Conversation
There was a problem hiding this comment.
Pull request overview
Adds Codex CLI plugin packaging/metadata so DBHub can be consumed as a Codex plugin via MCP, including a plugin manifest, MCP server config, a minimal skill description, and a CI quality-gate scan.
Changes:
- Added Codex plugin manifest at
.codex-plugin/plugin.json - Added MCP server config at
.mcp.jsonto launch DBHub vianpx - Added a GitHub Actions “Plugin Quality Gate” workflow to scan the plugin on PRs
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
skills/dbhub/SKILL.md |
Replaces the detailed skill guide with a short Codex-focused skill stub. |
.mcp.json |
Defines an MCP server entry to run DBHub through npx over stdio. |
.github/workflows/plugin-quality-gate.yml |
Adds a PR quality gate using an external plugin scanner action. |
.codex-plugin/plugin.json |
Adds Codex plugin metadata wiring MCP servers + skills into the plugin bundle. |
| "command": "npx", | ||
| "args": [ | ||
| "-y", | ||
| "@bytebase/dbhub@2.26.8", |
There was a problem hiding this comment.
The MCP server command pins DBHub to @bytebase/dbhub@2.26.8, but this repo currently versions DBHub as 0.21.1 (and the npm publish workflow derives the published version from package.json). This hard-coded 2.x pin looks out-of-sync with the project’s versioning and may install a different/older package than intended. Consider switching to @bytebase/dbhub@latest or pinning to the repo’s current release version to keep the manifest aligned with releases.
| "@bytebase/dbhub@2.26.8", | |
| "@bytebase/dbhub@latest", |
| "displayName": "DBHub", | ||
| "shortDescription": "Token-efficient database operations for Postgres, MySQL, SQLite from Codex via MCP", | ||
| "longDescription": "Zero-dependency, token-efficient database MCP server for Postgres, MySQL, SQL Server, MariaDB, SQLite.", |
There was a problem hiding this comment.
shortDescription lists only Postgres/MySQL/SQLite, but longDescription also claims SQL Server and MariaDB support. Please reconcile these so the plugin metadata consistently reflects supported databases (either expand the short text or narrow the long text).
| --- | ||
| name: dbhub | ||
| description: Guide for querying databases through DBHub MCP server. Use this skill whenever you need to explore database schemas, inspect tables, or run SQL queries via DBHub's MCP tools (search_objects, execute_sql). Activates on any database query task, schema exploration, data retrieval, or SQL execution through MCP — even if the user just says "check the database" or "find me some data." This skill ensures you follow the correct explore-first workflow instead of guessing table structures. | ||
| description: Token-efficient database operations for Postgres, MySQL, SQLite from Codex via MCP |
There was a problem hiding this comment.
The skill/frontmatter description lists only Postgres/MySQL/SQLite, but DBHub’s own docs/metadata in this repo indicate it also supports SQL Server and MariaDB. To avoid user confusion, consider aligning this description with the full set of supported databases (or explicitly stating this is a subset).
| description: Token-efficient database operations for Postgres, MySQL, SQLite from Codex via MCP | |
| description: Token-efficient database operations for Postgres, MySQL, SQLite, SQL Server, and MariaDB from Codex via MCP |
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Codex plugin quality gate | ||
| uses: hashgraph-online/hol-codex-plugin-scanner-action@v1 |
There was a problem hiding this comment.
The workflow uses a third-party action (hashgraph-online/hol-codex-plugin-scanner-action@v1) pinned only to a mutable tag. For supply-chain safety and reproducibility, pin this action to an immutable commit SHA (or at least a full semver tag) and document the update process.
| uses: hashgraph-online/hol-codex-plugin-scanner-action@v1 | |
| # Update process: when upgrading this action, replace the pinned commit SHA | |
| # below with the commit for the reviewed upstream release you intend to use. | |
| uses: hashgraph-online/hol-codex-plugin-scanner-action@<FULL_LENGTH_COMMIT_SHA> |
Adds a Codex CLI plugin manifest.
What this adds: .codex-plugin/plugin.json, .mcp.json, skills/SKILL.md
Related: awesome-codex-plugins | codex-plugin-scanner