Expand AWS Redshift connector docs with Trusted IDP setup guide#855
Expand AWS Redshift connector docs with Trusted IDP setup guide#855Avinash-Kamath wants to merge 1 commit into
Conversation
Expand the AWS Redshift connector page with the full Trusted IDP setup flow: AWS OIDC provider + IAM role/trust policy, permission policies for serverless and provisioned targets, Redshift database setup, Scalekit connection and connected account creation, tool execution examples, troubleshooting, and a reference section.
WalkthroughThe Redshift connector page now provides a Trusted IDP end-to-end guide covering AWS OIDC and IAM setup, Redshift configuration, Scalekit connected accounts, tool execution, troubleshooting, CloudTrail verification, and credential lifecycle management. ChangesRedshift Trusted IDP connector
Estimated code review effort: 3 (Moderate) | ~20 minutes Sequence Diagram(s)sequenceDiagram
participant Scalekit
participant AgentKit
participant AWSSTS
participant RedshiftDataAPI
Scalekit->>AgentKit: Mint OIDC JWT
AgentKit->>AWSSTS: AssumeRoleWithWebIdentity
AWSSTS-->>AgentKit: Return federated credentials
AgentKit->>RedshiftDataAPI: Submit SQL statement
RedshiftDataAPI-->>AgentKit: Return statement result
Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
✅ Deploy Preview for scalekit-starlight ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
There was a problem hiding this comment.
Actionable comments posted: 13
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/content/docs/agentkit/connectors/redshift.mdx`:
- Around line 338-341: Update the connected-account curl example to read the
bearer token from an environment variable instead of showing a copyable literal,
and add a brief warning that shell history or source control exposure grants
access to connected-account credentials.
- Around line 94-96: Update the caution Aside near the issuer configuration to
remove the suggestion to use an arbitrary ngrok domain, or explicitly state that
ngrok is valid only when configured as the Scalekit issuer/custom domain;
otherwise direct local development to the staging Scalekit environment URL.
- Around line 126-128: The note in “Adding a second Connection ID later” must
also address the IAM role trust policy. Instruct users to update its `aud`
condition to accept both Connection IDs, or create a separate IAM role
configured for the new audience, in addition to updating the OIDC provider
audience list.
- Around line 83-92: Resolve the Redshift setup ordering in the introductory
instructions and the Part 3 section: explicitly instruct readers to create and
save the empty connection before beginning Part 1, since its Connection ID is
required for AWS configuration. Update Part 3 to state that the existing
connection should only be reopened to add the connected account, without
creating a new connection.
- Around line 104-114: Convert every numbered item in all three affected <Steps>
blocks, including the blocks around the IAM provider setup and the referenced
sections, into heading-form steps using the required `1. ### ...` or `1. ## ...`
syntax while preserving each step’s existing content and order.
- Around line 434-441: Update the “Verify the round-trip in CloudTrail” section
to describe the data API event using CloudTrail fields: eventSource
redshift-data.amazonaws.com and eventName ExecuteStatement, rather than IAM
action syntax. Avoid guaranteeing exactly two events per tool call; state that
event names and counts vary by tool while retaining the
AssumeRoleWithWebIdentity and role-session attribution guidance.
- Around line 284-286: Update the “Serverless workgroup (recommended)” section
to explain that the first IAM connection maps to the IAMR:<role-name> database
role, which still requires database privileges. Add example equivalent GRANT
statements for IAMR:ScalekitRedshiftAccess and clarify that authentication may
succeed while queries fail without these grants.
- Around line 225-229: Update the Redshift Serverless IAM policy guidance near
“RedshiftServerlessAuth” to explain that <WORKGROUP_ID> is the workgroup UUID,
not its name. In the prerequisites and policy instructions, tell readers to copy
the workgroup ARN and extract its final segment or retrieve the workgroup’s
workgroupId via the AWS console/CLI/API before completing the ARN.
- Around line 184-197: Update the Redshift connector documentation’s
connected-account identifier guidance, including the sections around the
optional organization restriction and the referenced examples, to recommend
opaque organization or pairwise identifiers only and remove email addresses as a
suggested value. Explain that the identifier becomes the JWT subject and should
not contain PII, while preserving the exact-match requirement and JSON
configuration examples.
- Around line 485-493: Update the “Revoke access” section to avoid promising
immediate revocation from trust-policy or OIDC changes alone; explain that
existing temporary credentials may remain valid until expiry. Add AWS’s
active-session revocation procedure for emergency cut-off, and clarify the
distinction between blocking new AssumeRoleWithWebIdentity calls and
invalidating active sessions.
- Around line 388-396: Update both Redshift result-fetching snippets around
scalekit.actions.executeTool and redshift_get_query_result to use a bounded
polling loop: repeatedly request the query status until it is FINISHED, handle
FAILED and ABORTED as errors, and stop with an explicit timeout error if
completion takes too long before reading rows.
- Around line 61-68: Clarify the credential exchange cadence in the “On every
tool call” section: state that Scalekit calls AWS STS on the first tool call
when credentials are needed and subsequently only on cache misses or near-expiry
refreshes, while cached temporary credentials are reused for other calls. Update
the numbered flow accordingly without changing the surrounding IAM or security
details.
- Around line 343-360: Split the Redshift payload documentation into distinct
serverless and provisioned examples. In the serverless example, remove
trusted_idp.db_user, while retaining it only in the provisioned cluster example;
show the appropriate api_config fields for each shape, including
workgroup_name/namespace_name for serverless and cluster_identifier for
provisioned.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 9bab4770-e4c3-4355-8725-60926a1b21e7
📒 Files selected for processing (1)
src/content/docs/agentkit/connectors/redshift.mdx
📜 Review details
⏰ Context from checks skipped due to timeout. (4)
- GitHub Check: CodeRabbit / Review
- GitHub Check: Redirect rules - scalekit-starlight
- GitHub Check: Header rules - scalekit-starlight
- GitHub Check: Pages changed - scalekit-starlight
🧰 Additional context used
📓 Path-based instructions (9)
**/*.mdx
📄 CodeRabbit inference engine (.cursorrules)
**/*.mdx: Use clear, descriptive titles that explain the purpose of the document
Include comprehensive descriptions in frontmatter metadata
Organize content with logical heading hierarchy (H2, H3, H4)
Use tableOfContents property in frontmatter when content has multiple sections
Set appropriate sidebar labels for navigation in frontmatter
Use direct instruction writing style with phrases like 'This guide shows you how to...' and 'Create an authorization URL to...'
Use second person perspective ('your application', 'you receive', 'you must') in documentation
Keep sentences concise, aiming for under 25 words per sentence
Explain the 'why' in documentation with phrases like 'This prevents CSRF attacks by...' or 'Use this to validate that...'
Use action verbs in section headings: 'Store session tokens securely', 'Validate the state parameter', 'Exchange authorization code for tokens'
Use present tense for descriptions: 'Scalekit handles the complex authentication flow', 'The SDK provides methods to refresh tokens'
Use future tense for results: 'This will redirect users to...', 'You'll receive a JWT containing...', 'Scalekit returns an authorization code'
Use transition phrases between sections: 'After the user authenticates...', 'Once the state is validated...', 'Let's take a look at how to...'
Write 1-3 opening paragraphs that explain what users will accomplish, provide context about when/why, preview key concepts, and use direct instructional language
Begin introduction sections with a clear statement of what the guide covers and explain the problem being solved
Use collapsible sections in introduction for sequence diagrams, video demonstrations, data models, and JSON examples with appropriate icons
Use numbered format within Steps component:1. ## Titlewith all step content indented with exactly 3 spaces
Use action-oriented headings in step-by-step guides within Steps components
Include code examples in all 4 languages (Node.js, Python, Go, Java) within Steps co...
Files:
src/content/docs/agentkit/connectors/redshift.mdx
⚙️ CodeRabbit configuration file
**/*.mdx: You are reviewing Scalekit developer documentation written in MDX
(Astro + Starlight framework). Apply ALL of the following checks:Frontmatter
titleMUST be ≤ 60 characters and clearly state what the page does.descriptionMUST be ≤ 160 characters, action-oriented, unique per page.sidebar.labelMUST be present and ≤ 30 characters.sidebar.orderMUST be set on every page that lives inside a section
with siblings, to enforce the journey order in sidebar.config.ts.- Flag any missing
prev/nextlinks on pages that are clearly
part of a sequential flow (e.g., quickstart → implement-login →
complete-login → manage-session → logout).Voice & Style (CLAUDE.md standards)
- Voice: confident, direct, collaborative, instructional.
- Person: second person only ("you", "your application"). Reject "we",
"our", "the developer", "the user".- Tense: present tense for descriptions; imperative mood for instructions.
- Flag weasel words: "simply", "just", "easy", "straightforward",
"obviously", "of course", "note that".- Flag passive voice constructions where active voice is clearer.
- Headings must be sentence case, not Title Case (except proper nouns).
- Headings that match a real API parameter, method, or field name
(e.g.,contactID,xero_tenant_id,executeTool) should preserve
the original casing. Do NOT flag these as sentence-case violations.- No heading should end with a colon or period.
Content structure
- Journey how-to guides MUST contain numbered
<Steps>(Starlight
component). This does NOT apply tosrc/content/docs/cookbooks/**
(blog-style recipes — optional<Steps>,<Tabs>after</Steps>OK;
see cookbookspath_instructions).- Concept pages MUST NOT contain numbered steps — concepts explain, not instruct.
- API reference pages MUST list parameters in a table with Name / Type /
Required / Description columns.- Every page MUST end with a clear "what's next" signal — either a
next:f...
Files:
src/content/docs/agentkit/connectors/redshift.mdx
**/*.{yml,yaml,md,mdx}
📄 CodeRabbit inference engine (.cursor/rules/browsecentral-labels.mdc)
**/*.{yml,yaml,md,mdx}: BrowseCentral labels should be maximum 3-5 words - keep concise but add context when needed
BrowseCentral labels should be action-oriented - start with verbs when possible
BrowseCentral labels should be specific and clear - add context when simple labels are ambiguous
BrowseCentral labels should be outcome-focused - describe what users accomplish and the context
BrowseCentral labels should use 'Action + Object' pattern (e.g., 'Invite users', 'Restrict sign-up', 'Set up SCIM')
BrowseCentral labels should use feature names (e.g., 'Enterprise SSO', 'Passwordless quickstart')
BrowseCentral labels should describe task completion (e.g., 'Run migrations', 'Migrate auth', 'Merge identities')
BrowseCentral labels should include specific context when needed (e.g., 'Configure Scalekit MCP server', 'Validate incoming API requests')
BrowseCentral labels should use integration context when applicable (e.g., 'Build MCP auth with your existing auth system')
BrowseCentral labels should avoid instructional prefixes: 'How to', 'Guide to', 'Implement', 'Configure', 'Learn', 'Understand'
BrowseCentral labels should avoid verbose phrases: 'Step-by-step guide', 'Complete tutorial', 'Detailed documentation'
BrowseCentral labels should avoid weak verbs: 'Enable', 'Allow', 'Provide', 'Support'
Files:
src/content/docs/agentkit/connectors/redshift.mdx
**/*.{md,mdx}
📄 CodeRabbit inference engine (.cursor/rules/deno-docs-style.mdc)
**/*.{md,mdx}: Use sentence case for all titles and headings in MD/MDX documentation
Keep page titles short and descriptive (3–7 words when possible) in MD/MDX documentation
Use outcome-focused headings that describe results, not categories (e.g., 'Run a script' not 'Scripts')
Avoid gerunds in headings when an imperative works - prefer 'Configure proxies' over 'Configuring proxies'
Keep sidebar labels concise (1–3 words), use sentence case, and focus on outcomes or objects
Use sentence case in sidebar labels without punctuation
Set frontmatter title in sentence case with a clear outcome; description in one sentence (≤160 chars); sidebar.label as shorter form of title; enable tableOfContents on longer pages
Start documentation pages with a one-paragraph overview explaining what the page covers and when to use it
Present the primary use case (80% path) first in documentation, with edge cases later
Use numbered steps for task-focused sections in documentation, with each step beginning with a verb
Break up long documentation sections with subheadings every 3–6 paragraphs
Use asides for important notes, tips, cautions, and references in documentation
Provide runnable, minimal code examples that work as-is in documentation
Prefer CLI-first examples and show file layout when helpful in documentation
Label code blocks with titles for context (e.g., 'Terminal', 'main.ts') in documentation
Keep code block annotations brief and purposeful - annotate only what matters
Use consistent variable and file names across a documentation page
Use descriptive link text in documentation (e.g., 'See permission flags' not 'click here')
Prefer relative links for internal documentation pages and include anchors for section references
Reference APIs consistently using backticks for code, file names, CLI flags, and endpoints
Use backticks for code, file names, CLI flags, and endpoints in documentation
Use lists for options and features in documentation; tables only when comparisons are cleare...
Files:
src/content/docs/agentkit/connectors/redshift.mdx
src/content/docs/**/*.mdx
📄 CodeRabbit inference engine (.cursor/rules/starlight-steps-tabs-structure.mdc)
src/content/docs/**/*.mdx: In MDX documentation files,<Steps>must contain one continuous ordered list. Wrap<Steps>around a normal Markdown ordered list such as1. ## ...
In MDX documentation files, numbered step lines must start at column 0. Do not indent the1. ##,2. ##, etc.
In MDX documentation files, any content that belongs to a step must be indented with 3 spaces: paragraphs, bullets, images,<Tabs>,<TabItem>, and fenced code blocks
In MDX documentation files, prefer plain Markdown inside<Steps>. If the content is mostly<Tabs>or other JSX-heavy blocks, use normal section headings instead of<Steps>
In MDX documentation files, when<Tabs>is used inside a step, keep<Tabs>,<TabItem>,</TabItem>, and</Tabs>consistently nested under that step
In MDX documentation files, if a tabs block is not part of a numbered step, place it outside</Steps>
Files:
src/content/docs/agentkit/connectors/redshift.mdx
src/content/**/*.mdx
📄 CodeRabbit inference engine (CONTRIBUTING.md)
src/content/**/*.mdx: All documentation must live as MDX files insidesrc/content/
Every documentation page must have frontmatter with title (≤60 characters), description (≤160 characters), sidebar label, order, and tags
Write documentation in second person using 'you' and 'your application', present tense for descriptions, and imperative for step-by-step instructions
Avoid filler phrases like 'simply', 'just', 'easily' in documentation and be direct
Explain security implications when relevant in documentation
Every code block demonstrating an SDK operation must include all four languages (Node.js, Python, Go, Java) using synced tabs with syncKey='tech-stack'
SDK variable names are fixed and must not be renamed: Node.js usesscalekit, Python usesscalekit_client, Go usesscalekitClient, Java usesscalekitClient
Files:
src/content/docs/agentkit/connectors/redshift.mdx
**/*.{md,mdx,astro,ts}
📄 CodeRabbit inference engine (CONTRIBUTING.md)
**/*.{md,mdx,astro,ts}: Usepnpm pretty-quick --stagedvia pre-commit git hook to auto-format all staged.md,.mdx,.astro,.tsfiles with Prettier
Runpnpm formatto auto-format all.md,.mdx,.astro,.tsfiles before pushing changes
Files:
src/content/docs/agentkit/connectors/redshift.mdx
src/content/docs/agentkit/connectors/**/*.mdx
📄 CodeRabbit inference engine (CONTRIBUTING.md)
Agent connector docs must use the generated workflow via
pnpm run sync-agent-connectorsand setup/usage/custom sections must be added through component templates
Files:
src/content/docs/agentkit/connectors/redshift.mdx
src/content/docs/agentkit/**/*.mdx
📄 CodeRabbit inference engine (CLAUDE.md)
Agentkit documentation snippets must be checked against the external
scalekit-developers/agent-auth-examplesrepository before updating examples.
Files:
src/content/docs/agentkit/connectors/redshift.mdx
**
⚙️ CodeRabbit configuration file
**: # CLAUDE.md - Scalekit Documentation GuideOverview
This file is the single source of truth for all documentation standards and AI assistant guidelines in this repository. All documentation must adhere to the rules defined below.
Core Principles
Documentation-first development
Every feature must include comprehensive, user-focused documentation. Documentation is not an afterthought but a first-class deliverable that guides implementation. All code changes require corresponding documentation updates.
Git workflow
- Do NOT include
Co-Authored-Bylines in commit messages- At the start of a fresh session, before making any changes, ask the user: "Do you want me to cut a new branch or work on the current branch?"
- Never force push (
git push --forceorgit push -f). If a push fails, stop and clearly explain the reason it failed — do not attempt workarounds without user confirmation.- For commit, push, and PR creation, spawn a subagent using the Haiku model to handle it. The pre-push hook generates large logs and PR creation output adds unnecessary noise to the main session context.
- Once the user confirms local testing works, or explicitly asks to commit and push, commit all changes, push the branch, and open a PR against
main. The PR must include:
- A crisp description of the changes
- A preview link in the format:
https://deploy-preview-{PR_NUMBER}--scalekit-starlight.netlify.app/{path-to-changed-page}/SDK variable names (critical)
CRITICAL: Use the exact variable names below in all documentation and code examples.
- Node.js:
scalekit- Python:
scalekit_client- Go:
scalekitClient- Java:
scalekitClientMulti-Language SDK Consistency
All code examples MUST include Node.js, Python, Go, and Java implementations with consistent variable naming conventions. Examples must show both success and error handling paths. Security implications must be explained for each implementation....
Files:
src/content/docs/agentkit/connectors/redshift.mdx
🧠 Learnings (50)
📚 Learning: 2026-01-30T18:18:50.883Z
Learnt from: AkshayParihar33
Repo: scalekit-inc/developer-docs PR: 415
File: src/content/docs/authenticate/fsa/multiapp/manage-apps.mdx:31-49
Timestamp: 2026-01-30T18:18:50.883Z
Learning: In all Scalekit documentation files (MDX), treat the terms 'Applications', 'Single Page Application (SPA)', 'Native Application', and 'Web Application' as proper nouns and preserve their capitalization in headings and body text. Ensure these terms remain capitalized even when used in sentence case or within prose.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-02-04T12:47:16.544Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 412
File: src/content/docs/dev-kit/tools/scalekit-dryrun.mdx:1-23
Timestamp: 2026-02-04T12:47:16.544Z
Learning: In scalekit-inc/developer-docs, the MDX frontmatter field order is required only when the sidebar configuration points to a directory (for auto-generation). If the sidebar.config.ts references a specific file path, the order field is not required. Apply this check to all MDX files under src/content/docs: if a file contributes to an auto-generated sidebar (directory path), ensure order is present; if it’s linked to a concrete file, order can be omitted. Use sidebar.config.ts to determine whether a given MDX file falls under directory-based vs file-specific sidebar references.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-02-25T08:57:12.201Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 444
File: src/content/docs/agent-auth/quickstart.mdx:2-10
Timestamp: 2026-02-25T08:57:12.201Z
Learning: In Scalekit developer-docs (Astro Starlight), do not auto-suggest adding tableOfContents in frontmatter unless the user explicitly overrides the default behavior. The default enables tableOfContents with minHeadingLevel 2 and maxHeadingLevel 3. Only set tableOfContents when you want to customize heading levels or disable it entirely; otherwise omit it for other docs.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-02-25T13:04:27.491Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 444
File: src/content/docs/agent-auth/start-agent-auth-coding-agents.mdx:9-17
Timestamp: 2026-02-25T13:04:27.491Z
Learning: Allow page-level CSS overrides in MDX frontmatter (head: style) for readability and engagement, even if it customizes typography beyond defaults. This applies to per-page UX decisions, including heading sizes and style tweaks, but keep overrides purposeful, accessible, and within the repository's design guidelines. Use these overrides sparingly and document the rationale for maintainability.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-03-05T11:29:08.125Z
Learnt from: AkshayParihar33
Repo: scalekit-inc/developer-docs PR: 463
File: src/content/docs/agent-auth/providers.mdx:35-73
Timestamp: 2026-03-05T11:29:08.125Z
Learning: In src/content/docs/agent-auth/providers.mdx, the Card components intentionally use icon=" " (a space) to render consistent colored boxes since some Starlight icon names resolve to icons and others do not. Do not flag icon=" " as a placeholder issue for this file; treat this as a deliberate UX choice specific to this MDX page and avoid raising a placeholder-icon warning here.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-03-09T07:27:56.794Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 469
File: src/content/docs/guides/integrations/scim-integrations/azure-scim.mdx:95-107
Timestamp: 2026-03-09T07:27:56.794Z
Learning: Do not enforce the 3-space indentation rule for Steps component content as a hard style rule in MDX files under src/content/docs/**/*.mdx. Only flag/rectify it if it causes visible rendering problems in the UI. Otherwise, allow current formatting; apply this rule only when rendering issues are observed and document any fixes.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-03-09T07:32:38.426Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 467
File: src/content/docs/sso/guides/sso-user-attributes.mdx:108-148
Timestamp: 2026-03-09T07:32:38.426Z
Learning: In MDX code samples under src/content/docs (and similar conceptual snippets in scalekit-inc/developer-docs), when an example's sole purpose is to show how to access a specific value (e.g., reading JWT claims after token validation), omit error/non-happy-path handling to keep the snippet focused. Do not flag the absence of error paths in narrowly scoped conceptual snippets.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-03-17T16:01:50.487Z
Learnt from: dhaneshbs
Repo: scalekit-inc/developer-docs PR: 506
File: src/content/docs/authenticate/fsa/quickstart.mdx:851-853
Timestamp: 2026-03-17T16:01:50.487Z
Learning: In the Scalekit Python SDK docs, clarify that LogoutUrlOptions is not exported from the top-level scalekit package __init__.py. The correct import path in code samples or reviews is: from scalekit.common.scalekit import LogoutUrlOptions. Do not flag this import path as incorrect in documentation or code reviews; ensure examples reflect the proper import path to avoid confusion for users.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-02-25T03:34:41.147Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 444
File: src/content/docs/agent-auth/start-agent-auth-coding-agents.mdx:31-31
Timestamp: 2026-02-25T03:34:41.147Z
Learning: In MDX files, import { Code } from 'astrojs/starlight/components' only if the MDX content actually uses the <Code> component. If the file uses only fenced code blocks (```), the import is not required. Apply this guideline to all MDX files (e.g., src/content/docs/**/*.mdx) to avoid unnecessary imports and reduce bundle size.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-02-25T18:41:00.639Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 446
File: src/content/docs/authenticate/m2m/api-auth-quickstart.mdx:78-78
Timestamp: 2026-02-25T18:41:00.639Z
Learning: Preserve full URLs inside code comments in MDX code blocks (bash/python/js) when the URLs are part of copyable examples. Do not flag these in code examples. Use relative paths in prose and hyperlinks within MDX; only enforce relative paths for markdown prose links, not for URLs inside code comments.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-16T17:25:30.736Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 693
File: src/content/docs/authenticate/mcp/troubleshooting.mdx:170-170
Timestamp: 2026-05-16T17:25:30.736Z
Learning: In this repo’s documentation (.mdx files), external links should be written using plain Markdown link syntax: `[text](url)`. Do not flag links for missing `target="_blank"` or `rel="noopener"` (avoid adding raw HTML anchors just to include those attributes), and keep the approach consistent with existing docs styling.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-04-25T07:22:18.321Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 633
File: src/components/templates/agent-connectors/_setup-heyreach.mdx:12-12
Timestamp: 2026-04-25T07:22:18.321Z
Learning: In this repo’s MDX documentation files, treat `@/...` paths as aliases that resolve to the `src/` directory (e.g., `@/assets/docs/foo/bar.png` -> `src/assets/docs/foo/bar.png`). When reviewing, do not flag `@`-prefixed image (or other asset) paths as broken; instead, verify that the corresponding physical file exists under `src/`.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-04-27T07:13:48.244Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 628
File: src/content/docs/agentkit/tools/scalekit-optimized-tools.mdx:59-102
Timestamp: 2026-04-27T07:13:48.244Z
Learning: In AgentKit documentation MDX files, when showing Python `execute_tool` calls, treat `connection_name` as a supported argument (along with `tool_name`, `tool_input`, `identifier`, and `connected_account_id`). Do not flag `connection_name` as an invalid/unsupported parameter in these Python examples.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-12T09:43:05.227Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 745
File: src/content/docs/agentkit/authentication/troubleshooting.mdx:22-49
Timestamp: 2026-06-12T09:43:05.227Z
Learning: In this repo, for AgentKit documentation pages under `src/content/docs/agentkit/`, do NOT enforce the usual “four-language (Node.js, Python, Go, Java) SDK tabs” requirement. AgentKit pages should include only the Python and Node.js tabs; if Go and Java tabs are missing on these pages, do not flag it during review.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-06T07:23:46.423Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 658
File: src/components/templates/agent-connectors/_section-before-tool-list-xero-common-patterns.mdx:15-63
Timestamp: 2026-05-06T07:23:46.423Z
Learning: In agentkit agent connectors documentation (files under src/components/templates/agent-connectors and src/content/docs/agentkit/connectors), do not require all four language tabs for SDK code examples. These docs may use only the language tabs relevant to the content (e.g., Node.js and Python). This is an exception to the standard multilingual guideline and should be applied consistently across connector docs.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-07T13:40:40.902Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 660
File: src/content/docs/agentkit/connectors/handwritten-hubspot.mdx:95-126
Timestamp: 2026-05-07T13:40:40.902Z
Learning: For Quickstart code snippets in scalekit-inc/developer-docs connector docs (agentkit connector pages such as src/content/docs/agentkit/connectors/*.mdx), do not require explicit error/non-happy-path handling. Quickstart examples intentionally show only the happy path to reduce noise and help users complete a first working call quickly. In contrast, for more complete, reference-style examples outside of Quickstart flows, missing error-path handling can be flagged.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-07T13:41:31.574Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 660
File: src/content/docs/agentkit/connectors/handwritten-hubspot.mdx:453-499
Timestamp: 2026-05-07T13:41:31.574Z
Learning: In scalekit-inc/developer-docs, do not require a "what's next"/next-step signal at the end of agent connector documentation pages under src/content/docs/agentkit/connectors/ (for example, src/content/docs/agentkit/connectors/*.mdx). These pages may omit the typical next-step elements such as a frontmatter next link, a LinkCard, or a final forward-pointer paragraph; missing "what's next" sections on these connector pages should not be flagged as an issue.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-07T16:16:49.698Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 660
File: src/content/docs/agentkit/connectors/datadog.mdx:64-66
Timestamp: 2026-05-07T16:16:49.698Z
Learning: In scalekit-inc/developer-docs connector quickstart pages, do not flag the Step 4 heading text "Authorize and make your first call" as misleading for non-OAuth connectors (e.g., API key connectors). This heading is a standardized template label used intentionally across all connector types, regardless of connectorAuthType.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-07T16:42:20.842Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 660
File: src/content/docs/agentkit/connectors/confluence.mdx:70-72
Timestamp: 2026-05-07T16:42:20.842Z
Learning: For connector documentation MDX files under `src/content/docs/agentkit/connectors/` (e.g., agentkit connector pages), the `Tool list` section that renders via `<ToolList tools={tools} />` is injected/managed by `scripts/sync-agent-connectors.js`. If a hand-authored or partially hand-authored connector MDX file temporarily lacks the `Tool list` / `<ToolList tools={tools} />` section, do not flag it as a missing/incorrect section issue—it's expected to be re-injected by the generator in a later sync pass.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-13T14:20:54.610Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 690
File: src/content/docs/agentkit/connectors/monday.mdx:74-79
Timestamp: 2026-05-13T14:20:54.610Z
Learning: In connector documentation MDX pages under `src/content/docs/agentkit/connectors/` (e.g., `monday.mdx`, `clickup.mdx`), the “What you can do” capability bullet sections are auto-generated by the repo’s sync scripts from production API data. During code review, do not flag these sections for formatting/content issues or suggest manual rewrites, and treat edits to those bullets as expected only if the change came from rerunning the sync/update process. If a bullet needs to change, the correct path is to update the upstream API data and re-run the sync script, not to hand-edit the generated MDX.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-13T14:21:01.189Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 690
File: src/content/docs/agentkit/connectors/clickup.mdx:74-79
Timestamp: 2026-05-13T14:21:01.189Z
Learning: In connector MDX pages under src/content/docs/agentkit/connectors/ (e.g., clickup.mdx, monday.mdx), the "What you can do" capability bullet sections are auto-generated by the connector sync script (e.g., scripts/sync-agent-connectors.js). During code review, do not flag or require fixes for label/description mismatches or style/formatting issues within those auto-generated bullet lists, because manual edits will be overwritten by the next sync pass.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-21T09:41:24.514Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 712
File: src/content/docs/agentkit/connectors/clickhouse.mdx:2-4
Timestamp: 2026-05-21T09:41:24.514Z
Learning: For connector documentation MDX pages under src/content/docs/agentkit/connectors/ (*.mdx), treat the page `title` field as auto-generated from the upstream API’s `provider.display_name` and not as a manually editable docs field. If there is a branding/casing mismatch in the generated connector page title, do not flag it as a docs issue; instead, require the correction to be made in the upstream API’s `provider.display_name` source.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-26T10:40:43.209Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 793
File: src/content/docs/agentkit/connectors/airtable.mdx:22-27
Timestamp: 2026-06-26T10:40:43.209Z
Learning: When reviewing MDX connector documentation pages in src/content/docs/agentkit/connectors/*.mdx (including setup/workflow sections generated by the sync skill from the production schema), verify the entire file before flagging component import/usage mismatches inside the generated workflow sections. Partial diffs can omit the corresponding generated import or the rendered section, so check the full document for the matching import/usage pair before raising an issue.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-07T16:00:06.233Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 660
File: src/components/templates/agent-connectors/_section-after-setup-gmail-common-workflows.mdx:13-39
Timestamp: 2026-05-07T16:00:06.233Z
Learning: In documentation MDX files under src/components/templates/agent-connectors/ and src/content/docs/agentkit/connectors/, code examples are intentionally simplified. Do not require or flag missing error handling/failure paths (e.g., try/catch, retries, or explicit error returns) in these docs, even if the project’s general guideline expects both success and error paths in code examples.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-07T16:00:21.950Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 660
File: src/components/templates/agent-connectors/_section-after-setup-google_ads-common-workflows.mdx:10-18
Timestamp: 2026-05-07T16:00:21.950Z
Learning: In AgentKit agent connector documentation code examples located under src/components/templates/agent-connectors/** and src/content/docs/agentkit/connectors/** (MDX files), do not add explicit error handling in the sample code (e.g., no try/catch blocks or rejected-promise branches). These snippets are intentionally “success-path only” to keep the documentation concise, and this is an explicit exception to any general review guideline that requires both success and error paths in every code example.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-07T16:17:26.787Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 660
File: src/content/docs/agentkit/connectors/databricksworkspace.mdx:29-29
Timestamp: 2026-05-07T16:17:26.787Z
Learning: In scalekit-inc/developer-docs connector quickstart MDX pages under src/content/docs/agentkit/connectors/, use ### (H3) headings inside <Steps> components—not ## (H2)—because H2 renders too large. The page-level CSS override `.sl-markdown-content h3 { font-size: var(--sl-text-lg); }` should be kept in the frontmatter `head` block to size the step headings correctly. When reviewing these connector pages, do not flag ### headings inside <Steps> as incorrect.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-21T09:41:24.514Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 712
File: src/content/docs/agentkit/connectors/clickhouse.mdx:2-4
Timestamp: 2026-05-21T09:41:24.514Z
Learning: When reviewing MDX connector pages in `src/content/docs/agentkit/connectors/` (e.g., connector `*.mdx` files), do not treat casing differences in the page frontmatter `title` as a docs issue. The connector `title` is auto-generated by `scripts/sync-agent-connectors.js` from the upstream API’s `provider.display_name`. If `title` casing doesn’t match other fields (like `description`) that use official vendor branding, that mismatch is an upstream data issue—reviewers should note that the upstream `provider.display_name` must be corrected and avoid changing/flagging the docs `title` casing directly.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-28T03:02:50.440Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 723
File: src/content/docs/agentkit/connectors/cloudfaremcp.mdx:34-41
Timestamp: 2026-05-28T03:02:50.440Z
Learning: For auto-synced connector documentation pages in src/content/docs/agentkit/connectors/ (generated by sync-agent-connectors), do not require/flag a missing `title=` attribute on terminal `bash` code blocks that are used for SDK installation instructions (e.g., commands like `npm install scalekit-sdk/node` or `pip install scalekit`). This exception applies specifically to those install-command blocks in connector pages.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-28T03:03:25.785Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 723
File: src/content/docs/agentkit/connectors/cloudfaremcp.mdx:1-10
Timestamp: 2026-05-28T03:03:25.785Z
Learning: In MDX pages under src/content/docs/agentkit/connectors/ (the connector docs auto-generated from the production Scalekit catalog by scripts/sync-agent-connectors.js), do not flag missing `tags` frontmatter as an issue. These pages’ frontmatter is controlled by the sync script; if `tags` is not included by the script, it should not be required manually. Apply this exception to all auto-synced connector pages in that directory.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-28T03:03:32.516Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 723
File: src/content/docs/agentkit/connectors/airopsmcp.mdx:1-10
Timestamp: 2026-05-28T03:03:32.516Z
Learning: For auto-synced connector documentation MDX files under `src/content/docs/agentkit/connectors/` (generated by `scripts/sync-agent-connectors.js`), do not raise a review finding when the MDX frontmatter is missing `tags`. In this directory, `tags` is optional; only ensure the required frontmatter fields per the docs guidelines are present: `title`, `description`, `sidebar.label`, and `sidebar.order` when applicable.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-28T03:03:35.312Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 723
File: src/content/docs/agentkit/connectors/revealedaimcp.mdx:1-10
Timestamp: 2026-05-28T03:03:35.312Z
Learning: For auto-synced connector documentation pages under src/content/docs/agentkit/connectors/ (MDX files generated by scripts/sync-agent-connectors.js from the production Scalekit catalog), do not raise review findings for missing frontmatter fields sidebar.order or tags. These fields are intentionally omitted because they are not emitted by the sync generation output.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-28T03:03:51.366Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 723
File: src/content/docs/agentkit/connectors/sanitymcp.mdx:1-10
Timestamp: 2026-05-28T03:03:51.366Z
Learning: For auto-synced connector documentation pages under src/content/docs/agentkit/connectors/ (generated by scripts/sync-agent-connectors.js), do not require or flag missing `tags` or `order` frontmatter fields. Those fields are not included in the sync script’s output template, and any manual additions would be overwritten on the next sync run. Apply this rule to all MDX connector pages in that directory.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-28T03:04:03.176Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 723
File: src/content/docs/agentkit/connectors/fiscalaimcp.mdx:2-10
Timestamp: 2026-05-28T03:04:03.176Z
Learning: For this repository’s connector documentation MDX pages, do not require or raise an issue for a missing `tags` field in the MDX frontmatter. Only treat these frontmatter fields as required (where applicable): `title` (≤60 chars), `description` (≤160 chars), `sidebar.label` (≤30 chars), and `sidebar.order` when the page is in a directory-based sidebar section with sibling pages. Never flag missing-`tags` on connector MDX pages (including auto-synced ones under `src/content/docs/agentkit/connectors/`).
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-02T10:18:55.267Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 731
File: src/content/docs/agentkit/connectors/scarpflymcp.mdx:51-53
Timestamp: 2026-06-02T10:18:55.267Z
Learning: For auto-synced connector documentation pages under src/content/docs/agentkit/connectors/ (these are generated by scripts/sync-agent-connectors.js), do not raise or flag issues about the toolName passed to QuickstartGenericOauthSection (e.g., scarpflymcp_get_page_url) regarding session dependency or “requires existing session”. These toolName selections are intentionally sourced from the upstream production catalog sync, so treat them as data-driven configuration rather than something that must reference an existing session at code-review time.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-13T08:55:35.702Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 748
File: src/content/docs/agentkit/connectors/twilio.mdx:28-62
Timestamp: 2026-06-13T08:55:35.702Z
Learning: In auto-synced connector documentation pages under `src/content/docs/agentkit/connectors/` (including `twilio.mdx`), treat the quickstart step structure as data-driven output from the production API sync skill/metadata. Do not flag documentation issues merely because a `QuickstartGenericApikeySection` (or the expected “Authorize and make your first call” first-call step) is missing, or because the presence/ordering of the third authorize/first-call step varies—this omission is intentional when it results from the underlying sync metadata.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-13T08:55:41.638Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 748
File: src/content/docs/agentkit/connectors/twilio.mdx:28-62
Timestamp: 2026-06-13T08:55:41.638Z
Learning: For auto-synced connector documentation MDX pages under src/content/docs/agentkit/connectors/ (generated by scripts/sync-agent-connectors.js), do not require or flag a missing "first execute_tool call" step inside the quickstart <Steps> block. The quickstart step count/content is derived from production metadata/skills and is not manually authored. In particular, for Basic Auth connectors (e.g., Twilio), the absence of a QuickstartGenericApikeySection (or equivalent initial-call section) is intentional and should not be treated as a doc error during code review.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-21T08:54:22.951Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 761
File: src/content/docs/agentkit/connectors/lushamcp.mdx:4-4
Timestamp: 2026-06-21T08:54:22.951Z
Learning: For auto-generated connector documentation MDX pages in `src/content/docs/agentkit/connectors/` (generated by `scripts/sync-agent-connectors.js` from the production Scalekit catalog), do not flag the frontmatter `description` as incomplete if it ends with a trailing ellipsis (`...`) due to upstream character limits. This truncation is expected because the description is sourced from the production schema sync; fix it only by updating the upstream provider data and re-running the sync script (not by manually editing the MDX).
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-21T08:54:31.856Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 761
File: src/content/docs/agentkit/connectors/privacymcp.mdx:57-65
Timestamp: 2026-06-21T08:54:31.856Z
Learning: Do not manually add or require security caution/Aside components (e.g., warnings about PAN/CVV2 or card-data handling) directly in auto-synced connector documentation MDX files under src/content/docs/agentkit/connectors/. These pages are regenerated (overwritten) by scripts/sync-agent-connectors.js from the production schema sync, so hand edits will be lost. If a security note is required for a sensitive connector, add it via the sync script templates or upstream data that feeds the sync, not by editing the generated MDX.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-21T08:54:49.675Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 761
File: src/content/docs/agentkit/connectors/stackaimcp.mdx:4-4
Timestamp: 2026-06-21T08:54:49.675Z
Learning: For auto-synced connector documentation pages (MDX) under src/content/docs/agentkit/connectors/—generated by scripts/sync-agent-connectors.js from the production Scalekit catalog—do not raise code review warnings/errors if the frontmatter `description` value exceeds 160 characters. The description text/length is driven by the upstream production schema during the sync; to change the length/content, update the upstream provider data and re-run scripts/sync-agent-connectors.js rather than manually editing the generated MDX.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-21T08:54:58.899Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 761
File: src/content/docs/agentkit/connectors/mailercloudmcp.mdx:4-4
Timestamp: 2026-06-21T08:54:58.899Z
Learning: For auto-synced connector documentation MDX pages under src/content/docs/agentkit/connectors/ (generated by scripts/sync-agent-connectors.js), do not raise review issues for brand-name casing or spacing inconsistencies between frontmatter fields—description—and the title/sidebar.label fields (e.g., "Mailer Cloud" vs "Mailercloud"). These values are sourced from the upstream production schema sync; if the mismatch is incorrect, make the fix in the upstream provider data and re-run scripts/sync-agent-connectors.js rather than manually editing the generated MDX.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-26T10:41:21.786Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 793
File: src/content/docs/agentkit/connectors/alphaxivmcp.mdx:51-53
Timestamp: 2026-06-26T10:41:21.786Z
Learning: In auto-synced connector documentation pages under src/content/docs/agentkit/connectors/, generated quickstart sections (e.g., tool input examples produced by components like QuickstartGenericOauthSection) should be treated as data-driven output from the connector sync (production schema/sync source). In code review, do not flag placeholder or example input values inside these generated snippets as incorrect or needing manual correction; if the values are wrong, the fix must be made in the upstream schema/sync generator rather than edited directly in the MDX.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-26T10:44:08.916Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 793
File: src/content/docs/agentkit/connectors/vercelmcp.mdx:63-65
Timestamp: 2026-06-26T10:44:08.916Z
Learning: For auto-synced connector documentation MDX pages under src/content/docs/agentkit/connectors/ (i.e., content generated from the production schema by the sync generator), treat write/read tool selections in generated “first-call”/quickstart sections (e.g., toolName used in components like QuickstartGenericOauthSection) as data-driven output. Do not request manual changes in the MDX (such as replacing a write-capable first-call tool with a read-only one) during code review. If the tool choice is incorrect, the fix must be made upstream in the production schema and/or the sync generator so the generated output is corrected at the source.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-06-26T10:44:09.957Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 793
File: src/content/docs/agentkit/connectors/magicpatternsmcp.mdx:9-9
Timestamp: 2026-06-26T10:44:09.957Z
Learning: For auto-synced connector documentation MDX pages under `src/content/docs/agentkit/connectors/`, treat the frontmatter field `connectorAuthType` as generated output from the production schema via the sync skill. During code review, do not raise manual-doc/style/tokenization issues for differences in the `connectorAuthType` value on these generated pages. If `connectorAuthType` content is incorrect (including formatting/token changes), fix it in the upstream schema/sync source instead of editing the generated MDX file directly.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-07-04T11:48:37.823Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 830
File: src/content/docs/agentkit/connectors/typeformmcp.mdx:57-72
Timestamp: 2026-07-04T11:48:37.823Z
Learning: For documentation connector pages under `src/content/docs/agentkit/connectors/` (including production-sync-generated MDX pages like `typeformmcp.mdx`), the page is intentionally designed to omit a trailing “what’s next” call-to-action (e.g., a `next` frontmatter link, a `LinkCard`, or a forward-pointing paragraph at the end). In code reviews, do not flag missing “what’s next” sections/signals on these connector pages.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-07-04T11:48:40.348Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 830
File: src/content/docs/agentkit/connectors/typeformmcp.mdx:30-43
Timestamp: 2026-07-04T11:48:40.348Z
Learning: For auto-synced connector documentation pages under src/content/docs/agentkit/connectors/ (generated by scripts/sync-agent-connectors.js), do not raise a review issue for missing `title` attributes on terminal-style bash code blocks that show SDK installation commands (e.g., `npm install scalekit-sdk/node`, `pip install scalekit`). This exception is intended for the generated connector docs and should be applied consistently across all connector MDX pages in that directory.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-07-04T11:48:50.618Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 830
File: src/content/docs/agentkit/connectors/betterstackmcp.mdx:57-72
Timestamp: 2026-07-04T11:48:50.618Z
Learning: For auto-synced connector documentation pages under `src/content/docs/agentkit/connectors/` (generated by `scripts/sync-agent-connectors.js`), missing the usual “what’s next” ending signal is intentional. Do not flag these pages for lacking the `next:` frontmatter link and/or the standard “what’s next” components (e.g., no `<LinkCard>` or forward-pointing paragraph at the end).
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-07-04T11:48:56.530Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 830
File: src/content/docs/agentkit/connectors/affindamcp.mdx:60-66
Timestamp: 2026-07-04T11:48:56.530Z
Learning: When reviewing MDX files under src/content/docs/agentkit/connectors/, do not treat “What you can do” bullet titles that appear to be concatenated tool-name fragments (e.g., “Processing wait for document”, “Update workspace, validation rule, organization”) as code-generation artifacts that require local fixes. These strings are expected to come from production sync data via scripts/sync-agent-connectors.js; if the phrasing is actually wrong, the appropriate fix is upstream in the sync generator or the production sync data (not in the generated MDX).
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-07-04T11:49:03.760Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 830
File: src/content/docs/agentkit/connectors/affindamcp.mdx:8-8
Timestamp: 2026-07-04T11:49:03.760Z
Learning: For auto-generated connector documentation MDX pages under src/content/docs/agentkit/connectors/ (generated by scripts/sync-agent-connectors.js), do not raise code review findings for formatting inconsistencies in `connectorAuthType` across sibling pages (e.g., "OAuth2.1/DCR" vs "OAuth 2.1/DCR"). Also do not flag `connectorIcon` as missing if it is absent in a page even when sibling connector pages include it. Treat these as data-driven outputs from the production schema sync: if such issues exist, fix the source schema/upstream data and re-run scripts/sync-agent-connectors.js rather than manually editing the generated MDX.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-05-16T17:25:30.736Z
Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 693
File: src/content/docs/authenticate/mcp/troubleshooting.mdx:170-170
Timestamp: 2026-05-16T17:25:30.736Z
Learning: In this repo’s documentation (MD/MDX), external links should be written using plain Markdown link syntax: `[text](url)`. Do not flag external links for missing `target="_blank"` or `rel="noopener"`, and avoid converting Markdown links into raw HTML `<a>` tags just to add those attributes, since that would be inconsistent with the established doc pattern.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
📚 Learning: 2026-07-07T13:28:41.079Z
Learnt from: Pranesh-Raghu
Repo: scalekit-inc/developer-docs PR: 844
File: src/content/docs/agentkit/connectors/telnyxmcp.mdx:61-63
Timestamp: 2026-07-07T13:28:41.079Z
Learning: Do not raise code review findings about the ordering of “What you can do” capability/tool bullets (in connector documentation .mdx files) or the ordering of exported tool definitions (in generated tool-data .ts files) when those files are output from the production sync/catalog. Even if the list order appears to contradict a documented workflow dependency (e.g., schema lookup before invocation), treat these as data-driven generated artifacts: any correction must be made upstream in the production catalog and then re-synced. Avoid manual edits to reorder/reshape these generated outputs.
Applied to files:
src/content/docs/agentkit/connectors/redshift.mdx
🪛 LanguageTool
src/content/docs/agentkit/connectors/redshift.mdx
[style] ~110-~110: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ... https://acme-prod.scalekit.cloud. 5. For Audience, paste your **Connection I...
(ENGLISH_WORD_REPEAT_BEGINNING_RULE)
🔇 Additional comments (2)
src/content/docs/agentkit/connectors/redshift.mdx (2)
343-345: 🗄️ Data Integrity & IntegrationVerify the connector identifier used by the REST example.
The REST payload uses
redshift-<CONNECTOR_KEY>, while the SDK examples useredshift, and<CONNECTOR_KEY>is never defined. Confirm the actual connector slug in the connected-account schema and keep it consistent across REST, dashboard, and SDK examples.Also applies to: 380-384, 402-406
4-4: LGTM!Also applies to: 20-23, 25-33, 70-82, 98-103, 115-125, 130-153, 154-183, 199-224, 230-268, 269-272, 274-280, 288-300, 306-309, 319-320, 322-332, 334-337, 362-387, 399-409, 423-433, 443-448, 455-483
| Scalekit acts as an OIDC identity provider that AWS IAM trusts. No long-lived AWS access key is ever stored. On every tool call: | ||
|
|
||
| 1. Scalekit mints a short-lived JWT signed with your environment's OIDC signing key. | ||
| 2. Scalekit calls AWS STS `AssumeRoleWithWebIdentity` with that JWT. AWS validates the signature against Scalekit's public JWKS and issues temporary credentials (about a 1-hour lifetime). | ||
| 3. Scalekit uses those temporary credentials to call the Redshift Data API on your behalf. | ||
| 4. Credentials are cached and proactively refreshed near expiry. | ||
|
|
||
| You keep the IAM role and trust policy in your own AWS account. Scalekit never sees a long-lived AWS access key. |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
sed -n '1,180p' src/content/docs/agentkit/connectors/redshift.mdxRepository: scalekit-inc/developer-docs
Length of output: 8153
🏁 Script executed:
rg -n "CloudTrail|cache|refresh|tool call|AssumeRoleWithWebIdentity" src/content/docs/agentkit/connectors/redshift.mdxRepository: scalekit-inc/developer-docs
Length of output: 1984
🏁 Script executed:
sed -n '430,490p' src/content/docs/agentkit/connectors/redshift.mdxRepository: scalekit-inc/developer-docs
Length of output: 3178
Clarify the STS exchange cadence.
On every tool call conflicts with the later notes that STS credentials are cached and refreshed near expiry, and that the first exchange happens lazily on the first tool call. Change this to describe cache misses or refreshes instead.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 61 - 68,
Clarify the credential exchange cadence in the “On every tool call” section:
state that Scalekit calls AWS STS on the first tool call when credentials are
needed and subsequently only on cache misses or near-expiry refreshes, while
cached temporary credentials are reused for other calls. Update the numbered
flow accordingly without changing the surrounding IAM or security details.
| ## Gather your Scalekit details first | ||
|
|
||
| Before you touch AWS, collect two values from the Scalekit dashboard. You paste both into AWS during the AWS-side setup. | ||
|
|
||
| - **Environment URL** (becomes the JWT `iss` claim) — Go to **Settings > Environment**, copy the **environment domain** (for example `acme-prod.scalekit.cloud`), and prefix it with `https://` when AWS asks for the full URL: `https://acme-prod.scalekit.cloud`. | ||
| - **Connection ID** (becomes the JWT `aud` claim) — Go to **AgentKit > Connectors > AWS Redshift**, click **Create connection**, save it, and copy the **Connection ID** (for example `conn_128516460753453607`). | ||
|
|
||
| <Aside type="note" title="What these values mean for AWS"> | ||
| Scalekit mints a JWT for every Redshift call with `iss = <environment URL>` and `aud = <Connection ID>`. AWS validates **both**: the OIDC provider you register has to match the issuer, and its registered audience list has to contain your Connection ID. Collect them once, paste them in two places. | ||
| </Aside> |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Resolve the connection-creation order.
The guide requires a Connection ID before AWS setup, but Part 3 presents creating the connection afterward. Explicitly create and save the empty connection before Part 1, then return to Part 3 only to add the connected account.
Also applies to: 310-315
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 83 - 92,
Resolve the Redshift setup ordering in the introductory instructions and the
Part 3 section: explicitly instruct readers to create and save the empty
connection before beginning Part 1, since its Connection ID is required for AWS
configuration. Update Part 3 to state that the existing connection should only
be reopened to add the connected account, without creating a new connection.
| <Aside type="caution" title="Local development issuers must be publicly reachable"> | ||
| Your issuer must be reachable from AWS. `*.localhost` won't work. Use the staging environment URL or an ngrok-tunneled public domain. | ||
| </Aside> |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
Do not use an arbitrary ngrok hostname as the issuer.
The JWT iss is defined above as the Scalekit environment URL. A random ngrok domain cannot replace that issuer unless the Scalekit issuer/custom domain is configured to use it; otherwise AWS will reject the token. (docs.aws.amazon.com)
Remove the ngrok recommendation or explain the required custom-domain configuration.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 94 - 96,
Update the caution Aside near the issuer configuration to remove the suggestion
to use an arbitrary ngrok domain, or explicitly state that ngrok is valid only
when configured as the Scalekit issuer/custom domain; otherwise direct local
development to the staging Scalekit environment URL.
| <Steps> | ||
|
|
||
| 1. Sign in to the [AWS Management Console](https://console.aws.amazon.com/) and open the **IAM** service. | ||
| 2. In the left navigation pane, click **Identity providers**, then **Add provider**. | ||
| 3. For **Provider type**, select **OpenID Connect**. | ||
| 4. For **Provider URL**, paste your full Scalekit environment URL including `https://`, for example `https://acme-prod.scalekit.cloud`. | ||
| 5. For **Audience**, paste your **Connection ID**, for example `conn_128516460753453607`. AWS checks this against the JWT's `aud` claim. | ||
| 6. (Optional) Add tags for cost allocation or ownership tracking. | ||
| 7. Click **Add provider**. | ||
|
|
||
| </Steps> |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value
Use headings inside each <Steps> list.
These items are plain numbered paragraphs (1. Sign in...) instead of the required 1. ### .../1. ## ... step headings. Convert all three blocks so the Starlight step hierarchy renders consistently.
As per path instructions, numbered steps must use heading syntax inside <Steps>.
Also applies to: 134-146, 310-317
🧰 Tools
🪛 LanguageTool
[style] ~110-~110: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ... https://acme-prod.scalekit.cloud. 5. For Audience, paste your **Connection I...
(ENGLISH_WORD_REPEAT_BEGINNING_RULE)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 104 - 114,
Convert every numbered item in all three affected <Steps> blocks, including the
blocks around the IAM provider setup and the referenced sections, into
heading-form steps using the required `1. ### ...` or `1. ## ...` syntax while
preserving each step’s existing content and order.
Source: Path instructions
| <Aside type="note" title="Adding a second Connection ID later"> | ||
| If you add another Redshift connection in the same Scalekit environment, don't create a new OIDC provider. Add the new Connection ID to this provider's audience list instead. | ||
| </Aside> |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Update the role trust policy when adding another connection.
Adding an audience to the OIDC provider is insufficient when reusing the existing IAM role; its aud condition still accepts only the original Connection ID. Document updating the trust policy to accept both IDs, or creating a separate role with the new audience.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 126 - 128,
The note in “Adding a second Connection ID later” must also address the IAM role
trust policy. Instruct users to update its `aud` condition to accept both
Connection IDs, or create a separate IAM role configured for the new audience,
in addition to updating the OIDC provider audience list.
| ```bash frame="terminal" | ||
| curl -X POST 'https://<YOUR_ENV_DOMAIN>/api/v1/connected_accounts' \ | ||
| -H 'Authorization: Bearer <YOUR_SCALEKIT_API_TOKEN>' \ | ||
| -H 'Content-Type: application/json' \ |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win
Do not present the API token as a copyable literal.
Read the token from an environment variable and explain that exposing it in shell history or source control grants access to connected-account credentials.
As per path instructions, security-sensitive examples must avoid hard-coded secrets and explain the security implication.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 338 - 341,
Update the connected-account curl example to read the bearer token from an
environment variable instead of showing a copyable literal, and add a brief
warning that shell history or source control exposure grants access to
connected-account credentials.
Source: Path instructions
| "identifier": "acme-org-id", | ||
| "connector": "redshift-<CONNECTOR_KEY>", | ||
| "connected_account": { | ||
| "authorization_details": { | ||
| "trusted_idp": { "db_user": "analytics_reader" } | ||
| }, | ||
| "api_config": { | ||
| "role_arn": "arn:aws:iam::166424725243:role/ScalekitRedshiftAccess", | ||
| "region": "us-east-1", | ||
| "database": "analytics", | ||
| "workgroup_name": "analytics-wg", | ||
| "namespace_name": "analytics-ns" | ||
| } | ||
| } | ||
| }' | ||
| ``` | ||
|
|
||
| For a provisioned cluster, replace `workgroup_name` and `namespace_name` with `cluster_identifier`. |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟡 Minor | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
sed -n '300,390p' src/content/docs/agentkit/connectors/redshift.mdx
printf '\n--- SEARCH ---\n'
rg -n "db_user|workgroup_name|namespace_name|cluster_identifier|trusted_idp" src/content/docs/agentkit/connectors/redshift.mdxRepository: scalekit-inc/developer-docs
Length of output: 5354
🏁 Script executed:
sed -n '468,480p' src/content/docs/agentkit/connectors/redshift.mdxRepository: scalekit-inc/developer-docs
Length of output: 812
Split the Redshift payload examples The serverless sample still includes trusted_idp.db_user, which the table marks as provisioned-only and ignored for serverless. Show separate serverless and provisioned payloads so the shapes stay unambiguous.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 343 - 360,
Split the Redshift payload documentation into distinct serverless and
provisioned examples. In the serverless example, remove trusted_idp.db_user,
while retaining it only in the provisioned cluster example; show the appropriate
api_config fields for each shape, including workgroup_name/namespace_name for
serverless and cluster_identifier for provisioned.
| // Poll for results. status is "FINISHED" when the query completes. | ||
| const result = await scalekit.actions.executeTool({ | ||
| toolName: 'redshift_get_query_result', | ||
| identifier: 'acme-org-id', | ||
| connector: 'redshift', | ||
| toolInput: { statement_id: statementId }, | ||
| }); | ||
| console.log(result.data.status); // "FINISHED" | ||
| console.log(result.data.rows); // [[12345]] |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
file="src/content/docs/agentkit/connectors/redshift.mdx"
echo "== Line count =="
wc -l "$file"
echo
echo "== Relevant excerpt =="
sed -n '360,430p' "$file" | cat -nRepository: scalekit-inc/developer-docs
Length of output: 3954
🏁 Script executed:
#!/bin/bash
set -euo pipefail
file="src/content/docs/agentkit/connectors/redshift.mdx"
echo "== Surrounding excerpt =="
sed -n '380,425p' "$file" | cat -n
echo
echo "== Search for query-result polling =="
rg -n "redshift_get_query_result|statement_id|FINISHED|FAILED|ABORTED" "$file"Repository: scalekit-inc/developer-docs
Length of output: 2460
Add a bounded poll loop before fetching Redshift rows. The example calls redshift_get_query_result immediately after submitting the statement. Wait for FINISHED, and handle FAILED, ABORTED, and timeout states in both snippets. Same issue at 410–418.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 388 - 396,
Update both Redshift result-fetching snippets around
scalekit.actions.executeTool and redshift_get_query_result to use a bounded
polling loop: repeatedly request the query status until it is FINISHED, handle
FAILED and ABORTED as errors, and stop with an explicit timeout error if
completion takes too long before reading rows.
| ### Verify the round-trip in CloudTrail | ||
|
|
||
| For each tool call, AWS CloudTrail records two events: | ||
|
|
||
| 1. An `AssumeRoleWithWebIdentity` event from a `userIdentity` of type `WebIdentityUser`, with your Scalekit environment as the issuer. | ||
| 2. A `redshift-data:ExecuteStatement` (or related) event from the assumed role. | ||
|
|
||
| The `RoleSessionName` matches the connected account's identifier (sanitized — `+` becomes `-`, and so on), so CloudTrail attributes activity per organization out of the box. |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Use the correct CloudTrail event fields and expectations.
CloudTrail records eventSource: redshift-data.amazonaws.com and eventName: ExecuteStatement; redshift-data:ExecuteStatement is IAM action syntax. Also, different tools generate different event names, so do not promise exactly two events per tool call. (docs.aws.amazon.com)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 434 - 441,
Update the “Verify the round-trip in CloudTrail” section to describe the data
API event using CloudTrail fields: eventSource redshift-data.amazonaws.com and
eventName ExecuteStatement, rather than IAM action syntax. Avoid guaranteeing
exactly two events per tool call; state that event names and counts vary by tool
while retaining the AssumeRoleWithWebIdentity and role-session attribution
guidance.
| ### Revoke access | ||
|
|
||
| To immediately cut off Scalekit's access to your Redshift, do any one of the following: | ||
|
|
||
| - Delete the IAM role, or | ||
| - Remove the `Federated` principal from the trust policy, or | ||
| - Remove the OIDC provider entry in AWS IAM. | ||
|
|
||
| Any of these causes the next `AssumeRoleWithWebIdentity` call to fail with `AccessDenied`. |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟠 Major | ⚡ Quick win
Do not promise immediate revocation by changing trust only.
Removing the trust relationship or OIDC provider blocks new role assumptions, but already-issued temporary credentials can remain usable until expiry unless role permissions are denied or active sessions are revoked. Document AWS’s active-session revocation procedure for emergency cut-off. (docs.aws.amazon.com)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/content/docs/agentkit/connectors/redshift.mdx` around lines 485 - 493,
Update the “Revoke access” section to avoid promising immediate revocation from
trust-policy or OIDC changes alone; explain that existing temporary credentials
may remain valid until expiry. Add AWS’s active-session revocation procedure for
emergency cut-off, and clarify the distinction between blocking new
AssumeRoleWithWebIdentity calls and invalidating active sessions.

Summary
Significantly expand the AWS Redshift connector documentation to provide a complete, production-ready setup guide for the Trusted IDP authentication flow. The original page was a stub; this update transforms it into a comprehensive guide covering architecture, prerequisites, AWS IAM configuration, Redshift database setup, Scalekit connection creation, and troubleshooting.
Key changes
Added "How it works" section — Explains the Trusted IDP flow: JWT minting, STS
AssumeRoleWithWebIdentity, temporary credential caching, and why long-lived keys are never stored.Added prerequisites — Lists AWS account requirements, IAM permissions needed, Scalekit workspace setup, and Redshift target options (provisioned vs. serverless).
Added "Gather your Scalekit details first" section — Instructs users to collect Environment URL and Connection ID from the dashboard before touching AWS, with explanations of what these values mean for AWS trust policies.
Added Part 1: AWS setup — Step-by-step instructions for:
Added Part 2: Redshift database setup — Guidance for serverless (no user creation needed) and provisioned clusters (SQL to create IAM-authenticated user with minimal grants).
Added Part 3: Scalekit connection creation — Dashboard and API steps to create a connected account, with a detailed field reference table explaining each input (identifier, role ARN, region, database, cluster/workgroup, namespace, db_user).
Rewrote "What you can do" section — Clearer, more concise bullet points describing agent capabilities.
Added "Execute tools" section — Node.js and Python code examples showing how to submit SQL, poll for results, and handle statement IDs.
Added "Troubleshoot common errors" section — Table mapping six common errors to their causes and fixes (InvalidIdentityToken, trust policy mismatches, permission policy issues, missing fields, etc.).
Added "Verify the round-trip in CloudTrail" section — Explains how to audit Scalekit's STS and Redshift API calls in CloudTrail, including role session naming.
Added comprehensive reference section — JWT claims Scalekit mints, trust policy claim names, where credentials are stored and encrypted, refresh/rotation behavior, and revocation steps.
Updated imports — Added
AsideandBadgecomponents to support callouts and status badges.Updated description — Changed from generic Redshift overview to a specific, benefit-focused summary of the Trusted IDP flow and no long-lived keys.
Added CSS — Table styling to prevent first-column text wrapping, improving readability of reference tables.
Notable implementation details
Asidecomponents) highlight common mistakes (e.g., usingsts.amazonaws.comas audience, localhost issuers, missing workgroup UUID in serverless policy).https://claude.ai/code/session_01JWVq58yRgybXxvfxvRALNU
Summary by CodeRabbit