fix(widgets/mcp-install): make uvx + pipx + pip cooldown snippets resolvable for fresh releases#58
Open
tony wants to merge 2 commits into
Open
fix(widgets/mcp-install): make uvx + pipx + pip cooldown snippets resolvable for fresh releases#58tony wants to merge 2 commits into
tony wants to merge 2 commits into
Conversation
…ude-newer in days panels why: The mcp-install widget's uvx-flavored days-mode snippets emitted ``uvx --exclude-newer P7D libtmux-mcp`` without a per-package override, so a fresh release of libtmux-mcp (newer than the cooldown cutoff) made the install unresolvable — ``no versions of libtmux-mcp`` from uv's resolver. uv's hint points at ``--exclude-newer-package <pkg>=<date>`` as the per-package override; setting it to a far-future date exempts the target package while keeping the cooldown applied to transitive deps. Identical pattern to the fix on the sibling agentgrep project. what: - Insert ``--exclude-newer-package libtmux-mcp=2099-01-01`` after ``--exclude-newer <DURATION>`` in the uvx + days branches of _tool_command, _json_body, and _toml_body, so every uvx + days panel (CLI, JSON, TOML body shapes) carries the exemption. - Extend _cooldown_note to surface a caveat for (pipx, days) and (pip, days) panels — pip's ``--uploaded-prior-to`` is a global cutoff with no per-package override, so when the cooldown filters out a recent libtmux-mcp release the snippet stays unresolvable. The caveat points readers at the uvx snippet, which carries the exemption. - Update test_body_for_uvx_days_inserts_duration_sentinel to assert the new flag appears in the rendered command. The other uvx-days tests use substring assertions on ``"--exclude-newer"`` / ``"<COOLDOWN_DURATION>"`` so they pass unchanged. - No changes to bypass / off panels — bypass already skips any global uv cooldown via ``--no-config``, off has no cutoff, both stay resolvable.
tony
force-pushed
the
fix/cooldown-exempt-self-package
branch
from
7f51092 to
bad15d0
Compare
8 tasks
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #58 +/- ##
==========================================
- Coverage 86.02% 85.94% -0.09%
==========================================
Files 40 40
Lines 2454 2440 -14
Branches 325 319 -6
==========================================
- Hits 2111 2097 -14
Misses 260 260
Partials 83 83 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
…ck to bare commands why: ``pipx run --pip-args=--uploaded-prior-to=<DATE> libtmux-mcp`` fails with ``ERROR: Could not find a version that satisfies the requirement libtmux-mcp`` whenever the cutoff filters fresh libtmux-mcp releases. Verified directly against pip 26.1.1's source (``_internal/cli/cmdoptions.py:463``): ``--uploaded-prior-to`` is a single global cutoff with no per-package override flag. pipx's ``commands/run_uv.py::_UV_TRANSLATABLE_VALUE_FLAGS`` only forwards a narrow whitelist of pip args to its uv backend (no ``--exclude-newer`` / ``--uploaded-prior-to``), so the uv backend can't carry the cooldown either. Mirrors the same fix landed in agentgrep this round. what: - ``_tool_command`` / ``_pip_prereq_for`` / ``_json_body`` / ``_toml_body`` all return the bare command for (pipx, *) and (pip, *) — no ``--pip-args=--uploaded-prior-to`` or ``--uploaded-prior-to`` flag emitted. The uvx days panels keep ``--exclude-newer P7D --exclude-newer-package libtmux-mcp=2099-01-01`` since uv has both flags. - ``_cooldown_note`` for (pipx | pip, days | bypass) now returns a single redirect note: "pip has no per-package cooldown override, so this snippet runs without cooldown enforcement. Switch to the uvx tab — it applies the cooldown to transitive deps via ``--exclude-newer`` while exempting libtmux-mcp itself via ``--exclude-newer-package``." Drops the old separate (pipx, bypass) and (pip, bypass) notes. - Remove the now-unused ``_DATE_SENTINEL`` constant and ``PIP_PREREQ_DAYS`` constant from mcp_install.py. - Update test_body_for_pipx_days_uses_pip_args_form_with_absolute_date → test_body_for_pipx_days_falls_back_to_bare_run; add test_body_for_pip_days_falls_back_to_bare_install; replace test_pip_panel_has_cooldown_aware_pip_prereq with test_pip_panel_has_bare_pip_prereq_across_modes; update test_cooldown_days_slot_filter_registered_on_widget_render to drop the date-slot assertion (no widget emits it anymore).
tony
force-pushed
the
fix/cooldown-exempt-self-package
branch
from
bad15d0 to
85ad5b8
Compare
tony
added a commit
to tony/agentgrep
that referenced
this pull request
May 19, 2026
agentgrep ships a CLI documentation surface to match the existing
MCP and library surfaces. The docs site gains a /cli/ section with
per-subcommand reference pages auto-generated from the argparse
tree, the homepage and sidebar lead with the terminal as a
first-class entry point, and a new {cli-install} install picker
mirrors {mcp-install}'s "Configure cooldowns" UX so terminal users
get the same supply-chain controls as MCP users.
**CLI reference site** — new `/cli/` toctree above Library, with
`agentgrep search` and `agentgrep find` pages auto-generating
their option lists from the live argparse tree via gp-sphinx's
`sphinx-autodoc-argparse` extension. Every subcommand page
documents `--json` / `--ndjson` output for shell pipelines and
agents that don't speak MCP.
**`{cli-install}` widget** — install-method picker (uvx, pipx,
uv add, pip) carrying the same "Configure cooldowns" picker the
MCP installer has had since 0.1.0a3: off / days / bypass
variants, settings sub-view with bypass radio and days input,
live update of the duration / date sentinels on every keystroke,
state shared across pages and across both install widgets via a
broadcast event.
**Library install widget refresh** — replaces the `uvx run` /
`pipx run` panels (tool-runners, wrong shape for library
consumption) with a PEP 723 inline-metadata script, `uv add`,
and `pip install`. Storage key bumps so any stale saved selection
falls back to the new default.
**Sidebar flatten** — each section caption (CLI / Library / MCP /
Reference) now reads as a single flat tier with the landing shown
as "Overview" alongside its sub-pages, replacing the previous
nested-dropdown shape.
**README + sidebar order** — README leads with the CLI
quickstart, then MCP, then Library, matching the new sidebar
caption order.
### Fixes
**MCP install widget cooldown snippets** — 0.1.0a3's mcp-install
widget emitted
`uvx --exclude-newer <DURATION> --from agentgrep agentgrep-mcp`
without a per-package override, so any cooldown window shorter
than agentgrep's most-recent-release age made the install
unresolvable (uv emits `no versions of agentgrep`). uvx and
`uv add` days panels now carry `--exclude-newer-package
agentgrep=2099-01-01` so the cooldown hits transitive deps
without filtering agentgrep itself out of the resolver. pipx and
pip days/bypass panels fall back to the bare install command and
redirect readers to the uvx tab — pip's `--uploaded-prior-to`
has no per-package override flag, and pipx's uv-backend pip-args
whitelist doesn't forward `--exclude-newer` either.
### Companion change
The same mcp-install cooldown fix shipped to libtmux-mcp's
install widget at tmux-python/libtmux-mcp#58 — both projects
share the same git-pull workspace install-widget design.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
--exclude-newer-package libtmux-mcp=2099-01-01to every uvx + days panel (CLI, JSON, TOML body shapes) so a security-conscious cooldown stays applied to transitive deps without filtering libtmux-mcp itself out of the resolver.pipx run --pip-args=--uploaded-prior-to=<DATE> libtmux-mcpandpip install … --uploaded-prior-to … libtmux-mcpsnippets that emitERROR: Could not find a version that satisfies the requirement libtmux-mcpwhenever the cutoff filters fresh releases.Why
The previous snippets were copy-paste foot-guns: any time a libtmux-mcp release was newer than the cooldown window, the snippet's cutoff would filter the target package itself out of the resolver. Direct source verification:
_internal/cli/cmdoptions.py:463):--uploaded-prior-toparses bothP7Dand absolute dates, but it's a single global cutoff — no per-package override flag exists. pip issue #13674 added the duration parser; no per-package issue is open.P7Dwith "Invalid isoformat") andcommands/run_uv.py::_UV_TRANSLATABLE_VALUE_FLAGSwhitelists only--index-url,--pre,--no-deps,--no-cache-dir,--upgrade— neither--exclude-newernor--uploaded-prior-tois forwarded to the uv backend.crates/uv-distribution-types/src/exclude_newer.rs:209): supportsP7Dnatively and has--exclude-newer-package <pkg>=<date>for per-package overrides. uv issues #18386 and #17999 cover related per-package work.So uv is the only path where a per-package cooldown override exists today. The widget now reflects that.
What changed
docs/_ext/widgets/mcp_install.py_tool_command(): uvx + days emitsuvx --exclude-newer <DURATION> --exclude-newer-package libtmux-mcp=2099-01-01 libtmux-mcp. pipx + days / off / bypass all emit barepipx run libtmux-mcp. pip is unchanged at this layer (return "libtmux-mcp")._pip_prereq_for(): always returnspip install --user --upgrade libtmux libtmux-mcpregardless of cooldown mode (was emitting--uploaded-prior-tofor days, which was broken)._json_body()and_toml_body(): uvx + days carries the same exempt flag; pipx + days / off / bypass all emit the same bareargs/args_inner._cooldown_note(): single redirect note for any (pipx | pip, days | bypass) cell — "pip has no per-package cooldown override, so this snippet runs without cooldown enforcement. Switch to the uvx tab — it applies the cooldown to transitive deps via `--exclude-newer` while exempting libtmux-mcp itself via `--exclude-newer-package`."_DATE_SENTINELandPIP_PREREQ_DAYSconstants.tests/docs/test_widgets.pytest_body_for_uvx_days_inserts_duration_sentinelnow also asserts the--exclude-newer-package libtmux-mcp=2099-01-01exempt appears.test_body_for_pipx_days_falls_back_to_bare_runasserts pipx + days emits the same bare command as off, with no--pip-args/--uploaded-prior-to/<COOLDOWN_DATE>, and the note redirects to uvx.test_body_for_pip_days_falls_back_to_bare_installmirrors the pipx test for pip.test_body_for_pipx_bypass_returns_caveat_noteandtest_body_for_pip_bypass_returns_caveat_noteupdated to assert the new redirect-to-uvx prose.test_pip_panel_has_cooldown_aware_pip_prereqrenamed totest_pip_panel_has_bare_pip_prereq_across_modes; asserts all three pip cooldown modes emit the same bare prereq.test_cooldown_days_slot_filter_registered_on_widget_renderupdated to drop the date-slot assertion — no widget emits<COOLDOWN_DATE>anymore.CHANGES### Fixesentry under the unreleased block describing the mcp-install widget fix and citing the pip / pipx / uv source evidence.Test plan
uv run ruff check . --fix --show-fixescleanuv run ruff format .cleanuv run mypyclean (51 source files, no issues)uv run py.test --reruns 0— 483 passedjust build-docssucceedspipx run libtmux-mcpstarts the MCP server (exit 0) — confirms the new bare snippet works where the old--pip-args=--uploaded-prior-to=...form failedCompanion change
The same fix shipped to agentgrep's mcp-install + cli-install widgets on tony/agentgrep's
feat/cli-sectionbranch. Both repos share the same git-pull workspace widget design; both needed the same fix.