coilyco-flight-deck/ward
1
0
Fork 0
Code Issues 16 Pull requests Projects Releases Packages Wiki Activity Actions 2

PreToolUse hook should route bare mcporter to coily ops mcporter, not flat-deny #22

New issue
Open
opened 2026-05-27 22:14:35 +00:00 by coilysiren · 0 comments
coilysiren commented 2026-05-27 22:14:35 +00:00
Owner
Copy link

Symptom

When an agent invokes bare mcporter (e.g. mcporter list playwright, mcporter call playwright.browser_navigate ...), the Claude Code permission system returns a flat Permission to use Bash with command mcporter ... has been denied. No routing helper, no mention of coily ops mcporter.

Expected

The PreToolUse hook should intercept the bare invocation and inject text steering the agent to the wrapper, the way coilyRoutes does for aws / gh / kubectl / docker / tailscale / ssh / scp. The wrapper already exists (coily ops mcporter, "Pass-through to mcporter with argv validation + audit log").

Repro

In a session under ~/projects/coilysiren/<repo>/, ask the agent to do anything that triggers the mcp-servers skill (e.g. checking GitHub Actions status, where coily explicitly hands off to Playwright per coily#305). The agent reaches for mcporter call playwright.browser_navigate url=... and gets denied with no recovery hint. Net effect: the agent surfaces a blocker instead of completing the task, defeating the whole point of the lazy-MCP pattern in tooling-mcp-servers.

Fix sketch

Add mcporter to coilyRoutes in cmd/agent-guard/hook.go, with the routing message naming coily ops mcporter and a one-line "use coily ops mcporter call <server>.<tool> key=value" hint matching the wrapper's argv shape.

**Symptom** When an agent invokes bare `mcporter` (e.g. `mcporter list playwright`, `mcporter call playwright.browser_navigate ...`), the Claude Code permission system returns a flat `Permission to use Bash with command mcporter ... has been denied`. No routing helper, no mention of `coily ops mcporter`. **Expected** The PreToolUse hook should intercept the bare invocation and inject text steering the agent to the wrapper, the way `coilyRoutes` does for `aws` / `gh` / `kubectl` / `docker` / `tailscale` / `ssh` / `scp`. The wrapper already exists (`coily ops mcporter`, "Pass-through to mcporter with argv validation + audit log"). **Repro** In a session under `~/projects/coilysiren/<repo>/`, ask the agent to do anything that triggers the mcp-servers skill (e.g. checking GitHub Actions status, where coily explicitly hands off to Playwright per coily#305). The agent reaches for `mcporter call playwright.browser_navigate url=...` and gets denied with no recovery hint. Net effect: the agent surfaces a blocker instead of completing the task, defeating the whole point of the lazy-MCP pattern in `tooling-mcp-servers`. **Fix sketch** Add `mcporter` to `coilyRoutes` in `cmd/agent-guard/hook.go`, with the routing message naming `coily ops mcporter` and a one-line "use `coily ops mcporter call <server>.<tool> key=value`" hint matching the wrapper's argv shape.
coilysiren added
P4
 and removed
P3
 labels 2026-05-31 07:01:26 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
v0.5.3
v0.5.2
v0.5.1
v0.5.0
v0.4.0
v0.3.0
v0.2.2
v0.2.1
v0.2.0
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.0.18
v0.0.17
v0.0.16
v0.0.15
v0.0.14
v0.0.13
v0.0.12
v0.0.11
v0.0.10
v0.0.9
v0.0.8
v0.0.7
v0.0.6
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1
Labels
Clear labels
  
P0
now / blocking / urgent

  
P1
next / important

  
P2
backlog / will do

  
P3
someday / low

  
P4
icebox / frozen / reopen if it becomes real

No labels
P0
P1
P2
P3
P4
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
coilyco-flight-deck/ward#22
No description provided.