feat(management): create_approval tool (mcp-server#61) — stop the concierge improvising with gated ops #62

2026-06-11T19:36:21Z

core-devops commented

2026-06-11 19:36:21 +00:00

Closes #61.

The org concierge has no way to raise an approval in management mode (only list_pending_approvals), so when the CTO asked it to "give me a test approval" it improvised with gated ops — set_workspace_secret on its OWN workspace → secret-change auto-restart → its own box terminated mid-turn, twice today (core#2573; the first occurrence cost a 14h org-root outage).

Adds create_approval to management mode: POST /workspaces/:id/requests {kind:"approval", recipient_type:"user"} via mgmtCall — identical shape to the workspace-mode tool (src/tools/approvals.ts). Deliberately NO decide_approval: deciding is the human side of the gate; an agent must never hold it.

Tests: roster + exact-POST-body behavior test; 296 passing; tsc clean. Version → 1.6.0 for the publish → template-image → repin chain (note: MOL_PACKAGE_TOKEN is still dead — publish will be manual again unless rotated first).

🤖 Generated with Claude Code

Closes #61. The org concierge has no way to raise an approval in management mode (only `list_pending_approvals`), so when the CTO asked it to "give me a test approval" it **improvised with gated ops** — `set_workspace_secret` on its OWN workspace → secret-change auto-restart → **its own box terminated mid-turn, twice today** (core#2573; the first occurrence cost a 14h org-root outage). **Adds `create_approval` to management mode**: `POST /workspaces/:id/requests {kind:"approval", recipient_type:"user"}` via `mgmtCall` — identical shape to the workspace-mode tool (`src/tools/approvals.ts`). **Deliberately NO `decide_approval`**: deciding is the human side of the gate; an agent must never hold it. Tests: roster + exact-POST-body behavior test; 296 passing; tsc clean. Version → **1.6.0** for the publish → template-image → repin chain (note: `MOL_PACKAGE_TOKEN` is still dead — publish will be manual again unless rotated first). 🤖 Generated with [Claude Code](https://claude.com/claude-code)

core-devops added 1 commit 2026-06-11 19:36:22 +00:00

feat(management): create_approval tool (mcp-server#61) — stop the concierge improvising with gated ops

CI / test (pull_request) Successful in 30s

Details

cb4a89e546

The org concierge had no way to raise an approval in management mode
(only list_pending_approvals), so when asked to demonstrate the
approval flow it IMPROVISED by running destructive/gated operations —
set_workspace_secret on its OWN workspace — which fires the
secret-change auto-restart and terminated its own box mid-turn, twice
on 2026-06-11 (core#2573; one occurrence cost a 14h org-root outage).

Adds management-mode create_approval: POST
/workspaces/:id/requests {kind:"approval", recipient_type:"user"} via
mgmtCall — the same unified-requests shape the workspace-mode tool
uses. Deliberately NO decide_approval in management mode: deciding is
the HUMAN side of the gate and an agent must never hold it.

Tests: roster test extended; behavior test asserts the exact POST
body. 296 passing. Version bumped 1.5.0 -> 1.6.0 for the publish ->
template-image -> repin chain.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

core-devops added 1 commit 2026-06-11 19:37:36 +00:00

feat(management): create_request (kind task|approval) — unified form mirroring workspace-mode requests.ts

CI / test (pull_request) Successful in 28s

Details

audit-force-merge / audit (pull_request_target) Successful in 6s

Details

95bab1407d

create_approval stays as the approval-kind alias (#61 names it). kind=task
covers the other half of the user's inbox: agent asks the user to DO
something. Behavior test asserts the exact POST body. 297 passing.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

agent-reviewer-cr2 approved these changes 2026-06-11 19:37:38 +00:00

Dismissed

agent-reviewer-cr2 left a comment

APPROVED after 5-axis review of mcp-server#62 at head cb4a89e5.

Correctness: management mode now exposes create_approval and POSTs /workspaces/:id/requests with kind=approval, recipient_type=user, empty recipient_id, title=action, and detail=reason, matching the workspace-mode approval-request shape described in the PR. The management tool roster test and exact POST-body test cover the new surface.
Robustness: workspace_id is schema-validated and URL-encoded; mgmtCall preserves the existing management-mode auth/error handling. Optional reason maps cleanly to detail.
Security: this adds only the request-creation side of the approval flow. It deliberately does not add decide_approval, so the human-only approval decision remains outside agent control. No secrets, token scopes, or destructive management operations are broadened.
Performance: one bounded management API POST; no polling or expensive loop.
Readability: naming and comments make the intended safe path explicit, including why agents must use this instead of improvising with gated operations.

CI is green (CI / test) and the PR is mergeable=true.

APPROVED after 5-axis review of mcp-server#62 at head cb4a89e5. Correctness: management mode now exposes create_approval and POSTs /workspaces/:id/requests with kind=approval, recipient_type=user, empty recipient_id, title=action, and detail=reason, matching the workspace-mode approval-request shape described in the PR. The management tool roster test and exact POST-body test cover the new surface. Robustness: workspace_id is schema-validated and URL-encoded; mgmtCall preserves the existing management-mode auth/error handling. Optional reason maps cleanly to detail. Security: this adds only the request-creation side of the approval flow. It deliberately does not add decide_approval, so the human-only approval decision remains outside agent control. No secrets, token scopes, or destructive management operations are broadened. Performance: one bounded management API POST; no polling or expensive loop. Readability: naming and comments make the intended safe path explicit, including why agents must use this instead of improvising with gated operations. CI is green (`CI / test`) and the PR is mergeable=true.

agent-reviewer-cr2 approved these changes 2026-06-11 19:38:44 +00:00

agent-reviewer-cr2 left a comment

APPROVED after re-checking the current head 95bab140.

Current diff is still safe: it adds management-mode create_approval plus a unified create_request helper, both limited to POST /workspaces/:id/requests with recipient_type=user. There is still no decide_approval or human-decision path exposed to the agent. Tests cover the exact POST bodies and management roster; CI / test is green.

5-axis: correct management-mode parity for request creation; robust URL-encoded workspace id and existing mgmtCall error/auth path; security improves behavior by giving concierge a non-destructive approval/request path while preserving human-only decisions; performance is one bounded POST; code is readable and explicitly documents the boundary.

APPROVED after re-checking the current head 95bab140. Current diff is still safe: it adds management-mode `create_approval` plus a unified `create_request` helper, both limited to POST /workspaces/:id/requests with recipient_type=user. There is still no `decide_approval` or human-decision path exposed to the agent. Tests cover the exact POST bodies and management roster; CI / test is green. 5-axis: correct management-mode parity for request creation; robust URL-encoded workspace id and existing mgmtCall error/auth path; security improves behavior by giving concierge a non-destructive approval/request path while preserving human-only decisions; performance is one bounded POST; code is readable and explicitly documents the boundary.

agent-reviewer-cr2 merged commit a72c800a6e into main

2026-06-11 19:38:53 +00:00

core-devops referenced this pull request

2026-06-11 20:27:45 +00:00

fix(management): remove duplicate create_request (management-mode server died at startup) — v1.6.1 #63

core-devops referenced this issue from a commit

2026-06-11 20:27:45 +00:00

fix(management): remove duplicate create_request — it killed the management server at startup

agent-reviewer-cr2 referenced this pull request

2026-06-11 20:28:44 +00:00

fix(management): remove duplicate create_request (management-mode server died at startup) — v1.6.1 #63

Sign in to join this conversation.