Add securing MCP sample use case and refactor docs

[thiva-k]

Purpose

Add a new Securing MCP use case to the documentation that demonstrates how authorizes external MCP clients calling an OAuth-protected MCP server. Restructure the AI agent documentation to live under a shared Agent Identity parent section alongside it.

Approach

• Add the Securing MCP doc subtree (overview, solution patterns, identity concepts, configure-it-yourself, and a Try It Out walkthrough that drives MCP Inspector through scope-narrowed consent against the Wayfinder MCP server).
• Rename the existing AI agents section to Securing AI Agents under a new Agent Identity parent in the sidebar. Add the missing Configure It Yourself and Identity Concepts pages for parity with the B2C structure. Consolidate booking-api → wayfinder-booking resource server naming across B2C, AI Agents, and MCP.
• Update the Wayfinder sample: consolidate the standalone MCP server into samples/apps/wayfinder-sample/backend/ (renamed from api/), add the EXTERNAL-MCP-CLIENT OAuth application, enforce Thunder JWT validation on the backend by default, and fix a LangChain responseFormat: "content_and_artifact" tuple bug in the agent that caused successful bookings to surface as errors with weaker LLMs.
• Surface the new tryout from the top-level README.md and the Console Welcome Page alongside the existing B2C and AI Agent entries.

Summary by CodeRabbit

• New Features

  • Added MCP “Try It Out” walkthroughs and interactive MCP authorization examples; added MCP entry to product welcome/try-out list.

• Documentation

  • Rebranded AI agent docs to “Securing AI Agents”; added extensive MCP guides (overview, identity concepts, solution patterns, try-it-out, configure-it-yourself) and streamlined walkthroughs/navigation.
  • Expanded sample READMEs and diagrams to show unified backend serving REST + MCP and updated setup instructions.

• Chores

  • Consolidated Wayfinder sample to a single backend service hosting REST and MCP; updated startup/build scripts and sample configs.

• Style

  • Added spellchecker vocabulary entries (case/term additions).

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Consolidates Wayfinder sample into a single backend serving REST and MCP, implements an MCP handler with per-tool OAuth scope enforcement and protected-resource discovery, adds Securing MCP documentation and sidebar navigation, updates agent OBO/tool wiring, sample configs, scripts, diagrams, UI, and spellchecker vocab.

Changes

MCP Authorization & Wayfinder Backend Consolidation

Layer / File(s)	Summary
MCP Authorization documentation docs/content/use-cases/ai-agents/mcp-authorization/*	New "Securing MCP" documentation: overview, solution patterns, try-it-out walkthroughs (Inspector), identity concepts, manual client registration, and sidebar categories.
Backend MCP HTTP handler and tool enforcement samples/apps/wayfinder-sample/backend/src/mcp.js	New MCP server implementation with per-tool scope enforcement, booking tool validation/creation, CORS headers exposing WWW-Authenticate, Streamable transport integration, and protected-resource discovery export.
Server routing, CORS, and JSON handling samples/apps/wayfinder-sample/backend/src/server.js	Add /mcp POST route with JSON parse/400 handling, dynamic CORS origin reflection, thread request through sendJson for CORS-aware responses, and expanded startup logging.
AI Agent OBO and MCP tool invocation samples/apps/wayfinder-sample/ai-agent/agent.ts	Update OBO constants (MCP URL, USER_CONTEXT_TOOLS, OBO_SCOPES), change MCPLikeTool callback from invoke→func, adjust consent wrapper payload, and improve missing-scope error details.
ThunderID OAuth/resource config samples/apps/wayfinder-sample/thunderid-config/thunderid-config.yaml	Replace booking-api RS with wayfinder-booking (identifier http://localhost:8787/mcp), update role bindings, and add external-mcp-client OAuth app (PKCE, auth-code + refresh).
Build, packaging, and startup consolidation build.sh, build.ps1, start.sh, start.ps1, samples/apps/wayfinder-sample/package.json	Switch packaging/install/start flows to backend + ai-agent (drop separate api/mcp), copy only agent.ts where needed, and start three services using unified backend port.
Backend env, README, auth, and DB path samples/apps/wayfinder-sample/backend/.env.example, samples/apps/wayfinder-sample/backend/README.md, samples/apps/wayfinder-sample/backend/src/auth.js, samples/apps/wayfinder-sample/backend/src/db.js	Document default JWT/scope behavior and API_REQUIRE_AUTH=false fallback, add REST/MCP endpoint docs and tools table, tighten demo-user fallback to API_REQUIRE_AUTH === "false", and update seed/db path messaging.
Wayfinder sample README and architecture samples/apps/wayfinder-sample/README.md	Update to reflect consolidated backend (REST + MCP), revise architecture diagram and token flow (agent M2M vs OBO), adjust project structure and run instructions to three-terminal setup.
Sample env/cleanup and dependency samples/apps/wayfinder-sample/ai-agent/.env.example, samples/apps/wayfinder-sample/api/*, samples/apps/wayfinder-sample/mcp/*, samples/apps/wayfinder-sample/backend/package.json	Require Thunder tokens or API_REQUIRE_AUTH=false for local bypass, remove deprecated api/mcp package/config/docs, and add @modelcontextprotocol/sdk dependency to backend.
Docs rebranding and sidebar navigation docs/content/use-cases/ai-agents/*, docs/sidebars.ts	Rename "Identity for AI Agents" → "Securing AI Agents", restructure sidebar with "Agent Identity" top-level and "Securing AI Agents"/"Securing MCP" nested sections, add keyed entries.
AI Agents try-it-out restructure docs/content/use-cases/ai-agents/try-it-out.mdx, docs/content/use-cases/ai-agents/try-it-out/*	Rewrite Try It Out with Stepper and NextStepsCard navigation, consolidate setup steps, update prerequisites links, and replace Concepts blocks with Going Deeper links.
AI Agents identity concepts & manual setup docs/content/use-cases/ai-agents/identity-concepts.mdx, docs/content/use-cases/ai-agents/configure-it-yourself.mdx	Add identity concepts mapping and a manual "Configure It Yourself" guide for Wayfinder agent identity model, roles, resource servers, agent registration, and OBO flow.
Diagram components and MCP visualization docs/src/components/WayfinderDiagrams.tsx	Add visible SVG edge labels, McpClientIcon, WayfinderMcpOrganization, compute productName from Docusaurus context, and inject labels/aria into MCP diagram.
Console welcome page and i18n frontend/apps/console/src/features/welcome/pages/WelcomePage.tsx, frontend/packages/i18n/src/locales/en-US.ts	Add MCP try-it-out item with icon and docs link; retitle AI Agents to "Securing AI Agents" and add MCP translation keys; adjust assistant title casing.
Root README and Vale vocabulary README.md, .vale/styles/config/vocabularies/vocab/accept.txt	Add MCP Getting Started bullet; add accepted vocab entries (Loopback, Streamable, client_id, Downscope, Downscoping, Superset).

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• thunder-id/thunderid#2953: Related B2C docs updates referencing resource-server/token naming similar to this PR.
• thunder-id/thunderid#2951: Overlapping AI Agents try-it-out doc rewrites and Wayfinder agent auth flow changes.
• thunder-id/thunderid#2800: Related Docusaurus sidebar/navigation updates for use-case sections.

Suggested reviewers

• jeradrutnam
• brionmario
• DonOmalVindula

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 18.75% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the main changes: adding a new MCP use case to documentation and refactoring related docs. It directly reflects the core objectives.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 8

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/content/use-cases/ai-agents/configure-it-yourself.mdx`:
- Line 253: Replace the hardcoded GitHub URL
"https://github.com/asgardeo/thunder/tree/main/samples/apps/wayfinder-sample#readme"
with the RepoLink component: use RepoLink with path set to
"samples/apps/wayfinder-sample#readme" and keep the visible link text "README"
so the MDX follows the docs guideline for repository links.

In
`@docs/content/use-cases/ai-agents/mcp-authorization/configure-it-yourself.mdx`:
- Line 38: Replace the hardcoded GitHub URL in the sentence with the RepoLink
MDX component: locate the sentence mentioning the Wayfinder sample README and
replace the literal URL string with a <RepoLink> component using the same path
(e.g., path="/samples/apps/wayfinder-sample#readme") and keep the link text
unchanged; ensure the JSX uses <RepoLink path="...">link text</RepoLink> so the
rendered text and anchor behave identically.

In `@docs/content/use-cases/ai-agents/mcp-authorization/try-it-out.mdx`:
- Line 56: The heading "Allow Inspector in Thunder CORS" hardcodes the product
name; update the .mdx heading in try-it-out.mdx to use the ProductName component
instead (e.g., change the heading to use <ProductName /> where "Thunder"
appears) so that docs/** contains no literal "Thunder"/"ThunderID" in
prose/headings and the rendered heading reads correctly with the product
component.
- Line 3: The frontmatter in try-it-out.mdx currently hardcodes the product name
"ThunderID" in the description; update that frontmatter field to use the product
token {{ProductName}} (e.g., change "signed in through ThunderID" to "signed in
through {{ProductName}}") and scan this file (and other docs/** MDX frontmatter)
for any other occurrences of "Thunder" or "ThunderID" to replace with the
appropriate {{ProductName}} token so the docs follow the guideline.
- Line 76: The description string currently hardcodes "ThunderID" inside JSX
string content; replace that literal with the ProductName component by switching
the description prop value to JSX (e.g., description={<>{/* text before
*/}<ProductName />{/* text after */}</>}) so the component renders <ProductName
/> instead of the hardcoded brand; update the description prop in the same MDX
block where description="Authorize an external MCP client against ThunderID,
list Wayfinder's tools..." to use JSX and ensure all occurrences of "Thunder" /
"ThunderID" in this file's JSX content are replaced with <ProductName />.

In
`@docs/content/use-cases/ai-agents/mcp-authorization/try-it-out/connect-via-inspector.mdx`:
- Line 3: The frontmatter description for connect-via-inspector.mdx currently
hardcodes the brand name "ThunderID"; replace that literal with the frontmatter
placeholder {{ProductName}} so the description reads using {{ProductName}}
(e.g., change "through ThunderID" to "through {{ProductName}}") to comply with
docs/** guidelines and .mdx frontmatter requirements.

In `@docs/src/components/WayfinderDiagrams.tsx`:
- Around line 867-869: Replace the hardcoded "ThunderID" string in
WayfinderDiagrams.tsx with the product name read from Docusaurus site config:
import and call useDocusaurusContext(), get the product name from siteConfig
(e.g. siteConfig.customFields?.productName or fallback to siteConfig.title), and
render that value inside the <text> element with className
"uc-agent-wayfinder-arch__idp-title" instead of the literal "ThunderID".

In `@samples/apps/wayfinder-sample/backend/src/server.js`:
- Around line 65-73: sendJson now determines CORS via corsOrigin(request) but
many route handlers call sendJson without passing the request, causing
Access-Control-Allow-Origin to fall back to FRONTEND_ORIGIN; update every call
site that returns JSON (all route handlers that call sendJson, including the
handlers for GET/POST/DELETE/OPTIONS) to pass the incoming request object as the
fourth argument so sendJson can echo the caller origin, and verify any helper
wrappers around sendJson (if present) are similarly updated to forward the
request to sendJson and to corsOrigin.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: f1f89f3f-8182-4418-84f7-c0d4a875b215

📥 Commits

Reviewing files that changed from the base of the PR and between 24d4d00 and 7c758ac.

⛔ Files ignored due to path filters (2)

• samples/apps/wayfinder-sample/api/package-lock.json is excluded by !**/package-lock.json
• samples/apps/wayfinder-sample/backend/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (51)

• .vale/styles/config/vocabularies/vocab/accept.txt
• README.md
• docs/content/use-cases/ai-agents/_category_.json
• docs/content/use-cases/ai-agents/configure-it-yourself.mdx
• docs/content/use-cases/ai-agents/identity-concepts.mdx
• docs/content/use-cases/ai-agents/mcp-authorization.mdx
• docs/content/use-cases/ai-agents/mcp-authorization/_category_.json
• docs/content/use-cases/ai-agents/mcp-authorization/configure-it-yourself.mdx
• docs/content/use-cases/ai-agents/mcp-authorization/identity-concepts.mdx
• docs/content/use-cases/ai-agents/mcp-authorization/overview.mdx
• docs/content/use-cases/ai-agents/mcp-authorization/solution-patterns.mdx
• docs/content/use-cases/ai-agents/mcp-authorization/try-it-out.mdx
• docs/content/use-cases/ai-agents/mcp-authorization/try-it-out/_category_.json
• docs/content/use-cases/ai-agents/mcp-authorization/try-it-out/connect-via-inspector.mdx
• docs/content/use-cases/ai-agents/overview.mdx
• docs/content/use-cases/ai-agents/solution-patterns.mdx
• docs/content/use-cases/ai-agents/try-it-out.mdx
• docs/content/use-cases/ai-agents/try-it-out/act-on-behalf-of-user.mdx
• docs/content/use-cases/ai-agents/try-it-out/act-on-its-own.mdx
• docs/content/use-cases/ai-agents/try-it-out/protect-the-agent.mdx
• docs/content/use-cases/b2c/configure-it-yourself.mdx
• docs/content/use-cases/b2c/identity-concepts.mdx
• docs/content/use-cases/b2c/try-it-out/add-login.mdx
• docs/sidebars.ts
• docs/src/components/DocsGetStarted.tsx
• docs/src/components/WayfinderDiagrams.tsx
• frontend/apps/console/src/features/welcome/pages/WelcomePage.tsx
• frontend/packages/i18n/src/locales/en-US.ts
• samples/apps/wayfinder-sample/README.md
• samples/apps/wayfinder-sample/ai-agent/.env.example
• samples/apps/wayfinder-sample/ai-agent/agent.ts
• samples/apps/wayfinder-sample/api/.env.example
• samples/apps/wayfinder-sample/api/README.md
• samples/apps/wayfinder-sample/backend/.env.example
• samples/apps/wayfinder-sample/backend/README.md
• samples/apps/wayfinder-sample/backend/openapi.yaml
• samples/apps/wayfinder-sample/backend/package.json
• samples/apps/wayfinder-sample/backend/scripts/seed.js
• samples/apps/wayfinder-sample/backend/src/auth.js
• samples/apps/wayfinder-sample/backend/src/db.js
• samples/apps/wayfinder-sample/backend/src/mcp.js
• samples/apps/wayfinder-sample/backend/src/server.js
• samples/apps/wayfinder-sample/frontend/src/App.jsx
• samples/apps/wayfinder-sample/mcp/README.md
• samples/apps/wayfinder-sample/mcp/package.json
• samples/apps/wayfinder-sample/mcp/server.ts
• samples/apps/wayfinder-sample/mcp/tsconfig.json
• samples/apps/wayfinder-sample/package.json
• samples/apps/wayfinder-sample/start.ps1
• samples/apps/wayfinder-sample/start.sh
• samples/apps/wayfinder-sample/thunderid-config/thunderid-config.yaml

💤 Files with no reviewable changes (7)

• samples/apps/wayfinder-sample/mcp/README.md
• samples/apps/wayfinder-sample/api/README.md
• samples/apps/wayfinder-sample/mcp/package.json
• docs/content/use-cases/ai-agents/mcp-authorization.mdx
• samples/apps/wayfinder-sample/mcp/server.ts
• samples/apps/wayfinder-sample/mcp/tsconfig.json
• samples/apps/wayfinder-sample/api/.env.example

[coderabbitai]

♻️ Duplicate comments (1)

docs/src/components/WayfinderDiagrams.tsx (1)

203-203: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Replace remaining hardcoded ThunderID labels in legacy diagrams.

I still see hardcoded brand literals in JSX content and aria-labels at Line 203, Line 283, Line 519, and Line 589. Is this hardcoded brand name intentional? Please derive these labels from config (same pattern already used in WayfinderMcpArchitecture) instead of raw strings.

As per coding guidelines: **/*.tsx must flag hardcoded Thunder/ThunderID, and .tsx files under docs/src/ must read product name from Docusaurus site config rather than hardcoded literals.

Also applies to: 283-283, 519-519, 589-589

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/src/components/WayfinderDiagrams.tsx` at line 203, The JSX in
WayfinderDiagrams (component WayfinderDiagrams) contains hardcoded brand
literals like "ThunderID" in attributes such as the aria-label and inline
labels; replace these by reading the product name from Docusaurus site config
(reuse the same pattern used in WayfinderMcpArchitecture, e.g., obtain
product/siteConfig via useDocusaurusContext() and derive productName) and
interpolate that variable into the aria-label and any JSX text nodes instead of
the string "ThunderID" (search for occurrences of "ThunderID" in
WayfinderDiagrams and update the aria-label prop and inline labels to use the
productName variable).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@docs/src/components/WayfinderDiagrams.tsx`:
- Line 203: The JSX in WayfinderDiagrams (component WayfinderDiagrams) contains
hardcoded brand literals like "ThunderID" in attributes such as the aria-label
and inline labels; replace these by reading the product name from Docusaurus
site config (reuse the same pattern used in WayfinderMcpArchitecture, e.g.,
obtain product/siteConfig via useDocusaurusContext() and derive productName) and
interpolate that variable into the aria-label and any JSX text nodes instead of
the string "ThunderID" (search for occurrences of "ThunderID" in
WayfinderDiagrams and update the aria-label prop and inline labels to use the
productName variable).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 6882c2c8-44e4-445b-b2a9-7931a9665d55

📥 Commits

Reviewing files that changed from the base of the PR and between 7c758ac and 04902be.

⛔ Files ignored due to path filters (2)

• samples/apps/wayfinder-sample/api/package-lock.json is excluded by !**/package-lock.json
• samples/apps/wayfinder-sample/backend/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (53)

• .vale/styles/config/vocabularies/vocab/accept.txt
• README.md
• build.ps1
• build.sh
• docs/content/use-cases/ai-agents/_category_.json
• docs/content/use-cases/ai-agents/configure-it-yourself.mdx
• docs/content/use-cases/ai-agents/identity-concepts.mdx
• docs/content/use-cases/ai-agents/mcp-authorization.mdx
• docs/content/use-cases/ai-agents/mcp-authorization/_category_.json
• docs/content/use-cases/ai-agents/mcp-authorization/configure-it-yourself.mdx
• docs/content/use-cases/ai-agents/mcp-authorization/identity-concepts.mdx
• docs/content/use-cases/ai-agents/mcp-authorization/overview.mdx
• docs/content/use-cases/ai-agents/mcp-authorization/solution-patterns.mdx
• docs/content/use-cases/ai-agents/mcp-authorization/try-it-out.mdx
• docs/content/use-cases/ai-agents/mcp-authorization/try-it-out/_category_.json
• docs/content/use-cases/ai-agents/mcp-authorization/try-it-out/connect-via-inspector.mdx
• docs/content/use-cases/ai-agents/overview.mdx
• docs/content/use-cases/ai-agents/solution-patterns.mdx
• docs/content/use-cases/ai-agents/try-it-out.mdx
• docs/content/use-cases/ai-agents/try-it-out/act-on-behalf-of-user.mdx
• docs/content/use-cases/ai-agents/try-it-out/act-on-its-own.mdx
• docs/content/use-cases/ai-agents/try-it-out/protect-the-agent.mdx
• docs/content/use-cases/b2c/configure-it-yourself.mdx
• docs/content/use-cases/b2c/identity-concepts.mdx
• docs/content/use-cases/b2c/try-it-out/add-login.mdx
• docs/sidebars.ts
• docs/src/components/DocsGetStarted.tsx
• docs/src/components/WayfinderDiagrams.tsx
• frontend/apps/console/src/features/welcome/pages/WelcomePage.tsx
• frontend/packages/i18n/src/locales/en-US.ts
• samples/apps/wayfinder-sample/README.md
• samples/apps/wayfinder-sample/ai-agent/.env.example
• samples/apps/wayfinder-sample/ai-agent/agent.ts
• samples/apps/wayfinder-sample/api/.env.example
• samples/apps/wayfinder-sample/api/README.md
• samples/apps/wayfinder-sample/backend/.env.example
• samples/apps/wayfinder-sample/backend/README.md
• samples/apps/wayfinder-sample/backend/openapi.yaml
• samples/apps/wayfinder-sample/backend/package.json
• samples/apps/wayfinder-sample/backend/scripts/seed.js
• samples/apps/wayfinder-sample/backend/src/auth.js
• samples/apps/wayfinder-sample/backend/src/db.js
• samples/apps/wayfinder-sample/backend/src/mcp.js
• samples/apps/wayfinder-sample/backend/src/server.js
• samples/apps/wayfinder-sample/frontend/src/App.jsx
• samples/apps/wayfinder-sample/mcp/README.md
• samples/apps/wayfinder-sample/mcp/package.json
• samples/apps/wayfinder-sample/mcp/server.ts
• samples/apps/wayfinder-sample/mcp/tsconfig.json
• samples/apps/wayfinder-sample/package.json
• samples/apps/wayfinder-sample/start.ps1
• samples/apps/wayfinder-sample/start.sh
• samples/apps/wayfinder-sample/thunderid-config/thunderid-config.yaml

💤 Files with no reviewable changes (7)

• samples/apps/wayfinder-sample/api/.env.example
• samples/apps/wayfinder-sample/api/README.md
• samples/apps/wayfinder-sample/mcp/README.md
• samples/apps/wayfinder-sample/mcp/server.ts
• samples/apps/wayfinder-sample/mcp/package.json
• docs/content/use-cases/ai-agents/mcp-authorization.mdx
• samples/apps/wayfinder-sample/mcp/tsconfig.json

✅ Files skipped from review due to trivial changes (19)

• docs/content/use-cases/ai-agents/category.json
• docs/content/use-cases/b2c/identity-concepts.mdx
• docs/content/use-cases/ai-agents/mcp-authorization/try-it-out/category.json
• docs/content/use-cases/ai-agents/mcp-authorization/try-it-out/connect-via-inspector.mdx
• docs/content/use-cases/ai-agents/mcp-authorization/solution-patterns.mdx
• samples/apps/wayfinder-sample/backend/src/db.js
• .vale/styles/config/vocabularies/vocab/accept.txt
• docs/content/use-cases/b2c/configure-it-yourself.mdx
• docs/content/use-cases/ai-agents/identity-concepts.mdx
• docs/content/use-cases/ai-agents/try-it-out/protect-the-agent.mdx
• samples/apps/wayfinder-sample/backend/README.md
• samples/apps/wayfinder-sample/backend/.env.example
• docs/content/use-cases/ai-agents/mcp-authorization/category.json
• docs/content/use-cases/ai-agents/mcp-authorization/try-it-out.mdx
• docs/content/use-cases/ai-agents/configure-it-yourself.mdx
• docs/content/use-cases/ai-agents/solution-patterns.mdx
• docs/content/use-cases/ai-agents/mcp-authorization/overview.mdx
• samples/apps/wayfinder-sample/README.md
• docs/content/use-cases/ai-agents/mcp-authorization/identity-concepts.mdx

🚧 Files skipped from review as they are similar to previous changes (18)

• docs/content/use-cases/ai-agents/try-it-out/act-on-behalf-of-user.mdx
• docs/content/use-cases/b2c/try-it-out/add-login.mdx
• samples/apps/wayfinder-sample/package.json
• README.md
• samples/apps/wayfinder-sample/backend/package.json
• samples/apps/wayfinder-sample/ai-agent/.env.example
• samples/apps/wayfinder-sample/backend/src/auth.js
• frontend/apps/console/src/features/welcome/pages/WelcomePage.tsx
• docs/src/components/DocsGetStarted.tsx
• docs/content/use-cases/ai-agents/overview.mdx
• samples/apps/wayfinder-sample/start.sh
• samples/apps/wayfinder-sample/backend/src/mcp.js
• samples/apps/wayfinder-sample/backend/src/server.js
• frontend/packages/i18n/src/locales/en-US.ts
• docs/sidebars.ts
• samples/apps/wayfinder-sample/thunderid-config/thunderid-config.yaml
• docs/content/use-cases/ai-agents/try-it-out.mdx
• samples/apps/wayfinder-sample/ai-agent/agent.ts

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!