Add proxy_file MCP injection mode (token-less proxy-backed --mcp-config) and use it for Claude#74
Open
maxlamagna wants to merge 3 commits into
Open
Add proxy_file MCP injection mode (token-less proxy-backed --mcp-config) and use it for Claude#74maxlamagna wants to merge 3 commits into
proxy_file MCP injection mode (token-less proxy-backed --mcp-config) and use it for Claude#74maxlamagna wants to merge 3 commits into
Conversation
- Add whitelisted per-agent env-var overrides (AGENTCHATTR_AGENT_<KEY_UPPER>
overrides agent_cfg[<key_lower>], restricted to {cwd, mcp_settings_path})
so launchers can scope a wrapper to one repo without touching shared
config.toml.
- Add AGENTCHATTR_REPO_SLUG: when set and non-empty, tmux session is named
agentchattr-{slug}-{assigned_name} instead of agentchattr-{assigned_name},
so two repos' wrappers don't evict each other.
Both env vars are opt-in; behaviour unchanged when unset.
Candidate for upstream PR pending bcurts feedback on the issue.
Replaces the runtime mutation that agentchattr_apply_profile was doing on every launch with a committed default. Per-repo cwd / mcp_settings_path overrides happen at runtime via the AGENTCHATTR_AGENT_* env vars added in the previous commit; cwd stays at ".." so bundled scripts work. Codex: mcp_inject = "proxy_flag" + mcp_proxy_flag_template with 12-tool approval template (chat_channels..chat_who) so codex doesn't prompt at runtime for known agentchattr tools. Gemini (Antigravity migration): command = "env" (so the launcher can scope AGY_CLI_DISABLE_AUTO_UPDATE=1 via env(1)); mcp_inject = "settings_file"; mcp_settings_path = "~/.gemini/config/mcp_config.json" (upstream-style default so bundled start_gemini.sh works); mcp_transport = "http"; mcp_http_key = "serverURL" (Antigravity rejects httpUrl and url, requires camelCase serverURL); mcp_merge_project = true (preserves prior built-in default since explicit mcp_inject drops defaults). Local-only: not for upstream PR. Antigravity is Google-specific.
… (no /mcp reconnect after idle crash-timeout)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
File-config CLIs (Claude,
mcp_inject = "flag") bake the server token into a--mcp-configfile read once at startup. After an idle crash-timeout the server rotates that token; the wrapper re-registers and mints a new one, but the CLI doesn't re-read the file mid-session, so it keeps presenting the dead token →stale or unknown authenticated agent sessionuntil a manual/mcp reconnect. Proxy-routed agents (proxy_flag, e.g. Codex) don't hit this, because the wrapper swaps the token on the liveMcpIdentityProxy.This adds a
proxy_filemode that gives file-config CLIs the same live-token path, and defaults Claude to it.Closes #73.
Changes
wrapper.py— new_apply_mcp_injectbranchproxy_file: writes the--mcp-configfile pointing at the proxy URL with no token (the proxy injects the live token) while still merging project MCP servers (reuses_write_claude_mcp_config+_read_project_mcp_servers). RaisesValueErrorifproxy_urlis missing. Addedproxy_fileto_VALID_INJECT_MODESand toneeds_proxy. Defaulted Claude (_BUILTIN_DEFAULTS["claude"]) fromflag→proxy_file.tests/test_wrapper_mcp_config.py— tests thatproxy_filewrites the proxy URL, no baked token, and a surviving non-agentchattr project server; plus the missing-proxy_urlguard.config.toml— documentproxy_filein the injection-modes comment.On re-register,
_rewrite_mcp_configis already a no-op for proxy-backed modes, so the token-less file is left untouched while the proxy updates its token live. No change toproxy_flag,flag, or any other agent's wiring.Behavior
/mcp reconnect.flag).*-2re-registration naming (the 30sGRACE_PERIODreclaim) is unchanged and intentionally out of scope here.Testing
python -m unittest tests/test_wrapper_mcp_config.py→ 10/10.claudeon aproxy_fileconfig called a tool through the proxy (Online: claude); after a forced token rotation (deregister → re-register → proxy token swapped) the same unchanged config still worked (Online: claude-2) withunity-mcpmerge still present.Notes / open to feedback
proxy_file" into a separate commit from the new-mode addition.agentchattr-proxy-file.patchisgit apply-clean againstmain.Diff
See
agentchattr-proxy-file.patch(≈78 insertions acrosswrapper.py,tests/test_wrapper_mcp_config.py,config.toml).