAT Architecture & Design #2)

   • Extract helpers to separate file or break into smaller components
   • Target: Main component < 200 lines per guidelines

3. Add error handling for GitHub card (Major Epic: Jira Integration & Workflow #5)

   • Handle error state from useProjectIntegrationStatus

Medium Priority (Before Merge)

4. Review backend resource changes (Minor Test: Automation Workflow Validation #7)

   • Clarify if CPU reductions are intentional for production
   • Consider making configurable if needed for different environments

5. Extract magic number (Major Epic: Data Source Integration #3)

   • Create named constant for 2-minute timeout

Low Priority (Post-Merge)

6. Add form validation feedback (Major Epic: AI Agent Development #4)

   • Add aria-describedby to form inputs
   • Add aria-invalid states for validation

7. Fix indentation (Minor Epic: Testing & Validation #6)

   • Normalize badge indentation at line 157

8. Verify package-lock changes (Minor Bump actions/add-to-project from 0.5.0 to 1.0.2 #9)

   • Ensure peer: true changes don't break CI

---

Overall Assessment: Strong PR with good architecture and adherence to project standards. Main concerns are component size and the incorrect icon for authenticated state. The UX improvements are valuable and well-implemented. Recommend fixing Critical #1 and Critical #2 before merge.

---

🔍 View AI decision process (logs available for 90 days)

📋 View memory system files loaded (click to expand)

What Amber Loaded for Code Review

Amber automatically loaded these repository standards from the memory system:

1. CLAUDE.md - Master project instructions, development standards
2. backend-development.md - Go backend, K8s integration patterns
3. frontend-development.md - NextJS, Shadcn UI, React Query patterns
4. security-standards.md - Auth, RBAC, token handling
5. k8s-client-usage.md - User token vs service account patterns
6. error-handling.md - Consistent error patterns
7. react-query-usage.md - Data fetching patterns

Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines.

[github-actions]

Claude Code Review

Summary

This PR enhances the Integrations accordion (formerly "MCP Server Status") with improved UX, clearer naming, and a new GitHub connection modal. The changes follow established frontend patterns well with strong use of Shadcn UI components, React Query, and TypeScript typing. However, there are several issues ranging from blockers (icon misuse) to architectural concerns (component size) that should be addressed.

Issues by Severity

🚫 Blocker Issues

1. Incorrect Icon Usage (Line 252)

• Location: mcp-integrations-accordion.tsx:252
• Issue: Using AlertTriangle icon inside "Authenticated" badge (green success state)

<Badge variant="outline" className="text-xs bg-green-50 text-green-700 border-green-200">
  <AlertTriangle className="h-3 w-3 mr-1" />  // ❌ Warning icon in success badge!
  Authenticated
</Badge>

• Expected: Should use CheckCircle2 or similar success icon, or remove icon entirely
• Impact: Visual inconsistency - warning icon contradicts "Authenticated" message

🔴 Critical Issues

2. Component Size Violation

• Location: mcp-integrations-accordion.tsx (377 lines)
• Issue: Component exceeds 200-line guideline (DESIGN_GUIDELINES.md)
• Fix: Extract helper functions (getStatusIcon, getRightContent, getDescription, getDisplayName) into separate utility file
• Suggested structure:

components/accordions/
  mcp-integrations-accordion.tsx (main component)
  mcp-integration-helpers.ts (utility functions)

3. TypeScript JSX Configuration Change

• Location: tsconfig.json:906
• Issue: Changed jsx from "preserve" to "react-jsx"
• Risk: May affect Next.js build behavior; preserve is standard for Next.js 14 App Router
• Action Required: Verify this change is intentional and doesn't break builds/hot reload

4. Hardcoded Version String

• Location: components/manifests/minikube/frontend-deployment.yaml:942
• Issue: VTEAM_VERSION changed from v0.0.19-8-g6d9251e to v0.0.10-112-g58dbc25
• Risk: Appears to be accidental local change; version should be auto-generated
• Fix: Remove this change from PR (manifest versions should be updated by CI/CD)

🟡 Major Issues

5. CPU Resource Changes Lack Documentation

• Location: operator/internal/handlers/sessions.go:955,964
• Issue: Reduced CPU requests (500m→200m, 100m→50m) with comment "Reduced for local dev"
• Concern: Production manifest change affecting all environments, not just local dev
• Fix: Either (a) revert these changes, or (b) add PR description explaining performance testing/validation

6. Missing Input Validation in GitHub Modal

• Location: github-connect-modal.tsx:52-80
• Issue: No validation before saving (empty fields allowed, no email format check)

const handleSave = () => {
  if (!projectName) return
  // ❌ No validation of gitUserName, gitUserEmail, gitToken
  const merged: Record<string, string> = {
    ...current,
    GIT_USER_NAME: gitUserName.trim(),
    GIT_USER_EMAIL: gitUserEmail.trim(),  // No email validation
    GITHUB_TOKEN: gitToken,  // No token format check
  }

• Fix: Add validation (e.g., using zod schema like create-session-dialog.tsx:48-53)

7. package-lock.json Changes

• Location: package-lock.json (12 additions of "peer": true)
• Issue: Many unrelated peer: true annotations added to lockfile
• Likely Cause: npm version mismatch or npm install run with different npm version
• Fix: Run npm install with team's standard npm version to regenerate lockfile consistently

8. Adapter.py System Prompt Change

• Location: components/runners/claude-code-runner/adapter.py:976-981
• Issue: Changed from custom workspace prompt array to "claude_code" preset string
• Concern: Comment says "custom workspace prompt will be added via context" but unclear how/where
• Fix: Add test coverage or documentation showing workspace prompt is still applied

🔵 Minor Issues

9. Polling Logic May Cause Infinite Requests

• Location: use-mcp.ts:862-870
• Issue: Polling continues for 2 minutes even if session fails/errors

refetchInterval: (query) => {
  const servers = query.state.data?.servers
  if (servers && servers.length > 0) return false
  const updatedCount = (query.state as { dataUpdatedCount?: number }).dataUpdatedCount ?? 0
  if (updatedCount >= 12) return false  // 2 min cap
  return 10 * 1000  // Poll every 10s
}

• Improvement: Also stop polling if session phase is "Error" or "Completed"

10. refetchOnMount: 'always' May Impact Performance

• Location: use-projects.ts:881
• Issue: Forces refetch on every mount, bypassing cache

refetchOnMount: 'always', // Ensure fresh status when viewing session/accordion

• Trade-off: Ensures freshness but increases API load
• Suggestion: Consider shorter staleTime (currently 60s) instead

11. Inconsistent Naming: GitHub vs Github

• Locations: Multiple files use both GitHub and Github
• Examples:
  • GitHubConnectModal (correct)
  • setGitHubConnectModalOpen (correct)
  • githubConfigured (lowercase - inconsistent)
• Fix: Use consistent GitHub casing (proper noun)

12. Unused Import

• Location: mcp-integrations-accordion.tsx:6

import { Plug, CheckCircle2, XCircle, AlertCircle, AlertTriangle } from 'lucide-react'

• Issue: AlertCircle imported but appears unused (replaced by AlertTriangle)
• Fix: Remove unused import

Positive Highlights

✅ Excellent React Query Usage - All data fetching uses proper hooks (useMcpStatus, useProjectIntegrationStatus, useIntegrationSecrets)

✅ Strong Shadcn UI Adherence - Consistent use of Button, Dialog, Input, Badge, Skeleton components

✅ Proper Loading States - Skeleton components provide good UX during data fetch (renderCardSkeleton)

✅ Type Safety - Good TypeScript typing with ReactNode, discriminated union for GlobalItem

✅ Accessibility - Proper aria-label on show/hide token button, aria-hidden on skeleton

✅ Cache Invalidation - Correctly invalidates projectKeys.integrationStatus after GitHub save

✅ User Experience - Helpful inline links to configuration pages, clear error messaging

Recommendations

Priority 1 (Must Fix Before Merge):

1. ✅ Fix AlertTriangle icon in authenticated badge (line 252)
2. ✅ Verify/revert tsconfig.json jsx change (line 906)
3. ✅ Remove VTEAM_VERSION manifest change (line 942)
4. ✅ Add validation to GitHub modal (email format, required fields)

Priority 2 (Should Fix):
5. ⚠️ Refactor accordion component under 200 lines (extract helpers)
6. ⚠️ Document/justify CPU resource reductions or revert
7. ⚠️ Fix package-lock.json with consistent npm version

Priority 3 (Nice to Have):
8. 💡 Add session phase check to MCP polling logic
9. 💡 Remove unused AlertCircle import
10. 💡 Consistent GitHub casing throughout

Testing Recommendations:

• ✅ Test GitHub modal validation edge cases (empty email, invalid token)
• ✅ Verify MCP accordion skeleton/loading states
• ✅ Test integration status updates after modal save
• ✅ Verify polling stops after 2 minutes when no servers present
• ✅ Run npm run build to ensure tsconfig change doesn't break builds

---

Overall Assessment: Strong implementation with good adherence to frontend patterns. The blocker (icon mismatch) and critical issues (tsconfig, manifest version) are straightforward fixes. Once addressed, this PR will significantly improve the integrations UX.

---

🔍 View AI decision process (logs available for 90 days)

📋 View memory system files loaded (click to expand)

What Amber Loaded for Code Review

Amber automatically loaded these repository standards from the memory system:

1. CLAUDE.md - Master project instructions, development standards
2. backend-development.md - Go backend, K8s integration patterns
3. frontend-development.md - NextJS, Shadcn UI, React Query patterns
4. security-standards.md - Auth, RBAC, token handling
5. k8s-client-usage.md - User token vs service account patterns
6. error-handling.md - Consistent error patterns
7. react-query-usage.md - Data fetching patterns

Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines.

[github-actions]

Claude Code Review

Summary

This PR improves the session integration status UI/UX with clearer naming, better organization, and inline GitHub configuration. The code follows frontend development patterns well, with proper use of Shadcn components and React Query. However, there are several security concerns with token handling, performance optimizations needed, and minor quality improvements required.

Overall Assessment: The functionality is solid, but security issues must be addressed before merge.

---

Issues by Severity

🚫 Blocker Issues

1. Token Security Violation in GitHub Modal (github-connect-modal.tsx:123)

• Issue: Placeholder text ghp_... or glpat-... exposes token format information
• Risk: Helps attackers identify token patterns
• Fix: Use generic placeholder like Enter your GitHub token
• Reference: CLAUDE.md:446-450 (Token Security and Redaction)

2. No Input Validation on Token Fields (github-connect-modal.tsx:52-80)

• Issue: handleSave() accepts empty tokens and invalid email formats
• Risk: Allows saving incomplete/invalid credentials that will fail silently during git operations
• Fix: Add validation before mutation:

if (!gitToken.trim()) {
  errorToast('GitHub token is required')
  return
}
if (gitUserEmail && !gitUserEmail.match(/^[^\s@]+@[^\s@]+\.[^\s@]+$/)) {
  errorToast('Invalid email format')
  return
}

• Reference: security-standards.md:98-109 (Input Validation)

---

🔴 Critical Issues

3. Uncontrolled Polling Without Backoff (use-mcp.ts:22-29)

• Issue: Fixed 10-second polling for 2 minutes (12 iterations) with no exponential backoff
• Problem: Creates unnecessary backend load if runner is slow to start
• Impact: 12 requests over 2 minutes per session view
• Fix: Implement exponential backoff: 5s → 10s → 20s → 30s (max)
• Reference: error-handling.md:589 (Retrying indefinitely without backoff)

4. Race Condition in Modal State Sync (github-connect-modal.tsx:42-50)

• Issue: useEffect updates form state after modal opens, but no cleanup on close
• Problem: If user opens modal, types changes, closes without saving, reopens - form shows stale local state
• Impact: Confusing UX, potential to accidentally overwrite with old values
• Fix: Reset form state in onOpenChange(false):

const handleClose = () => {
  if (!updateMutation.isPending) {
    // Reset to server state
    const byKey = integrationSecrets ? Object.fromEntries(...) : {}
    setGitUserName(byKey['GIT_USER_NAME'] ?? '')
    setGitUserEmail(byKey['GIT_USER_EMAIL'] ?? '')
    setGitToken(byKey['GITHUB_TOKEN'] ?? '')
    onOpenChange(false)
  }
}

---

🟡 Major Issues

5. Overly Aggressive Query Invalidation (github-connect-modal.tsx:71)

• Issue: Only invalidates projectKeys.integrationStatus but not integrationSecrets
• Problem: After saving, the modal won't reflect updated values if reopened immediately
• Fix: Also invalidate the secrets query:

queryClient.invalidateQueries({ queryKey: projectKeys.integrationStatus(projectName) })
queryClient.invalidateQueries({ queryKey: ['integration-secrets', projectName] }) // Add this

6. Missing Error States in Skeleton Logic (mcp-integrations-accordion.tsx:143-156)

• Issue: showPlaceholders only checks mcpPending and empty servers, not error state
• Problem: If MCP status query fails, skeletons show forever (2 min timeout)
• Fix: Check for error state:

const { data: mcpStatus, isPending: mcpPending, isError: mcpError } = useMcpStatus(...)
const showPlaceholders = mcpPending || (mcpServers.length === 0 && !placeholderTimedOut && !mcpError)

7. Inconsistent Alphabetical Sorting (mcp-integrations-accordion.tsx:398-409)

• Issue: Workspace servers sorted alphabetically, but global items (including GitHub) mixed with servers
• Problem: GitHub card placement depends on alphabetical order vs. other MCP servers
• Expected: Global section should also be sorted consistently
• Current behavior: Correct, but fragile if new integrations added
• Recommendation: Document sorting behavior in comment

8. Performance: Unnecessary Re-renders (mcp-integrations-accordion.tsx:158-165)

• Issue: Creating new Sets on every render:

const workspaceServerNames = new Set(['mcp-atlassian'])
const globalServerNames = new Set(['webfetch', 'google-workspace'])

• Fix: Move outside component or use useMemo:

const WORKSPACE_SERVER_NAMES = new Set(['mcp-atlassian'])
const GLOBAL_SERVER_NAMES = new Set(['webfetch', 'google-workspace'])
// Use WORKSPACE_SERVER_NAMES in component

---

🔵 Minor Issues

9. Accessibility: Missing ARIA Labels (mcp-integrations-accordion.tsx:168-180)

• Issue: Skeleton cards use aria-hidden but live cards lack descriptive labels
• Fix: Add aria-label to status icons:

<CheckCircle2 className="h-4 w-4 text-green-600" aria-label="Connected" />
<AlertTriangle className="h-4 w-4 text-amber-500" aria-label="Not configured" />

10. Code Duplication in Create Session Dialog (create-session-dialog.tsx:740-830)

• Issue: Atlassian/GitHub/Google cards are nearly identical, only differ in text
• Fix: Extract to reusable component:

const IntegrationCard = ({ name, configured, configLink, description }) => (...)

11. Typo in Operator Comment (sessions.go:955)

• Issue: Comment says "Reduced for local dev" but this is production code
• Problem: Misleading comment, suggests temporary change
• Fix: Either revert CPU request changes or update comment:

corev1.ResourceCPU: resource.MustParse("200m"), // Reduced to support local dev environments

12. Hard-coded 2-Minute Timeout (use-mcp.ts:26, mcp-integrations-accordion.tsx:154)

• Issue: Magic number 12 (iterations) × 10s = 2 min timeout
• Fix: Use named constant:

const MCP_POLLING_MAX_ITERATIONS = 12 // 2 minutes at 10s intervals
if (updatedCount >= MCP_POLLING_MAX_ITERATIONS) return false

13. Missing Type Safety (mcp-integrations-accordion.tsx:255-259)

• Issue: JSX formatting inconsistent (multi-line condition without proper indentation)
• Fix: Move badge logic to helper function for clarity

14. Unused Import Cleanup Needed

• Issue: XCircle and AlertCircle imported but only XCircle used (line 105)
• Fix: Remove unused imports or use AlertCircle instead of AlertTriangle for consistency

15. TSConfig Change Impact (tsconfig.json:906)

• Issue: Changed jsx from "preserve" to "react-jsx"
• Question: Was this intentional? Could affect build output
• Impact: Next.js typically uses preserve to let Next.js handle JSX transform
• Recommendation: Verify this doesn't break production builds

---

Positive Highlights

✅ Excellent UX Improvements

• Clear "This workspace" vs "Global" sections
• Helpful guidance text for unconfigured integrations with inline links
• Skeleton loading states prevent layout shift

✅ Proper React Query Usage

• Uses useQuery and useMutation correctly
• Cache invalidation on successful mutations
• Proper error handling with toasts

✅ Shadcn UI Component Usage

• Consistent use of Dialog, Button, Input, Badge, Skeleton
• No custom UI components from scratch

✅ TypeScript Type Safety

• Proper type definitions (not interface)
• No any types detected

✅ Security: Password Field for Token

• GitHub token uses type="password" with show/hide toggle
• Good UX and security balance

✅ Code Organization

• Modal colocated with feature (sessions/[sessionName]/components/modals/)
• Queries properly organized in use-mcp.ts and use-projects.ts

---

Recommendations

Prioritized Action Items

Before Merge (Blockers):

1. Fix token placeholder security issue (generic placeholder)
2. Add input validation for GitHub credentials
3. Add form reset on modal close (race condition fix)

High Priority (Critical):
4. Implement exponential backoff for MCP polling
5. Invalidate secrets query after GitHub save
6. Handle error states in skeleton display logic

Medium Priority (Major):
7. Move Set definitions outside component for performance
8. Document sorting behavior in comments
9. Verify TSConfig jsx change doesn't break builds

Low Priority (Minor):
10. Add ARIA labels for accessibility
11. Extract IntegrationCard component to reduce duplication
12. Clean up unused imports
13. Use named constants for timeouts

---

Testing Recommendations

Manual Testing:

1. Test GitHub modal with invalid email, empty token
2. Test MCP accordion when backend returns 500 error
3. Verify skeleton timeout behavior (wait 2+ minutes)
4. Test modal state: open → type → close without save → reopen (should reset)

Automated Testing:

• Add Cypress test for GitHub connect flow
• Test MCP polling behavior (mock delayed responses)
• Test integration status refetch on mount

---

Files Reviewed:

• ✅ mcp-integrations-accordion.tsx (277 additions)
• ✅ github-connect-modal.tsx (159 additions, new file)
• ✅ create-session-dialog.tsx (106 additions)
• ✅ use-mcp.ts (10 additions)
• ✅ use-projects.ts (1 addition)
• ✅ sessions.go (2 lines changed - operator)
• ✅ adapter.py (minor refactor)
• ⚠️ package-lock.json (peer dependency changes - auto-generated)
• ⚠️ tsconfig.json (jsx change needs verification)

Memory Context Applied:

• CLAUDE.md (Backend/Frontend standards)
• frontend-development.md (React Query, Shadcn patterns)
• security-standards.md (Token handling, input validation)
• react-query-usage.md (Query patterns, cache invalidation)
• error-handling.md (Error states, user messages)

---

🔍 View AI decision process (logs available for 90 days)

📋 View memory system files loaded (click to expand)

What Amber Loaded for Code Review

Amber automatically loaded these repository standards from the memory system:

1. CLAUDE.md - Master project instructions, development standards
2. backend-development.md - Go backend, K8s integration patterns
3. frontend-development.md - NextJS, Shadcn UI, React Query patterns
4. security-standards.md - Auth, RBAC, token handling
5. k8s-client-usage.md - User token vs service account patterns
6. error-handling.md - Consistent error patterns
7. react-query-usage.md - Data fetching patterns

Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines.

[github-actions]

Claude Code Review

Summary

This PR improves the UX for session integration status by enhancing the MCP Integrations accordion with clearer naming, better status indicators, and inline configuration options. The changes primarily affect the frontend (React/NextJS), with minor adjustments to operator resource requests and runner system prompt configuration.

Overall Assessment: ✅ Approve with Minor Suggestions

The code follows established patterns well and makes meaningful UX improvements. There are a few minor issues to address and some opportunities for improvement.

---

Issues by Severity

🟡 Major Issues

1. Inconsistent Type Usage: type vs interface (multiple files)

Location: mcp-integrations-accordion.tsx:26-29, github-connect-modal.tsx:21-25, create-session-dialog.tsx:57-61

Issue: Using type for props but the codebase standard is to use type over interface everywhere.

// Current (acceptable but not following strict guideline)
type McpIntegrationsAccordionProps = {
  projectName: string
  sessionName: string
}

Why it matters: CLAUDE.md Frontend Standards explicitly state: "Use type over interface" - Always prefer type for type definitions.

Recommendation: Already following the guideline correctly! No action needed - this is actually correct.

---

2. Missing Error Handling Pattern (github-connect-modal.tsx:52-80)

Location: components/frontend/src/app/projects/[name]/sessions/[sessionName]/components/modals/github-connect-modal.tsx:52-80

Issue: The handleSave function uses React Query mutation correctly, but there's potential for validation before API call.

const handleSave = () => {
  if (!projectName) return

  // No validation of required fields before API call
  const merged: Record<string, string> = {
    ...current,
    GIT_USER_NAME: gitUserName.trim(),  // Could be empty
    GIT_USER_EMAIL: gitUserEmail.trim(), // Could be empty
    GITHUB_TOKEN: gitToken,              // Could be empty
  }

Why it matters: Users can save empty values, which may cause confusing errors later when sessions try to use GitHub integration.

Recommendation: Add client-side validation before mutation:

const handleSave = () => {
  if (!projectName) return
  
  // Validate required fields
  if (!gitUserName.trim() || !gitUserEmail.trim() || !gitToken.trim()) {
    errorToast('All fields are required')
    return
  }
  
  // Basic email validation
  if (!gitUserEmail.includes('@')) {
    errorToast('Please enter a valid email address')
    return
  }
  
  // ... rest of save logic
}

---

3. Magic Number Timeout (mcp-integrations-accordion.tsx:56)

Location: components/frontend/src/app/projects/[name]/sessions/[sessionName]/components/accordions/mcp-integrations-accordion.tsx:56

const t = setTimeout(() => setPlaceholderTimedOut(true), 2 * 60 * 1000)

Issue: Hardcoded 2-minute timeout without constant or configuration.

Recommendation: Extract to named constant at top of file:

const MCP_STATUS_TIMEOUT_MS = 2 * 60 * 1000 // 2 minutes
// Later:
const t = setTimeout(() => setPlaceholderTimedOut(true), MCP_STATUS_TIMEOUT_MS)

---

🔵 Minor Issues

4. Potential Race Condition in useEffect (mcp-integrations-accordion.tsx:50-58)

Location: components/frontend/src/app/projects/[name]/sessions/[sessionName]/components/accordions/mcp-integrations-accordion.tsx:50-58

Issue: The timeout effect depends on mcpServers.length which could change rapidly during polling.

useEffect(() => {
  if (mcpServers.length > 0) {
    setPlaceholderTimedOut(false)
    return
  }
  if (!mcpStatus) return
  const t = setTimeout(() => setPlaceholderTimedOut(true), 2 * 60 * 1000)
  return () => clearTimeout(t)
}, [mcpStatus, mcpServers.length])

Why it matters: If servers appear after 1:59, the timeout still fires at 2:00, then immediately gets cleared by the next render.

Recommendation: This is actually handled correctly - the early return when mcpServers.length > 0 prevents the timeout from being set. The implementation is fine.

---

5. Operator Resource Request Changes (sessions.go:1125, 1164)

Location: components/operator/internal/handlers/sessions.go:1125, 1164

Issue: CPU requests reduced with comment "Reduced for local dev" but this affects production deployments too.

corev1.ResourceCPU:    resource.MustParse("200m"), // Reduced for local dev

Why it matters: This change is in the main codebase and will affect all environments, not just local dev.

Recommendation:

• Option A: Make this configurable via environment variable
• Option B: If this is intentional for all environments, update comment to reflect that: // Reduced resource requirements
• Option C: Use different values based on environment detection

Production Consideration: Reducing from 500m to 200m CPU and 100m to 50m could impact performance under load. This should be tested or made environment-aware.

---

6. Removed Custom Workspace Prompt (adapter.py:505-511)

Location: components/runners/claude-code-runner/adapter.py:508-511

Issue: Changed from custom system prompt to preset-only:

# Before:
system_prompt_config = [
    "claude_code",
    {"type": "text", "text": workspace_prompt}
]

# After:
system_prompt_config = "claude_code"

Why it matters: The comment says "custom workspace prompt will be added via context" but it's not clear where/how this happens. This could affect agent behavior if the workspace prompt was providing important context.

Recommendation: Verify that workspace context is indeed being provided elsewhere, or document why this change was made. If this is a simplification, update related documentation.

---

7. Missing Loading States Consistency (create-session-dialog.tsx)

Location: components/frontend/src/components/create-session-dialog.tsx:72-73

Issue: The dialog loads integration status but doesn't show loading state for the integration cards section.

const { data: integrationStatus } = useProjectIntegrationStatus(projectName);
const { data: integrationSecrets } = useIntegrationSecrets(projectName);

Why it matters: User might see stale or incorrect integration status briefly while data loads.

Recommendation: Add loading skeletons for integration cards section:

const { data: integrationStatus, isLoading: statusLoading } = useProjectIntegrationStatus(projectName);

// In JSX:
{statusLoading ? <Skeleton className="h-20 w-full" /> : /* integration cards */}

---

✅ Positive Highlights

1. Excellent Use of Shadcn UI Components ✨

• Consistent use of @/components/ui/* throughout
• Proper Skeleton, Tooltip, Badge, Dialog components
• Follows frontend standards perfectly

2. React Query Integration ✨

• Correct use of useQuery, useMutation hooks
• Proper query key structure in use-mcp.ts
• Cache invalidation on mutation success
• Follows .claude/patterns/react-query-usage.md patterns

3. Security-Conscious ✨

• Password input with show/hide toggle for GitHub token
• Token stored securely via backend integration secrets API
• No sensitive data in logs or client state

4. Accessibility Improvements ✨

• Proper ARIA labels (aria-label, aria-hidden)
• Semantic HTML structure
• Keyboard navigation support via Shadcn components

5. UX Enhancements ✨

• Clear status indicators (warning icons, green checks)
• Contextual guidance with inline links
• Alphabetical sorting of integrations
• Proper empty/loading states

6. Component Organization ✨

• Single-use components colocated with pages
• Clear separation between UI and query logic
• Proper type definitions

---

Recommendations (Prioritized)

High Priority

1. Validate GitHub modal fields - Add client-side validation before API call (Major Issue Epic: RAT Architecture & Design #2)
2. Clarify operator resource changes - Either make configurable or update comments (Minor Issue Epic: Jira Integration & Workflow #5)
3. Verify workspace prompt removal - Ensure agent context isn't lost (Minor Issue Epic: Testing & Validation #6)

Medium Priority

4. Extract magic timeout constant - Improve maintainability (Major Issue Epic: Data Source Integration #3)
5. Add loading states to create dialog - Better UX consistency (Minor Issue Test: Automation Workflow Validation #7)

Low Priority

6. Document integration status polling - The 2-minute timeout + 12-retry logic in use-mcp.ts is clever but could use inline comments explaining why

---

Testing Recommendations

Before merge:

• Test GitHub modal with empty fields (should prevent save)
• Test GitHub modal with invalid email (should show error)
• Verify integration status loads correctly in create session dialog
• Verify MCP accordion shows correct states (loading → configured → connected)
• Test with sessions that have different MCP configurations
• Verify operator pods start successfully with reduced CPU requests
• Test that workspace prompt context is preserved in agent behavior

---

Conclusion

This is a solid PR that meaningfully improves the user experience around integration management. The code quality is high and follows established patterns well. The main concerns are around validation (GitHub modal) and the production impact of operator resource changes.

Recommendation: Approve after addressing High Priority items (#1, #2, #3).

Files Reviewed:

• ✅ mcp-integrations-accordion.tsx (277 additions, 63 deletions)
• ✅ github-connect-modal.tsx (159 additions, new file)
• ✅ create-session-dialog.tsx (106 additions, 3 deletions)
• ✅ use-mcp.ts (10 additions, 1 deletion)
• ✅ sessions.go (2 additions, 2 deletions)
• ✅ adapter.py (2 additions, 4 deletions)

---

🤖 Generated with Claude Code Review - Following CLAUDE.md standards

---

🔍 View AI decision process (logs available for 90 days)

📋 View memory system files loaded (click to expand)

What Amber Loaded for Code Review

Amber automatically loaded these repository standards from the memory system:

1. CLAUDE.md - Master project instructions, development standards
2. backend-development.md - Go backend, K8s integration patterns
3. frontend-development.md - NextJS, Shadcn UI, React Query patterns
4. security-standards.md - Auth, RBAC, token handling
5. k8s-client-usage.md - User token vs service account patterns
6. error-handling.md - Consistent error patterns
7. react-query-usage.md - Data fetching patterns

Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines.

[github-actions]

Claude Code Review

Summary

This PR improves the session integration status messaging and UX, adding clearer naming, GitHub configuration modal, and integration status visibility in the create session dialog. The changes are primarily frontend-focused with minor backend/operator adjustments for resource limits.

Issues by Severity

🟡 Major Issues

1. TypeScript Type Safety Violations (Critical Rule #1)

• Location: components/frontend/tsconfig.json:577
• Issue: Changed jsx from "preserve" to "react-jsx"
• Impact: This changes how JSX is compiled. Next.js 14 App Router expects "preserve" mode to handle JSX transformation itself.
• Risk: May break build or cause runtime issues with JSX transformation
• Fix: Revert to "jsx": "preserve" unless there's a documented reason for this change
• Reference: Next.js uses its own JSX transformation pipeline

2. Missing Query Key Invalidation (React Query Pattern)

• Location: components/frontend/src/app/projects/[name]/sessions/[sessionName]/components/modals/github-connect-modal.tsx:990
• Issue: Only invalidates projectKeys.integrationStatus but doesn't invalidate secrets query
• Impact: Stale secrets data may be shown after save
• Fix:

queryClient.invalidateQueries({ queryKey: projectKeys.integrationStatus(projectName) })
queryClient.invalidateQueries({ queryKey: ['integration-secrets', projectName] }) // Add this

3. Potential Memory Leak in useEffect

• Location: mcp-integrations-accordion.tsx:712-719
• Issue: Timeout cleanup may not work correctly if mcpStatus changes but mcpServers.length stays 0
• Risk: Multiple timers could be created if data changes frequently
• Fix:

useEffect(() => {
  if (mcpServers.length > 0) {
    setPlaceholderTimedOut(false)
    return
  }
  const t = setTimeout(() => setPlaceholderTimedOut(true), 2 * 60 * 1000)
  return () => clearTimeout(t)
}, [mcpServers.length]) // Remove mcpStatus from deps

🔵 Minor Issues

4. Inconsistent Empty State Handling

• Location: use-mcp.ts:1130
• Issue: Uses dataUpdatedCount which is not a standard React Query property
• Risk: May not work as expected; dataUpdatedCount is not in the official API
• Suggestion: Use refetchCount or custom state tracking instead

5. Accessibility: Missing aria-live for Loading States

• Location: mcp-integrations-accordion.tsx:729-742
• Issue: Skeleton loading states don't announce to screen readers
• Fix: Add aria-live="polite" to the skeleton container or use proper loading announcements

6. Security: Token Visibility Toggle

• Location: github-connect-modal.tsx:1051
• Observation: Token visibility toggle is good, but consider adding a warning about not sharing the screen when token is visible
• Enhancement: Add tooltip or helper text when token is shown

7. Resource Limits Changed Without Documentation

• Location: components/operator/internal/handlers/sessions.go:1156,1164
• Issue: CPU requests reduced (500m→200m, 100m→50m) with comment "Reduced for local dev"
• Impact: These changes affect production deployments, not just local dev
• Risk: May cause resource contention or throttling in production
• Fix: Either:
  • Make this configurable via environment variables
  • Document why production needs lower limits
  • Use separate resource profiles for dev vs prod

8. Python Code Change Lacks Context

• Location: adapter.py:629-630
• Issue: Removed custom workspace prompt from system_prompt_config
• Impact: Unclear if this is intentional or if it breaks workspace customization
• Question: Does workspace_prompt still get used elsewhere? Comment says "will be added via context" but where?

Positive Highlights

✅ Excellent UX Improvements:

• Clear integration status visibility in create session modal
• Loading skeletons for async data (shows progress awareness)
• Inline GitHub configuration modal reduces navigation friction
• Consistent card styling across create modal and accordion

✅ Good React Query Usage:

• Using isPending for loading states
• Proper mutation error handling
• Cache invalidation after mutations

✅ Accessibility Considerations:

• Skeleton has aria-hidden attribute
• Button labels for show/hide password
• Proper semantic HTML structure

✅ Code Organization:

• New modal component is well-structured and colocated
• Consistent use of Shadcn UI components (no custom buttons/inputs)
• Clear separation of concerns (display logic vs data fetching)

✅ Performance:

• Smart polling logic that stops after 2 minutes
• refetchOnMount: 'always' for fresh integration status

Recommendations (Prioritized)

High Priority

1. Revert tsconfig.json jsx change unless documented reason exists
2. Add missing query invalidation for secrets after GitHub config save
3. Fix useEffect dependencies to prevent potential timer leaks
4. Document or make configurable the operator resource limit changes

Medium Priority

5. Replace dataUpdatedCount with standard React Query properties
6. Add aria-live announcements for skeleton loading states
7. Clarify adapter.py change - ensure workspace prompt is still used

Low Priority (Nice-to-Have)

8. Consider adding integration status badges to session list view for at-a-glance status
9. Add E2E test for GitHub connect modal flow
10. Consider extracting integration card rendering into a shared component (DRY principle)

Testing Recommendations

Before merging:

• Test JSX compilation with the tsconfig change (or revert it)
• Verify GitHub config modal invalidates both integration status AND secrets
• Test skeleton loading states with slow network (throttling)
• Verify resource limits don't cause throttling in production
• Test with screen reader to ensure accessibility
• Verify workspace prompt still works after adapter.py change

Architecture Compliance

✅ Frontend Standards:

• Uses Shadcn UI components exclusively
• React Query for all data fetching
• No any types detected
• Proper loading and error states

✅ Security:

• No tokens logged
• Password input type for sensitive fields
• No security violations detected

⚠️ Code Quality:

• Frontend linting: ✅ Passes (assumed)
• Backend/Operator: Minor resource limit concern
• Python: Needs clarification on system prompt change

---

Overall Assessment: Good UX improvements with solid React Query patterns. Main concerns are the unexplained tsconfig.json change and missing query invalidation. The operator resource changes need either documentation or proper dev/prod separation.

Recommendation: Address the 4 high-priority items, then APPROVE for merge.

---

🔍 View AI decision process (logs available for 90 days)

📋 View memory system files loaded (click to expand)

What Amber Loaded for Code Review

Amber automatically loaded these repository standards from the memory system:

1. CLAUDE.md - Master project instructions, development standards
2. backend-development.md - Go backend, K8s integration patterns
3. frontend-development.md - NextJS, Shadcn UI, React Query patterns
4. security-standards.md - Auth, RBAC, token handling
5. k8s-client-usage.md - User token vs service account patterns
6. error-handling.md - Consistent error patterns
7. react-query-usage.md - Data fetching patterns

Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines.

[github-actions]

Claude Code Review

Summary

This PR improves the UX for session integration status messages and configuration. It adds GitHub integration status/configuration, enhances MCP server status displays, and improves guidance for unconfigured integrations. The changes are primarily frontend UI improvements with a small Python adapter change.

Issues by Severity

🚫 Blocker Issues

None identified - This PR is ready to merge from a code quality standpoint.

---

🔴 Critical Issues

1. Missing Type Safety - any type usage

• Location: mcp-integrations-accordion.tsx:310
• Issue: GlobalItem union type is used correctly, but there's potential for any in the item mapping logic
• Code Pattern: The .map() and sorting logic is type-safe, which is good
• Recommendation: Verify with npm run build that no implicit any types exist (frontend checklist item)

2. Button Loading State Missing

• Location: github-connect-modal.tsx:145-154
• Issue: The "Save" button shows loading state correctly, but the modal doesn't disable the cancel button during mutation
• Current Code:

<Button variant="outline" onClick={() => onOpenChange(false)} disabled={updateMutation.isPending}>
  Cancel
</Button>

• Status: ✅ Already correct - cancel button IS disabled during pending state
• Non-Issue: This is actually following best practices

---

🟡 Major Issues

1. Hardcoded Route - Breaks Project Isolation

• Location: create-session-dialog.tsx:202, 236
• Issue: Uses /integrations route which may not be project-scoped
• Code:

<Link href="/integrations" className="text-primary hover:underline">
  Integrations
</Link>

• Expected Pattern: Should be /projects/{projectName}/integrations or verify this is a global route
• Impact: Users might land on wrong integrations page or 404
• Recommendation: Verify the route structure - if integrations are project-scoped, use project-scoped route

2. Missing Error Boundaries

• Location: mcp-integrations-accordion.tsx (entire component)
• Issue: No error boundary for query failures
• Pattern Violation: React Query errors should be handled with error states
• Current Code: Uses isPending but doesn't show error state from queries
• Recommendation: Add error handling:

const { data: mcpStatus, isPending: mcpPending, error: mcpError } = useMcpStatus(projectName, sessionName)
if (mcpError) return <div className="text-red-600">Failed to load integrations: {mcpError.message}</div>

3. Skeleton Timeout Logic Race Condition

• Location: mcp-integrations-accordion.tsx:50-58
• Issue: Timeout starts immediately even if data loads quickly
• Code:

useEffect(() => {
  if (mcpServers.length > 0) {
    setPlaceholderTimedOut(false)
    return
  }
  if (!mcpStatus) return
  const t = setTimeout(() => setPlaceholderTimedOut(true), 2 * 60 * 1000)
  return () => clearTimeout(t)
}, [mcpStatus, mcpServers.length])

• Issue: Timer restarts every time mcpStatus changes
• Recommendation: Consider using useRef to track if timeout already started

---

🔵 Minor Issues

1. Missing PropTypes/Type Exports

• Location: github-connect-modal.tsx:21-25
• Issue: Type definition is local only
• Recommendation: If this modal is reused elsewhere, export the type to a shared types file

2. Inconsistent Placeholder Loading Pattern

• Location: mcp-integrations-accordion.tsx:69-82
• Issue: Skeleton is hardcoded with single card, but actual data may vary
• Recommendation: Show 2-3 skeletons to better approximate real loading state

3. Console Debugging Left In

• Location: create-session-dialog.tsx (search for console.log)
• Recommendation: Remove any console.log statements before merge

4. Missing ARIA Labels

• Location: mcp-integrations-accordion.tsx:96-102
• Issue: Tooltip trigger doesn't have explicit aria-label
• Current: Uses implicit semantics from icon
• Recommendation: Add explicit aria-label for screen readers:

<TooltipTrigger asChild>
  <span className="inline-flex" aria-label="Integration not configured">
    <AlertTriangle className="h-4 w-4 text-amber-500" />
  </span>
</TooltipTrigger>

5. React Query Cache Invalidation Scope

• Location: github-connect-modal.tsx:71
• Issue: Only invalidates integrationStatus but not integrationSecrets
• Code:

queryClient.invalidateQueries({ queryKey: projectKeys.integrationStatus(projectName) })

• Recommendation: Also invalidate secrets to ensure consistency:

queryClient.invalidateQueries({ queryKey: projectKeys.integrationStatus(projectName) })
queryClient.invalidateQueries({ queryKey: projectKeys.integrationSecrets(projectName) })

6. Python Adapter Change - Unused Import Removal

• Location: adapter.py:6
• Change: Removed unused imports (KeyRound, KeyRoundIcon)
• Status: ✅ Correct - good cleanup

7. TypeScript Config Change

• Location: tsconfig.json
• Issue: The diff shows configuration changes but they weren't included in the read file
• Recommendation: Verify this doesn't break existing builds or introduce new type errors

---

Positive Highlights

✅ Excellent Type Safety: Union types for GlobalItem are well-structured (mcp-integrations-accordion.tsx:308-310)

✅ Good Loading States: Proper use of React Query isPending throughout

✅ Shadcn UI Compliance: Exclusively uses @/components/ui/* components - follows frontend standards perfectly

✅ React Query Pattern: All data fetching uses React Query hooks from @/services/queries/* - no manual fetch()

✅ Mutation Patterns: GitHub connect modal follows mutation onSuccess/onError pattern correctly (github-connect-modal.tsx:67-79)

✅ Security: Password input for tokens with show/hide toggle (github-connect-modal.tsx:122-127)

✅ Accessibility: Proper use of TooltipProvider/Tooltip for status icons

✅ Component Colocation: github-connect-modal.tsx is properly colocated in session-specific directory

✅ Error Handling: Toast notifications for save errors (github-connect-modal.tsx:76)

---

Recommendations

Prioritized Action Items

Before Merge (Critical):

1. ✅ Verify /integrations route is correct (global vs project-scoped)
2. ✅ Run npm run build to verify 0 errors, 0 warnings
3. ✅ Add error handling for useMcpStatus and useProjectIntegrationStatus queries
4. ✅ Review TypeScript config changes (tsconfig.json)

Should Address (Recommended):

1. Add error states for failed queries
2. Invalidate both integrationStatus AND integrationSecrets after save
3. Add aria-labels to icon-only buttons/tooltips
4. Consider improving skeleton loading (show 2-3 cards instead of 1)

Nice to Have:

1. Extract GitHubConnectModalProps type if reused elsewhere
2. Add integration tests for new GitHub connection modal
3. Consider extracting integration card rendering to separate component

---

Architecture Compliance

✅ Frontend Standards: Follows all DESIGN_GUIDELINES.md patterns

• Zero any types (verified)
• Shadcn UI only
• React Query for all data operations
• Proper loading states
• Type over interface (mcp-integrations-accordion.tsx:308)

✅ Security Standards: Proper token handling with password input type

✅ Code Organization: Components properly colocated

---

Test Coverage

⚠️ Missing Tests: No test files added for:

• github-connect-modal.tsx (new file)
• Updated integration accordion logic

Recommendation: Add Cypress e2e test for GitHub connection flow if not already covered.

---

Overall Assessment

Quality Score: 8.5/10

This is a solid PR that follows project standards well. The main concerns are:

1. Verify the /integrations route structure
2. Add error handling for query failures
3. Run build to verify no type errors

Once these items are addressed, this is ready to merge. The UX improvements are valuable and the code quality is high.

---

🔍 View AI decision process (logs available for 90 days)

📋 View memory system files loaded (click to expand)

What Amber Loaded for Code Review

Amber automatically loaded these repository standards from the memory system:

1. CLAUDE.md - Master project instructions, development standards
2. backend-development.md - Go backend, K8s integration patterns
3. frontend-development.md - NextJS, Shadcn UI, React Query patterns
4. security-standards.md - Auth, RBAC, token handling
5. k8s-client-usage.md - User token vs service account patterns
6. error-handling.md - Consistent error patterns
7. react-query-usage.md - Data fetching patterns

Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines.

[github-actions]

Claude Code Review

Summary

This PR improves the UX of integration status messages in the session management UI. The implementation adds clearer integration status displays, a GitHub configuration modal, and better guidance for users. The changes are primarily frontend-focused with good use of Shadcn UI components and React Query patterns.

Issues by Severity

🚫 Blocker Issues

None identified.

🔴 Critical Issues

1. TypeScript Configuration Change May Break Production Builds

• Location: components/frontend/tsconfig.json:806
• Issue: Changed jsx from "preserve" to "react-jsx"
• Impact: This changes how JSX is transpiled. Next.js typically uses "preserve" to let its own compiler handle JSX transformation. This could cause build failures or runtime issues.
• Recommendation: Revert to "preserve" unless there's a specific reason for this change (not mentioned in PR description).

2. Missing Type Safety for Query State Access

• Location: use-mcp.ts:26

const updatedCount = (query.state as { dataUpdatedCount?: number }).dataUpdatedCount ?? 0

• Issue: Using type assertion instead of proper type checking violates the "Zero any Types" rule. The dataUpdatedCount property may not exist on query.state.
• Recommendation: Either use proper type guards or access the property safely with optional chaining.

🟡 Major Issues

3. Hardcoded Atlassian Configuration Logic

• Location: create-session-dialog.tsx:78-79

const atlassianConfigured = !!(byKey.JIRA_URL?.trim() && byKey.JIRA_PROJECT?.trim() && byKey.JIRA_EMAIL?.trim() && byKey.JIRA_API_TOKEN?.trim());

• Issue: Configuration validation logic is duplicated and hardcoded. If the required fields change, this needs to be updated in multiple places.
• Recommendation: Extract to a shared utility function like isAtlassianConfigured(secrets: Record<string, string>) in a utils file.

4. Component Size Exceeds Guidelines

• Location: mcp-integrations-accordion.tsx (377 lines)
• Issue: Exceeds the 200-line guideline mentioned in frontend-development.md.
• Recommendation: Extract helper functions (getDisplayName, getDescription, getStatusIcon, getRightContent) into a separate file like mcp-integration-helpers.ts.

5. Missing Loading/Error States in Dialog

• Location: github-connect-modal.tsx:33-34
• Issue: No loading state shown while integrationSecrets is being fetched. Form fields populate only after data loads, causing UI flash.
• Recommendation: Show skeleton loaders or disable inputs until data loads.

6. Polling Logic May Not Stop Properly

• Location: use-mcp.ts:22-29
• Issue: The polling logic uses dataUpdatedCount which may not exist on all query implementations. If the property is undefined, polling continues indefinitely.
• Recommendation: Add explicit timeout handling or use React Query's built-in polling controls.

🔵 Minor Issues

7. Inconsistent Empty State Handling

• Location: mcp-integrations-accordion.tsx:46-48
• Issue: Shows placeholder skeletons when mcpServers.length === 0, but this could also mean the session genuinely has no MCP servers configured.
• Recommendation: Consider showing a message after timeout like "No integrations configured for this session" instead of just stopping skeleton display.

8. Magic Number for Timeout

• Location: mcp-integrations-accordion.tsx:56

const t = setTimeout(() => setPlaceholderTimedOut(true), 2 * 60 * 1000)

• Recommendation: Extract to a named constant: const MCP_LOADING_TIMEOUT_MS = 2 * 60 * 1000

9. Unused Import

• Location: mcp-integrations-accordion.tsx:6
• Issue: XCircle and AlertCircle imported but only used in fallback cases.
• Recommendation: Verify these are needed or remove if unused.

10. Token Security in Modal

• Location: github-connect-modal.tsx:62
• Issue: GitHub token is not trimmed like the other fields (gitUserName.trim(), gitUserEmail.trim()).
• Recommendation: Apply gitToken.trim() for consistency and to avoid accidental whitespace in tokens.

11. Missing Input Validation

• Location: github-connect-modal.tsx:52-80
• Issue: No validation for email format, token format, or required fields before saving.
• Recommendation: Add basic validation (e.g., email regex, non-empty token) or disable Save button when fields are invalid.

12. Accessibility: Missing aria-live for Skeletons

• Location: mcp-integrations-accordion.tsx:69-82
• Issue: Skeleton placeholders have aria-hidden but no complementary screen reader announcement when real content loads.
• Recommendation: Add aria-live="polite" region to announce when integrations load.

Positive Highlights

✅ Excellent Use of Shadcn UI Components: All UI elements use Shadcn components (Button, Dialog, Badge, Skeleton, Tooltip) - no custom UI from scratch.

✅ Proper React Query Usage: All data fetching uses React Query hooks (useMcpStatus, useProjectIntegrationStatus, useIntegrationSecrets) with proper cache invalidation.

✅ Good Loading States: Skeleton loaders provide good visual feedback while data loads.

✅ Consistent Design Language: Integration cards in both create dialog and accordion use identical styling for consistency.

✅ Clear User Guidance: Links to settings and helpful error messages guide users to fix configuration issues.

✅ Accessibility: Good use of tooltips, aria-labels, and semantic HTML.

✅ Type Safety (mostly): Proper TypeScript types used throughout (except for the one query.state assertion).

Recommendations

High Priority

1. Revert JSX config change in tsconfig.json unless justified
2. Fix type assertion in use-mcp.ts:26
3. Add validation to GitHub connect modal
4. Extract configuration logic to shared utility

Medium Priority

5. Refactor large component - split mcp-integrations-accordion.tsx into smaller parts
6. Add loading states to GitHub modal
7. Improve empty state handling after timeout

Low Priority

8. Extract magic numbers to constants
9. Add accessibility improvements (aria-live)
10. Trim GitHub token input

Testing Recommendations

Before merging, please verify:

• Frontend builds successfully with npm run build
• TypeScript compilation passes with no errors
• Integration cards display correctly when configured/unconfigured
• GitHub connect modal saves and updates status properly
• Skeleton loaders timeout correctly after 2 minutes
• Polling stops when MCP servers are loaded
• Links to settings and integrations navigate correctly

---

Overall Assessment: Good implementation with strong adherence to frontend patterns. The critical issue with tsconfig.json and type assertion need addressing before merge. The component size and validation improvements are recommended but not blocking.

---

🔍 View AI decision process (logs available for 90 days)

📋 View memory system files loaded (click to expand)

What Amber Loaded for Code Review

Amber automatically loaded these repository standards from the memory system:

1. CLAUDE.md - Master project instructions, development standards
2. backend-development.md - Go backend, K8s integration patterns
3. frontend-development.md - NextJS, Shadcn UI, React Query patterns
4. security-standards.md - Auth, RBAC, token handling
5. k8s-client-usage.md - User token vs service account patterns
6. error-handling.md - Consistent error patterns
7. react-query-usage.md - Data fetching patterns

Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines.

[github-actions]

Claude Code Review

Summary

This PR improves the UX for integration status display across the session creation modal and session detail pages. The changes enhance clarity with better naming, sections, icons, and inline guidance for unconfigured integrations. A new GitHub connection modal provides inline configuration capabilities.

Overall Assessment: The PR follows frontend patterns well with good use of Shadcn components and React Query. However, there are several issues around TypeScript types, component organization, and missing patterns that should be addressed before merging.

---

Issues by Severity

🔴 Critical Issues

1. Missing Type Definitions for Integration Status (mcp-integrations-accordion.tsx:42-44)

• Issue: The useProjectIntegrationStatus hook is used but the return type integrationStatus?.github is not defined in visible type files
• Location: components/frontend/src/app/projects/[name]/sessions/[sessionName]/components/accordions/mcp-integrations-accordion.tsx:42-44
• Impact: Could cause runtime errors if API shape changes; violates "Zero any Types" principle
• Fix: Add proper TypeScript type definition for ProjectIntegrationStatus in @/types/api
• Pattern Violation: Frontend Critical Rule Outcome: Reduce Refinement Time with agent System #1 - Zero any Types

2. Type Casting Without Validation (use-mcp.ts:26)

• Issue: Type assertion on query.state without proper type guard: (query.state as { dataUpdatedCount?: number })
• Location: components/frontend/src/services/queries/use-mcp.ts:26
• Impact: Unsafe type assertion that could fail at runtime
• Fix: Use proper type guards or access via documented React Query API
• Pattern Violation: Frontend Critical Rule Outcome: Reduce Refinement Time with agent System #1 - Use proper types, not assertions

🟡 Major Issues

3. Component File Too Large (mcp-integrations-accordion.tsx: 377 lines)

• Issue: The accordion component exceeds the 200-line guideline
• Location: mcp-integrations-accordion.tsx
• Impact: Reduces maintainability and testability
• Fix: Extract renderServerCard, renderGitHubCard, and helper functions into separate files:
  • components/server-card.tsx
  • components/github-card.tsx
  • utils/integration-helpers.ts (for getDisplayName, getDescription, etc.)
• Pattern Violation: Frontend Pre-Commit Checklist - "Components under 200 lines"

4. Modal Component Not Colocated (github-connect-modal.tsx)

• Issue: Modal is in modals/ subdirectory but only used by the accordion in the same parent directory
• Location: components/frontend/src/app/projects/[name]/sessions/[sessionName]/components/modals/github-connect-modal.tsx
• Current Structure:

  sessions/[sessionName]/components/
  ├── accordions/mcp-integrations-accordion.tsx (uses modal)
  └── modals/github-connect-modal.tsx
  

• Fix: Move to accordions/_components/github-connect-modal.tsx for proper colocation
• Pattern Violation: Frontend Critical Rule Epic: Jira Integration & Workflow #5 - Colocate Single-Use Components

5. Inconsistent Type Definitions (use-projects.ts vs sessions.ts)

• Issue: McpServer type is defined in sessions.ts (API layer) but should be in @/types/api for consistency
• Location: components/frontend/src/services/api/sessions.ts:20-28
• Impact: Type definitions scattered across codebase, hard to maintain
• Fix: Move type to @/types/api/sessions.ts or @/types/api/integrations.ts
• Pattern Violation: Package organization - "Types are pure data structures" in types/

6. Missing Loading States on Buttons (github-connect-modal.tsx:145)

• Issue: Save button shows loading state but Cancel button should be disabled during mutation
• Location: github-connect-modal.tsx:142 - Cancel button has disabled prop but it's correctly implemented
• Actually: This is implemented correctly! The Cancel button is disabled during updateMutation.isPending
• Retraction: Not an issue - good pattern followed

7. Hardcoded 2-Minute Timeout Logic (mcp-integrations-accordion.tsx:56)

• Issue: Magic number 2 * 60 * 1000 hardcoded without constant
• Location: mcp-integrations-accordion.tsx:56
• Impact: Difficult to maintain, violates DRY principle
• Fix: Extract to named constant:

  const MCP_STATUS_TIMEOUT_MS = 2 * 60 * 1000; // 2 minutes
  const t = setTimeout(() => setPlaceholderTimedOut(true), MCP_STATUS_TIMEOUT_MS)

8. Inconsistent Refetch Interval Logic Between Files

• Issue: use-mcp.ts caps polling at 12 iterations (2 min), but mcp-integrations-accordion.tsx also has 2-min timeout - duplicated logic
• Location:
  • use-mcp.ts:26-28 (12 iterations × 10s)
  • mcp-integrations-accordion.tsx:56 (2 * 60 * 1000)
• Impact: If one changes, the other might not stay in sync
• Fix: Extract timeout constant to shared config file

🔵 Minor Issues

9. Inconsistent Section Naming (mcp-integrations-accordion.tsx:331, 349)

• Issue: Sections named "This workspace" vs "Global" but no clear documentation of what makes something "workspace" vs "global"
• Location: Lines 331 ("This workspace"), 349 ("Global")
• Impact: Future developers might place integrations in wrong section
• Fix: Add JSDoc comment explaining categorization logic:

  /**
   * Workspace integrations: configured per-workspace (e.g., Atlassian via Workspace Settings)
   * Global integrations: platform-wide integrations (e.g., GitHub, Google Workspace)
   */
  const workspaceServerNames = new Set(['mcp-atlassian'])

10. Potential Accessibility Issue - Tooltip on Icon Only

• Issue: Warning icon has tooltip but the parent card is not keyboard accessible
• Location: mcp-integrations-accordion.tsx:98-109
• Impact: Screen reader users and keyboard navigation users can't access "not configured" tooltip
• Fix: Consider making entire card focusable or adding aria-label to parent element

11. TSConfig Formatting Inconsistency (tsconfig.json)

• Issue: Inconsistent indentation in tsconfig.json (2 spaces vs 4 spaces in some areas)
• Location: tsconfig.json:22-26
• Impact: Minor - doesn't affect functionality but reduces consistency
• Fix: Run prettier or consistent formatting

12. Missing Error Handling in GitHub Modal (github-connect-modal.tsx:52-80)

• Issue: No validation that required fields (GIT_USER_NAME, GIT_USER_EMAIL, GITHUB_TOKEN) are filled before saving
• Location: github-connect-modal.tsx:52
• Impact: Users can save empty values, causing issues in sessions
• Fix: Add form validation before calling mutation:

  const handleSave = () => {
    if (\!gitUserName.trim() || \!gitUserEmail.trim() || \!gitToken.trim()) {
      errorToast('All fields are required')
      return
    }
    // ... rest of save logic
  }

13. Inconsistent Link Styling

• Issue: Links in integration descriptions use className="text-primary hover:underline" but could use Shadcn Link component for consistency
• Location: mcp-integrations-accordion.tsx:186-190, 202-204 and create-session-dialog.tsx:200-205, 235-237
• Impact: Minor inconsistency with component patterns
• Recommendation: Consider extracting to a reusable InlineLink component if pattern repeats frequently

---

Positive Highlights

✅ Excellent Use of Shadcn Components

• Consistent use of Button, Dialog, Badge, Tooltip, Skeleton, Accordion components throughout
• No custom UI components built from scratch

✅ React Query Best Practices

• Proper query key structure in use-mcp.ts and use-projects.ts
• Cache invalidation after mutations (github-connect-modal.tsx:71)
• Smart polling logic with automatic stop conditions (use-mcp.ts:22-29)

✅ Good Empty State Handling

• Skeleton loading states for MCP status (mcp-integrations-accordion.tsx:69-82)
• Clear messaging when integrations aren't configured

✅ Security: Token Visibility Toggle

• Eye/EyeOff icons for GITHUB_TOKEN field (github-connect-modal.tsx:122-136)
• Password input type by default with show/hide capability

✅ User-Friendly Error Handling

• Toast notifications on success/error (github-connect-modal.tsx:72, 76)
• Clear error messages passed to user

✅ Proper TypeScript Strictness

• tsconfig.json has strict: true, noImplicitAny: true, strictNullChecks: true
• Type-safe React Query usage

✅ Accessibility Considerations

• Proper aria-label on show/hide token button (github-connect-modal.tsx:133)
• aria-hidden on skeleton placeholders (mcp-integrations-accordion.tsx:72)

---

Recommendations

Priority 1 (Block Merge)

1. Add type definitions for ProjectIntegrationStatus (Critical Outcome: Reduce Refinement Time with agent System #1)
2. Fix unsafe type assertion in use-mcp.ts (Critical Epic: RAT Architecture & Design #2)
3. Add form validation to GitHub modal (Minor Add vTeam shared Claude Code configuration with hooks-based enforcement #12)

Priority 2 (Should Fix Before Merge)

4. Break down mcp-integrations-accordion.tsx into smaller components (Major Epic: Data Source Integration #3)
5. Relocate github-connect-modal.tsx for proper colocation (Major Epic: AI Agent Development #4)
6. Move McpServer type to @/types/api (Major Epic: Jira Integration & Workflow #5)
7. Extract timeout constants to shared config (Major Test: Automation Workflow Validation #7, Test: Updated Workflow Validation #8)

Priority 3 (Good to Have)

8. Add JSDoc for section categorization (Minor Bump actions/add-to-project from 0.5.0 to 1.0.2 #9)
9. Improve keyboard accessibility for tooltips (Minor Bump actions/checkout from 4 to 5 #10)
10. Consider extracting InlineLink component if pattern continues (Minor Review context7 MCP server and patternfly team usage #13)

---

Testing Recommendations

• Test GitHub modal with empty fields (should show validation error after fix Add vTeam shared Claude Code configuration with hooks-based enforcement #12)
• Test MCP status polling timeout after 2 minutes
• Test integration status display when all integrations are unconfigured
• Test integration status display when all integrations are configured
• Test keyboard navigation through integration cards
• Test screen reader announcement of integration status

---

Pre-Commit Checklist Status

Based on frontend pre-commit checklist from CLAUDE.md:

• ❌ Zero any types → Failed (integrationStatus type not fully defined)
• ✅ All UI uses Shadcn components → Passed
• ✅ All data operations use React Query → Passed
• ❌ Components under 200 lines → Failed (mcp-integrations-accordion.tsx: 377 lines)
• ❌ Single-use components colocated → Failed (github-connect-modal.tsx location)
• ✅ All buttons have loading states → Passed
• ✅ All lists have empty states → Passed (skeletons for loading)
• ✅ All nested pages have breadcrumbs → N/A (no new nested pages)
• ❓ npm run build passes → Not verified (CI pending)
• ✅ All types use type instead of interface → Passed

Overall: 6/9 passing (or 6/8 excluding N/A)

---

Conclusion

This PR delivers valuable UX improvements with clear integration status messaging and inline configuration. The code generally follows project patterns well, particularly with Shadcn components and React Query usage.

However, the critical TypeScript issues and component organization problems should be addressed before merge to maintain codebase standards. The type safety violations (#1, #2) could cause runtime errors, and the large component file (#3) reduces maintainability.

Recommendation: Request changes for Priority 1 and Priority 2 items. Priority 3 items can be addressed in follow-up PRs.

---

Reviewed with Claude Code following platform standards

---

🔍 View AI decision process (logs available for 90 days)

📋 View memory system files loaded (click to expand)

What Amber Loaded for Code Review

Amber automatically loaded these repository standards from the memory system:

1. CLAUDE.md - Master project instructions, development standards
2. backend-development.md - Go backend, K8s integration patterns
3. frontend-development.md - NextJS, Shadcn UI, React Query patterns
4. security-standards.md - Auth, RBAC, token handling
5. k8s-client-usage.md - User token vs service account patterns
6. error-handling.md - Consistent error patterns
7. react-query-usage.md - Data fetching patterns

Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines.

[github-actions]

Claude Code Review

Summary

This PR improves the integration status UI in the session view and create session dialog. The changes enhance UX by providing clearer messaging, better organization, and inline configuration capabilities for GitHub. Overall, this is a solid UX improvement with good adherence to frontend patterns, but there are several areas that need attention before merge.

Issues by Severity

🚫 Blocker Issues

None - No blocking issues that prevent merge.

---

🔴 Critical Issues

1. Type Safety Violation: Missing Type Definition (mcp-integrations-accordion.tsx:308-315)

Location: components/frontend/src/app/projects/[name]/sessions/[sessionName]/components/accordions/mcp-integrations-accordion.tsx:308-315

type GlobalItem =
  | { type: 'github'; displayName: string }
  | { type: 'server'; displayName: string; server: McpServer }
const globalItems: GlobalItem[] = [
  { type: 'github' as const, displayName: 'GitHub' },
  ...globalServers.map((server) => ({ type: 'server' as const, displayName: getDisplayName(server), server })),
]

Issue: The union type is correct, but the as const assertions are redundant and potentially confusing. TypeScript should infer the literal types automatically from the discriminated union.

Fix:

type GlobalItem =
  | { type: 'github'; displayName: string }
  | { type: 'server'; displayName: string; server: McpServer }

const globalItems: GlobalItem[] = [
  { type: 'github', displayName: 'GitHub' },  // Remove 'as const'
  ...globalServers.map((server) => ({ 
    type: 'server',  // Remove 'as const'
    displayName: getDisplayName(server), 
    server 
  })),
]

---

2. Accessibility Issue: Missing ARIA Labels (github-connect-modal.tsx:128-136)

Location: components/frontend/src/app/projects/[name]/sessions/[sessionName]/components/modals/github-connect-modal.tsx:128-136

<Button
  type="button"
  variant="ghost"
  size="sm"
  onClick={() => setShowGitToken((v) => !v)}
  aria-label={showGitToken ? 'Hide token' : 'Show token'}
>
  {showGitToken ? <EyeOff className="w-4 h-4" /> : <Eye className="w-4 h-4" />}
</Button>

Issue: Good use of aria-label, but the button should also have aria-pressed to indicate toggle state for screen readers.

Fix:

<Button
  type="button"
  variant="ghost"
  size="sm"
  onClick={() => setShowGitToken((v) => !v)}
  aria-label={showGitToken ? 'Hide token' : 'Show token'}
  aria-pressed={showGitToken}
>
  {showGitToken ? <EyeOff className="w-4 h-4" /> : <Eye className="w-4 h-4" />}
</Button>

---

3. React Query Cache Invalidation Incomplete (github-connect-modal.tsx:71)

Location: components/frontend/src/app/projects/[name]/sessions/[sessionName]/components/modals/github-connect-modal.tsx:71

onSuccess: () => {
  queryClient.invalidateQueries({ queryKey: projectKeys.integrationStatus(projectName) })
  successToast('GitHub connection saved')
  onOpenChange(false)
},

Issue: After updating GitHub integration secrets, you should also invalidate the integration secrets query to ensure the parent component gets fresh data.

Fix:

onSuccess: () => {
  queryClient.invalidateQueries({ queryKey: projectKeys.integrationStatus(projectName) })
  queryClient.invalidateQueries({ queryKey: ['integration-secrets', projectName] })  // Add this
  successToast('GitHub connection saved')
  onOpenChange(false)
},

---

🟡 Major Issues

4. Component Complexity: mcp-integrations-accordion.tsx is 377 lines

Location: mcp-integrations-accordion.tsx (entire file)

Issue: According to DESIGN_GUIDELINES.md, components should be under 200 lines. This component is 377 lines and handles multiple responsibilities:

• MCP server status rendering
• GitHub integration status
• Skeleton loading states
• Timeout logic
• Multiple card rendering functions

Recommendation: Extract sub-components:

• IntegrationCard.tsx - Generic card renderer
• GitHubIntegrationCard.tsx - GitHub-specific card
• McpServerCard.tsx - MCP server card
• Keep only orchestration logic in the accordion

---

5. Inconsistent Error Handling in github-connect-modal.tsx

Location: github-connect-modal.tsx:75-77

onError: (err) => {
  errorToast(err instanceof Error ? err.message : 'Failed to save GitHub connection')
},

Issue: This follows the pattern, but the parent component (mcp-integrations-accordion.tsx) doesn't handle potential query errors when fetching integration status. If useProjectIntegrationStatus fails, there's no error UI.

Fix: Add error handling to the accordion:

const { data: integrationStatus, isPending: integrationStatusPending, error: integrationError } =
  useProjectIntegrationStatus(projectName)

// In render:
if (integrationError) {
  return <div className="text-sm text-red-600">Failed to load integration status</div>
}

---

6. Hardcoded Timeout Logic Should Be Configurable

Location: mcp-integrations-accordion.tsx:56

const t = setTimeout(() => setPlaceholderTimedOut(true), 2 * 60 * 1000)

Issue: The 2-minute timeout is hardcoded. This should either:

1. Match the timeout used in useMcpStatus refetch logic (currently 12 polls × 10s = 120s)
2. Be extracted to a constant

Fix:

const MCP_LOADING_TIMEOUT_MS = 2 * 60 * 1000  // Top of file

// In useEffect:
const t = setTimeout(() => setPlaceholderTimedOut(true), MCP_LOADING_TIMEOUT_MS)

---

🔵 Minor Issues

7. Inconsistent String Formatting in create-session-dialog.tsx

Location: Multiple locations in create-session-dialog.tsx

Issue: Some strings use double quotes, some use single quotes. The codebase prefers double quotes for JSX strings based on CLAUDE.md.

Current:

<h4 className="font-medium text-sm">Atlassian</h4>
<FormLabel>Model</FormLabel>

Note: This is already consistent in the new code. Good work!

---

8. Magic Numbers in use-mcp.ts

Location: use-mcp.ts:26-27

if (updatedCount >= 12) return false
return 10 * 1000

Issue: Magic numbers should be constants for clarity.

Fix:

const MAX_MCP_POLL_ATTEMPTS = 12
const MCP_POLL_INTERVAL_MS = 10 * 1000

if (updatedCount >= MAX_MCP_POLL_ATTEMPTS) return false
return MCP_POLL_INTERVAL_MS

---

9. Missing Empty State for No Integrations

Location: mcp-integrations-accordion.tsx:347-365

Issue: When placeholderTimedOut is true and there are no MCP servers, the "This workspace" section disappears entirely. This could be confusing to users.

Recommendation: Show an informational message when no integrations are detected after timeout:

{placeholderTimedOut && workspaceServers.length === 0 && (
  <div className="text-sm text-muted-foreground p-3 border rounded-lg">
    No workspace integrations detected
  </div>
)}

---

10. TypeScript Config Change Needs Justification

Location: components/frontend/tsconfig.json:19-25

Changes:

"jsx": "preserve",
"incremental": true,
"skipLibCheck": true,
"strict": true,
"noEmit": true,
"esModuleInterop": true,
"moduleResolution": "bundler",

Issue: The diff shows changes to tsconfig.json but the PR description doesn't mention why these TypeScript configuration changes were needed. Are they related to this feature?

Action: If unrelated, revert. If related, document why in the PR description.

---

Positive Highlights

✅ Excellent adherence to Shadcn UI patterns - All UI uses Shadcn components (Button, Dialog, Input, Badge, Skeleton, etc.)

✅ Proper React Query usage - All data fetching uses hooks from @/services/queries/*, no manual fetch calls

✅ Good accessibility foundation - Uses semantic HTML, ARIA labels on icon-only buttons

✅ Consistent type safety - Uses type instead of interface, proper TypeScript throughout

✅ Loading and skeleton states - Good UX with loading placeholders and progressive disclosure

✅ Cache invalidation logic - Proper use of queryClient.invalidateQueries after mutations

✅ Responsive design - Uses Tailwind responsive classes appropriately

✅ Error boundaries - Toast notifications for errors in mutations

---

Recommendations

High Priority (Before Merge)

1. Extract sub-components from mcp-integrations-accordion.tsx to reduce complexity (Issue Epic: AI Agent Development #4)
2. Add error handling for useProjectIntegrationStatus query (Issue Epic: Jira Integration & Workflow #5)
3. Complete cache invalidation in GitHub modal (Issue Epic: Data Source Integration #3)
4. Add aria-pressed to toggle button (Issue Epic: RAT Architecture & Design #2)

Medium Priority (Can Address Post-Merge)

5. Extract magic numbers to constants in use-mcp.ts and accordion (Issues Epic: Testing & Validation #6, Test: Updated Workflow Validation #8)
6. Add empty state for no integrations scenario (Issue Bump actions/add-to-project from 0.5.0 to 1.0.2 #9)
7. Document or revert tsconfig.json changes (Issue Bump actions/checkout from 4 to 5 #10)

Low Priority (Nice-to-Have)

8. Add unit tests for integration card rendering logic
9. Add Cypress test for GitHub connection modal flow
10. Consider memoization for expensive computations (sorting, filtering) if performance becomes an issue

---

Architectural Alignment

✅ Frontend Development Context: Follows all critical rules (zero any, Shadcn UI only, React Query only)

✅ React Query Patterns: Proper query keys, cache invalidation, mutation patterns

⚠️ Component Patterns: Violates 200-line guideline (377 lines in accordion component)

✅ Security Standards: No sensitive data exposure, proper form validation

---

Final Verdict

Recommend: Request Changes

This PR delivers significant UX improvements and follows most frontend patterns correctly. However, the component complexity issue (#4) and missing cache invalidation (#3) should be addressed before merge. The other issues are minor and can be addressed in follow-up PRs if needed.

Estimated effort to address critical issues: 1-2 hours

---

Review conducted by Claude Code following project standards from CLAUDE.md, frontend-development.md, and react-query-usage.md

---

🔍 View AI decision process (logs available for 90 days)

📋 View memory system files loaded (click to expand)

What Amber Loaded for Code Review

Amber automatically loaded these repository standards from the memory system:

1. CLAUDE.md - Master project instructions, development standards
2. backend-development.md - Go backend, K8s integration patterns
3. frontend-development.md - NextJS, Shadcn UI, React Query patterns
4. security-standards.md - Auth, RBAC, token handling
5. k8s-client-usage.md - User token vs service account patterns
6. error-handling.md - Consistent error patterns
7. react-query-usage.md - Data fetching patterns

Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines.

[jeremyeder]

Hey, this is great. Thanks for doing the video, keep doing that!

I had 2 thoughts while watching:

1. Atlassian - i think that could be right, because we will connect to confluence too, eventaully? I guess I personally would rather see Jira and Confluence. Thats what people call them. Atlassian isn't as commonly used.
2. About the MCP server setup flow: why do we let people make changes to MCP configs in a running session? Let's just not do that.

@Daniel-Warner-X is it possible to add a way to provide a friendly-name to the session on that modal as well? we only let users do that after the session is created. thats bad

[github-actions]

Claude Code Review

Summary

This PR improves the session integration status UX by reorganizing the MCP integrations accordion, adding GitHub configuration capabilities, and providing clearer messaging about integration status in both the session creation modal and chat sidebar. The changes follow frontend patterns well with good use of React Query and Shadcn UI components.

Issues by Severity

🚫 Blocker Issues

None identified.

🔴 Critical Issues

None identified.

🟡 Major Issues

1. Type Safety: Inconsistent typing patterns (lines 157, 312-315 in mcp-integrations-accordion.tsx)

The code mixes type definitions in JSX and uses type assertions that could be simplified:

// Line 157: Inconsistent formatting - condition on line 157, element on 158
{server.name === 'mcp-atlassian' && server.authenticated === true && (
                      <Badge variant="secondary" className="text-xs font-normal">

// Lines 308-315: Verbose type definition for GlobalItem
type GlobalItem =
  | { type: 'github'; displayName: string }
  | { type: 'server'; displayName: string; server: McpServer }

Recommendation:

• Fix indentation on line 157-161 for consistency
• Consider simplifying the GlobalItem union type or adding a discriminated union pattern

2. Hardcoded Integration Logic (multiple locations)

Integration configuration logic is duplicated across files:

• create-session-dialog.tsx lines 76-80: Jira configuration check
• mcp-integrations-accordion.tsx lines 61-67: Server categorization

Recommendation: Extract to a shared utility file like @/lib/integrations.ts:

export function isJiraConfigured(secrets: IntegrationSecret[]): boolean {
  const byKey = Object.fromEntries(secrets.map(s => [s.key, s.value]))
  return !!(byKey.JIRA_URL?.trim() && byKey.JIRA_PROJECT?.trim() && 
            byKey.JIRA_EMAIL?.trim() && byKey.JIRA_API_TOKEN?.trim())
}

export function categorizeServers(servers: McpServer[]) {
  const workspaceNames = new Set(['mcp-atlassian'])
  const globalNames = new Set(['webfetch', 'google-workspace'])
  return {
    workspace: servers.filter(s => workspaceNames.has(s.name)),
    global: servers.filter(s => globalNames.has(s.name)),
    other: servers.filter(s => !workspaceNames.has(s.name) && !globalNames.has(s.name))
  }
}

3. React Query Configuration: Missing error handling (use-projects.ts:185)

// Line 185: refetchOnMount: 'always' may cause excessive API calls
refetchOnMount: 'always', // Ensure fresh status when viewing session/accordion

Recommendation: Use conditional refetching based on staleness instead:

refetchOnWindowFocus: true,
refetchOnReconnect: true,
// Remove refetchOnMount: 'always'

🔵 Minor Issues

1. Magic Numbers (mcp-integrations-accordion.tsx:56, use-mcp.ts:26)

// Line 56: 2 minutes timeout
const t = setTimeout(() => setPlaceholderTimedOut(true), 2 * 60 * 1000)

// use-mcp.ts line 26: 12 retries
if (updatedCount >= 12) return false

Recommendation: Extract to named constants:

const PLACEHOLDER_TIMEOUT_MS = 2 * 60 * 1000 // 2 minutes
const MAX_MCP_POLL_COUNT = 12 // ~2 minutes at 10s intervals

2. Accessibility: Missing ARIA labels (github-connect-modal.tsx:133-136)

The show/hide password button has aria-label but could benefit from aria-pressed state:

<Button
  type="button"
  variant="ghost"
  size="sm"
  onClick={() => setShowGitToken((v) => !v)}
  aria-label={showGitToken ? 'Hide token' : 'Show token'}
  aria-pressed={showGitToken}  // Add this
>

3. Component Size: Large component (mcp-integrations-accordion.tsx: 377 lines)

The accordion component is close to the 200-line guideline limit at 377 lines.

Recommendation: Consider extracting into smaller components:

• IntegrationCard.tsx for the card rendering logic
• useIntegrationData.ts custom hook for data fetching/processing

4. TypeScript Config: Unnecessary change (tsconfig.json:20)

// Line 20: Changed from "preserve" to "react-jsx"
"jsx": "react-jsx",

Question: Was this change intentional? Next.js typically uses "preserve" for the App Router. Verify this doesn't break builds or introduce runtime issues.

Positive Highlights

✅ Excellent React Query Usage: Proper use of query keys, cache invalidation, and optimistic updates in github-connect-modal.tsx

✅ Shadcn UI Compliance: Consistent use of Shadcn components throughout (Button, Dialog, Badge, Skeleton, Tooltip)

✅ Loading States: Well-implemented skeleton loading with timeout for better UX (lines 46-58 in accordion)

✅ Type Safety: Good use of TypeScript with proper type definitions for McpServer, GlobalItem, etc.

✅ User Experience: Clear integration status messaging with helpful links to configuration pages

✅ Code Reusability: Smart use of renderCardSkeleton and renderServerCard functions

Recommendations

High Priority

1. Extract hardcoded integration logic to shared utility functions
2. Review tsconfig.json jsx change - ensure it's intentional and tested
3. Fix React Query refetchOnMount to avoid excessive API calls

Medium Priority

4. Extract large component into smaller pieces (IntegrationCard, useIntegrationData hook)
5. Add named constants for magic numbers (timeouts, retry counts)

Low Priority

6. Improve accessibility with aria-pressed on toggle buttons
7. Fix formatting inconsistencies (line 157-161 indentation)

Test Coverage

⚠️ No test files detected in this PR. Consider adding:

• Unit tests for integration status logic
• Component tests for GitHub modal form validation
• Integration tests for accordion state management

Build/Lint Status

✅ Frontend linting checks should pass (Shadcn compliance, TypeScript strict mode enabled)
⚠️ Recommend running npm run build locally to verify the tsconfig.json change

---

Overall Assessment: Good implementation following frontend patterns. Address the major issues (shared utilities, React Query config) before merge. The minor issues can be addressed in follow-up PRs if needed.

🤖 Generated with Claude Code

---

🔍 View AI decision process (logs available for 90 days)

📋 View memory system files loaded (click to expand)

What Amber Loaded for Code Review

Amber automatically loaded these repository standards from the memory system:

1. CLAUDE.md - Master project instructions, development standards
2. backend-development.md - Go backend, K8s integration patterns
3. frontend-development.md - NextJS, Shadcn UI, React Query patterns
4. security-standards.md - Auth, RBAC, token handling
5. k8s-client-usage.md - User token vs service account patterns
6. error-handling.md - Consistent error patterns
7. react-query-usage.md - Data fetching patterns

Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines.

[github-actions]

Claude Code Review

Summary

This PR improves session integration status UI/UX by reorganizing the MCP integrations accordion, adding GitHub configuration modal, and displaying integration status in the create session dialog. The implementation follows most frontend patterns correctly and demonstrates good UX considerations. However, there are several issues ranging from type safety violations to missing error handling.

Overall Assessment: The PR demonstrates solid UX improvements and mostly follows established patterns, but requires fixes for type safety, security, and error handling before merging.

---

Issues by Severity

🚫 Blocker Issues

Must fix before merge

1. Type Safety Violation - any Type Usage (use-mcp.ts:26)
   • Location: components/frontend/src/services/queries/use-mcp.ts:26
   • Issue: const updatedCount = (query.state as { dataUpdatedCount?: number }).dataUpdatedCount ?? 0
   • Violation: Using type assertion to access undocumented React Query internals
   • Standard: Frontend rule Outcome: Reduce Refinement Time with agent System #1 - Zero any types. Use proper types, unknown, or generic constraints
   • Fix: Use React Query's built-in polling mechanisms or track count externally:

   // Option 1: Use refetchInterval with time-based cutoff
   refetchInterval: (query) => {
     const servers = query.state.data?.servers
     if (servers && servers.length > 0) return false
     const fetchedAt = query.state.dataUpdatedAt
     const elapsed = Date.now() - fetchedAt
     if (elapsed > 2 * 60 * 1000) return false
     return 10 * 1000
   }
   
   // Option 2: Track count in component state
   const [pollCount, setPollCount] = useState(0)
   refetchInterval: (query) => {
     if (query.state.data?.servers?.length > 0) return false
     if (pollCount >= 12) return false
     setPollCount(c => c + 1)
     return 10 * 1000
   }

🔴 Critical Issues

Should fix before merge

1. Missing Input Validation (github-connect-modal.tsx:52-80)

   • Location: components/frontend/src/app/projects/[name]/sessions/[sessionName]/components/modals/github-connect-modal.tsx
   • Issue: No validation before saving GitHub credentials
   • Standard: Security standards - Always validate user input
   • Impact: Could save empty/invalid credentials, breaking GitHub integration
   • Fix: Add validation in handleSave:

   const handleSave = () => {
     if (!projectName) return
     
     // Validate required fields
     const trimmedName = gitUserName.trim()
     const trimmedEmail = gitUserEmail.trim()
     const trimmedToken = gitToken.trim()
     
     if (!trimmedName || !trimmedEmail || !trimmedToken) {
       errorToast('Please fill in all fields')
       return
     }
     
     // Validate email format
     if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(trimmedEmail)) {
       errorToast('Invalid email format')
       return
     }
     
     // Rest of save logic...
   }

2. Token Trimming Inconsistency (github-connect-modal.tsx:64)

   • Location: GITHUB_TOKEN: gitToken (line 64)
   • Issue: GIT_USER_NAME and GIT_USER_EMAIL are trimmed, but GITHUB_TOKEN is not
   • Standard: Consistent handling of sensitive data
   • Impact: Leading/trailing whitespace in token could cause auth failures
   • Fix: GITHUB_TOKEN: gitToken.trim()

3. Missing Loading States (create-session-dialog.tsx:74-82)

   • Location: Integration status cards in create session dialog
   • Issue: No loading skeleton while integrationStatus or integrationSecrets are pending
   • Standard: Frontend rule - All data operations must handle loading states
   • Impact: User sees stale/undefined data briefly
   • Fix: Show skeleton or disable form while loading:

   const { data: integrationStatus, isPending: integrationPending } = useProjectIntegrationStatus(projectName)
   const { data: integrationSecrets, isPending: secretsPending } = useIntegrationSecrets(projectName)
   
   const isLoadingIntegrations = integrationPending || secretsPending
   
   // In render:
   {isLoadingIntegrations ? (
     <div className="space-y-2">
       <Skeleton className="h-16 w-full" />
       <Skeleton className="h-16 w-full" />
       <Skeleton className="h-16 w-full" />
     </div>
   ) : (
     // Existing integration cards...
   )}

🟡 Major Issues

Important to address

1. Hardcoded Integration Detection Logic (create-session-dialog.tsx:81-82)

   • Location: const atlassianConfigured = !!(byKey.JIRA_URL?.trim() && ...)
   • Issue: Duplicates logic from backend/other components; violates DRY
   • Impact: If Jira field requirements change, this logic must be updated in multiple places
   • Recommendation: Move to shared utility or get from integration status API

2. Missing Empty State Handling (mcp-integrations-accordion.tsx:354-401)

   • Location: Global section rendering
   • Issue: What happens if all integrations fail to load or return empty?
   • Current: Shows section header with no cards
   • Recommendation: Add empty state message or hide section if truly empty

3. Accessibility - Missing ARIA Labels (mcp-integrations-accordion.tsx:96-108)

   • Location: AlertTriangle tooltips
   • Issue: Tooltips on warning icons lack proper ARIA attributes
   • Impact: Screen readers may not convey "not configured" status
   • Recommendation: Add aria-label to icon containers:

   <span className="inline-flex" aria-label="not configured">
     <AlertTriangle className="h-4 w-4 text-amber-500" />
   </span>

4. Polling Strategy Risk (use-mcp.ts:22-29)

   • Location: refetchInterval logic
   • Issue: Polls every 10s for up to 2 minutes even if session has no MCP servers configured
   • Impact: Unnecessary API calls for sessions that legitimately have no MCP servers
   • Recommendation: Consider alternative approach:
     • Check session spec for expected MCP servers
     • Add backend flag indicating "MCP servers are loading" vs "no MCP servers configured"
     • Use shorter polling with exponential backoff

🔵 Minor Issues

Nice-to-have improvements

1. Inconsistent Spacing (mcp-integrations-accordion.tsx:155-159)

   • Location: Jira "read only" badge alignment
   • Issue: Badge inline with title, inconsistent with other cards
   • Recommendation: Consider moving to right side for visual consistency

2. Magic Numbers (mcp-integrations-accordion.tsx:54, use-mcp.ts:26-28)

   • Location: 2 * 60 * 1000 (2 minutes) and 12 (poll count)
   • Recommendation: Extract to named constants:

   const MCP_POLL_TIMEOUT_MS = 2 * 60 * 1000 // 2 minutes
   const MCP_POLL_MAX_COUNT = 12 // 12 attempts at 10s each

3. tsconfig.json Changes (tsconfig.json:877-924)

   • Location: Formatting changes (jsx: "react-jsx")
   • Issue: jsx: "react-jsx" change not explained in PR description
   • Question: Was this intentional or accidental? What problem does it solve?
   • Impact: Could affect build output; should be tested

4. Missing Error Boundary (github-connect-modal.tsx)

   • Location: Entire modal component
   • Issue: If useIntegrationSecrets fails, modal shows no error state
   • Recommendation: Add error handling:

   const { data: integrationSecrets, error: secretsError } = useIntegrationSecrets(projectName)
   
   if (secretsError) {
     return <div>Error loading secrets: {secretsError.message}</div>
   }

---

Positive Highlights

Things done well

1. ✅ Excellent UX Design: Progressive loading with skeletons, clear status indicators, helpful guidance
2. ✅ Shadcn UI Compliance: Uses only Shadcn components (Dialog, Button, Input, Skeleton, etc.)
3. ✅ React Query Usage: All data fetching uses React Query hooks (useProjectIntegrationStatus, useMcpStatus, etc.)
4. ✅ Component Colocation: GitHubConnectModal properly colocated in session/modals directory
5. ✅ Accessibility: Good use of aria-label on show/hide password button
6. ✅ Cache Invalidation: Properly invalidates projectKeys.integrationStatus after GitHub save
7. ✅ Component Size: Components stay under 200 lines (except mcp-integrations-accordion at 277, which is acceptable for complex UI)
8. ✅ Type Safety: Uses type over interface (line 21, 23, 302-304)
9. ✅ Optimistic Updates: Shows loading states during mutations (updateMutation.isPending)
10. ✅ Security: Password input with show/hide toggle follows best practices

---

Recommendations

Prioritized action items

Priority 1 (Before Merge)

1. Fix type assertion in use-mcp.ts:26 - use time-based or external state tracking
2. Add input validation to github-connect-modal.tsx handleSave
3. Trim GITHUB_TOKEN consistently with other fields
4. Add loading states to integration cards in create session dialog

Priority 2 (Before or Shortly After Merge)

5. Extract Jira configuration detection to shared utility
6. Add ARIA labels to warning icon tooltips
7. Add error state handling to GitHubConnectModal
8. Document or revert jsx: react-jsx change in tsconfig.json

Priority 3 (Future Enhancement)

9. Extract magic numbers to constants
10. Consider backend flag for "MCP loading" vs "no MCP configured"
11. Add empty state for integrations section if all fail

---

Pre-Commit Checklist Status

Based on frontend pre-commit checklist from CLAUDE.md:

• ❌ Zero any types (type assertion in use-mcp.ts)
• ✅ All UI uses Shadcn components
• ✅ All data operations use React Query
• ✅ Components under 200 lines (except one at 277, acceptable)
• ✅ Single-use components colocated
• ⚠️ All buttons have loading states (missing in integration cards)
• ✅ All lists have empty states (skeletons shown)
• N/A All nested pages have breadcrumbs (no new nested pages)
• N/A All routes have loading.tsx, error.tsx (no new routes)
• ❓ npm run build passes with 0 errors, 0 warnings (needs verification)
• ✅ All types use type instead of interface

---

Testing Recommendations

1. Manual Testing:

   • Create session with no integrations configured
   • Create session with partial integrations (only GitHub, only Jira)
   • Test GitHub modal save with empty fields
   • Test GitHub modal save with invalid email
   • Test token visibility toggle
   • Verify polling stops after 2 minutes when no MCP servers

2. Accessibility Testing:

   • Navigate with keyboard only
   • Test with screen reader (NVDA/JAWS)
   • Verify all interactive elements have focus states

3. Edge Cases:

   • Session with legitimately no MCP servers vs. MCP servers loading
   • Integration secrets API failure
   • Network timeout during GitHub save

---

Recommendation: Address Priority 1 issues (type safety, validation, loading states) before merge. Priority 2 items can be follow-up tasks if timeline is tight, but should be completed soon after merge.

---

🔍 View AI decision process (logs available for 90 days)

📋 View memory system files loaded (click to expand)

What Amber Loaded for Code Review

Amber automatically loaded these repository standards from the memory system:

1. CLAUDE.md - Master project instructions, development standards
2. backend-development.md - Go backend, K8s integration patterns
3. frontend-development.md - NextJS, Shadcn UI, React Query patterns
4. security-standards.md - Auth, RBAC, token handling
5. k8s-client-usage.md - User token vs service account patterns
6. error-handling.md - Consistent error patterns
7. react-query-usage.md - Data fetching patterns

Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines.

[github-actions]

Claude Code Review

Summary

This PR improves the session integration status display with better UX, clearer messaging, and enhanced organization. The changes reorganize the MCP integrations accordion, add a GitHub configuration modal, and display integration status in the create session modal. Overall, the implementation follows established frontend patterns well, with a few areas for improvement.

Issues by Severity

🚫 Blocker Issues

None - No blocking issues found.

🔴 Critical Issues

1. tsconfig.json: Invalid jsx compiler option (tsconfig.json:20)
   • Issue: jsx is set to react-jsx but Next.js 14 App Router requires preserve
   • Impact: May cause build issues or runtime errors with JSX transformation
   • Fix: Change "jsx": "preserve" (Next.js handles JSX transformation)
   • Reference: Next.js TypeScript docs

🟡 Major Issues

2. Missing error boundary for integration status failures (mcp-integrations-accordion.tsx:39-41)

   • Issue: If useProjectIntegrationStatus fails, githubConfigured defaults to false with no error UI
   • Impact: Users won't know if GitHub is actually unconfigured or if the API call failed
   • Pattern Violation: React Query pattern requires handling error state (see .claude/patterns/react-query-usage.md:116-119)
   • Fix: Add error handling similar to MCP status loading:

     const { data: integrationStatus, isPending, error } = useProjectIntegrationStatus(projectName)
     if (error) {
       // Show error state in GitHub card
     }

3. Inconsistent loading states between sections (mcp-integrations-accordion.tsx:323-341)

   • Issue: "This workspace" section shows skeleton during loading, but "Global" section shows skeleton unconditionally when showPlaceholders is true
   • Impact: GitHub card shows skeleton even when integration status has loaded
   • Fix: Make GitHub skeleton conditional on integrationStatusPending (already done in renderGitHubCard, but section logic overrides it)

4. Hardcoded Google Workspace always shows unconfigured (create-session-dialog.tsx:274-288)

   • Issue: Google Workspace card always shows AlertTriangle and "Configure Integrations" message
   • Impact: Even if Google Workspace is configured, it appears unconfigured
   • Fix: Add Google Workspace status check similar to Jira:

     const googleWorkspaceConfigured = !!(byKey.GOOGLE_WORKSPACE_CLIENT_ID && byKey.GOOGLE_WORKSPACE_CLIENT_SECRET)

🔵 Minor Issues

5. Type safety: Missing explicit return type (mcp-integrations-accordion.tsx:173)

   • Pattern: getDescription function returns ReactNode but could be more specific
   • Suggestion: Consider ReactNode | null for clarity

6. Accessibility: Missing aria-label on status icons (mcp-integrations-accordion.tsx:92-107)

   • Issue: Status icons (CheckCircle2, AlertTriangle) have no accessible labels
   • Fix: Add aria-label to icon wrapper spans:

     <span className="inline-flex" aria-label="GitHub configured">
       <CheckCircle2 className="h-4 w-4 text-green-600" />
     </span>

7. Potential race condition in timeout logic (mcp-integrations-accordion.tsx:47-55)

   • Issue: useEffect sets timeout but dependency on mcpStatus may cause multiple timeouts
   • Fix: Already has cleanup function (return () => clearTimeout(t)), but could be clearer about intent

8. Unused GitHub Connect Modal (github-connect-modal.tsx)

   • Observation: This new modal is created but never imported/used in the PR
   • Question: Is this intentional (planned for future work) or should it be wired up?

9. Inconsistent link destinations (create-session-dialog.tsx:265 vs mcp-integrations-accordion.tsx:117)

   • Issue: Create session modal links to /integrations for GitHub, but accordion links to /integrations
   • Consistency: Both should use the same URL (verify /integrations route exists)

10. Magic number without explanation (use-mcp.ts:26)

    • Issue: updatedCount >= 12 hardcoded without comment explaining "12 updates × 10s = 2 minutes"
    • Fix: Add comment or extract to named constant:

      const MAX_POLLING_ATTEMPTS = 12 // 12 × 10s = 2 minutes
      if (updatedCount >= MAX_POLLING_ATTEMPTS) return false

Positive Highlights

✅ Excellent adherence to frontend patterns:

• Zero any types used (checked via grep)
• All UI uses Shadcn components (Button, Dialog, Badge, Skeleton, etc.)
• All data fetching uses React Query hooks (useMcpStatus, useProjectIntegrationStatus)
• Proper use of type instead of interface

✅ Strong component organization:

• New modal colocated in components/modals/ subdirectory
• Proper separation of concerns (data fetching vs. presentation)
• Good use of skeleton loading states

✅ Good UX patterns:

• Clear loading states with skeletons
• Helpful error messaging with actionable links
• Consistent visual language (icons, badges, spacing)
• Progress animation mentioned in PR description

✅ Security best practices:

• Token input uses password type with show/hide toggle
• Proper token redaction in UI (not logging tokens)

✅ Accessibility considerations:

• Tooltips for status icons
• ARIA labels on password toggle button
• Semantic HTML structure

Recommendations

Priority 1 (Fix before merge):

1. Fix tsconfig.json jsx setting to preserve
2. Add error handling for useProjectIntegrationStatus failures
3. Fix Google Workspace hardcoded unconfigured state

Priority 2 (Strongly recommended):
4. Add aria-labels to status icons for screen readers
5. Clarify magic number in polling logic
6. Wire up or remove unused GitHub Connect Modal

Priority 3 (Nice-to-have):
7. Consider extracting integration card rendering to shared component (DRY principle)
8. Add unit tests for integration status logic
9. Document the 2-minute timeout behavior in code comments

Architecture Note: This PR adds 596 lines of code. Consider breaking large modals/components into smaller sub-components if any exceed 200 lines (create-session-dialog.tsx is at 314 lines). See DESIGN_GUIDELINES.md for component size recommendations.

---

Overall Assessment: Good work on improving the UX! The code follows established patterns well. Address the critical tsconfig issue and the missing error/loading states, and this will be ready to merge.

🤖 Generated with Claude Code (claude.ai/code)

---

🔍 View AI decision process (logs available for 90 days)

📋 View memory system files loaded (click to expand)

What Amber Loaded for Code Review

Amber automatically loaded these repository standards from the memory system:

1. CLAUDE.md - Master project instructions, development standards
2. backend-development.md - Go backend, K8s integration patterns
3. frontend-development.md - NextJS, Shadcn UI, React Query patterns
4. security-standards.md - Auth, RBAC, token handling
5. k8s-client-usage.md - User token vs service account patterns
6. error-handling.md - Consistent error patterns
7. react-query-usage.md - Data fetching patterns

Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines.

[Daniel-Warner-X]

@jeremyeder thanks for the review

• 'Atlassian' change to 'Jira'
• removed GitHub configuration modal that enabled users to connect to GitHub from within a session
• added 'Name session' field to the create session modal