feat(mcp): Add optional visibility parameter to control chat visibility

[brendan-kellam]

Add an optional visibility parameter to the ask_codebase tool to allow agents to control chat session visibility.

This enables agents to set chat sessions to public in shared environments like Slack, preventing 404 errors for users who did not create the API key used by the MCP server.

---

Linear Issue: SOU-510

 

Summary by CodeRabbit

• New Features
  • Added an optional visibility setting (PRIVATE or PUBLIC) to control chat session privacy.
  • Smart defaults: PRIVATE for authenticated users, PUBLIC for anonymous users; anonymous users cannot create PRIVATE chats.
  • Help text updated to explain visibility behavior and how to configure visibility in shared environments.

[cursor]

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
_{Learn more about Cursor Agents}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

---

Walkthrough

Adds an optional visibility parameter to the /api/chat/blocking endpoint and the MCP ask_codebase tool. Values: PRIVATE or PUBLIC. Defaults: PRIVATE for authenticated users, PUBLIC for anonymous users (anonymous requests cannot create PRIVATE chats).

Changes

Cohort / File(s)	Summary
Changelog Documentation CHANGELOG.md, packages/mcp/CHANGELOG.md	Added Unreleased entries documenting the new optional visibility parameter for controlling chat session visibility.
Tool Descriptions packages/mcp/src/index.ts	Updated help text for search_code and ask_codebase to mention the visibility parameter and its behavior in shared/anonymous contexts.
Request Schema packages/mcp/src/schemas.ts	Added optional visibility enum (PRIVATE
Blocking Chat Route packages/web/src/app/api/(server)/chat/blocking/route.ts	Parsed incoming visibility, computed chatVisibility (use requested value when provided; otherwise default PRIVATE for authenticated users and PUBLIC for anonymous users), and used it when creating the chat.

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant MCP_Tool as MCP Tool
  participant Server
  participant DB

  Client->>MCP_Tool: send ask_codebase request (optional visibility)
  MCP_Tool->>Server: POST /api/chat/blocking (visibility param forwarded)
  Server->>Server: determine chatVisibility (requested or default based on auth)
  Server->>DB: create chat record with chatVisibility
  DB-->>Server: chat created
  Server-->>MCP_Tool: return chat link/metadata
  MCP_Tool-->>Client: present chat link (visibility noted)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• fix(web): Fix ask link generation for anonymous access #873: Modifies the same blocking chat route to change visibility defaulting and plumbing for public/anonymous chat visibility.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding an optional visibility parameter to control chat visibility in the MCP ask_codebase tool, which aligns with the file changes across CHANGELOG, schemas, and API route implementations.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch cursor/SOU-510-mcp-chat-visibility-d270

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[brendan-kellam]

@cursoragent add changelog entries to the main changelog and the packages/mcp changelog. The PR link is #903

[cursor]

Done! I've added changelog entries to both CHANGELOG.md files and pushed the changes.

Changes Made

Main CHANGELOG.md (/workspace/CHANGELOG.md)

• Added entry under [Unreleased] > ### Added:
  • "Added optional visibility parameter to MCP ask_codebase tool to allow controlling chat session visibility in shared environments. #903"

MCP CHANGELOG.md (/workspace/packages/mcp/CHANGELOG.md)

• Added entry under [Unreleased] > ### Added:
  • "Added optional visibility parameter to ask_codebase tool to allow controlling chat session visibility in shared environments. #903"

Both entries follow the repository's changelog conventions with the PR link included. The changes have been committed and pushed to the cursor/SOU-510-mcp-chat-visibility-d270 branch.

 

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/web/src/app/api/`(server)/chat/blocking/route.ts:
- Around line 102-103: The code computes chatVisibility using
requestedVisibility ?? (user ? ChatVisibility.PRIVATE : ChatVisibility.PUBLIC),
which allows an anonymous caller to explicitly set PRIVATE; change the guard so
PRIVATE is only allowed for authenticated users — e.g., if (!user &&
requestedVisibility === ChatVisibility.PRIVATE) set chatVisibility =
ChatVisibility.PUBLIC, otherwise use requestedVisibility ?? (user ?
ChatVisibility.PRIVATE : ChatVisibility.PUBLIC); update the logic around the
chatVisibility variable (and any downstream use) to enforce that
ChatVisibility.PRIVATE is only accepted when user is present.