Full application build: landing page, auth, chat with MCP tool use, harness management, and OAuth

[DIodide]

Summary

This PR represents the full initial build of Harness, bringing the application from skeleton to a functional AI chat
platform with MCP (Model Context Protocol) integration. Key additions include:

• Landing page — Animated landing page with floating dots background, feature highlights, and call-to-action
• Authentication & onboarding — Clerk-based sign-in page, onboarding flow with API key setup and initial harness
  creation, TanStack Router auth guards for protected routes
• Chat interface — Full streaming chat UI with markdown rendering, reasoning/thinking display, tool call
  visualization, chat interrupts, auto-scroll, and per-conversation state management
• Harness management — Create, configure, and manage harnesses (model + MCP server bundles), harness detail pages,
  decoupled harnesses from conversations with last-used tracking
• MCP integration — Dynamic HTTP-streamable MCP server connectivity, parallel tool call execution, MCP server health
  checks with UI status indicators, and error surfacing to frontend
• OAuth for MCP servers — Full OAuth 2.0 flow for MCP servers requiring authentication (GitHub OAuth App support),
  token storage and refresh via Convex
• FastAPI backend — Chat streaming endpoint via OpenRouter, MCP client service, OAuth routes, Convex persistence
  service, structured logging, config validation, connection pooling via httpx.AsyncClient
• Convex backend — Schema for harnesses, conversations, messages (with parts, tool calls, usage/cost tracking), MCP
  OAuth tokens, and user settings; seed data; composite indexes for recency queries
• UI/UX — shadcn/ui component library, display modes (zen/standard/developer), user settings with profile
  management, Geist font, toast notifications, dark theme with Clerk appearance customization
• Model support — GPT-4o, GPT-4.1, Claude Sonnet/Opus 4, Gemini 2.5 Pro/Flash, DeepSeek R1/V3, Grok 3/3 Mini;
  thinking model variants with reasoning parameter support

Changes

• 81 files changed, ~12,000 insertions, ~670 deletions
• Removed deprecated packages/backend in favor of packages/convex-backend
• Removed old Header component and Clerk integration files, replaced with route-level auth guards and chromeless route
  support

PRs included

• Feat/landing page #3 — Landing page
• Feat/login and onboarding #4 — Login and onboarding
• Feat/initial chat streaming implementation  #5 — Initial chat + OAuth implementation
• Add chat interrupts, auto scroll #6 — Chat interrupts and scroll
• Feat/mcp implementation #7 — MCP implementation

[Copilot]

Pull request overview

This PR delivers an end-to-end initial build of Harness: a TanStack Start + Clerk + Convex web app paired with a FastAPI backend that supports streaming chat, MCP tool execution, MCP server health checks, and MCP OAuth flows.

Changes:

• Added FastAPI streaming chat endpoint (OpenRouter) plus MCP client integration, health checks, and MCP OAuth routes.
• Introduced Convex schema + queries/mutations for harnesses, conversations, messages (parts/tool calls/usage), OAuth token storage, and user settings.
• Implemented core web UI routes and components for sign-in, harness management/editing, chat streaming UI, and supporting design system components.

Reviewed changes

Copilot reviewed 66 out of 81 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
packages/fastapi/requirements.txt	Adds FastAPI backend dependencies for SSE + JWT verification/crypto.
packages/fastapi/app/services/openrouter.py	Implements OpenRouter streaming + non-streaming chat helpers.
packages/fastapi/app/services/mcp_client.py	Adds MCP JSON-RPC client with tool listing/calling + session/tool caching.
packages/fastapi/app/services/convex.py	Adds Convex HTTP API helpers for saving assistant messages and patching usage.
packages/fastapi/app/routes/mcp_oauth.py	Adds MCP OAuth start/callback/status/revoke endpoints.
packages/fastapi/app/routes/mcp_health.py	Adds MCP server health checks and prompt generation endpoint.
packages/fastapi/app/routes/chat.py	Adds SSE chat streaming route with tool-call loop and Convex persistence.
packages/fastapi/app/models.py	Adds Pydantic request models for chat + harness/MCP server config.
packages/fastapi/app/main.py	Adds app lifespan, shared httpx client, CORS, and route wiring.
packages/fastapi/app/dependencies.py	Adds FastAPI dependencies for shared http client + current user.
packages/fastapi/app/config.py	Adds settings validation and model mapping/thinking configuration.
packages/fastapi/app/auth.py	Adds Clerk JWT verification via JWKS.
packages/convex-backend/convex/userSettings.ts	Adds user settings query/mutation with defaults.
packages/convex-backend/convex/seed.ts	Adds seed/clear utilities for dev data.
packages/convex-backend/convex/schema.ts	Defines Convex schema (harnesses/conversations/messages/OAuth tokens/settings).
packages/convex-backend/convex/migrations.ts	Placeholder for future Convex migrations.
packages/convex-backend/convex/messages.ts	Adds message CRUD + internal assistant saves + usage patching.
packages/convex-backend/convex/mcpOAuthTokens.ts	Adds OAuth token storage/status APIs (public + internal).
packages/convex-backend/convex/harnesses.ts	Adds harness CRUD and suggested prompts persistence.
packages/convex-backend/convex/conversations.ts	Adds conversation CRUD and recency listing.
packages/convex-backend/convex/_generated/dataModel.d.ts	Updates generated Convex types to use schema-aware DataModel.
packages/convex-backend/convex/_generated/api.d.ts	Updates generated API typings for all Convex modules.
packages/backend/convex/_generated/server.js	Removes deprecated generated Convex backend artifacts.
packages/backend/convex/_generated/server.d.ts	Removes deprecated generated Convex backend artifacts.
packages/backend/convex/_generated/dataModel.d.ts	Removes deprecated generated Convex backend artifacts.
packages/backend/convex/_generated/api.js	Removes deprecated generated Convex backend artifacts.
packages/backend/convex/_generated/api.d.ts	Removes deprecated generated Convex backend artifacts.
apps/web/vite.config.ts	Updates Vite config (deps optimization, host allowances).
apps/web/tsconfig.json	Adds path alias for the Convex backend workspace package.
apps/web/src/styles.css	Adds Geist fonts, markdown/code highlighting styles, and theme tweaks.
apps/web/src/routes/sign-in.tsx	Adds a dedicated Clerk sign-in page.
apps/web/src/routes/harnesses/index.tsx	Adds harness listing UI with controls (start/stop/edit/delete).
apps/web/src/routes/harnesses/$harnessId.tsx	Adds harness editor UI including MCP server config and OAuth connect UX.
apps/web/src/routes/__root.tsx	Adds chromeless routes, Clerk appearance, tooltips, and toaster wiring.
apps/web/src/routeTree.gen.ts	Updates generated TanStack Router route tree for new routes.
apps/web/src/lib/use-chat-stream.ts	Adds client-side SSE streaming hook with events for tools/thinking/usage.
apps/web/src/lib/models.ts	Adds model selection list used by harness editor.
apps/web/src/lib/floating-dots.ts	Adds deterministic floating-dot background generator for landing UI.
apps/web/src/lib/floating-dots.test.ts	Adds vitest coverage for floating-dot generator determinism/ranges.
apps/web/src/integrations/clerk/provider.tsx	Removes prior Clerk provider wrapper (replaced by root route config).
apps/web/src/integrations/clerk/header-user.tsx	Removes prior header user widget (replaced by new chrome/UX).
apps/web/src/env.ts	Adds VITE_FASTAPI_URL env var.
apps/web/src/components/ui/tooltip.tsx	Adds tooltip primitives wrapper.
apps/web/src/components/ui/textarea.tsx	Adds textarea component.
apps/web/src/components/ui/skeleton.tsx	Adds skeleton loading component.
apps/web/src/components/ui/sheet.tsx	Adds sheet (dialog) component.
apps/web/src/components/ui/separator.tsx	Adds separator component.
apps/web/src/components/ui/select.tsx	Adds select component.
apps/web/src/components/ui/scroll-area.tsx	Adds scroll-area component.
apps/web/src/components/ui/input.tsx	Adds input component.
apps/web/src/components/ui/dropdown-menu.tsx	Adds dropdown menu component.
apps/web/src/components/ui/dialog.tsx	Adds dialog component.
apps/web/src/components/ui/checkbox.tsx	Adds checkbox component.
apps/web/src/components/ui/card.tsx	Adds card component.
apps/web/src/components/ui/button.tsx	Updates button styling variants/sizes.
apps/web/src/components/ui/badge.tsx	Adds badge component.
apps/web/src/components/ui/avatar.tsx	Adds avatar component.
apps/web/src/components/message-actions.tsx	Adds copy/regenerate/usage UI actions (display-mode aware).
apps/web/src/components/mcp-server-status.tsx	Adds MCP server status UI and OAuth reconnect UX.
apps/web/src/components/markdown-message.tsx	Adds markdown rendering with highlighting and copyable code blocks.
apps/web/src/components/harness-mark.tsx	Adds Harness SVG mark component.
apps/web/src/components/Header.tsx	Removes legacy header/nav component.
apps/web/public/favicon.svg	Adds Harness favicon.
apps/web/package.json	Adds dependencies for markdown/highlighting/fonts/motion/convex workspace.
apps/web/biome.json	Tweaks Biome lint config.
apps/web/.env.example	Adds example FastAPI backend URL env var.
.cursor/rules/tanstack-auth-guards.mdc	Documents TanStack Router auth-guard conventions.
.cursor/rules/convex-id-types.mdc	Documents Convex branded Id type conventions.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

JWT verification currently trusts the iss claim from unverified token payload to decide where to fetch JWKS. A malicious client can mint their own RS256 JWT, set iss to an attacker-controlled domain with a matching JWKS, and have it validate successfully. Pin the expected Clerk issuer(s) in configuration (e.g., CLERK_ISSUER / JWKS URL) and reject tokens whose iss doesn't match, instead of discovering JWKS based on the token itself.

[DIodide]

@copilot open a new pull request to apply changes based on this feedback

[Copilot]

@DIodide I've opened a new pull request, #9, to work on those changes. Once the pull request is ready, I'll request review from you.

[DIodide]

@claude review this

[claude]

Claude finished @DIodide's task in 1m 56s —— View job

---

PR Review

This is a large, well-structured initial build. The architecture is solid and the code quality is generally high. Below are the findings, ordered by severity.

Tasks

• Gather context and understand the PR
• Review backend: auth, chat, MCP client, MCP OAuth
• Review frontend: use-chat-stream, chat route, harness management
• Review Convex schema and queries
• Post comprehensive review

---

🔴 Critical — Security

1. JWT issuer trusted from unverified token payload (packages/fastapi/app/auth.py:44-51)

Already flagged by Copilot. The iss claim is read from the token before signature verification, then used to fetch the JWKS. An attacker can mint their own RS256 JWT with iss pointing to their server, host matching JWKS there, and have it validate successfully.

Fix: pin the expected Clerk issuer in Settings (e.g. clerk_issuer: str) and reject tokens whose iss doesn't match before fetching JWKS. Fix this →

2. Audience verification disabled (packages/fastapi/app/auth.py:76)

options={"verify_aud": False}

Tokens issued for a different Clerk application (e.g. staging vs prod) will be accepted. Set the expected audience in settings and verify it.

3. postMessage uses wildcard origin (packages/fastapi/app/routes/mcp_oauth.py:181)

window.opener.postMessage({json.dumps(message_data)}, "*");

The OAuth callback result (including serverUrl) is broadcast to any origin. Change the second argument to settings.frontend_url so only your frontend can receive it. Fix this →

4. SSRF via user-supplied MCP server URLs (packages/fastapi/app/services/mcp_client.py)

MCP server URLs from the client request are used directly in HTTP calls with no allowlist or validation. A user could configure http://169.254.169.254/latest/meta-data/ (AWS metadata) or internal services. Consider validating that URLs are https:// and/or restricting to a configurable allowlist.

5. Session cache is shared across users (packages/fastapi/app/services/mcp_client.py:24-27)

_session_cache, _tools_cache, and _tool_name_map are keyed by server URL only, not (user_id, server_url). If two users configure the same MCP server URL (e.g. a shared GitHub MCP), user A's session can be used for user B's requests. For OAuth servers, this means user A's tokens could serve user B's tool calls.

---

🟠 High

6. OAuth PKCE state stored in-process only (packages/fastapi/app/services/mcp_oauth.py:36)

_pending_oauth is a module-level dict. Under any multi-worker or multi-process deployment (e.g. uvicorn --workers 4), the callback will likely hit a different process from the one that stored the state and fail with "Invalid or expired OAuth state". Consider using Redis or Convex for pending OAuth state.

7. conversation_id not validated against the authenticated user (packages/fastapi/app/routes/chat.py:249)

The body.conversation_id from the client is passed directly to save_assistant_message with no check that it belongs to user.get("sub"). User A could supply User B's conversation ID to inject assistant messages into B's history. The Convex mutation should verify ownership, or the route should look up the conversation first.

8. Hardcoded personal ngrok URL in CORS config (packages/fastapi/app/main.py:50)

"https://aab7-140-180-240-231.ngrok-free.app",
"http://127.0.0.1:57609",

These look like personal dev machine origins committed to the repo. CORS origins should come from environment config, not be hardcoded. Fix this →

---

🟡 Medium

9. JWKS cache has no TTL and is never refreshed (packages/fastapi/app/auth.py:9-22)

Keys are cached globally for the process lifetime. If Clerk rotates keys (which it can), the only recovery path is when a specific kid isn't found (the "retry once" path at line 59). Add a TTL (e.g. 1 hour) to the cache.

10. Duplicate model entries in AVAILABLE_MODELS (packages/fastapi/app/config.py:48-51)

{"id": "anthropic/claude-sonnet-4", "name": "Claude Sonnet 4"},
{"id": "anthropic/claude-sonnet-4", "name": "Claude Sonnet 4 (Thinking)"},

Two models share the same id. The list is likely consumed by the frontend for display — if any code deduplicates by id, the thinking variant will be lost. Consider using the short model key (e.g. claude-sonnet-4-thinking) as the ID.

11. _tool_name_map global collision (packages/fastapi/app/services/mcp_client.py:33-34, 284-286)

The reverse map from sanitized → original tool name is a flat global dict. If two servers both export a tool that sanitizes to the same key, the second registration silently overwrites the first. The key should include the server name prefix (i.e. the full servername__toolname form).

12. No message content size limit (packages/fastapi/app/routes/chat.py)

The full message history is forwarded to OpenRouter on every request with no cap on total content length. A user with a very long conversation could trigger large token costs or upstream timeouts. Consider enforcing a max on len(messages) or total content bytes.

13. import json inside function (packages/fastapi/app/routes/mcp_oauth.py:171)

def _close_popup_html(...):
    ...
    import json

Should be a top-level import.

---

🔵 Low / Nits

14. openrouter.py hardcodes max_tokens (packages/fastapi/app/services/openrouter.py:41-43)

Thinking models are capped at 4096 tokens and others at 16384. This is reasonable but worth making configurable per-harness, especially since reasoning models typically need more tokens.

15. _session_cache never evicted for dead servers (packages/fastapi/app/services/mcp_client.py:24)

Sessions for MCP servers that go offline stay in the in-memory cache indefinitely. A background cleanup (e.g., evict on 400/404) or a TTL would prevent stale state accumulating.

16. Bearer auth tokens stored in plaintext in Convex (packages/convex-backend/convex/schema.ts:18)

authToken in the harness mcpServers array is stored as a plain string in Convex. For an initial build this is acceptable, but flagging for future consideration: these should be encrypted at rest or stored in a secrets manager.

17. messages schema allows userId to be optional (packages/convex-backend/convex/schema.ts:46)

userId: v.optional(v.string()),

If this is the user who sent/received the message, it should probably be required (at least for user messages). An absent userId makes user-scoped queries harder and could allow orphaned messages.

18. Convex harnesses.remove doesn't cascade (packages/convex-backend/convex/harnesses.ts:117-127)

Deleting a harness leaves its associated conversations with a stale lastHarnessId reference. This is likely benign now (the field is optional/foreign-key-like) but can cause subtle bugs. Consider clearing lastHarnessId on related conversations, or accepting this as a known limitation.

---

Summary

The codebase is clean and well-organized for an initial full-stack build. The two highest-priority fixes are the JWT issuer pinning (item 1, already flagged by Copilot) and the session/tool cache sharing across users (item 5), which is a data isolation bug that could expose one user's OAuth-authenticated tool calls to another. The postMessage wildcard (item 3) and SSRF via MCP URLs (item 4) should also be addressed before this is opened to untrusted users.