Add MCP tool profiles for workspace chat flows

Expose stable MCP/server tool profiles so chat hosts can start narrow and widen only when needed. This adds vm-run, workspace-core, and workspace-full across the CLI serve path, Pyro.create_server(), and the package-level create_server() factory while keeping workspace-full as the default. Register profile-specific tool sets from one shared contract mapping, and narrow the workspace-core schemas so secrets, network policy, shells, services, snapshots, and disk tools do not leak into the default persistent chat profile. The full surface remains available unchanged under workspace-full. Refresh the public docs and examples around the profile progression, add a canonical OpenAI Responses workspace-core example, mark the 3.4.0 roadmap milestone done, and verify with uv lock, UV_CACHE_DIR=.uv-cache make check, UV_CACHE_DIR=.uv-cache make dist-check, and a real guest-backed workspace-core smoke for create, file write, exec, diff, export, reset, and delete.
2026-03-12 23:52:13 -03:00 · 2026-03-12 23:52:13 -03:00 · eecfd7a7d7
commit eecfd7a7d7
parent 446f7fce04
23 changed files with 984 additions and 511 deletions
--- a/README.md
+++ b/README.md
@ -22,7 +22,7 @@ It exposes the same runtime in three public forms:
 - Stable workspace walkthrough GIF: [docs/assets/workspace-first-run.gif](docs/assets/workspace-first-run.gif)
 - Terminal walkthrough GIF: [docs/assets/first-run.gif](docs/assets/first-run.gif)
 - PyPI package: [pypi.org/project/pyro-mcp](https://pypi.org/project/pyro-mcp/)
- What's new in 3.3.0: [CHANGELOG.md#330](CHANGELOG.md#330)
+- What's new in 3.4.0: [CHANGELOG.md#340](CHANGELOG.md#340)
 - Host requirements: [docs/host-requirements.md](docs/host-requirements.md)
 - Integration targets: [docs/integrations.md](docs/integrations.md)
 - Public contract: [docs/public-contract.md](docs/public-contract.md)
@ -59,7 +59,7 @@ What success looks like:
 ```bash
 Platform: linux-x86_64
 Runtime: PASS
-Catalog version: 3.3.0
+Catalog version: 3.4.0
 ...
 [pull] phase=install environment=debian:12
 [pull] phase=ready environment=debian:12
@ -189,7 +189,7 @@ uvx --from pyro-mcp pyro env list
 Expected output:

 ```bash
-Catalog version: 3.3.0
+Catalog version: 3.4.0
 debian:12 [installed|not installed] Debian 12 environment with Git preinstalled for common agent workflows.
 debian:12-base [installed|not installed] Minimal Debian 12 environment for shell and core Unix tooling.
 debian:12-build [installed|not installed] Debian 12 environment with Git and common build tools preinstalled.
@ -305,7 +305,7 @@ Persistent workspaces start in `/workspace` and keep command history until you d
 machine consumption, add `--json` and read the returned `workspace_id`. Use `--seed-path` when
 you want the workspace to start from a host directory or a local `.tar` / `.tar.gz` / `.tgz`
 archive instead of an empty workspace. Use `pyro workspace sync push` when you want to import
-later host-side changes into a started workspace. Sync is non-atomic in `3.3.0`; if it fails
+later host-side changes into a started workspace. Sync is non-atomic in `3.4.0`; if it fails
 partway through, prefer `pyro workspace reset` to recover from `baseline` or one named snapshot.
 Use `pyro workspace diff` to compare the live `/workspace` tree to its immutable create-time
 baseline, and `pyro workspace export` to copy one changed file or directory back to the host. Use
@ -333,7 +333,7 @@ The public user-facing interface is `pyro` and `Pyro`. After the CLI validation

 - `pyro` for direct CLI usage, including one-shot `run` and persistent `workspace` workflows
 - `from pyro_mcp import Pyro` for Python orchestration
- `pyro mcp serve` for MCP clients
+- `pyro mcp serve --profile workspace-core` for MCP clients

 Command forms:

@ -399,9 +399,15 @@ Use `--allow-host-compat` only if you explicitly want host execution.
 Run the MCP server after the CLI path above works:

 ```bash
-pyro mcp serve
+pyro mcp serve --profile workspace-core
 ```

+Profile progression for chat hosts:
+
+- `vm-run`: expose only `vm_run`
+- `workspace-core`: expose the practical persistent chat loop
+- `workspace-full`: expose shells, services, snapshots, secrets, network policy, and disk tools
+
 Run the deterministic demo:

 ```bash
@ -520,6 +526,12 @@ Persistent workspace tools:
 - `workspace_logs(workspace_id)`
 - `workspace_delete(workspace_id)`

+Recommended MCP tool profiles:
+
+- `vm-run`: `vm_run` only
+- `workspace-core`: `vm_run`, `workspace_create`, `workspace_list`, `workspace_update`, `workspace_status`, `workspace_sync_push`, `workspace_exec`, `workspace_logs`, `workspace_file_list`, `workspace_file_read`, `workspace_file_write`, `workspace_patch_apply`, `workspace_diff`, `workspace_export`, `workspace_reset`, `workspace_delete`
+- `workspace-full`: the complete stable MCP surface above
+
 ## Integration Examples

 - Python one-shot SDK example: [examples/python_run.py](examples/python_run.py)
@ -529,6 +541,7 @@ Persistent workspace tools:
 - Claude Desktop MCP config: [examples/claude_desktop_mcp_config.json](examples/claude_desktop_mcp_config.json)
 - Cursor MCP config: [examples/cursor_mcp_config.json](examples/cursor_mcp_config.json)
 - OpenAI Responses API example: [examples/openai_responses_vm_run.py](examples/openai_responses_vm_run.py)
+- OpenAI Responses `workspace-core` example: [examples/openai_responses_workspace_core.py](examples/openai_responses_workspace_core.py)
 - LangChain wrapper example: [examples/langchain_vm_run.py](examples/langchain_vm_run.py)
 - Agent-ready `vm_run` example: [examples/agent_vm_run.py](examples/agent_vm_run.py)