Docs: showcase hero, narrative improvements, panel closed by default#3657
Docs: showcase hero, narrative improvements, panel closed by default#3657
Conversation
- Remove apps/components.mdx (manually maintained, will drift from Prefab) - Swap overview hero to showcase screenshot - Fix stale MDX in python-sdk/fastmcp-apps-app.mdx - Add showcase_server.py example - Dev server: panel starts closed by default
marvin-context-protocol
Bot
added
documentation
Test Failure AnalysisSummary: A timing-sensitive JWT expiration test failed on the Windows runner — the test creates a token with a 1-second TTL and expects it to be immediately valid, but on the slow Windows CI runner the token had already expired by verification time. Root Cause: (line 164) issues a JWT with This is unrelated to the changes in this PR (docs-only). It is a pre-existing flaky test. Suggested Solution: Increase the expiry window so the token cannot realistically expire before the "should be valid immediately" assertion, and extend the sleep to match: # was: expires_in=1, time.sleep(1.1)
token = issuer.issue_access_token(
client_id="client-abc",
scopes=["read"],
jti="token-id",
expires_in=5, # give plenty of headroom on slow runners
)
payload = issuer.verify_token(token) # must still be valid
assert payload["client_id"] == "client-abc"
time.sleep(5.5) # wait for the 5-second TTL to lapseAlternatively, use
Detailed AnalysisFailing job: Error: Failure site (line 175, the "should be valid immediately" check): def test_verify_token_validates_expiration(self, issuer):
token = issuer.issue_access_token(
client_id="client-abc",
scopes=["read"],
jti="token-id",
expires_in=1, # ← only 1 second TTL
)
# Should be valid immediately — but on a slow Windows runner
# this already fails if >1s elapsed since token was issued
payload = issuer.verify_token(token) # ← JoseError raised here
assert payload["client_id"] == "client-abc"
time.sleep(1.1) # never reached
...All other jobs (Linux Python 3.10, Linux Python 3.13, lowest-direct, integration, MCP conformance) passed. This is a Windows-only timing flake. Related Files
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 66f92deff7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| --- | ||
| title: generative | ||
| sidebarTitle: generative |
There was a problem hiding this comment.
/workspace/fastmcp/CLAUDE.md explicitly says contributor PRs should not include manual changes under docs/python-sdk/** because those files are bot-generated from source. Adding/editing these generated pages here creates avoidable merge churn and will be overwritten by the long-lived docs-generation PR; keep only source/docstring changes and let the bot regenerate this tree.
Useful? React with 👍 / 👎.
| @mcp.tool(app=True) | ||
| def sales_overview(year: int) -> ToolResult: |
There was a problem hiding this comment.
This code block is no longer copy-paste runnable because it now defines @mcp.tool(...) and uses Column, Heading, BarChart, and ChartSeries without importing or defining them, which immediately raises NameError for users following the docs. That also conflicts with /workspace/fastmcp/CLAUDE.md guidance that docs examples should be fully runnable.
Useful? React with 👍 / 👎.
…oolResult example
Co-authored-by: Claude Opus 4.6 <[email protected]> Co-authored-by: Jeremiah Lowin <[email protected]> Co-authored-by: Marvin Context Protocol <41898282+Marvin Context [email protected]> Co-authored-by: voidborne-d <[email protected]> Co-authored-by: marvin-context-protocol[bot] <225465937+marvin-context-protocol[bot]@users.noreply.github.com> Co-authored-by: Claude <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: d 🔹 <[email protected]> Co-authored-by: Jeremiah Lowin <[email protected]> Co-authored-by: nightcityblade <[email protected]> Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]> Co-authored-by: Claude Sonnet 4.6 <[email protected]> Co-authored-by: Bill Easton <[email protected]> Co-authored-by: Sumanshu Nankana <[email protected]> Co-authored-by: Eric Robinson <[email protected]> Co-authored-by: Martim Santos <[email protected]> Co-authored-by: d 🔹 <[email protected]> Co-authored-by: Matthieu B <[email protected]> Co-authored-by: Sascha Buehrle <[email protected]> Co-authored-by: Hakancan <[email protected]> Co-authored-by: nightcityblade <[email protected]> Co-authored-by: Matt Hallowell <[email protected]> Co-authored-by: nate nowack <[email protected]> Co-authored-by: Bill Easton <[email protected]> Co-authored-by: Marcus Shu <[email protected]> Co-authored-by: Rushabh Doshi <[email protected]> Co-authored-by: AIKAWA Shigechika <[email protected]> Co-authored-by: Jeremy Simon <[email protected]> Co-authored-by: Miguel Miranda Dias <[email protected]> Co-authored-by: Anthony James Padavano <[email protected]> Co-authored-by: Mostafa Kamal <[email protected]> Fix auto-close MRE script posting comment without closing (#3386) Fix WorkOS token scope verification bypass 🤖 Generated with Codex (#3407) Fix initialize McpError fallthrough 🤖 Generated with Codex (#3413) Fix transform arg collisions with passthrough params (#3431) Fix get_* returning None when latest version is disabled (#3439) Fix get_* returning None when latest version is disabled (#3421) Fix server lifespan overlap teardown (#3415) Fix $ref output schema object detection regression (#3420) resolved annotations (#3429) Fix async partial callables rejected by iscoroutinefunction (#3438) Fix async partial callables rejected by iscoroutinefunction (#3423) fix: add version to components (#3458) fix: use intent-based flag for OIDC scope patch in load_access_token (#3465) Fixes #3461 fix: normalize Google scope shorthands and surface valid_scopes (#3477) fix: resolve ty 0.0.23 type-checking errors and bump pin (#3481) fix: shield lifespan teardown from cancellation (#3480) fix: forward custom_route endpoints from mounted servers (#3462) fix updates _get_additional_http_routes() to traverse providers, Fixes #3457 fix: remove hardcoded version from CLI help text (#3456) fix: monty 0.0.8 compatibility, drop external_functions from constructor (#3468) fix: task test teardown hanging 5s per test (#3499) Closes #3498 fix: validate workspace path is a directory before cursor install (#3440) Fixes #3426 fix: handle re.error from malformed URI templates in build_regex (#3501) fix: reject empty/OIDC-only required_scopes in AzureProvider (#3503) fix: restrict $ref resolution to local refs only (SSRF/LFI) (#3502) fix warnings and timeouts (#3504) close upgrade check issue when build passes (#3505) Closes #3484 fix: URL-encode path params to prevent SSRF/path traversal (GHSA-vv7q-7jx5-f767) (#3507) fix: prevent path traversal in skill download (#3493) fix: prefer IdP-granted scopes over client-requested scopes in OAuthProxy (#3492) fix: remove unrelated transform and http.py changes from PR scope fix: remove forced follow_redirects from httpx_client_factory calls (#3496) fix: stop passing follow_redirects to httpx_client_factory fix: restore follow_redirects=True for custom httpx client factories Closes #3509 fix: CSRF double-submit cookie check in consent flow (#3519) fix: validate server names in install commands (#3522) fix: use raw strings for regex in pytest.raises match (#3523) fix: reject refresh tokens used as Bearer access tokens (#3524) fix: route ResourcesAsTools/PromptsAsTools through server middleware (#3495) fix: resolve Pyright "Module is not callable" on @tool, @resource, @prompt decorators (#3540) fix: filter warnings by message in KEY_PREFIX test (#3549) fix: suppress output schema for ToolResult subclass annotations (#3548) fix: increase sleep duration in proxy cache tests (#3567) fix: store absolute token expiry to prevent stale expires_in on reload (#3572) fix: preserve tool properties named 'title' during schema compression (#3582) Fix loopback redirect URI port matching per RFC 8252 §7.3 (#3589) Fix app tool routing: visibility check and middleware propagation (#3591) Fix query parameter serialization to respect OpenAPI explode/style settings (#3595) Fix dev apps form: union types, textarea support, JSON parsing (#3597) fix(google): replace deprecated /oauth2/v1/tokeninfo with /oauth2/v3/userinfo (#3603) fix: resolve EntraOBOToken dependency injection through MultiAuth (#3609) fix(docs): correct misleading stateless_http header (#3622) fix: filesystem provider import machinery (#3626) Closes #3625 (issues 2, 3, 6) fix: recover StdioTransport after subprocess exits (#3630) fix(server): preserve mounted tool task metadata (#3632) fix: scope deprecation warning filter to FastMCPDeprecationWarning (#3649) fix imports, add PrefabAppConfig (#3650) fix: resolve CurrentFastMCP/ctx.fastmcp to child server in mounted background tasks (#3651) Fix blocking docs issues: chart imports, Select API, Rx consistency (#3652) closed by default (#3657) Fix prompt caching middleware missing wrap/unwrap round-trip (#3666) fix: serialize object query params per OpenAPI style/explode rules (#3662) Fixes #2857 fix: HTTP request headers not accessible in background task workers (#3631) fix: restore HTTP headers in worker execution path for background tasks (#3681) fix: strip discriminator after dereferencing schemas (#3682) fix: remove stale ty:ignore directives for ty 0.0.26 (#3684) Fix docs gaps in app provider pages (#3690) fix: dev apps log panel UX improvements (#3698) fix dev server empty string args (#3700)
1 participant
The overview page now opens with a showcase screenshot showing forms, charts, metrics, tables, and interactive controls — the full breadth of what Prefab can do in one glance.
Other changes: