chore: CodeRabbit triage for v0.2.9

[github-actions]

CodeRabbit Triage: v0.2.9

Metric	Value	Δ vs Previous
PRs analyzed	1	-29 ↓
Critical issues	1	-22 ↓
Major issues	13	-107 ↓
Issues per PR	14.0	+9.2 ↑
Coverage gaps	11	-114 ↓

Trend

Release	Date	PRs	Critical	Major	Per PR	Gaps
v0.2.0	2026-04-10	30	23	120	4.8	125
v0.2.9	2026-05-21	1	1	13	14.0	11

Top Uncovered Patterns

1. Credential sidecar authentication mechanism is undefined. (3 occurrences, impact: 9) — other
2. Credential bootstrap wrapper is missing for this sidecar flow (also applies to google/Dockerfile). (1 occurrences, impact: 4) — other
3. Document git credential HTTP endpoint in MCP server spec or clarify relation to MCP transport. (1 occurrences, impact: 3) — other
4. Add gitlab-mcp to the MCP Servers table. (1 occurrences, impact: 3) — other
5. Update legacy runner credential flow references to match sidecar isolation (1 occurrences, impact: 3) — other
6. Sidecar transport mode conflicts with earlier MCP transport definition (1 occurrences, impact: 3) — other
7. Do not fail open when required bootstrap env vars are missing. (1 occurrences, impact: 3) — other
8. Avoid including raw credential API response bodies in errors. (1 occurrences, impact: 3) — other
9. Harden sidecar URL parsing to avoid runtime crashes on malformed config. (1 occurrences, impact: 3) — runner
10. Don’t activate sidecar mode from a non-empty string alone. (1 occurrences, impact: 3) — runner

Recommended Guardrails

CLAUDE.md Conventions

• Credential sidecar authentication mechanism is undefined.: Enforce via convention (needs specific rule)
• Credential bootstrap wrapper is missing for this sidecar flow (also applies to google/Dockerfile).: Enforce via convention (needs specific rule)
• Document git credential HTTP endpoint in MCP server spec or clarify relation to MCP transport.: Enforce via convention (needs specific rule)
• Add gitlab-mcp to the MCP Servers table.: Enforce via convention (needs specific rule)
• Update legacy runner credential flow references to match sidecar isolation: Enforce via convention (needs specific rule)
• Sidecar transport mode conflicts with earlier MCP transport definition: Enforce via convention (needs specific rule)
• Do not fail open when required bootstrap env vars are missing.: Enforce via convention (needs specific rule)
• Avoid including raw credential API response bodies in errors.: Enforce via convention (needs specific rule)
• Harden sidecar URL parsing to avoid runtime crashes on malformed config.: Enforce via convention (needs specific rule)
• Don’t activate sidecar mode from a non-empty string alone.: Enforce via convention (needs specific rule)

Hookify Rules

• PreToolUse hook for credential sidecar authentication mechanism is undefined. enforcement in TypeScript code
• PreToolUse hook for credential bootstrap wrapper is missing for this sidecar flow (also applies to google/dockerfile). enforcement in TypeScript code
• PreToolUse hook for document git credential http endpoint in mcp server spec or clarify relation to mcp transport. enforcement in TypeScript code
• PreToolUse hook for add gitlab-mcp to the mcp servers table. enforcement in TypeScript code
• PreToolUse hook for update legacy runner credential flow references to match sidecar isolation enforcement in TypeScript code
• PreToolUse hook for sidecar transport mode conflicts with earlier mcp transport definition enforcement in TypeScript code
• PreToolUse hook for do not fail open when required bootstrap env vars are missing. enforcement in TypeScript code
• PreToolUse hook for avoid including raw credential api response bodies in errors. enforcement in TypeScript code
• PreToolUse hook for harden sidecar url parsing to avoid runtime crashes on malformed config. enforcement in Python code
• PreToolUse hook for don’t activate sidecar mode from a non-empty string alone. enforcement in Python code

[netlify]

✅ Deploy Preview for cheerful-kitten-f556a0 canceled.

Name	Link
🔨 Latest commit	087cf41
🔍 Latest deploy log	https://app.netlify.com/projects/cheerful-kitten-f556a0/deploys/6a19a96c1c91780008e6d615