Add MCP tool profiles for workspace chat flows

Expose stable MCP/server tool profiles so chat hosts can start narrow and widen only when needed. This adds vm-run, workspace-core, and workspace-full across the CLI serve path, Pyro.create_server(), and the package-level create_server() factory while keeping workspace-full as the default. Register profile-specific tool sets from one shared contract mapping, and narrow the workspace-core schemas so secrets, network policy, shells, services, snapshots, and disk tools do not leak into the default persistent chat profile. The full surface remains available unchanged under workspace-full. Refresh the public docs and examples around the profile progression, add a canonical OpenAI Responses workspace-core example, mark the 3.4.0 roadmap milestone done, and verify with uv lock, UV_CACHE_DIR=.uv-cache make check, UV_CACHE_DIR=.uv-cache make dist-check, and a real guest-backed workspace-core smoke for create, file write, exec, diff, export, reset, and delete.
2026-03-12 23:52:13 -03:00 · 2026-03-12 23:52:13 -03:00 · eecfd7a7d7
commit eecfd7a7d7
parent 446f7fce04
23 changed files with 984 additions and 511 deletions
--- a/tests/test_api.py
+++ b/tests/test_api.py
@ -6,6 +6,11 @@ from pathlib import Path
 from typing import Any, cast

 from pyro_mcp.api import Pyro
+from pyro_mcp.contract import (
+    PUBLIC_MCP_VM_RUN_PROFILE_TOOLS,
+    PUBLIC_MCP_WORKSPACE_CORE_PROFILE_TOOLS,
+    PUBLIC_MCP_WORKSPACE_FULL_PROFILE_TOOLS,
+)
 from pyro_mcp.vm_manager import VmManager
 from pyro_mcp.vm_network import TapNetworkManager

@ -47,37 +52,54 @@ def test_pyro_create_server_registers_vm_run(tmp_path: Path) -> None:
        return sorted(tool.name for tool in tools)

    tool_names = asyncio.run(_run())
-    assert "vm_run" in tool_names
-    assert "vm_create" in tool_names
-    assert "workspace_create" in tool_names
-    assert "workspace_list" in tool_names
-    assert "workspace_update" in tool_names
-    assert "workspace_start" in tool_names
-    assert "workspace_stop" in tool_names
-    assert "workspace_diff" in tool_names
-    assert "workspace_sync_push" in tool_names
-    assert "workspace_export" in tool_names
-    assert "workspace_file_list" in tool_names
-    assert "workspace_file_read" in tool_names
-    assert "workspace_file_write" in tool_names
-    assert "workspace_patch_apply" in tool_names
-    assert "workspace_disk_export" in tool_names
-    assert "workspace_disk_list" in tool_names
-    assert "workspace_disk_read" in tool_names
-    assert "snapshot_create" in tool_names
-    assert "snapshot_list" in tool_names
-    assert "snapshot_delete" in tool_names
-    assert "workspace_reset" in tool_names
-    assert "shell_open" in tool_names
-    assert "shell_read" in tool_names
-    assert "shell_write" in tool_names
-    assert "shell_signal" in tool_names
-    assert "shell_close" in tool_names
-    assert "service_start" in tool_names
-    assert "service_list" in tool_names
-    assert "service_status" in tool_names
-    assert "service_logs" in tool_names
-    assert "service_stop" in tool_names
+    assert tuple(tool_names) == tuple(sorted(PUBLIC_MCP_WORKSPACE_FULL_PROFILE_TOOLS))
+
+
+def test_pyro_create_server_vm_run_profile_registers_only_vm_run(tmp_path: Path) -> None:
+    pyro = Pyro(
+        manager=VmManager(
+            backend_name="mock",
+            base_dir=tmp_path / "vms",
+            network_manager=TapNetworkManager(enabled=False),
+        )
+    )
+
+    async def _run() -> list[str]:
+        server = pyro.create_server(profile="vm-run")
+        tools = await server.list_tools()
+        return sorted(tool.name for tool in tools)
+
+    assert tuple(asyncio.run(_run())) == PUBLIC_MCP_VM_RUN_PROFILE_TOOLS
+
+
+def test_pyro_create_server_workspace_core_profile_registers_expected_tools_and_schemas(
+    tmp_path: Path,
+) -> None:
+    pyro = Pyro(
+        manager=VmManager(
+            backend_name="mock",
+            base_dir=tmp_path / "vms",
+            network_manager=TapNetworkManager(enabled=False),
+        )
+    )
+
+    async def _run() -> tuple[list[str], dict[str, dict[str, Any]]]:
+        server = pyro.create_server(profile="workspace-core")
+        tools = await server.list_tools()
+        tool_map = {tool.name: tool.model_dump() for tool in tools}
+        return sorted(tool_map), tool_map
+
+    tool_names, tool_map = asyncio.run(_run())
+    assert tuple(tool_names) == tuple(sorted(PUBLIC_MCP_WORKSPACE_CORE_PROFILE_TOOLS))
+    create_properties = tool_map["workspace_create"]["inputSchema"]["properties"]
+    assert "network_policy" not in create_properties
+    assert "secrets" not in create_properties
+    exec_properties = tool_map["workspace_exec"]["inputSchema"]["properties"]
+    assert "secret_env" not in exec_properties
+    assert "shell_open" not in tool_map
+    assert "service_start" not in tool_map
+    assert "snapshot_create" not in tool_map
+    assert "workspace_disk_export" not in tool_map


 def test_pyro_vm_run_tool_executes(tmp_path: Path) -> None: