Open
Conversation
GATE 1 - Static Auditor (Python): - AST parsing to extract tool/skill calls before execution - Policy check against allowed tools - Detects loops, conditionals, nesting depth - Supports both mcp.use() and skill.method() patterns GATE 2 - MCPClientManager (Bun + TypeScript): - Connects to 5 MCP servers (31 tools) - ABAC Policy Engine with scope matching - Auth SDK with JWT validation and kill switch - Audit logging with structured entries - Windows named pipe + Unix socket support Binding Pattern (L1 Skills): - Skills use _binding proxy (LLM never sees raw tool names) - BindingProxy routes all calls through Policy Gate - Skill loader injects _binding at runtime - from skills import filesystem syntax Sandbox Runtime: - NsJail config for Linux kernel isolation - Fallback unsafe mode for Windows development - Python runner with skill package installation Examples: - skill_workflow.py - Uses skills layer - fetch_and_save_docs.py - Fetches from context7, saves locally
TypeScript SDK for MCP agents and resource servers: src/auth/ ├── types.ts - Type definitions (MCPCredentials, MCPToken, ValidationResult, etc.) ├── errors.ts - MCPError, MCPRegistrationError, MCPAuthError, MCPRateLimitError ├── jwt.ts - JWT decoding and validation utilities ├── agent-client.ts - MCPAgentClient for registration and token acquisition ├── resource-server.ts - MCPResourceServer for token validation ├── admin-client.ts - MCPAdminClient for admin operations ├── helpers.ts - Convenience functions (registerAgent, getAccessToken, etc.) ├── index.ts - Barrel export ├── demo.ts - Demo script similar to Python e2e_demo.py └── README.md - SDK documentation Features: - Agent registration with REG_JWT (Budgeted DCR) - Token acquisition with scope and audience (RFC 8707) - JWT validation (stateless, ~0.1ms) - Introspection validation (~35ms) - Kill switch support (requireActiveCheck) - Scope and audience enforcement Updates: - MCPClientManager now uses MCPResourceServer instead of old AuthSDK - Policy Engine updated to handle optional Identity fields - Removed old src/policy/auth.ts in favor of src/auth/ module
…Secure Tool Search
- **Registry Architecture**: Unified ToolRegistry, SkillRegistry, and WorkflowRegistry to use a shared PostgreSQL backend (via Drizzle ORM) with FTS5 support.
- **Database**: Replaced local file scanning/SQLite with asynchronous, high-performance Postgres connections. Added src/registry/db.ts and schema definitions.
- **Tool Search**: Implemented RegistrySearchTool (BM25-style) for dynamic, auth-aware tool discovery.
- **Agent**: Updated Agent to support an interactive SEARCH('query') loop, enabling it to discover tools on-demand while enforcing RBAC permissions.
- **AuthZ**: Propagated AgentIdentityScope through the search and discovery layer to ensure users only see tools permitted by their roles.
- **Cleanup**: Removed legacy compatibility code and standardized ingest()/search() APIs across all registries.
- **Tests**: Updated E2E tests to validate the new async registry and search workflows.
…Agents
- **Registry Overhaul**: Migrated Tool, Skill, and Workflow registries to use PostgreSQL with Drizzle ORM for high-performance persistence and FTS5 search.
- **Async I/O**: Refactored the entire codebase to use Bun's native asynchronous file APIs ('Bun.file', 'Bun.write') replacing synchronous 'fs' calls for better performance.
- **Agent Discovery**: Implemented a robust 'Tool Search' loop in the Agent, allowing it to dynamically discover tools via natural language queries (BM25) while enforcing RBAC permissions.
- **Testing**: Fixed and stabilized end-to-end tests ('agent_e2e_llm', 'gcm_workflow_reuse') by introducing fake LLM harnesses and isolating test data with unique Organization IDs.
- **Security**: Strengthened Authorization propagation in the discovery layer ('RegistrySearchTool') to ensure users only access tools permitted by their roles.
- **Cleanup**: Standardized registry interfaces ('ingest', 'search') and removed legacy compatibility layers.
Introduce a structured tool_call/final loop with registry discovery, Gate 1-in-loop validation, and gpt-4o-mini wiring to support UI-driven workflow building.
- Added `types.ts` to define Engram-related types including NodePointer, EngramNode, and various result interfaces. - Introduced `EngramService` interface with methods for searching, inspecting, exploring, and loading content. - Created `test_lifecycle.ts` for testing MCPClientManager lifecycle operations. - Developed `service.ts` for Mission management, including creation, retrieval, and context updates. - Added demo scripts for orchestrating missions and recursive discovery. - Implemented message handling in `message.ts` for session message storage and compaction.
…n and run management - Updated MissionService to allow optional IDs for missions and sessions. - Improved session creation logic to preload context from missions. - Enhanced run creation to handle optional run IDs and associate with sessions and missions. - Introduced capability registry for managing tools, skills, and workflows with caching and permission checks. - Refactored runtime loop and sub-agent to accommodate new session and run structures. - Added capability loading logic to dynamically manage tool and skill capabilities.
…l creator, and related runtime files - Deleted demo files for governance, grand orchestrator, recursive discovery, and skill creator to streamline the codebase. - Updated the loop and sub-agent files to improve session management and tool execution. - Introduced a new session manager for better handling of mission sessions and runs. - Refactored agent management to support workflow agents and improved agent runtime creation. - Enhanced tests to reflect changes in agent structure and functionality.
- Updated JWT claims interface to support both string and array for scopes. - Improved JWT decoding with a base64 URL decode helper function. - Added rotateSecret method to MCPAgentClient for client secret rotation. - Implemented secret rotation flow in demo application. - Introduced safeJson utility function for robust JSON parsing from responses. - Updated OAuth demo to include secret rotation and improved user experience. - Added new OAuth demo script for user flow demonstration. - Updated .gitignore to exclude docs directory.
- Added ContextBuilder interface and StandardContextBuilder implementation for building runtime contexts. - Implemented buildRuntimeContext function for convenience in creating contexts. - Created Skill Creator Executor for phase-based skill creation, including discovery and generation phases. - Added agent configuration types and interfaces for managing agent execution and dependencies. - Introduced analytics and memory management modules for tracking performance and optimizing memory usage. - Implemented caching mechanisms for improved performance in LLM responses.
…rypto - Add grep_search tool for regex content search across files using ripgrep with Node.js fallback - Replace Node.js crypto.randomBytes with Bun-native crypto.getRandomValues for temporary file generation - Replace Node.js crypto.createHash with Bun.crypto.subtle.digestSync for SHA256 hashing (significantly faster on Bun) - Update stitch_file tool description to mark as ADVANCED with byte offset warnings - Update documentation and schema files for new grep_search tool - Remove additionalProperties restriction from context7 schemas
- Convert indentation from spaces to tabs - Standardize quote style to double quotes - Reorganize and sort import statements - Break long lines for readability - Use Number.isNaN() instead of global isNaN() - Replace @ts-ignore with @ts-expect-error - Add trailing commas for cleaner diffs - Remove empty api.md file
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
| import json | ||
| import boto3 | ||
| from botocore.exceptions import ClientError | ||
| , load_dotenv |
| COMMENT = "comment" # Neutral - just observations | ||
|
|
||
|
|
||
| class PRRiskLevel(Enum): |
| DRY_RUN = "dry_run" | ||
|
|
||
|
|
||
| class RiskLevel(Enum): |
| raise ImportError(f"Failed to load skill: {skill_name}") | ||
|
|
||
| module = importlib.util.module_from_spec(spec) | ||
| bindings_obj = bindings |
| # Maps: tree-sitter node type -> symbol kind | ||
| SYMBOL_NODE_TYPES = { | ||
| # Python | ||
| "function_definition": "function", |
| "decorated_definition": "decorated", # Will unwrap to get inner type | ||
|
|
||
| # JavaScript/TypeScript | ||
| "function_declaration": "function", |
|
|
||
| # JavaScript/TypeScript | ||
| "function_declaration": "function", | ||
| "class_declaration": "class", |
| "class_declaration": "class", | ||
| "method_definition": "method", | ||
| "arrow_function": "arrow_function", | ||
| "interface_declaration": "interface", |
|
|
||
| # Go | ||
| "function_declaration": "function", | ||
| "method_declaration": "method", |
|
|
||
| if not allowed_servers: | ||
| # Try to extract from code as fallback | ||
| import re |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.