Skip to content

feat(mcp)!: remove norn mcp --read-only (NRN-116)#104

Merged
dbtlr merged 2 commits into
mainfrom
nrn-116-remove-read-only
Jul 8, 2026
Merged

feat(mcp)!: remove norn mcp --read-only (NRN-116)#104
dbtlr merged 2 commits into
mainfrom
nrn-116-remove-read-only

Conversation

@dbtlr

@dbtlr dbtlr commented Jul 8, 2026

Copy link
Copy Markdown
Owner

Summary

Removes the --read-only flag from norn mcp entirely — the flag, its wiring (McpArgs.read_onlymcp::run/serveMcpServer::new), the runtime mutation-refusal path, its dedicated test suite, and every doc mention. Pre-1.0 breaking change, CHANGELOG'd under ### Breaking changes.

Decided 2026-07-04 during the NRN-93 design pass (D6): read-only was deliverable-phasing scaffolding from the original MCP build-out, not a feature. No external consumer needs it, norn serve deliberately ships without it, and per-connection capability scoping — if ever wanted — is the phase-4 authn/authz surface's job. Removing it keeps the two MCP surfaces (stdio + socket) capability-identical so they cannot drift.

Nice by-catch: with the refusal gone, run_mutation was an identical passthrough and collapsed into run_wrapped — one less layer on every mutation tool.

Verification

  • Quartet clean: check --locked / 2304 tests, 0 failed (−3 = exactly the deleted flag-only suite) / clippy -D warnings / fmt; Cargo.lock untouched.
  • Sweep audited: every removed site listed in the working record; unrelated "read-only" concepts (filesystem tests, repair semantics, SQLite view techniques) deliberately left, each judged.

Adversarial review

One round (all agents Opus), zero engine findings (1 candidate raised, refuted in verification). One suppression-scan hit — the deleted tests/mcp_read_only.rs (13 assertions) — dismissed on the record: the review confirmed every assertion guarded only the removed flag's gating contract; surviving behavior (tools/list shape, vault.audit presence/schema) remains pinned by the kept, renamed mcp_audit.rs tests and the parity gate.

Adversarial-Review: run engine=code-review tier=high findings=1 fixed=0 dismissed=1 deferred=0

dbtlr added 2 commits July 8, 2026 11:51
Drop the --read-only flag, its McpArgs field, and the server-side
gating (dropping mutation tools from tools/list and refusing them at
runtime) that phased in the original MCP build-out (NRN-33). norn mcp
now always serves the full 14-tool catalog, matching norn serve, so
the two MCP surfaces cannot drift in capability. No external consumer
depends on the flag; per-connection capability scoping, if ever
wanted, belongs to a future authn/authz layer.

Breaking change, no migration shim (pre-1.0).
One review round (engine=code-review, all agents Opus): zero engine
findings. One suppression-scan hit — tests/mcp_read_only.rs deleted
(13 assertions) — dismissed: the review confirmed every assertion
guarded only the removed flag's gating contract; surviving behavior
(tools/list shape, audit presence) is pinned elsewhere.

Adversarial-Review: run engine=code-review tier=high findings=1 fixed=0 dismissed=1 deferred=0
@dbtlr dbtlr merged commit 8a12acd into main Jul 8, 2026
7 checks passed
@dbtlr dbtlr deleted the nrn-116-remove-read-only branch July 8, 2026 16:00
@dbtlr dbtlr mentioned this pull request Jul 8, 2026
dbtlr added a commit that referenced this pull request Jul 8, 2026
Cuts v0.46.0 — the daemon-reads-complete release (Phase 1 exit).
Version 0.45.1 -> 0.46.0; CHANGELOG promoted with theme paragraph.
Shipped: #101 #102 #103 #104 #105 #106 #107.

Adversarial-Review: run engine=inline tier=low findings=0 fixed=0 dismissed=0 deferred=0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant