Thales Maciel
d0cf6d8f21
Introduce explicit repro-fix, inspect, cold-start, and review-eval modes across the MCP server, CLI, and host helpers, with canonical mode-to-tool mappings, narrowed schemas, and mode-specific tool descriptions on top of the existing workspace runtime. Reposition the docs, host onramps, and use-case recipes so named modes are the primary user-facing startup story while the generic no-mode workspace-core path remains the escape hatch, and update the shared smoke runner to validate repro-fix and cold-start through mode-backed servers. Validation: UV_OFFLINE=1 UV_CACHE_DIR=.uv-cache uv run pytest --no-cov tests/test_api.py tests/test_server.py tests/test_host_helpers.py tests/test_public_contract.py tests/test_cli.py tests/test_workspace_use_case_smokes.py; UV_OFFLINE=1 UV_CACHE_DIR=.uv-cache make check; UV_OFFLINE=1 UV_CACHE_DIR=.uv-cache make dist-check; real guest-backed make smoke-repro-fix-loop smoke-cold-start-validation outside the sandbox.
29 lines
813 B
Markdown
29 lines
813 B
Markdown
# Unsafe Or Untrusted Code Inspection
|
|
|
|
Recommended mode: `inspect`
|
|
|
|
Recommended startup:
|
|
|
|
```bash
|
|
pyro host connect codex --mode inspect
|
|
```
|
|
|
|
Smoke target:
|
|
|
|
```bash
|
|
make smoke-untrusted-inspection
|
|
```
|
|
|
|
Use this flow when the agent needs to inspect suspicious code or an unfamiliar
|
|
repo without granting more capabilities than necessary.
|
|
|
|
Chat-host recipe:
|
|
|
|
1. Create one workspace from the suspicious repo seed.
|
|
2. Inspect the tree with structured file listing and file reads.
|
|
3. Run the smallest possible command that produces the inspection report.
|
|
4. Export only the report the agent chose to materialize.
|
|
5. Delete the workspace when inspection is complete.
|
|
|
|
This recipe stays offline-by-default, uses only explicit file reads and execs,
|
|
and exports only the inspection report the agent chose to materialize.
|