feat(tools): resolve and inject bundle tools (MCP/API) into a run#88
Closed
chenhunghan wants to merge 5 commits into
Closed
feat(tools): resolve and inject bundle tools (MCP/API) into a run#88chenhunghan wants to merge 5 commits into
chenhunghan wants to merge 5 commits into
Conversation
Mirror the registry tool schema (kind mcp|api, transport stdio|sse|http, requiredIntegrations) as a typed, validated artifact, and let the agent artifact declare where its MCP client config is written (spec.mcp).
Pull each tool component, fold remote (http/sse/api) tools' hosts into the run policy as allow routes and their requiredIntegrations into the policy integrations, and stop skipping tools. The policy blob is left byte-identical when no tool needs egress, and synthesized or augmented as tolerant JSON when one does, so partial policies still round-trip.
…e daemon Render the resolved tools as the de-facto mcpServers shape, targeted at the agent-declared spec.mcp.configPath, and thread it through RunImageArgs / RunConfig to the daemon. The terminal guest-write hop is staged in the platform-only run orchestrator (Vz/Linux, coverage-exempt) and marked as the injection seam; everything up to it is host-tested.
The McpInjection/McpTransport/McpConfig doc comments restated their own names, and the orchestrator comment referenced a doc that would rot; the field names and the log line carry the meaning.
The field is carried through the run request; the guest-rootfs write is the deferred platform hop, so the orchestrator no longer narrates it.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Stacked on #61 (
feat/registry-login-policy-artifacts). Teacheslns run <bundle>to actually use the bundle'stoolcomponents instead of skipping them — meeting the tool schema the lns-registry already defines.What it does
lns-policy— typedToolArtifactmirroring the registry tool schema (kind: mcp|api, transportstdio|sse|http,requiredIntegrations) with afrom_config_blobvalidator, plus the agent'sspec.mcpinjection point (configPath+format, defaultmcpServers).lns-cliresolve — pulls each tool component; folds remote (http/sse/api) tools' hosts into the run policy as allow-routes and theirrequiredIntegrationsinto the policy integrations; renders the de-factomcpServersconfig targeted atspec.mcp.configPath. Partial policies still round-trip byte-for-byte when nothing is added.lns-ipc—McpConfig { target, content }carried onRunImageArgs/RunConfig.lns-service— receives theMcpConfigon the run request; the guest-rootfs write is the deferred hop (below).Design
Lens-sandbox is a tool-config materializer, not an MCP host: tools run in-guest under the existing policy/credential machinery; the agent's own MCP client spawns/dials them from a config we write. Full rationale, the kind/transport split, and the open decisions are in the design doc (shared separately).
Scope / what's deliberately deferred
McpConfigreaches the daemon but is not yet written into the running microVM atconfigPath— that step is Linux-microVM/Vz-only and can't be built or tested from a macOS host. The host-side spine (resolve → fold policy → render → carry to the daemon) is fully tested; the guest write is the remaining hop.image/layersfield on the registry tool schema + guest rootfs overlay — a companion change inlns-registry, out of scope here.spec.mcp(and the pendingresources/ports/volumesdrift fix) — follow-up inlns-registry.Tests / gate
make lint+make complexitygreen. New Layer-3 coverage: tool artifact parse/validate (every kind/transport + error paths), remote-tool policy folding (synthesized + augmented),mcpServersrendering (stdio command/args and remote url), the missing-spec.mcpwarning, and the IPCMcpConfiground-trip. Fullmake coveragenot run locally.