feat(server): add read-only inspect_session tool for session state introspection (#193)#215
Merged
Merged
Conversation
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Signed-off-by: Mike Clay <mike.clay@shielded.io>
f79ff02 to
093c052
Compare
Adds inspect_session, a read-only MCP tool returning a compact structured projection of a session's own state (identity, variables, checkpoints, activities, history tally, children) across seven views, with optional child_index descent and single-variable narrowing. Clones the read-only get_workflow_status shape; no checkpoint gate, no advance/save. Projection logic ported from the reference scripts/inspect_session.py with a parity test. Updates README tool count, api-reference, and generated site data. Refs #193 Signed-off-by: Mike Clay <mike.clay@shielded.io>
The parity oracle projected the children digest from the root document under --child, while the tool projects it from the addressed (descended) session. Align the oracle to the addressed-session semantics, add a grandchild to the fixture, and extend parity coverage (TC-08 summary/children under child_index, new TC-09) so the oracle catches root-vs-addressed drift. Refs #193 Signed-off-by: Mike Clay <mike.clay@shielded.io>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a read-only
inspect_sessionMCP tool that lets close-out activities read session state through a first-class, schema-versioned projection, eliminating the ad-hocpython3 -creads ofsession.json(observed 8 times in a single meta + client run) that each triggered a non-suppressible permission prompt.🐛 Issue 📐 Engineering 🧪 Test Plan
Motivation
Close-out activities need to read a session's own state back out of
session.json— the variable bag, checkpoint responses, completed/skipped activity lists, the history event stream, and embedded child sessions undertriggeredWorkflows[].state. The server offered no first-class way to obtain that state, so workers fell back to inlinepython3 -creads. Each inline call is a unique command string that triggers a non-suppressible permission prompt for the supervising user; the location-scoped allow-hook refuses-cinline code by design, so the form can never be allow-listed; and the projection logic was regenerated per call, where a wrong-key probe silently reports nothing — a correctness risk for close-out summaries.Changes
inspect_sessiontool. It accepts four parameters —session_index(required),view(defaults to the summary view), optionalchild_index, and optionalvariable— and returns a compact structured projection built from the shared session read path, never the rawsession.json. Seven views are supported: summary, identity, variables, checkpoints, activities, history, and children.child_indexperforms a one-level positional descent into an embedded child session;variablenarrows the variables view to a single entry. The tool is strictly read-only — it never advances or saves the session and stays usable while a checkpoint is active — and is excluded from execution-flow tracing.variablenarrowing,child_indexdescent (including the not-found path), read-only invariance, behaviour while a checkpoint is active, and byte-parity against the reference implementation. The full suite (557 tests) passes.inspect_sessionentry to the API reference, and registered the tool in the generated site data (tool groups and guide) so the documentation-site drift guard stays green.Companion workflows-content change: requirement (b) of #193 — advisory
inspect_sessionnotes on the four close-out techniques (verify-outcomes,generate-summary,retrospective,select-next) — is delivered on the separate branchworkflow/193-inspect-session-notes, which targets theworkflowsorphan branch, notmain. It is part of #193 but lands via the workflows-content branch and is intentionally not merged into this PR.🤖 AI Assistance
Commits are DCO signed-off (
git commit -s) per repo convention; the DCO attestation is recorded in the provenance log.📌 Submission Checklist
🔱 Fork Strategy
🗹 TODO before merging