fix(hooks): auto-allow govreposcrape + investigate agent mcpServers scoping (#215 #24)#351
Open
tractorjuice wants to merge 8 commits intomainfrom
Open
fix(hooks): auto-allow govreposcrape + investigate agent mcpServers scoping (#215 #24)#351tractorjuice wants to merge 8 commits intomainfrom
tractorjuice wants to merge 8 commits intomainfrom
Conversation
Design spec for Cluster A of issue #215: scope 10 ArcKit agents with Claude Code v2.1.117 mcpServers frontmatter. Includes verification spike gate, per-agent MCP mapping, converter update, and allow-mcp-tools.mjs govreposcrape gap-fix. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
15-task plan covering verification spike (gate), 10-agent frontmatter rollout in 4 groups, converter update, allow-mcp-tools.mjs gap fix, 5-canary matrix smoke test, and close-out. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Forces marketplace cache invalidation so test repos pick up the feat/agent-mcpservers-scoping branch. Full version sync via bump-version.sh happens at merge time. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
….9.3) Temporarily scopes aws-research agent to only aws-knowledge MCP (deliberately omitting govreposcrape) to verify whether mcpServers frontmatter is honored when the agent is spawned via the Task tool. Will be reverted after spike. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…4.9.4) Remove aws-knowledge from the agent that needs it most. If the allow-list is enforced, AWS MCP calls should fail and the agent cannot function. If calls succeed anyway, the frontmatter is ignored on Task-tool spawns. Sharper signal than the previous test. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Final spike variant: deny-all allow-list. If even an empty list lets the agent call AWS MCP tools, the frontmatter field is fully inert on Task-tool spawns. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Revert aws-research canary, reset plugin version to 4.9.2 (hook fix
patch baseline), and document spike findings in the design spec.
Verdict: both mcpServers=["govreposcrape"] (excluding aws-knowledge) and
mcpServers=[] (empty allow-list) failed to restrict MCP access when the
agent was spawned via Task tool. Matches v2.1.117 changelog wording
("loaded for main-thread agent sessions via --agent").
Keeps: Task 7 (allow-mcp-tools.mjs govreposcrape fix) — independent win.
Closes #24 of #215 as not applicable to our invocation pattern.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two things in this PR:
1. Shipping —
fix(hooks): auto-allowmcp__govreposcrape__Pre-existing gap in
arckit-claude/hooks/allow-mcp-tools.mjs: 4 of 5 bundled MCPs were in the auto-allow list butgovreposcrapewas missing. Every gov-* agent run was hitting a permission dialog on every call. Added the prefix; updated the JSDoc header to list all 5 bundled MCPs.2. Investigation (aborted) — agent
mcpServersfrontmatter scopingAttempted to apply Claude Code v2.1.117's
mcpServersagent frontmatter to scope 10 ArcKit agents to only the MCP servers each needs (issue #215 item #24). A verification spike proved the frontmatter is fully inert for Task-tool-spawned agents — which is ArcKit's invocation pattern. Aborted.Spike findings
arckit-aws-researchmcpServers: ["govreposcrape"](aws-knowledge excluded)mcp__aws-knowledge__*successfullymcpServers: [](deny-all)mcp__aws-knowledge__*successfullyBoth should have blocked AWS MCP access if enforced. Both ran normally. Matches v2.1.117 changelog wording: "loaded for main-thread agent sessions via
--agent" — Task-tool spawns are out of scope.Artifacts kept on branch
docs/superpowers/specs/2026-04-22-agent-mcpservers-scoping-design.md(Status: ABORTED, with Spike findings section)docs/superpowers/plans/2026-04-22-agent-mcpservers-scoping.md(reference — plan was not executed beyond Task 1 + Task 7)Version
Plugin bumped to 4.9.2 (patch bump for the hook fix).
Follow-up
Filed in issue #215 comment: explore whether
disallowedToolsfrontmatter accepts glob patterns (e.g."mcp__aws-knowledge__*") as an alternative path to per-agent MCP scoping that works on Task-tool spawns.Also noted: will file upstream feature request on Claude Code repo asking for
mcpServersto apply to Task-tool invocations.Test plan
node --check arckit-claude/hooks/allow-mcp-tools.mjs— passesmcpServersinert on Task-tool spawns via live session inarckit-test-project-v17/arckit:gov-reusein any test repo to confirm noPermissionRequestdialog fires formcp__govreposcrape__*(post-merge validation)Closes item #24 of #215 as not applicable.
🤖 Generated with Claude Code