Skip to content

Expand AWS Redshift connector docs with Trusted IDP setup guide#855

Open
Avinash-Kamath wants to merge 1 commit into
mainfrom
claude/amazon-redshift-connector-docs-qpsa15
Open

Expand AWS Redshift connector docs with Trusted IDP setup guide#855
Avinash-Kamath wants to merge 1 commit into
mainfrom
claude/amazon-redshift-connector-docs-qpsa15

Conversation

@Avinash-Kamath

@Avinash-Kamath Avinash-Kamath commented Jul 10, 2026

Copy link
Copy Markdown
Collaborator

Summary

Significantly expand the AWS Redshift connector documentation to provide a complete, production-ready setup guide for the Trusted IDP authentication flow. The original page was a stub; this update transforms it into a comprehensive guide covering architecture, prerequisites, AWS IAM configuration, Redshift database setup, Scalekit connection creation, and troubleshooting.

Key changes

  • Added "How it works" section — Explains the Trusted IDP flow: JWT minting, STS AssumeRoleWithWebIdentity, temporary credential caching, and why long-lived keys are never stored.

  • Added prerequisites — Lists AWS account requirements, IAM permissions needed, Scalekit workspace setup, and Redshift target options (provisioned vs. serverless).

  • Added "Gather your Scalekit details first" section — Instructs users to collect Environment URL and Connection ID from the dashboard before touching AWS, with explanations of what these values mean for AWS trust policies.

  • Added Part 1: AWS setup — Step-by-step instructions for:

    • Registering Scalekit as an OIDC provider in AWS IAM
    • Creating the IAM role with correct trust policy
    • Trust policy reference table with placeholders and examples
    • Optional sub-claim restriction for single-organization access
    • Permission policy tabs for serverless and provisioned clusters with all required actions and resource ARNs
  • Added Part 2: Redshift database setup — Guidance for serverless (no user creation needed) and provisioned clusters (SQL to create IAM-authenticated user with minimal grants).

  • Added Part 3: Scalekit connection creation — Dashboard and API steps to create a connected account, with a detailed field reference table explaining each input (identifier, role ARN, region, database, cluster/workgroup, namespace, db_user).

  • Rewrote "What you can do" section — Clearer, more concise bullet points describing agent capabilities.

  • Added "Execute tools" section — Node.js and Python code examples showing how to submit SQL, poll for results, and handle statement IDs.

  • Added "Troubleshoot common errors" section — Table mapping six common errors to their causes and fixes (InvalidIdentityToken, trust policy mismatches, permission policy issues, missing fields, etc.).

  • Added "Verify the round-trip in CloudTrail" section — Explains how to audit Scalekit's STS and Redshift API calls in CloudTrail, including role session naming.

  • Added comprehensive reference section — JWT claims Scalekit mints, trust policy claim names, where credentials are stored and encrypted, refresh/rotation behavior, and revocation steps.

  • Updated imports — Added Aside and Badge components to support callouts and status badges.

  • Updated description — Changed from generic Redshift overview to a specific, benefit-focused summary of the Trusted IDP flow and no long-lived keys.

  • Added CSS — Table styling to prevent first-column text wrapping, improving readability of reference tables.

Notable implementation details

  • All AWS IAM policy examples include both serverless and provisioned cluster variants in tabs.
  • Placeholders in policies and ARNs are clearly marked with angle brackets and explained in reference tables.
  • Multiple callouts (Aside components) highlight common mistakes (e.g., using sts.amazonaws.com as audience, localhost issuers, missing workgroup UUID in serverless policy).
  • The guide emphasizes security: no long-lived credentials, temporary STS tokens, proactive refresh, and clear revocation paths.
  • API example uses curl with placeholder tokens and environment domain for programmatic connected account creation.

https://claude.ai/code/session_01JWVq58yRgybXxvfxvRALNU

Summary by CodeRabbit

  • Documentation
    • Expanded the Redshift connector guide with a complete Trusted IDP setup walkthrough.
    • Added prerequisites and configuration instructions for OIDC, IAM roles, permissions, and Redshift databases.
    • Added connection and connected account setup guidance, including API examples.
    • Documented tool execution examples for Node.js and Python.
    • Added troubleshooting guidance, CloudTrail verification steps, and reference information for claims, credentials, access refresh, and revocation.

Expand the AWS Redshift connector page with the full Trusted IDP setup flow:
AWS OIDC provider + IAM role/trust policy, permission policies for serverless
and provisioned targets, Redshift database setup, Scalekit connection and
connected account creation, tool execution examples, troubleshooting, and a
reference section.
@coderabbitai

coderabbitai Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Walkthrough

The Redshift connector page now provides a Trusted IDP end-to-end guide covering AWS OIDC and IAM setup, Redshift configuration, Scalekit connected accounts, tool execution, troubleshooting, CloudTrail verification, and credential lifecycle management.

Changes

Redshift Trusted IDP connector

Layer / File(s) Summary
Trusted IDP flow and prerequisites
src/content/docs/agentkit/connectors/redshift.mdx
Introduces the Trusted IDP flow, JWT and credential exchange behavior, required prerequisites, and Scalekit claim guidance.
AWS identity and permissions setup
src/content/docs/agentkit/connectors/redshift.mdx
Documents OIDC provider registration, IAM trust policies, optional subject restrictions, and serverless or provisioned Redshift permissions.
Database and connected account setup
src/content/docs/agentkit/connectors/redshift.mdx
Adds database setup, provisioned SQL grants, connected account configuration, and an API creation example.
Tool execution and access operations
src/content/docs/agentkit/connectors/redshift.mdx
Adds Node.js and Python examples, troubleshooting, CloudTrail verification, and credential lifecycle references.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Scalekit
  participant AgentKit
  participant AWSSTS
  participant RedshiftDataAPI
  Scalekit->>AgentKit: Mint OIDC JWT
  AgentKit->>AWSSTS: AssumeRoleWithWebIdentity
  AWSSTS-->>AgentKit: Return federated credentials
  AgentKit->>RedshiftDataAPI: Submit SQL statement
  RedshiftDataAPI-->>AgentKit: Return statement result
Loading

Possibly related PRs

Suggested reviewers: amitash1912, ravibits, vamsidhar-ramanathi, saif-at-scalekit, AkshayParihar33

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: expanding the AWS Redshift connector docs into a Trusted IDP setup guide.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch claude/amazon-redshift-connector-docs-qpsa15
  • 🛠️ fix frontmatter
  • 🛠️ fix internal links

Comment @coderabbitai help to get the list of available commands.

@netlify

netlify Bot commented Jul 10, 2026

Copy link
Copy Markdown

Deploy Preview for scalekit-starlight ready!

Name Link
🔨 Latest commit 29ee91f
🔍 Latest deploy log https://app.netlify.com/projects/scalekit-starlight/deploys/6a50e3d7dbed610008ac90f4
😎 Deploy Preview https://deploy-preview-855--scalekit-starlight.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse
1 paths audited
Performance: 51 (🟢 up 3 from production)
Accessibility: 98 (no change from production)
Best Practices: 92 (no change from production)
SEO: 92 (no change from production)
PWA: -
View the detailed breakdown and full score reports
🤖 Make changes Run an agent on this branch

To edit notification comments on pull requests, go to your Netlify project configuration.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 13

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/content/docs/agentkit/connectors/redshift.mdx`:
- Around line 338-341: Update the connected-account curl example to read the
bearer token from an environment variable instead of showing a copyable literal,
and add a brief warning that shell history or source control exposure grants
access to connected-account credentials.
- Around line 94-96: Update the caution Aside near the issuer configuration to
remove the suggestion to use an arbitrary ngrok domain, or explicitly state that
ngrok is valid only when configured as the Scalekit issuer/custom domain;
otherwise direct local development to the staging Scalekit environment URL.
- Around line 126-128: The note in “Adding a second Connection ID later” must
also address the IAM role trust policy. Instruct users to update its `aud`
condition to accept both Connection IDs, or create a separate IAM role
configured for the new audience, in addition to updating the OIDC provider
audience list.
- Around line 83-92: Resolve the Redshift setup ordering in the introductory
instructions and the Part 3 section: explicitly instruct readers to create and
save the empty connection before beginning Part 1, since its Connection ID is
required for AWS configuration. Update Part 3 to state that the existing
connection should only be reopened to add the connected account, without
creating a new connection.
- Around line 104-114: Convert every numbered item in all three affected <Steps>
blocks, including the blocks around the IAM provider setup and the referenced
sections, into heading-form steps using the required `1. ### ...` or `1. ## ...`
syntax while preserving each step’s existing content and order.
- Around line 434-441: Update the “Verify the round-trip in CloudTrail” section
to describe the data API event using CloudTrail fields: eventSource
redshift-data.amazonaws.com and eventName ExecuteStatement, rather than IAM
action syntax. Avoid guaranteeing exactly two events per tool call; state that
event names and counts vary by tool while retaining the
AssumeRoleWithWebIdentity and role-session attribution guidance.
- Around line 284-286: Update the “Serverless workgroup (recommended)” section
to explain that the first IAM connection maps to the IAMR:<role-name> database
role, which still requires database privileges. Add example equivalent GRANT
statements for IAMR:ScalekitRedshiftAccess and clarify that authentication may
succeed while queries fail without these grants.
- Around line 225-229: Update the Redshift Serverless IAM policy guidance near
“RedshiftServerlessAuth” to explain that <WORKGROUP_ID> is the workgroup UUID,
not its name. In the prerequisites and policy instructions, tell readers to copy
the workgroup ARN and extract its final segment or retrieve the workgroup’s
workgroupId via the AWS console/CLI/API before completing the ARN.
- Around line 184-197: Update the Redshift connector documentation’s
connected-account identifier guidance, including the sections around the
optional organization restriction and the referenced examples, to recommend
opaque organization or pairwise identifiers only and remove email addresses as a
suggested value. Explain that the identifier becomes the JWT subject and should
not contain PII, while preserving the exact-match requirement and JSON
configuration examples.
- Around line 485-493: Update the “Revoke access” section to avoid promising
immediate revocation from trust-policy or OIDC changes alone; explain that
existing temporary credentials may remain valid until expiry. Add AWS’s
active-session revocation procedure for emergency cut-off, and clarify the
distinction between blocking new AssumeRoleWithWebIdentity calls and
invalidating active sessions.
- Around line 388-396: Update both Redshift result-fetching snippets around
scalekit.actions.executeTool and redshift_get_query_result to use a bounded
polling loop: repeatedly request the query status until it is FINISHED, handle
FAILED and ABORTED as errors, and stop with an explicit timeout error if
completion takes too long before reading rows.
- Around line 61-68: Clarify the credential exchange cadence in the “On every
tool call” section: state that Scalekit calls AWS STS on the first tool call
when credentials are needed and subsequently only on cache misses or near-expiry
refreshes, while cached temporary credentials are reused for other calls. Update
the numbered flow accordingly without changing the surrounding IAM or security
details.
- Around line 343-360: Split the Redshift payload documentation into distinct
serverless and provisioned examples. In the serverless example, remove
trusted_idp.db_user, while retaining it only in the provisioned cluster example;
show the appropriate api_config fields for each shape, including
workgroup_name/namespace_name for serverless and cluster_identifier for
provisioned.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 9bab4770-e4c3-4355-8725-60926a1b21e7

📥 Commits

Reviewing files that changed from the base of the PR and between e8b17b1 and 29ee91f.

📒 Files selected for processing (1)
  • src/content/docs/agentkit/connectors/redshift.mdx
📜 Review details
⏰ Context from checks skipped due to timeout. (4)
  • GitHub Check: CodeRabbit / Review
  • GitHub Check: Redirect rules - scalekit-starlight
  • GitHub Check: Header rules - scalekit-starlight
  • GitHub Check: Pages changed - scalekit-starlight
🧰 Additional context used
📓 Path-based instructions (9)
**/*.mdx

📄 CodeRabbit inference engine (.cursorrules)

**/*.mdx: Use clear, descriptive titles that explain the purpose of the document
Include comprehensive descriptions in frontmatter metadata
Organize content with logical heading hierarchy (H2, H3, H4)
Use tableOfContents property in frontmatter when content has multiple sections
Set appropriate sidebar labels for navigation in frontmatter
Use direct instruction writing style with phrases like 'This guide shows you how to...' and 'Create an authorization URL to...'
Use second person perspective ('your application', 'you receive', 'you must') in documentation
Keep sentences concise, aiming for under 25 words per sentence
Explain the 'why' in documentation with phrases like 'This prevents CSRF attacks by...' or 'Use this to validate that...'
Use action verbs in section headings: 'Store session tokens securely', 'Validate the state parameter', 'Exchange authorization code for tokens'
Use present tense for descriptions: 'Scalekit handles the complex authentication flow', 'The SDK provides methods to refresh tokens'
Use future tense for results: 'This will redirect users to...', 'You'll receive a JWT containing...', 'Scalekit returns an authorization code'
Use transition phrases between sections: 'After the user authenticates...', 'Once the state is validated...', 'Let's take a look at how to...'
Write 1-3 opening paragraphs that explain what users will accomplish, provide context about when/why, preview key concepts, and use direct instructional language
Begin introduction sections with a clear statement of what the guide covers and explain the problem being solved
Use collapsible sections in introduction for sequence diagrams, video demonstrations, data models, and JSON examples with appropriate icons
Use numbered format within Steps component: 1. ## Title with all step content indented with exactly 3 spaces
Use action-oriented headings in step-by-step guides within Steps components
Include code examples in all 4 languages (Node.js, Python, Go, Java) within Steps co...

Files:

  • src/content/docs/agentkit/connectors/redshift.mdx

⚙️ CodeRabbit configuration file

**/*.mdx: You are reviewing Scalekit developer documentation written in MDX
(Astro + Starlight framework). Apply ALL of the following checks:

Frontmatter

  • title MUST be ≤ 60 characters and clearly state what the page does.
  • description MUST be ≤ 160 characters, action-oriented, unique per page.
  • sidebar.label MUST be present and ≤ 30 characters.
  • sidebar.order MUST be set on every page that lives inside a section
    with siblings, to enforce the journey order in sidebar.config.ts.
  • Flag any missing prev / next links on pages that are clearly
    part of a sequential flow (e.g., quickstart → implement-login →
    complete-login → manage-session → logout).

Voice & Style (CLAUDE.md standards)

  • Voice: confident, direct, collaborative, instructional.
  • Person: second person only ("you", "your application"). Reject "we",
    "our", "the developer", "the user".
  • Tense: present tense for descriptions; imperative mood for instructions.
  • Flag weasel words: "simply", "just", "easy", "straightforward",
    "obviously", "of course", "note that".
  • Flag passive voice constructions where active voice is clearer.
  • Headings must be sentence case, not Title Case (except proper nouns).
  • Headings that match a real API parameter, method, or field name
    (e.g., contactID, xero_tenant_id, executeTool) should preserve
    the original casing. Do NOT flag these as sentence-case violations.
  • No heading should end with a colon or period.

Content structure

  • Journey how-to guides MUST contain numbered <Steps> (Starlight
    component). This does NOT apply to src/content/docs/cookbooks/**
    (blog-style recipes — optional <Steps>, <Tabs> after </Steps> OK;
    see cookbooks path_instructions).
  • Concept pages MUST NOT contain numbered steps — concepts explain, not instruct.
  • API reference pages MUST list parameters in a table with Name / Type /
    Required / Description columns.
  • Every page MUST end with a clear "what's next" signal — either a
    next: f...

Files:

  • src/content/docs/agentkit/connectors/redshift.mdx
**/*.{yml,yaml,md,mdx}

📄 CodeRabbit inference engine (.cursor/rules/browsecentral-labels.mdc)

**/*.{yml,yaml,md,mdx}: BrowseCentral labels should be maximum 3-5 words - keep concise but add context when needed
BrowseCentral labels should be action-oriented - start with verbs when possible
BrowseCentral labels should be specific and clear - add context when simple labels are ambiguous
BrowseCentral labels should be outcome-focused - describe what users accomplish and the context
BrowseCentral labels should use 'Action + Object' pattern (e.g., 'Invite users', 'Restrict sign-up', 'Set up SCIM')
BrowseCentral labels should use feature names (e.g., 'Enterprise SSO', 'Passwordless quickstart')
BrowseCentral labels should describe task completion (e.g., 'Run migrations', 'Migrate auth', 'Merge identities')
BrowseCentral labels should include specific context when needed (e.g., 'Configure Scalekit MCP server', 'Validate incoming API requests')
BrowseCentral labels should use integration context when applicable (e.g., 'Build MCP auth with your existing auth system')
BrowseCentral labels should avoid instructional prefixes: 'How to', 'Guide to', 'Implement', 'Configure', 'Learn', 'Understand'
BrowseCentral labels should avoid verbose phrases: 'Step-by-step guide', 'Complete tutorial', 'Detailed documentation'
BrowseCentral labels should avoid weak verbs: 'Enable', 'Allow', 'Provide', 'Support'

Files:

  • src/content/docs/agentkit/connectors/redshift.mdx
**/*.{md,mdx}

📄 CodeRabbit inference engine (.cursor/rules/deno-docs-style.mdc)

**/*.{md,mdx}: Use sentence case for all titles and headings in MD/MDX documentation
Keep page titles short and descriptive (3–7 words when possible) in MD/MDX documentation
Use outcome-focused headings that describe results, not categories (e.g., 'Run a script' not 'Scripts')
Avoid gerunds in headings when an imperative works - prefer 'Configure proxies' over 'Configuring proxies'
Keep sidebar labels concise (1–3 words), use sentence case, and focus on outcomes or objects
Use sentence case in sidebar labels without punctuation
Set frontmatter title in sentence case with a clear outcome; description in one sentence (≤160 chars); sidebar.label as shorter form of title; enable tableOfContents on longer pages
Start documentation pages with a one-paragraph overview explaining what the page covers and when to use it
Present the primary use case (80% path) first in documentation, with edge cases later
Use numbered steps for task-focused sections in documentation, with each step beginning with a verb
Break up long documentation sections with subheadings every 3–6 paragraphs
Use asides for important notes, tips, cautions, and references in documentation
Provide runnable, minimal code examples that work as-is in documentation
Prefer CLI-first examples and show file layout when helpful in documentation
Label code blocks with titles for context (e.g., 'Terminal', 'main.ts') in documentation
Keep code block annotations brief and purposeful - annotate only what matters
Use consistent variable and file names across a documentation page
Use descriptive link text in documentation (e.g., 'See permission flags' not 'click here')
Prefer relative links for internal documentation pages and include anchors for section references
Reference APIs consistently using backticks for code, file names, CLI flags, and endpoints
Use backticks for code, file names, CLI flags, and endpoints in documentation
Use lists for options and features in documentation; tables only when comparisons are cleare...

Files:

  • src/content/docs/agentkit/connectors/redshift.mdx
src/content/docs/**/*.mdx

📄 CodeRabbit inference engine (.cursor/rules/starlight-steps-tabs-structure.mdc)

src/content/docs/**/*.mdx: In MDX documentation files, <Steps> must contain one continuous ordered list. Wrap <Steps> around a normal Markdown ordered list such as 1. ## ...
In MDX documentation files, numbered step lines must start at column 0. Do not indent the 1. ##, 2. ##, etc.
In MDX documentation files, any content that belongs to a step must be indented with 3 spaces: paragraphs, bullets, images, <Tabs>, <TabItem>, and fenced code blocks
In MDX documentation files, prefer plain Markdown inside <Steps>. If the content is mostly <Tabs> or other JSX-heavy blocks, use normal section headings instead of <Steps>
In MDX documentation files, when <Tabs> is used inside a step, keep <Tabs>, <TabItem>, </TabItem>, and </Tabs> consistently nested under that step
In MDX documentation files, if a tabs block is not part of a numbered step, place it outside </Steps>

Files:

  • src/content/docs/agentkit/connectors/redshift.mdx
src/content/**/*.mdx

📄 CodeRabbit inference engine (CONTRIBUTING.md)

src/content/**/*.mdx: All documentation must live as MDX files inside src/content/
Every documentation page must have frontmatter with title (≤60 characters), description (≤160 characters), sidebar label, order, and tags
Write documentation in second person using 'you' and 'your application', present tense for descriptions, and imperative for step-by-step instructions
Avoid filler phrases like 'simply', 'just', 'easily' in documentation and be direct
Explain security implications when relevant in documentation
Every code block demonstrating an SDK operation must include all four languages (Node.js, Python, Go, Java) using synced tabs with syncKey='tech-stack'
SDK variable names are fixed and must not be renamed: Node.js uses scalekit, Python uses scalekit_client, Go uses scalekitClient, Java uses scalekitClient

Files:

  • src/content/docs/agentkit/connectors/redshift.mdx
**/*.{md,mdx,astro,ts}

📄 CodeRabbit inference engine (CONTRIBUTING.md)

**/*.{md,mdx,astro,ts}: Use pnpm pretty-quick --staged via pre-commit git hook to auto-format all staged .md, .mdx, .astro, .ts files with Prettier
Run pnpm format to auto-format all .md, .mdx, .astro, .ts files before pushing changes

Files:

  • src/content/docs/agentkit/connectors/redshift.mdx
src/content/docs/agentkit/connectors/**/*.mdx

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Agent connector docs must use the generated workflow via pnpm run sync-agent-connectors and setup/usage/custom sections must be added through component templates

Files:

  • src/content/docs/agentkit/connectors/redshift.mdx
src/content/docs/agentkit/**/*.mdx

📄 CodeRabbit inference engine (CLAUDE.md)

Agentkit documentation snippets must be checked against the external scalekit-developers/agent-auth-examples repository before updating examples.

Files:

  • src/content/docs/agentkit/connectors/redshift.mdx
**

⚙️ CodeRabbit configuration file

**: # CLAUDE.md - Scalekit Documentation Guide

Overview

This file is the single source of truth for all documentation standards and AI assistant guidelines in this repository. All documentation must adhere to the rules defined below.


Core Principles

Documentation-first development

Every feature must include comprehensive, user-focused documentation. Documentation is not an afterthought but a first-class deliverable that guides implementation. All code changes require corresponding documentation updates.

Git workflow

  • Do NOT include Co-Authored-By lines in commit messages
  • At the start of a fresh session, before making any changes, ask the user: "Do you want me to cut a new branch or work on the current branch?"
  • Never force push (git push --force or git push -f). If a push fails, stop and clearly explain the reason it failed — do not attempt workarounds without user confirmation.
  • For commit, push, and PR creation, spawn a subagent using the Haiku model to handle it. The pre-push hook generates large logs and PR creation output adds unnecessary noise to the main session context.
  • Once the user confirms local testing works, or explicitly asks to commit and push, commit all changes, push the branch, and open a PR against main. The PR must include:
    • A crisp description of the changes
    • A preview link in the format: https://deploy-preview-{PR_NUMBER}--scalekit-starlight.netlify.app/{path-to-changed-page}/

SDK variable names (critical)

CRITICAL: Use the exact variable names below in all documentation and code examples.

  • Node.js: scalekit
  • Python: scalekit_client
  • Go: scalekitClient
  • Java: scalekitClient

Multi-Language SDK Consistency

All code examples MUST include Node.js, Python, Go, and Java implementations with consistent variable naming conventions. Examples must show both success and error handling paths. Security implications must be explained for each implementation....

Files:

  • src/content/docs/agentkit/connectors/redshift.mdx
🧠 Learnings (50)
📚 Learning: 2026-01-30T18:18:50.883Z
Learnt from: AkshayParihar33
Repo: scalekit-inc/developer-docs PR: 415
File: src/content/docs/authenticate/fsa/multiapp/manage-apps.mdx:31-49
Timestamp: 2026-01-30T18:18:50.883Z
Learning: In all Scalekit documentation files (MDX), treat the terms 'Applications', 'Single Page Application (SPA)', 'Native Application', and 'Web Application' as proper nouns and preserve their capitalization in headings and body text. Ensure these terms remain capitalized even when used in sentence case or within prose.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-02-04T12:47:16.544Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 412
File: src/content/docs/dev-kit/tools/scalekit-dryrun.mdx:1-23
Timestamp: 2026-02-04T12:47:16.544Z
Learning: In scalekit-inc/developer-docs, the MDX frontmatter field order is required only when the sidebar configuration points to a directory (for auto-generation). If the sidebar.config.ts references a specific file path, the order field is not required. Apply this check to all MDX files under src/content/docs: if a file contributes to an auto-generated sidebar (directory path), ensure order is present; if it’s linked to a concrete file, order can be omitted. Use sidebar.config.ts to determine whether a given MDX file falls under directory-based vs file-specific sidebar references.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-02-25T08:57:12.201Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 444
File: src/content/docs/agent-auth/quickstart.mdx:2-10
Timestamp: 2026-02-25T08:57:12.201Z
Learning: In Scalekit developer-docs (Astro Starlight), do not auto-suggest adding tableOfContents in frontmatter unless the user explicitly overrides the default behavior. The default enables tableOfContents with minHeadingLevel 2 and maxHeadingLevel 3. Only set tableOfContents when you want to customize heading levels or disable it entirely; otherwise omit it for other docs.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-02-25T13:04:27.491Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 444
File: src/content/docs/agent-auth/start-agent-auth-coding-agents.mdx:9-17
Timestamp: 2026-02-25T13:04:27.491Z
Learning: Allow page-level CSS overrides in MDX frontmatter (head: style) for readability and engagement, even if it customizes typography beyond defaults. This applies to per-page UX decisions, including heading sizes and style tweaks, but keep overrides purposeful, accessible, and within the repository's design guidelines. Use these overrides sparingly and document the rationale for maintainability.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-03-05T11:29:08.125Z
Learnt from: AkshayParihar33
Repo: scalekit-inc/developer-docs PR: 463
File: src/content/docs/agent-auth/providers.mdx:35-73
Timestamp: 2026-03-05T11:29:08.125Z
Learning: In src/content/docs/agent-auth/providers.mdx, the Card components intentionally use icon=" " (a space) to render consistent colored boxes since some Starlight icon names resolve to icons and others do not. Do not flag icon=" " as a placeholder issue for this file; treat this as a deliberate UX choice specific to this MDX page and avoid raising a placeholder-icon warning here.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-03-09T07:27:56.794Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 469
File: src/content/docs/guides/integrations/scim-integrations/azure-scim.mdx:95-107
Timestamp: 2026-03-09T07:27:56.794Z
Learning: Do not enforce the 3-space indentation rule for Steps component content as a hard style rule in MDX files under src/content/docs/**/*.mdx. Only flag/rectify it if it causes visible rendering problems in the UI. Otherwise, allow current formatting; apply this rule only when rendering issues are observed and document any fixes.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-03-09T07:32:38.426Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 467
File: src/content/docs/sso/guides/sso-user-attributes.mdx:108-148
Timestamp: 2026-03-09T07:32:38.426Z
Learning: In MDX code samples under src/content/docs (and similar conceptual snippets in scalekit-inc/developer-docs), when an example's sole purpose is to show how to access a specific value (e.g., reading JWT claims after token validation), omit error/non-happy-path handling to keep the snippet focused. Do not flag the absence of error paths in narrowly scoped conceptual snippets.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-03-17T16:01:50.487Z
Learnt from: dhaneshbs
Repo: scalekit-inc/developer-docs PR: 506
File: src/content/docs/authenticate/fsa/quickstart.mdx:851-853
Timestamp: 2026-03-17T16:01:50.487Z
Learning: In the Scalekit Python SDK docs, clarify that LogoutUrlOptions is not exported from the top-level scalekit package __init__.py. The correct import path in code samples or reviews is: from scalekit.common.scalekit import LogoutUrlOptions. Do not flag this import path as incorrect in documentation or code reviews; ensure examples reflect the proper import path to avoid confusion for users.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-02-25T03:34:41.147Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 444
File: src/content/docs/agent-auth/start-agent-auth-coding-agents.mdx:31-31
Timestamp: 2026-02-25T03:34:41.147Z
Learning: In MDX files, import { Code } from 'astrojs/starlight/components' only if the MDX content actually uses the <Code> component. If the file uses only fenced code blocks (```), the import is not required. Apply this guideline to all MDX files (e.g., src/content/docs/**/*.mdx) to avoid unnecessary imports and reduce bundle size.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-02-25T18:41:00.639Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 446
File: src/content/docs/authenticate/m2m/api-auth-quickstart.mdx:78-78
Timestamp: 2026-02-25T18:41:00.639Z
Learning: Preserve full URLs inside code comments in MDX code blocks (bash/python/js) when the URLs are part of copyable examples. Do not flag these in code examples. Use relative paths in prose and hyperlinks within MDX; only enforce relative paths for markdown prose links, not for URLs inside code comments.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-16T17:25:30.736Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 693
File: src/content/docs/authenticate/mcp/troubleshooting.mdx:170-170
Timestamp: 2026-05-16T17:25:30.736Z
Learning: In this repo’s documentation (.mdx files), external links should be written using plain Markdown link syntax: `[text](url)`. Do not flag links for missing `target="_blank"` or `rel="noopener"` (avoid adding raw HTML anchors just to include those attributes), and keep the approach consistent with existing docs styling.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-04-25T07:22:18.321Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 633
File: src/components/templates/agent-connectors/_setup-heyreach.mdx:12-12
Timestamp: 2026-04-25T07:22:18.321Z
Learning: In this repo’s MDX documentation files, treat `@/...` paths as aliases that resolve to the `src/` directory (e.g., `@/assets/docs/foo/bar.png` -> `src/assets/docs/foo/bar.png`). When reviewing, do not flag `@`-prefixed image (or other asset) paths as broken; instead, verify that the corresponding physical file exists under `src/`.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-04-27T07:13:48.244Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 628
File: src/content/docs/agentkit/tools/scalekit-optimized-tools.mdx:59-102
Timestamp: 2026-04-27T07:13:48.244Z
Learning: In AgentKit documentation MDX files, when showing Python `execute_tool` calls, treat `connection_name` as a supported argument (along with `tool_name`, `tool_input`, `identifier`, and `connected_account_id`). Do not flag `connection_name` as an invalid/unsupported parameter in these Python examples.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-12T09:43:05.227Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 745
File: src/content/docs/agentkit/authentication/troubleshooting.mdx:22-49
Timestamp: 2026-06-12T09:43:05.227Z
Learning: In this repo, for AgentKit documentation pages under `src/content/docs/agentkit/`, do NOT enforce the usual “four-language (Node.js, Python, Go, Java) SDK tabs” requirement. AgentKit pages should include only the Python and Node.js tabs; if Go and Java tabs are missing on these pages, do not flag it during review.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-06T07:23:46.423Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 658
File: src/components/templates/agent-connectors/_section-before-tool-list-xero-common-patterns.mdx:15-63
Timestamp: 2026-05-06T07:23:46.423Z
Learning: In agentkit agent connectors documentation (files under src/components/templates/agent-connectors and src/content/docs/agentkit/connectors), do not require all four language tabs for SDK code examples. These docs may use only the language tabs relevant to the content (e.g., Node.js and Python). This is an exception to the standard multilingual guideline and should be applied consistently across connector docs.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-07T13:40:40.902Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 660
File: src/content/docs/agentkit/connectors/handwritten-hubspot.mdx:95-126
Timestamp: 2026-05-07T13:40:40.902Z
Learning: For Quickstart code snippets in scalekit-inc/developer-docs connector docs (agentkit connector pages such as src/content/docs/agentkit/connectors/*.mdx), do not require explicit error/non-happy-path handling. Quickstart examples intentionally show only the happy path to reduce noise and help users complete a first working call quickly. In contrast, for more complete, reference-style examples outside of Quickstart flows, missing error-path handling can be flagged.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-07T13:41:31.574Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 660
File: src/content/docs/agentkit/connectors/handwritten-hubspot.mdx:453-499
Timestamp: 2026-05-07T13:41:31.574Z
Learning: In scalekit-inc/developer-docs, do not require a "what's next"/next-step signal at the end of agent connector documentation pages under src/content/docs/agentkit/connectors/ (for example, src/content/docs/agentkit/connectors/*.mdx). These pages may omit the typical next-step elements such as a frontmatter next link, a LinkCard, or a final forward-pointer paragraph; missing "what's next" sections on these connector pages should not be flagged as an issue.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-07T16:16:49.698Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 660
File: src/content/docs/agentkit/connectors/datadog.mdx:64-66
Timestamp: 2026-05-07T16:16:49.698Z
Learning: In scalekit-inc/developer-docs connector quickstart pages, do not flag the Step 4 heading text "Authorize and make your first call" as misleading for non-OAuth connectors (e.g., API key connectors). This heading is a standardized template label used intentionally across all connector types, regardless of connectorAuthType.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-07T16:42:20.842Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 660
File: src/content/docs/agentkit/connectors/confluence.mdx:70-72
Timestamp: 2026-05-07T16:42:20.842Z
Learning: For connector documentation MDX files under `src/content/docs/agentkit/connectors/` (e.g., agentkit connector pages), the `Tool list` section that renders via `<ToolList tools={tools} />` is injected/managed by `scripts/sync-agent-connectors.js`. If a hand-authored or partially hand-authored connector MDX file temporarily lacks the `Tool list` / `<ToolList tools={tools} />` section, do not flag it as a missing/incorrect section issue—it's expected to be re-injected by the generator in a later sync pass.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-13T14:20:54.610Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 690
File: src/content/docs/agentkit/connectors/monday.mdx:74-79
Timestamp: 2026-05-13T14:20:54.610Z
Learning: In connector documentation MDX pages under `src/content/docs/agentkit/connectors/` (e.g., `monday.mdx`, `clickup.mdx`), the “What you can do” capability bullet sections are auto-generated by the repo’s sync scripts from production API data. During code review, do not flag these sections for formatting/content issues or suggest manual rewrites, and treat edits to those bullets as expected only if the change came from rerunning the sync/update process. If a bullet needs to change, the correct path is to update the upstream API data and re-run the sync script, not to hand-edit the generated MDX.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-13T14:21:01.189Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 690
File: src/content/docs/agentkit/connectors/clickup.mdx:74-79
Timestamp: 2026-05-13T14:21:01.189Z
Learning: In connector MDX pages under src/content/docs/agentkit/connectors/ (e.g., clickup.mdx, monday.mdx), the "What you can do" capability bullet sections are auto-generated by the connector sync script (e.g., scripts/sync-agent-connectors.js). During code review, do not flag or require fixes for label/description mismatches or style/formatting issues within those auto-generated bullet lists, because manual edits will be overwritten by the next sync pass.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-21T09:41:24.514Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 712
File: src/content/docs/agentkit/connectors/clickhouse.mdx:2-4
Timestamp: 2026-05-21T09:41:24.514Z
Learning: For connector documentation MDX pages under src/content/docs/agentkit/connectors/ (*.mdx), treat the page `title` field as auto-generated from the upstream API’s `provider.display_name` and not as a manually editable docs field. If there is a branding/casing mismatch in the generated connector page title, do not flag it as a docs issue; instead, require the correction to be made in the upstream API’s `provider.display_name` source.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-26T10:40:43.209Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 793
File: src/content/docs/agentkit/connectors/airtable.mdx:22-27
Timestamp: 2026-06-26T10:40:43.209Z
Learning: When reviewing MDX connector documentation pages in src/content/docs/agentkit/connectors/*.mdx (including setup/workflow sections generated by the sync skill from the production schema), verify the entire file before flagging component import/usage mismatches inside the generated workflow sections. Partial diffs can omit the corresponding generated import or the rendered section, so check the full document for the matching import/usage pair before raising an issue.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-07T16:00:06.233Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 660
File: src/components/templates/agent-connectors/_section-after-setup-gmail-common-workflows.mdx:13-39
Timestamp: 2026-05-07T16:00:06.233Z
Learning: In documentation MDX files under src/components/templates/agent-connectors/ and src/content/docs/agentkit/connectors/, code examples are intentionally simplified. Do not require or flag missing error handling/failure paths (e.g., try/catch, retries, or explicit error returns) in these docs, even if the project’s general guideline expects both success and error paths in code examples.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-07T16:00:21.950Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 660
File: src/components/templates/agent-connectors/_section-after-setup-google_ads-common-workflows.mdx:10-18
Timestamp: 2026-05-07T16:00:21.950Z
Learning: In AgentKit agent connector documentation code examples located under src/components/templates/agent-connectors/** and src/content/docs/agentkit/connectors/** (MDX files), do not add explicit error handling in the sample code (e.g., no try/catch blocks or rejected-promise branches). These snippets are intentionally “success-path only” to keep the documentation concise, and this is an explicit exception to any general review guideline that requires both success and error paths in every code example.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-07T16:17:26.787Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 660
File: src/content/docs/agentkit/connectors/databricksworkspace.mdx:29-29
Timestamp: 2026-05-07T16:17:26.787Z
Learning: In scalekit-inc/developer-docs connector quickstart MDX pages under src/content/docs/agentkit/connectors/, use ### (H3) headings inside <Steps> components—not ## (H2)—because H2 renders too large. The page-level CSS override `.sl-markdown-content h3 { font-size: var(--sl-text-lg); }` should be kept in the frontmatter `head` block to size the step headings correctly. When reviewing these connector pages, do not flag ### headings inside <Steps> as incorrect.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-21T09:41:24.514Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 712
File: src/content/docs/agentkit/connectors/clickhouse.mdx:2-4
Timestamp: 2026-05-21T09:41:24.514Z
Learning: When reviewing MDX connector pages in `src/content/docs/agentkit/connectors/` (e.g., connector `*.mdx` files), do not treat casing differences in the page frontmatter `title` as a docs issue. The connector `title` is auto-generated by `scripts/sync-agent-connectors.js` from the upstream API’s `provider.display_name`. If `title` casing doesn’t match other fields (like `description`) that use official vendor branding, that mismatch is an upstream data issue—reviewers should note that the upstream `provider.display_name` must be corrected and avoid changing/flagging the docs `title` casing directly.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-28T03:02:50.440Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 723
File: src/content/docs/agentkit/connectors/cloudfaremcp.mdx:34-41
Timestamp: 2026-05-28T03:02:50.440Z
Learning: For auto-synced connector documentation pages in src/content/docs/agentkit/connectors/ (generated by sync-agent-connectors), do not require/flag a missing `title=` attribute on terminal `bash` code blocks that are used for SDK installation instructions (e.g., commands like `npm install scalekit-sdk/node` or `pip install scalekit`). This exception applies specifically to those install-command blocks in connector pages.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-28T03:03:25.785Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 723
File: src/content/docs/agentkit/connectors/cloudfaremcp.mdx:1-10
Timestamp: 2026-05-28T03:03:25.785Z
Learning: In MDX pages under src/content/docs/agentkit/connectors/ (the connector docs auto-generated from the production Scalekit catalog by scripts/sync-agent-connectors.js), do not flag missing `tags` frontmatter as an issue. These pages’ frontmatter is controlled by the sync script; if `tags` is not included by the script, it should not be required manually. Apply this exception to all auto-synced connector pages in that directory.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-28T03:03:32.516Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 723
File: src/content/docs/agentkit/connectors/airopsmcp.mdx:1-10
Timestamp: 2026-05-28T03:03:32.516Z
Learning: For auto-synced connector documentation MDX files under `src/content/docs/agentkit/connectors/` (generated by `scripts/sync-agent-connectors.js`), do not raise a review finding when the MDX frontmatter is missing `tags`. In this directory, `tags` is optional; only ensure the required frontmatter fields per the docs guidelines are present: `title`, `description`, `sidebar.label`, and `sidebar.order` when applicable.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-28T03:03:35.312Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 723
File: src/content/docs/agentkit/connectors/revealedaimcp.mdx:1-10
Timestamp: 2026-05-28T03:03:35.312Z
Learning: For auto-synced connector documentation pages under src/content/docs/agentkit/connectors/ (MDX files generated by scripts/sync-agent-connectors.js from the production Scalekit catalog), do not raise review findings for missing frontmatter fields sidebar.order or tags. These fields are intentionally omitted because they are not emitted by the sync generation output.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-28T03:03:51.366Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 723
File: src/content/docs/agentkit/connectors/sanitymcp.mdx:1-10
Timestamp: 2026-05-28T03:03:51.366Z
Learning: For auto-synced connector documentation pages under src/content/docs/agentkit/connectors/ (generated by scripts/sync-agent-connectors.js), do not require or flag missing `tags` or `order` frontmatter fields. Those fields are not included in the sync script’s output template, and any manual additions would be overwritten on the next sync run. Apply this rule to all MDX connector pages in that directory.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-28T03:04:03.176Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 723
File: src/content/docs/agentkit/connectors/fiscalaimcp.mdx:2-10
Timestamp: 2026-05-28T03:04:03.176Z
Learning: For this repository’s connector documentation MDX pages, do not require or raise an issue for a missing `tags` field in the MDX frontmatter. Only treat these frontmatter fields as required (where applicable): `title` (≤60 chars), `description` (≤160 chars), `sidebar.label` (≤30 chars), and `sidebar.order` when the page is in a directory-based sidebar section with sibling pages. Never flag missing-`tags` on connector MDX pages (including auto-synced ones under `src/content/docs/agentkit/connectors/`).

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-02T10:18:55.267Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 731
File: src/content/docs/agentkit/connectors/scarpflymcp.mdx:51-53
Timestamp: 2026-06-02T10:18:55.267Z
Learning: For auto-synced connector documentation pages under src/content/docs/agentkit/connectors/ (these are generated by scripts/sync-agent-connectors.js), do not raise or flag issues about the toolName passed to QuickstartGenericOauthSection (e.g., scarpflymcp_get_page_url) regarding session dependency or “requires existing session”. These toolName selections are intentionally sourced from the upstream production catalog sync, so treat them as data-driven configuration rather than something that must reference an existing session at code-review time.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-13T08:55:35.702Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 748
File: src/content/docs/agentkit/connectors/twilio.mdx:28-62
Timestamp: 2026-06-13T08:55:35.702Z
Learning: In auto-synced connector documentation pages under `src/content/docs/agentkit/connectors/` (including `twilio.mdx`), treat the quickstart step structure as data-driven output from the production API sync skill/metadata. Do not flag documentation issues merely because a `QuickstartGenericApikeySection` (or the expected “Authorize and make your first call” first-call step) is missing, or because the presence/ordering of the third authorize/first-call step varies—this omission is intentional when it results from the underlying sync metadata.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-13T08:55:41.638Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 748
File: src/content/docs/agentkit/connectors/twilio.mdx:28-62
Timestamp: 2026-06-13T08:55:41.638Z
Learning: For auto-synced connector documentation MDX pages under src/content/docs/agentkit/connectors/ (generated by scripts/sync-agent-connectors.js), do not require or flag a missing "first execute_tool call" step inside the quickstart <Steps> block. The quickstart step count/content is derived from production metadata/skills and is not manually authored. In particular, for Basic Auth connectors (e.g., Twilio), the absence of a QuickstartGenericApikeySection (or equivalent initial-call section) is intentional and should not be treated as a doc error during code review.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-21T08:54:22.951Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 761
File: src/content/docs/agentkit/connectors/lushamcp.mdx:4-4
Timestamp: 2026-06-21T08:54:22.951Z
Learning: For auto-generated connector documentation MDX pages in `src/content/docs/agentkit/connectors/` (generated by `scripts/sync-agent-connectors.js` from the production Scalekit catalog), do not flag the frontmatter `description` as incomplete if it ends with a trailing ellipsis (`...`) due to upstream character limits. This truncation is expected because the description is sourced from the production schema sync; fix it only by updating the upstream provider data and re-running the sync script (not by manually editing the MDX).

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-21T08:54:31.856Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 761
File: src/content/docs/agentkit/connectors/privacymcp.mdx:57-65
Timestamp: 2026-06-21T08:54:31.856Z
Learning: Do not manually add or require security caution/Aside components (e.g., warnings about PAN/CVV2 or card-data handling) directly in auto-synced connector documentation MDX files under src/content/docs/agentkit/connectors/. These pages are regenerated (overwritten) by scripts/sync-agent-connectors.js from the production schema sync, so hand edits will be lost. If a security note is required for a sensitive connector, add it via the sync script templates or upstream data that feeds the sync, not by editing the generated MDX.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-21T08:54:49.675Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 761
File: src/content/docs/agentkit/connectors/stackaimcp.mdx:4-4
Timestamp: 2026-06-21T08:54:49.675Z
Learning: For auto-synced connector documentation pages (MDX) under src/content/docs/agentkit/connectors/—generated by scripts/sync-agent-connectors.js from the production Scalekit catalog—do not raise code review warnings/errors if the frontmatter `description` value exceeds 160 characters. The description text/length is driven by the upstream production schema during the sync; to change the length/content, update the upstream provider data and re-run scripts/sync-agent-connectors.js rather than manually editing the generated MDX.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-21T08:54:58.899Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 761
File: src/content/docs/agentkit/connectors/mailercloudmcp.mdx:4-4
Timestamp: 2026-06-21T08:54:58.899Z
Learning: For auto-synced connector documentation MDX pages under src/content/docs/agentkit/connectors/ (generated by scripts/sync-agent-connectors.js), do not raise review issues for brand-name casing or spacing inconsistencies between frontmatter fields—description—and the title/sidebar.label fields (e.g., "Mailer Cloud" vs "Mailercloud"). These values are sourced from the upstream production schema sync; if the mismatch is incorrect, make the fix in the upstream provider data and re-run scripts/sync-agent-connectors.js rather than manually editing the generated MDX.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-26T10:41:21.786Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 793
File: src/content/docs/agentkit/connectors/alphaxivmcp.mdx:51-53
Timestamp: 2026-06-26T10:41:21.786Z
Learning: In auto-synced connector documentation pages under src/content/docs/agentkit/connectors/, generated quickstart sections (e.g., tool input examples produced by components like QuickstartGenericOauthSection) should be treated as data-driven output from the connector sync (production schema/sync source). In code review, do not flag placeholder or example input values inside these generated snippets as incorrect or needing manual correction; if the values are wrong, the fix must be made in the upstream schema/sync generator rather than edited directly in the MDX.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-26T10:44:08.916Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 793
File: src/content/docs/agentkit/connectors/vercelmcp.mdx:63-65
Timestamp: 2026-06-26T10:44:08.916Z
Learning: For auto-synced connector documentation MDX pages under src/content/docs/agentkit/connectors/ (i.e., content generated from the production schema by the sync generator), treat write/read tool selections in generated “first-call”/quickstart sections (e.g., toolName used in components like QuickstartGenericOauthSection) as data-driven output. Do not request manual changes in the MDX (such as replacing a write-capable first-call tool with a read-only one) during code review. If the tool choice is incorrect, the fix must be made upstream in the production schema and/or the sync generator so the generated output is corrected at the source.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-26T10:44:09.957Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 793
File: src/content/docs/agentkit/connectors/magicpatternsmcp.mdx:9-9
Timestamp: 2026-06-26T10:44:09.957Z
Learning: For auto-synced connector documentation MDX pages under `src/content/docs/agentkit/connectors/`, treat the frontmatter field `connectorAuthType` as generated output from the production schema via the sync skill. During code review, do not raise manual-doc/style/tokenization issues for differences in the `connectorAuthType` value on these generated pages. If `connectorAuthType` content is incorrect (including formatting/token changes), fix it in the upstream schema/sync source instead of editing the generated MDX file directly.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-07-04T11:48:37.823Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 830
File: src/content/docs/agentkit/connectors/typeformmcp.mdx:57-72
Timestamp: 2026-07-04T11:48:37.823Z
Learning: For documentation connector pages under `src/content/docs/agentkit/connectors/` (including production-sync-generated MDX pages like `typeformmcp.mdx`), the page is intentionally designed to omit a trailing “what’s next” call-to-action (e.g., a `next` frontmatter link, a `LinkCard`, or a forward-pointing paragraph at the end). In code reviews, do not flag missing “what’s next” sections/signals on these connector pages.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-07-04T11:48:40.348Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 830
File: src/content/docs/agentkit/connectors/typeformmcp.mdx:30-43
Timestamp: 2026-07-04T11:48:40.348Z
Learning: For auto-synced connector documentation pages under src/content/docs/agentkit/connectors/ (generated by scripts/sync-agent-connectors.js), do not raise a review issue for missing `title` attributes on terminal-style bash code blocks that show SDK installation commands (e.g., `npm install scalekit-sdk/node`, `pip install scalekit`). This exception is intended for the generated connector docs and should be applied consistently across all connector MDX pages in that directory.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-07-04T11:48:50.618Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 830
File: src/content/docs/agentkit/connectors/betterstackmcp.mdx:57-72
Timestamp: 2026-07-04T11:48:50.618Z
Learning: For auto-synced connector documentation pages under `src/content/docs/agentkit/connectors/` (generated by `scripts/sync-agent-connectors.js`), missing the usual “what’s next” ending signal is intentional. Do not flag these pages for lacking the `next:` frontmatter link and/or the standard “what’s next” components (e.g., no `<LinkCard>` or forward-pointing paragraph at the end).

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-07-04T11:48:56.530Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 830
File: src/content/docs/agentkit/connectors/affindamcp.mdx:60-66
Timestamp: 2026-07-04T11:48:56.530Z
Learning: When reviewing MDX files under src/content/docs/agentkit/connectors/, do not treat “What you can do” bullet titles that appear to be concatenated tool-name fragments (e.g., “Processing wait for document”, “Update workspace, validation rule, organization”) as code-generation artifacts that require local fixes. These strings are expected to come from production sync data via scripts/sync-agent-connectors.js; if the phrasing is actually wrong, the appropriate fix is upstream in the sync generator or the production sync data (not in the generated MDX).

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-07-04T11:49:03.760Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 830
File: src/content/docs/agentkit/connectors/affindamcp.mdx:8-8
Timestamp: 2026-07-04T11:49:03.760Z
Learning: For auto-generated connector documentation MDX pages under src/content/docs/agentkit/connectors/ (generated by scripts/sync-agent-connectors.js), do not raise code review findings for formatting inconsistencies in `connectorAuthType` across sibling pages (e.g., "OAuth2.1/DCR" vs "OAuth 2.1/DCR"). Also do not flag `connectorIcon` as missing if it is absent in a page even when sibling connector pages include it. Treat these as data-driven outputs from the production schema sync: if such issues exist, fix the source schema/upstream data and re-run scripts/sync-agent-connectors.js rather than manually editing the generated MDX.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-16T17:25:30.736Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 693
File: src/content/docs/authenticate/mcp/troubleshooting.mdx:170-170
Timestamp: 2026-05-16T17:25:30.736Z
Learning: In this repo’s documentation (MD/MDX), external links should be written using plain Markdown link syntax: `[text](url)`. Do not flag external links for missing `target="_blank"` or `rel="noopener"`, and avoid converting Markdown links into raw HTML `<a>` tags just to add those attributes, since that would be inconsistent with the established doc pattern.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-07-07T13:28:41.079Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 844
File: src/content/docs/agentkit/connectors/telnyxmcp.mdx:61-63
Timestamp: 2026-07-07T13:28:41.079Z
Learning: Do not raise code review findings about the ordering of “What you can do” capability/tool bullets (in connector documentation .mdx files) or the ordering of exported tool definitions (in generated tool-data .ts files) when those files are output from the production sync/catalog. Even if the list order appears to contradict a documented workflow dependency (e.g., schema lookup before invocation), treat these as data-driven generated artifacts: any correction must be made upstream in the production catalog and then re-synced. Avoid manual edits to reorder/reshape these generated outputs.

Applied to files:

  • src/content/docs/agentkit/connectors/redshift.mdx
🪛 LanguageTool
src/content/docs/agentkit/connectors/redshift.mdx

[style] ~110-~110: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ... https://acme-prod.scalekit.cloud. 5. For Audience, paste your **Connection I...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

🔇 Additional comments (2)
src/content/docs/agentkit/connectors/redshift.mdx (2)

343-345: 🗄️ Data Integrity & Integration

Verify the connector identifier used by the REST example.

The REST payload uses redshift-<CONNECTOR_KEY>, while the SDK examples use redshift, and <CONNECTOR_KEY> is never defined. Confirm the actual connector slug in the connected-account schema and keep it consistent across REST, dashboard, and SDK examples.

Also applies to: 380-384, 402-406


4-4: LGTM!

Also applies to: 20-23, 25-33, 70-82, 98-103, 115-125, 130-153, 154-183, 199-224, 230-268, 269-272, 274-280, 288-300, 306-309, 319-320, 322-332, 334-337, 362-387, 399-409, 423-433, 443-448, 455-483

Comment on lines +61 to +68
Scalekit acts as an OIDC identity provider that AWS IAM trusts. No long-lived AWS access key is ever stored. On every tool call:

1. Scalekit mints a short-lived JWT signed with your environment's OIDC signing key.
2. Scalekit calls AWS STS `AssumeRoleWithWebIdentity` with that JWT. AWS validates the signature against Scalekit's public JWKS and issues temporary credentials (about a 1-hour lifetime).
3. Scalekit uses those temporary credentials to call the Redshift Data API on your behalf.
4. Credentials are cached and proactively refreshed near expiry.

You keep the IAM role and trust policy in your own AWS account. Scalekit never sees a long-lived AWS access key.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

sed -n '1,180p' src/content/docs/agentkit/connectors/redshift.mdx

Repository: scalekit-inc/developer-docs

Length of output: 8153


🏁 Script executed:

rg -n "CloudTrail|cache|refresh|tool call|AssumeRoleWithWebIdentity" src/content/docs/agentkit/connectors/redshift.mdx

Repository: scalekit-inc/developer-docs

Length of output: 1984


🏁 Script executed:

sed -n '430,490p' src/content/docs/agentkit/connectors/redshift.mdx

Repository: scalekit-inc/developer-docs

Length of output: 3178


Clarify the STS exchange cadence.
On every tool call conflicts with the later notes that STS credentials are cached and refreshed near expiry, and that the first exchange happens lazily on the first tool call. Change this to describe cache misses or refreshes instead.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 61 - 68,
Clarify the credential exchange cadence in the “On every tool call” section:
state that Scalekit calls AWS STS on the first tool call when credentials are
needed and subsequently only on cache misses or near-expiry refreshes, while
cached temporary credentials are reused for other calls. Update the numbered
flow accordingly without changing the surrounding IAM or security details.

Comment on lines +83 to +92
## Gather your Scalekit details first

Before you touch AWS, collect two values from the Scalekit dashboard. You paste both into AWS during the AWS-side setup.

- **Environment URL** (becomes the JWT `iss` claim) — Go to **Settings > Environment**, copy the **environment domain** (for example `acme-prod.scalekit.cloud`), and prefix it with `https://` when AWS asks for the full URL: `https://acme-prod.scalekit.cloud`.
- **Connection ID** (becomes the JWT `aud` claim) — Go to **AgentKit > Connectors > AWS Redshift**, click **Create connection**, save it, and copy the **Connection ID** (for example `conn_128516460753453607`).

<Aside type="note" title="What these values mean for AWS">
Scalekit mints a JWT for every Redshift call with `iss = <environment URL>` and `aud = <Connection ID>`. AWS validates **both**: the OIDC provider you register has to match the issuer, and its registered audience list has to contain your Connection ID. Collect them once, paste them in two places.
</Aside>

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Resolve the connection-creation order.

The guide requires a Connection ID before AWS setup, but Part 3 presents creating the connection afterward. Explicitly create and save the empty connection before Part 1, then return to Part 3 only to add the connected account.

Also applies to: 310-315

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 83 - 92,
Resolve the Redshift setup ordering in the introductory instructions and the
Part 3 section: explicitly instruct readers to create and save the empty
connection before beginning Part 1, since its Connection ID is required for AWS
configuration. Update Part 3 to state that the existing connection should only
be reopened to add the connected account, without creating a new connection.

Comment on lines +94 to +96
<Aside type="caution" title="Local development issuers must be publicly reachable">
Your issuer must be reachable from AWS. `*.localhost` won't work. Use the staging environment URL or an ngrok-tunneled public domain.
</Aside>

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Do not use an arbitrary ngrok hostname as the issuer.

The JWT iss is defined above as the Scalekit environment URL. A random ngrok domain cannot replace that issuer unless the Scalekit issuer/custom domain is configured to use it; otherwise AWS will reject the token. (docs.aws.amazon.com)

Remove the ngrok recommendation or explain the required custom-domain configuration.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 94 - 96,
Update the caution Aside near the issuer configuration to remove the suggestion
to use an arbitrary ngrok domain, or explicitly state that ngrok is valid only
when configured as the Scalekit issuer/custom domain; otherwise direct local
development to the staging Scalekit environment URL.

Comment on lines +104 to +114
<Steps>

1. Sign in to the [AWS Management Console](https://console.aws.amazon.com/) and open the **IAM** service.
2. In the left navigation pane, click **Identity providers**, then **Add provider**.
3. For **Provider type**, select **OpenID Connect**.
4. For **Provider URL**, paste your full Scalekit environment URL including `https://`, for example `https://acme-prod.scalekit.cloud`.
5. For **Audience**, paste your **Connection ID**, for example `conn_128516460753453607`. AWS checks this against the JWT's `aud` claim.
6. (Optional) Add tags for cost allocation or ownership tracking.
7. Click **Add provider**.

</Steps>

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Use headings inside each <Steps> list.

These items are plain numbered paragraphs (1. Sign in...) instead of the required 1. ### .../1. ## ... step headings. Convert all three blocks so the Starlight step hierarchy renders consistently.

As per path instructions, numbered steps must use heading syntax inside <Steps>.

Also applies to: 134-146, 310-317

🧰 Tools
🪛 LanguageTool

[style] ~110-~110: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ... https://acme-prod.scalekit.cloud. 5. For Audience, paste your **Connection I...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 104 - 114,
Convert every numbered item in all three affected <Steps> blocks, including the
blocks around the IAM provider setup and the referenced sections, into
heading-form steps using the required `1. ### ...` or `1. ## ...` syntax while
preserving each step’s existing content and order.

Source: Path instructions

Comment on lines +126 to +128
<Aside type="note" title="Adding a second Connection ID later">
If you add another Redshift connection in the same Scalekit environment, don't create a new OIDC provider. Add the new Connection ID to this provider's audience list instead.
</Aside>

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Update the role trust policy when adding another connection.

Adding an audience to the OIDC provider is insufficient when reusing the existing IAM role; its aud condition still accepts only the original Connection ID. Document updating the trust policy to accept both IDs, or creating a separate role with the new audience.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 126 - 128,
The note in “Adding a second Connection ID later” must also address the IAM role
trust policy. Instruct users to update its `aud` condition to accept both
Connection IDs, or create a separate IAM role configured for the new audience,
in addition to updating the OIDC provider audience list.

Comment on lines +338 to +341
```bash frame="terminal"
curl -X POST 'https://<YOUR_ENV_DOMAIN>/api/v1/connected_accounts' \
-H 'Authorization: Bearer <YOUR_SCALEKIT_API_TOKEN>' \
-H 'Content-Type: application/json' \

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win

Do not present the API token as a copyable literal.

Read the token from an environment variable and explain that exposing it in shell history or source control grants access to connected-account credentials.

As per path instructions, security-sensitive examples must avoid hard-coded secrets and explain the security implication.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 338 - 341,
Update the connected-account curl example to read the bearer token from an
environment variable instead of showing a copyable literal, and add a brief
warning that shell history or source control exposure grants access to
connected-account credentials.

Source: Path instructions

Comment on lines +343 to +360
"identifier": "acme-org-id",
"connector": "redshift-<CONNECTOR_KEY>",
"connected_account": {
"authorization_details": {
"trusted_idp": { "db_user": "analytics_reader" }
},
"api_config": {
"role_arn": "arn:aws:iam::166424725243:role/ScalekitRedshiftAccess",
"region": "us-east-1",
"database": "analytics",
"workgroup_name": "analytics-wg",
"namespace_name": "analytics-ns"
}
}
}'
```

For a provisioned cluster, replace `workgroup_name` and `namespace_name` with `cluster_identifier`.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

sed -n '300,390p' src/content/docs/agentkit/connectors/redshift.mdx
printf '\n--- SEARCH ---\n'
rg -n "db_user|workgroup_name|namespace_name|cluster_identifier|trusted_idp" src/content/docs/agentkit/connectors/redshift.mdx

Repository: scalekit-inc/developer-docs

Length of output: 5354


🏁 Script executed:

sed -n '468,480p' src/content/docs/agentkit/connectors/redshift.mdx

Repository: scalekit-inc/developer-docs

Length of output: 812


Split the Redshift payload examples The serverless sample still includes trusted_idp.db_user, which the table marks as provisioned-only and ignored for serverless. Show separate serverless and provisioned payloads so the shapes stay unambiguous.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 343 - 360,
Split the Redshift payload documentation into distinct serverless and
provisioned examples. In the serverless example, remove trusted_idp.db_user,
while retaining it only in the provisioned cluster example; show the appropriate
api_config fields for each shape, including workgroup_name/namespace_name for
serverless and cluster_identifier for provisioned.

Comment on lines +388 to +396
// Poll for results. status is "FINISHED" when the query completes.
const result = await scalekit.actions.executeTool({
toolName: 'redshift_get_query_result',
identifier: 'acme-org-id',
connector: 'redshift',
toolInput: { statement_id: statementId },
});
console.log(result.data.status); // "FINISHED"
console.log(result.data.rows); // [[12345]]

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

file="src/content/docs/agentkit/connectors/redshift.mdx"

echo "== Line count =="
wc -l "$file"

echo
echo "== Relevant excerpt =="
sed -n '360,430p' "$file" | cat -n

Repository: scalekit-inc/developer-docs

Length of output: 3954


🏁 Script executed:

#!/bin/bash
set -euo pipefail

file="src/content/docs/agentkit/connectors/redshift.mdx"

echo "== Surrounding excerpt =="
sed -n '380,425p' "$file" | cat -n

echo
echo "== Search for query-result polling =="
rg -n "redshift_get_query_result|statement_id|FINISHED|FAILED|ABORTED" "$file"

Repository: scalekit-inc/developer-docs

Length of output: 2460


Add a bounded poll loop before fetching Redshift rows. The example calls redshift_get_query_result immediately after submitting the statement. Wait for FINISHED, and handle FAILED, ABORTED, and timeout states in both snippets. Same issue at 410–418.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 388 - 396,
Update both Redshift result-fetching snippets around
scalekit.actions.executeTool and redshift_get_query_result to use a bounded
polling loop: repeatedly request the query status until it is FINISHED, handle
FAILED and ABORTED as errors, and stop with an explicit timeout error if
completion takes too long before reading rows.

Comment on lines +434 to +441
### Verify the round-trip in CloudTrail

For each tool call, AWS CloudTrail records two events:

1. An `AssumeRoleWithWebIdentity` event from a `userIdentity` of type `WebIdentityUser`, with your Scalekit environment as the issuer.
2. A `redshift-data:ExecuteStatement` (or related) event from the assumed role.

The `RoleSessionName` matches the connected account's identifier (sanitized — `+` becomes `-`, and so on), so CloudTrail attributes activity per organization out of the box.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Use the correct CloudTrail event fields and expectations.

CloudTrail records eventSource: redshift-data.amazonaws.com and eventName: ExecuteStatement; redshift-data:ExecuteStatement is IAM action syntax. Also, different tools generate different event names, so do not promise exactly two events per tool call. (docs.aws.amazon.com)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 434 - 441,
Update the “Verify the round-trip in CloudTrail” section to describe the data
API event using CloudTrail fields: eventSource redshift-data.amazonaws.com and
eventName ExecuteStatement, rather than IAM action syntax. Avoid guaranteeing
exactly two events per tool call; state that event names and counts vary by tool
while retaining the AssumeRoleWithWebIdentity and role-session attribution
guidance.

Comment on lines +485 to +493
### Revoke access

To immediately cut off Scalekit's access to your Redshift, do any one of the following:

- Delete the IAM role, or
- Remove the `Federated` principal from the trust policy, or
- Remove the OIDC provider entry in AWS IAM.

Any of these causes the next `AssumeRoleWithWebIdentity` call to fail with `AccessDenied`.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Do not promise immediate revocation by changing trust only.

Removing the trust relationship or OIDC provider blocks new role assumptions, but already-issued temporary credentials can remain usable until expiry unless role permissions are denied or active sessions are revoked. Document AWS’s active-session revocation procedure for emergency cut-off. (docs.aws.amazon.com)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 485 - 493,
Update the “Revoke access” section to avoid promising immediate revocation from
trust-policy or OIDC changes alone; explain that existing temporary credentials
may remain valid until expiry. Add AWS’s active-session revocation procedure for
emergency cut-off, and clarify the distinction between blocking new
AssumeRoleWithWebIdentity calls and invalidating active sessions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants