PreToolUse hook should route bare mcporter to coily ops mcporter, not flat-deny #22

Closed
opened 2026-05-27 22:14:35 +00:00 by coilysiren · 0 comments
Owner

Symptom

When an agent invokes bare mcporter (e.g. mcporter list playwright, mcporter call playwright.browser_navigate ...), the Claude Code permission system returns a flat Permission to use Bash with command mcporter ... has been denied. No routing helper, no mention of coily ops mcporter.

Expected

The PreToolUse hook should intercept the bare invocation and inject text steering the agent to the wrapper, the way coilyRoutes does for aws / gh / kubectl / docker / tailscale / ssh / scp. The wrapper already exists (coily ops mcporter, "Pass-through to mcporter with argv validation + audit log").

Repro

In a session under ~/projects/coilysiren/<repo>/, ask the agent to do anything that triggers the mcp-servers skill (e.g. checking GitHub Actions status, where coily explicitly hands off to Playwright per coily#305). The agent reaches for mcporter call playwright.browser_navigate url=... and gets denied with no recovery hint. Net effect: the agent surfaces a blocker instead of completing the task, defeating the whole point of the lazy-MCP pattern in tooling-mcp-servers.

Fix sketch

Add mcporter to coilyRoutes in cmd/agent-guard/hook.go, with the routing message naming coily ops mcporter and a one-line "use coily ops mcporter call <server>.<tool> key=value" hint matching the wrapper's argv shape.

**Symptom** When an agent invokes bare `mcporter` (e.g. `mcporter list playwright`, `mcporter call playwright.browser_navigate ...`), the Claude Code permission system returns a flat `Permission to use Bash with command mcporter ... has been denied`. No routing helper, no mention of `coily ops mcporter`. **Expected** The PreToolUse hook should intercept the bare invocation and inject text steering the agent to the wrapper, the way `coilyRoutes` does for `aws` / `gh` / `kubectl` / `docker` / `tailscale` / `ssh` / `scp`. The wrapper already exists (`coily ops mcporter`, "Pass-through to mcporter with argv validation + audit log"). **Repro** In a session under `~/projects/coilysiren/<repo>/`, ask the agent to do anything that triggers the mcp-servers skill (e.g. checking GitHub Actions status, where coily explicitly hands off to Playwright per coily#305). The agent reaches for `mcporter call playwright.browser_navigate url=...` and gets denied with no recovery hint. Net effect: the agent surfaces a blocker instead of completing the task, defeating the whole point of the lazy-MCP pattern in `tooling-mcp-servers`. **Fix sketch** Add `mcporter` to `coilyRoutes` in `cmd/agent-guard/hook.go`, with the routing message naming `coily ops mcporter` and a one-line "use `coily ops mcporter call <server>.<tool> key=value`" hint matching the wrapper's argv shape.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
coilyco-flight-deck/ward#22
No description provided.