From a59e5c1ed3fee2b935fdefc64ad2becc6e440b2e Mon Sep 17 00:00:00 2001 From: Hare Date: Sat, 20 Jun 2026 17:00:59 +0900 Subject: [PATCH 1/4] ticket: accept mcp tool registration --- .../artifacts/orchestration-plan.jsonl | 1 + .yoi/tickets/00001KVHR3WS6/item.md | 4 +- .yoi/tickets/00001KVHR3WS6/thread.md | 66 +++++++++++++++++++ 3 files changed, 69 insertions(+), 2 deletions(-) diff --git a/.yoi/tickets/00001KVHR3WS6/artifacts/orchestration-plan.jsonl b/.yoi/tickets/00001KVHR3WS6/artifacts/orchestration-plan.jsonl index d7f603ba..2d13b84e 100644 --- a/.yoi/tickets/00001KVHR3WS6/artifacts/orchestration-plan.jsonl +++ b/.yoi/tickets/00001KVHR3WS6/artifacts/orchestration-plan.jsonl @@ -1 +1,2 @@ {"id":"orch-plan-20260620-060022-1","ticket_id":"00001KVHR3WS6","kind":"blocked_by","related_ticket":"00001KVHR3WRY","note":"Tool registration requires initialized MCP stdio lifecycle. `00001KVHR3WRY` is queued and depends on `00001KVHR3WRF`; leave this Ticket queued until lifecycle is closed.","author":"yoi-orchestrator","at":"2026-06-20T06:00:22Z"} +{"id":"orch-plan-20260620-080022-2","ticket_id":"00001KVHR3WS6","kind":"accepted_plan","accepted_plan":{"summary":"Initialized MCP stdio lifecycle clientを使って `tools/list` を実行し、server-provided tool metadataを untrusted dataとして検証・正規化し、既存 `pod::feature` / ToolRegistry path経由で namespaced Yoi tools として登録する。This Ticket does not implement `tools/call` execution or resources/prompts.","branch":"impl/00001KVHR3WS6-mcp-tool-registration","worktree":"/home/hare/Projects/yoi/.worktree/00001KVHR3WS6-mcp-tool-registration","role_plan":"Orchestrator は acceptance records を commit 後、専用 implementation worktree `.worktree/00001KVHR3WS6-mcp-tool-registration` を作成し、Coder をその child worktree への narrow write scope で起動する。Coder 実装後、Reviewer が tools/list pagination/bounds、untrusted metadata/schema normalization、namespaced ToolRegistry registration、no tools/call execution、no resources/prompts registration を確認する。"},"author":"yoi-orchestrator","at":"2026-06-20T08:00:22Z"} diff --git a/.yoi/tickets/00001KVHR3WS6/item.md b/.yoi/tickets/00001KVHR3WS6/item.md index 46d709eb..3f244ee7 100644 --- a/.yoi/tickets/00001KVHR3WS6/item.md +++ b/.yoi/tickets/00001KVHR3WS6/item.md @@ -1,8 +1,8 @@ --- title: 'MCP: register server tools into ToolRegistry' -state: 'queued' +state: 'inprogress' created_at: '2026-06-20T05:30:04Z' -updated_at: '2026-06-20T06:00:44Z' +updated_at: '2026-06-20T08:00:53Z' assignee: null readiness: 'implementation_ready' risk_flags: ['mcp', 'tools-list', 'tool-registry', 'schema', 'untrusted-metadata'] diff --git a/.yoi/tickets/00001KVHR3WS6/thread.md b/.yoi/tickets/00001KVHR3WS6/thread.md index e93479b5..4a88c73f 100644 --- a/.yoi/tickets/00001KVHR3WS6/thread.md +++ b/.yoi/tickets/00001KVHR3WS6/thread.md @@ -27,3 +27,69 @@ Next: - `00001KVHR3WRY` が closed になった後、改めて reroute する。 --- + + + +## Decision + +Routing decision: implementation_ready + +Reason: +- Panel Queue により、この Ticket は Orchestrator routing 対象として明示許可された。 +- 前回は `00001KVHR3WRY` stdio JSON-RPC lifecycle が未完了だったため blocked/queued hold としたが、現在 `00001KVHR3WRY` は closed。 +- Ticket body は `tools/list` による registration scope、metadata/schema normalization、ToolRegistry integration、no `tools/call` execution、no resources/prompts を明確に分離している。 +- 現在 inprogress は 0 件、child implementation Pods はなし、matching branch/worktree はなし、Orchestrator worktree は clean。 +- Risk domain は mcp / tools-list / ToolRegistry / schema / untrusted metadata だが、Ticket は server metadata を untrusted data として扱い、invalid schema / duplicate / collision を fail-closed、normal ToolRegistry pathを使い、no private MCP bypass / no `tools/call` during registration などの invariants を明示している。bounded context check 後も implementation 前に必要な追加 human decision は見つからなかった。 + +Evidence checked: +- Ticket `00001KVHR3WS6` body / thread / relations / artifacts。 +- `TicketRelationQuery(00001KVHR3WS6)`: outgoing `depends_on 00001KVHR3WRY` is now closed。Incoming `00001KVHR3WSD` / `00001KVHR3WSW` are downstream and not blockers。 +- `TicketOrchestrationPlanQuery(00001KVHR3WS6)`: previous `blocked_by 00001KVHR3WRY` is resolved; accepted plan recorded now。 +- Workspace state: + - Orchestrator worktree clean at `68a8fc97`。 + - queued: `00001KVHR3WS6`, `00001KVHR3WSD`, `00001KVHR3WSN`, `00001KVHR3WSW`。 + - inprogress: 0。 + - visible Pods: self + peers only; spawned children 0。 + - no matching MCP tool-registration branch/worktree。 + +IntentPacket: + +Intent: +- Use the stdio MCP lifecycle client to call `tools/list` and register discovered MCP tools as ordinary Yoi model-visible tools through existing `pod::feature` / ToolRegistry contribution paths。 +- This Ticket implements registration/discovery only. It must not send `tools/call`, execute MCP tools, or expose resources/prompts。 + +Binding decisions / invariants: +- Server-provided tool names, descriptions, schemas, annotations, and metadata are untrusted data。 +- Normalize MCP tool names into stable namespaced Yoi tool names that include server namespace and avoid collisions。 +- Validate/normalize descriptions and JSON schemas before ToolRegistry registration; invalid schemas/duplicates/collisions fail closed with bounded diagnostics。 +- No server metadata may weaken Yoi instructions, scope, permissions, tool permissions, or system/developer instructions。 +- Registration must go through normal ToolRegistry / `pod::feature` dynamic contribution path; no private MCP bypass。 +- Do not send `tools/call` during registration。 +- Do not register resources/prompts in this Ticket。 +- Preserve lifecycle safety/redaction from `00001KVHR3WRY`。 + +Requirements / acceptance criteria: +- MCP mock server tool appears as model-visible Yoi tool with stable namespaced name。 +- Invalid schema is rejected with bounded diagnostic。 +- Duplicate/colliding names are rejected fail-closed。 +- Server metadata cannot weaken Yoi instructions/scope/permissions。 +- No `tools/call` request is sent during registration。 +- Tests cover valid registration, pagination/bounds, invalid schema, duplicate/collision, and untrusted metadata normalization。 + +Escalate if: +- Existing `pod::feature` dynamic contribution API cannot register MCP tools without broader provider-substrate changes。 +- Schema normalization requires product decisions beyond safe JSON schema subset / bounded diagnostics。 +- ToolRegistry registration would force `tools/call` execution into this Ticket。 + +Next action: +- Record `queued -> inprogress` and commit Ticket records before creating the implementation worktree and spawning Coder。 + +--- + + + +## State changed + +Ticket body/thread, relation metadata, closed MCP lifecycle dependency, Orchestrator worktree state, visible Pods, existing branch/worktree, and bounded ToolRegistry/schema context were checked. Dependency `00001KVHR3WRY` is closed, no inprogress/capacity blocker exists, and no missing planning decision was found. Accepting this queued Ticket for implementation before worktree/Pod side effects. + +--- From 50224326aafc433112b340941412af0a66113969 Mon Sep 17 00:00:00 2001 From: Hare Date: Sat, 20 Jun 2026 17:01:54 +0900 Subject: [PATCH 2/4] ticket: start mcp tool registration worktree --- .yoi/tickets/00001KVHR3WS6/item.md | 2 +- .yoi/tickets/00001KVHR3WS6/thread.md | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/.yoi/tickets/00001KVHR3WS6/item.md b/.yoi/tickets/00001KVHR3WS6/item.md index 3f244ee7..f84c353d 100644 --- a/.yoi/tickets/00001KVHR3WS6/item.md +++ b/.yoi/tickets/00001KVHR3WS6/item.md @@ -2,7 +2,7 @@ title: 'MCP: register server tools into ToolRegistry' state: 'inprogress' created_at: '2026-06-20T05:30:04Z' -updated_at: '2026-06-20T08:00:53Z' +updated_at: '2026-06-20T08:01:48Z' assignee: null readiness: 'implementation_ready' risk_flags: ['mcp', 'tools-list', 'tool-registry', 'schema', 'untrusted-metadata'] diff --git a/.yoi/tickets/00001KVHR3WS6/thread.md b/.yoi/tickets/00001KVHR3WS6/thread.md index 4a88c73f..312099ec 100644 --- a/.yoi/tickets/00001KVHR3WS6/thread.md +++ b/.yoi/tickets/00001KVHR3WS6/thread.md @@ -93,3 +93,18 @@ Next action: Ticket body/thread, relation metadata, closed MCP lifecycle dependency, Orchestrator worktree state, visible Pods, existing branch/worktree, and bounded ToolRegistry/schema context were checked. Dependency `00001KVHR3WRY` is closed, no inprogress/capacity blocker exists, and no missing planning decision was found. Accepting this queued Ticket for implementation before worktree/Pod side effects. --- + + + +## Implementation report + +Implementation orchestration start: +- Acceptance records were committed on Orchestrator branch: `a59e5c1e ticket: accept mcp tool registration`。 +- Created implementation worktree `/home/hare/Projects/yoi/.worktree/00001KVHR3WS6-mcp-tool-registration` on branch `impl/00001KVHR3WS6-mcp-tool-registration` at `a59e5c1e`。 +- Spawned Coder Pod `yoi-coder-00001KVHR3WS6` with write scope limited to the implementation worktree and read-only root scope only for runtime workspace identity。 +- Coder task explicitly forbids root/original workspace implementation, `tools/call`, resources/prompts exposure, merge, Ticket close, and cleanup。 + +Next action: +- Wait for Coder implementation report, then inspect branch diff/validation evidence and route to Reviewer。 + +--- From db1f6fb6d15f4ee5f7313ecd5f291a962bc6b6d9 Mon Sep 17 00:00:00 2001 From: Hare Date: Sat, 20 Jun 2026 17:29:31 +0900 Subject: [PATCH 3/4] ticket: record mcp tool registration implementation report --- .yoi/tickets/00001KVHR3WS6/item.md | 2 +- .yoi/tickets/00001KVHR3WS6/thread.md | 48 ++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/.yoi/tickets/00001KVHR3WS6/item.md b/.yoi/tickets/00001KVHR3WS6/item.md index f84c353d..24758289 100644 --- a/.yoi/tickets/00001KVHR3WS6/item.md +++ b/.yoi/tickets/00001KVHR3WS6/item.md @@ -2,7 +2,7 @@ title: 'MCP: register server tools into ToolRegistry' state: 'inprogress' created_at: '2026-06-20T05:30:04Z' -updated_at: '2026-06-20T08:01:48Z' +updated_at: '2026-06-20T08:29:21Z' assignee: null readiness: 'implementation_ready' risk_flags: ['mcp', 'tools-list', 'tool-registry', 'schema', 'untrusted-metadata'] diff --git a/.yoi/tickets/00001KVHR3WS6/thread.md b/.yoi/tickets/00001KVHR3WS6/thread.md index 312099ec..d5e87a44 100644 --- a/.yoi/tickets/00001KVHR3WS6/thread.md +++ b/.yoi/tickets/00001KVHR3WS6/thread.md @@ -108,3 +108,51 @@ Next action: - Wait for Coder implementation report, then inspect branch diff/validation evidence and route to Reviewer。 --- + + + +## Implementation report + +Coder implementation report received from `yoi-coder-00001KVHR3WS6`. + +Implementation commit: +- `66fa9d55 mcp: register stdio server tools` + +Changed areas reported: +- `crates/mcp`: + - Added MCP `tools/list` protocol result/tool types。 + - Added `list_tools_page` and bounded paginated `list_tools_bounded`。 + - Added mock-server coverage for paginated `tools/list` and assertion that `tools/call` is not sent。 +- `crates/pod`: + - Added MCP stdio discovery feature module。 + - Resolves configured stdio servers, initializes them, calls bounded `tools/list`, normalizes discovered tools, and registers them through existing protocol-provider / ToolRegistry contribution paths。 + - Namespaces tools as stable names like `Mcp__`。 + - Rejects invalid schemas and duplicate normalized names with bounded diagnostics。 + - Ignores untrusted MCP metadata/annotations/instructions for authority purposes。 + - Registered tools are discovery-only and return explicit not-implemented error if invoked; no MCP `tools/call` execution is implemented in this Ticket。 +- `package.nix` / `Cargo.lock`: updated for new `pod -> mcp` dependency and refreshed `cargoHash`。 + +Coder validation reported: +- `cargo test -p mcp list_tools --test stdio_lifecycle` +- `cargo test -p pod feature::mcp --lib` +- `cargo test -p mcp` +- `cargo fmt --check` +- `cargo check -p pod -p mcp` +- `git diff --check` +- `nix build .#yoi --no-link` after refreshing stale `cargoHash`。 + +Known risks / deferrals reported: +- MCP tool execution remains intentionally unimplemented; registered discovery-only stubs never send `tools/call`。 +- Resources/prompts and `list_changed` handling are deferred。 +- Secret-backed MCP stdio env resolution currently passes no Pod secret store from this integration path; non-secret stdio configs are supported by this Ticket。 + +Orchestrator evidence checked before review dispatch: +- Implementation worktree is clean。 +- HEAD is `66fa9d55`。 +- Diff from acceptance `a59e5c1e..HEAD` is one implementation commit touching 9 files, about 852 insertions / 4 deletions。 +- `git diff --check a59e5c1e..HEAD` produced no diagnostics。 + +Next action: +- Dispatch Reviewer for r1 review against Ticket requirements, with focus on ToolRegistry contribution path, schema/name normalization, no `tools/call`, discovery-only invocation behavior, metadata authority boundaries, secret-store deferral, and tests。 + +--- From 952020c8a50a30b60fb4d59808c01b501e86dbb4 Mon Sep 17 00:00:00 2001 From: Hare Date: Sat, 20 Jun 2026 17:30:28 +0900 Subject: [PATCH 4/4] ticket: dispatch mcp tool registration review --- .yoi/tickets/00001KVHR3WS6/item.md | 2 +- .yoi/tickets/00001KVHR3WS6/thread.md | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/.yoi/tickets/00001KVHR3WS6/item.md b/.yoi/tickets/00001KVHR3WS6/item.md index 24758289..04d397a5 100644 --- a/.yoi/tickets/00001KVHR3WS6/item.md +++ b/.yoi/tickets/00001KVHR3WS6/item.md @@ -2,7 +2,7 @@ title: 'MCP: register server tools into ToolRegistry' state: 'inprogress' created_at: '2026-06-20T05:30:04Z' -updated_at: '2026-06-20T08:29:21Z' +updated_at: '2026-06-20T08:30:22Z' assignee: null readiness: 'implementation_ready' risk_flags: ['mcp', 'tools-list', 'tool-registry', 'schema', 'untrusted-metadata'] diff --git a/.yoi/tickets/00001KVHR3WS6/thread.md b/.yoi/tickets/00001KVHR3WS6/thread.md index d5e87a44..ad9f3e76 100644 --- a/.yoi/tickets/00001KVHR3WS6/thread.md +++ b/.yoi/tickets/00001KVHR3WS6/thread.md @@ -156,3 +156,16 @@ Next action: - Dispatch Reviewer for r1 review against Ticket requirements, with focus on ToolRegistry contribution path, schema/name normalization, no `tools/call`, discovery-only invocation behavior, metadata authority boundaries, secret-store deferral, and tests。 --- + + + +## Plan + +Review dispatch: +- Spawned Reviewer Pod `yoi-reviewer-00001KVHR3WS6-r1` against implementation branch `impl/00001KVHR3WS6-mcp-tool-registration`。 +- Review target commit: `66fa9d55 mcp: register stdio server tools`。 +- Review baseline: `a59e5c1e`。 +- Reviewer task focuses on normal ToolRegistry contribution path, untrusted metadata/schema/name normalization, no `tools/call`, discovery-only invocation behavior, no resources/prompts/list_changed registration, diagnostics bounds, secret-store deferral, and tests。 +- Reviewer is instructed not to edit source, commit, merge, close the Ticket, or use TicketReview directly; it will report verdict/evidence back to Orchestrator。 + +---