fix: adapt retrieve_tools instructions for code execution routing mode#341
Merged
fix: adapt retrieve_tools instructions for code execution routing mode#341
Conversation
The handleRetrieveTools handler was always returning call_tool_read/write/destructive instructions regardless of routing mode. When called from code_execution mode (/mcp/code), LLMs should be told to use `code_execution` with `call_tool()` in JavaScript instead. - Add handleRetrieveToolsForMode() that returns a closure with the routing mode baked in - Add handleRetrieveToolsWithMode() that switches usage_instructions based on routing mode - Keep handleRetrieveTools() as backward-compatible wrapper for existing callers - Update buildCodeExecModeTools() to use RoutingModeCodeExecution - Update buildCallToolModeTools() to use RoutingModeRetrieveTools - Verify read-only agent token enforcement in code_execution (already implemented) - Add 4 tests covering mode-specific instructions and closure behavior Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Deploying mcpproxy-docs with
|
| Latest commit: |
1b8e235
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://ebc1db30.mcpproxy-docs.pages.dev |
| Branch Preview URL: | https://fix-retrieve-tools-mode-inst.mcpproxy-docs.pages.dev |
filepath.ToSlash ensures tmpBase paths don't break JSON on Windows (e.g., C:\Users\... → C:/Users/...). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Skip MkdirAll and validation when DataDir contains unresolved ${...}
references — Windows rejects $ and {} in directory names. The
expandDataDir warning already alerts the user.
Also fix TestLoadConfig_DataDirExpandFailure to use forward slashes
in JSON to avoid invalid escape sequences on Windows paths.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
📦 Build ArtifactsWorkflow Run: View Run Available Artifacts
How to DownloadOption 1: GitHub Web UI (easiest)
Option 2: GitHub CLI gh run download 23020927989 --repo smart-mcp-proxy/mcpproxy-go
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
handleRetrieveTools()handler always returnedcall_tool_read/write/destructiveinstructions inusage_instructions, even when called from code execution mode (/mcp/code). In that mode, LLMs should be told to usecode_executionwithcall_tool(serverName, toolName, args)in JavaScript instead. AddedhandleRetrieveToolsForMode()(closure factory) andhandleRetrieveToolsWithMode()(mode-aware implementation) to switch instructions based on routing mode.code_executionis already implemented. WhenAuthInfo.Permissionsis["read"], calling write/destructive tools inside JavaScript returnsPERMISSION_DENIED. Tests exist and pass (TestExecuteAuthContext_PermissionDenied). TheAuthContextis properly passed from HTTP context to JS runtime inmcp_code_execution.go.Changed files
internal/server/mcp.go— AddedhandleRetrieveToolsForMode(),handleRetrieveToolsWithMode(), and mode-awareusage_instructionsswitchinternal/server/mcp_routing.go— UpdatedbuildCodeExecModeTools()andbuildCallToolModeTools()to use mode-specific handlersinternal/server/mcp_routing_test.go— Added 4 tests for mode-specific instructionsTest plan
TestRetrieveToolsInstructions_CodeExecutionMode— code_execution mode mentionscode_execution/call_tool(), does NOT recommendcall_tool_read/write/destructiveTestRetrieveToolsInstructions_RetrieveToolsMode— retrieve_tools mode mentionscall_tool_read/write/destructiveand intent trackingTestRetrieveToolsInstructions_DefaultMode— empty mode falls back to retrieve_tools instructionsTestHandleRetrieveToolsForMode_ClosureReturnsDifferentInstructions— closures for different modes produce different instructionsTestExecuteAuthContext_PermissionDenied— existing test verifies read-only token blocks destructive calls in JS runtime🤖 Generated with Claude Code