pikuri-mcp 0.0.6 → 0.0.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d2940090293173f7028d06eeda7cdfbe0aaca213306acac6cc24d01428a0a69c
-  data.tar.gz: 8f4a1a4b47e5ff405de3e5b7e35422c0bb2faff0cdee26bd4457d2e35da92cae
+  metadata.gz: 8eea96fdc325316f284a0af4b04409190da30a250b183dc260e6bc238631780f
+  data.tar.gz: 886eed8a4913860b9571c75f71a5ff91860f9d73d8489b0c64e14e5e034ced16
 SHA512:
-  metadata.gz: 4ae9da8ad578c4090f402dd16a76cfc1362450ee0e181b7c4655dd039d11a1a6f1028cb892daeb490c466c88bf9ac138bdc891cd35ccd6f87afb44a433ce7cbd
-  data.tar.gz: 80620537024513d144db6de8a9e9750d6319d89f02374613a6566f4142e5dc460bc570d61c8ce83d2b26f65b16d84556629f8f70bc8c38e4c610f0f7be79334c
+  metadata.gz: fafa923f924cfd8a39a8e88776828badd61b551a5c7165c292831b6185972267d2cb420a406e3578b65e443ff8bc2ead11e770f68c2dd12372416beba001500b
+  data.tar.gz: cc6dc8b41f9978413dcc1ac81c15a26ea2f3c844be5b58adce4c8246bafbdfccb216f43f8a732d1ebe9429334022e078c23d4b5300bfdd15fb38e0d802145033

data/lib/pikuri/mcp/cache.rb

@@ -71,7 +71,7 @@ module Pikuri
 
       # Return the cached description for the given +(entry, client,
       # tools)+ triple if a fresh entry exists, otherwise yield to
-      # compute it (typically a {Pikuri::Agent.think} call inside
+      # compute it (typically a one-shot thinker-agent run inside
       # {Servers#try_synthesize_description}), persist the result, and
       # return it.
       #

data/lib/pikuri/mcp/client_wrapper.rb

@@ -208,7 +208,8 @@ module Pikuri
         when Registry::StdioEntry
           MCP::Client::Stdio.new(
             command: @entry.command.first,
-            args: @entry.command.drop(1)
+            args: @entry.command.drop(1),
+            env: @entry.env
           )
         when Registry::HttpEntry
           MCP::Client::HTTP.new(url: @entry.url, headers: @entry.headers)

data/lib/pikuri/mcp/extension.rb

@@ -16,8 +16,9 @@ module Pikuri
     # the *shared* {Mcp::Servers} runtime — that's the resource the
     # extension owns. +bind+ fires once on the parent agent and
     # installs a +Connect+ tool keyed to it, registered via
-    # {Agent#internal_add_tool} so the tool's +execute+ closure can
-    # call back into the right chat when the LLM activates a server.
+    # {Pikuri::Agent::ExtensionContext#add_raw_tool} so the tool's
+    # +execute+ closure can call back into the right chat when the
+    # LLM activates a server.
     # Sub-agents do not inherit extensions, so they receive neither
     # the +Connect+ tool nor any MCP-backed tools — personas own
     # their toolset by construction.
@@ -70,21 +71,23 @@ module Pikuri
 
       # Build the shared {Servers} runtime, append the
       # +<available_mcps>+ block to the system prompt, and register
-      # the close handler. The +Synthesizer+ / +Verifier+ thinker
-      # closure captures the Configurator's transport + cancellable
-      # so the LLM-driven boot passes run against the same model
-      # the agent itself uses and honor the same cancel flag.
+      # the close handler. The {Synthesizer} / {Verifier} are
+      # handed the Configurator's transport + cancellable and build
+      # their own {Thinker} + production {Cache} from them, so the
+      # LLM-driven boot passes run against the same model the agent
+      # itself uses and honor the same cancel flag.
       #
       # @param c [Pikuri::Agent::Configurator]
       # @return [void]
       def configure(c)
         return if @registry.empty?
 
-        if @synthesize_descriptions || @verify_mcp_servers
-          thinker = build_thinker(c.transport, c.cancellable)
+        if @synthesize_descriptions
+          synthesizer = Mcp::Synthesizer.new(transport: c.transport, cancellable: c.cancellable)
+        end
+        if @verify_mcp_servers
+          verifier = Mcp::Verifier.new(transport: c.transport, cancellable: c.cancellable)
         end
-        synthesizer = build_synthesizer(thinker, c.transport.model) if @synthesize_descriptions
-        verifier    = build_verifier(thinker, c.transport.model)    if @verify_mcp_servers
 
         # Two-phase on purpose: construct (pure), arm cleanup, then
         # start. Arming +on_close+ *before* the failure-prone
@@ -103,52 +106,26 @@ module Pikuri
       end
 
       # Register a per-agent +mcp_connect+ tool on the agent's chat.
-      # The tool's +execute+ closure captures the agent reference so
-      # activations register their tools on the correct chat — see
+      # The tool's +execute+ closure captures the {ExtensionContext}
+      # so activations register their tools on the correct chat — see
       # IDEAS.md §"Two invariants worth recording" for the
       # static-vs-dynamic tool boundary.
       #
-      # @param agent [Pikuri::Agent]
+      # @param ctx [Pikuri::Agent::ExtensionContext]
       # @return [void]
-      def bind(agent)
+      def bind(ctx)
         return if @servers.nil? || @servers.empty?
 
-        if agent.tools.any?(Mcp::Servers::Connect)
+        if ctx.agent.tools.any?(Mcp::Servers::Connect)
           raise 'Mcp::Servers::Connect cannot be passed in tools: when an MCP runtime is wired; ' \
                 'Agent auto-registers it.'
         end
 
-        connect = @servers.build_mcp_connect_tool(agent)
-        agent.internal_add_tool(connect.to_ruby_llm_tool)
+        connect = @servers.build_mcp_connect_tool(ctx)
+        ctx.add_raw_tool(connect.to_ruby_llm_tool)
         nil
       end
 
-      private
-
-      def build_thinker(transport, cancellable)
-        ->(prompt) { Pikuri::Agent.think(transport: transport, prompt: prompt, cancellable: cancellable) }
-      end
-
-      def build_synthesizer(thinker, model_id)
-        Mcp::Synthesizer.new(
-          thinker: thinker,
-          cache: Mcp::Cache.new(
-            model_id: model_id,
-            prompt_version: Mcp::Synthesizer::PROMPT_VERSION
-          )
-        )
-      end
-
-      def build_verifier(thinker, model_id)
-        Mcp::Verifier.new(
-          thinker: thinker,
-          cache: Mcp::Cache.new(
-            model_id: model_id,
-            prompt_version: Mcp::Verifier::PROMPT_VERSION,
-            dir: File.join(File.dirname(Mcp::Cache::DIR), 'mcp_verifications')
-          )
-        )
-      end
     end
   end
 end

data/lib/pikuri/mcp/registry.rb

@@ -43,13 +43,30 @@ module Pikuri
     # owns the actual spawn — see CLAUDE.md "Subprocess seam" carve-out.
     # First element is the executable; remaining elements are arguments.
     #
+    # +env+ carries extra environment variables for the spawned process —
+    # the stdio counterpart of {HttpEntry}'s +headers:+, and the right
+    # place for a server's auth token (e.g. +{"GITHUB_TOKEN" => "..."}+)
+    # rather than baking secrets into the argv. The +mcp+ gem merges it
+    # over the inherited environment; an empty hash (the default) changes
+    # nothing. Like {HttpEntry}'s +headers+, +env+ is excluded from the
+    # cache fingerprint ({Cache#transport_descriptor}) so secrets never
+    # land on disk.
+    #
     # @!attribute [r] id
     #   @return [String] short identifier the LLM uses to refer to this
     #     server, e.g. +"gmail"+ or +"maven-tools"+.
     # @!attribute [r] command
     #   @return [Array<String>] argv to spawn the server,
     #     e.g. +["npx", "mcp-maven-deps"]+.
-    StdioEntry = Data.define(:id, :command)
+    # @!attribute [r] env
+    #   @return [Hash{String => String}] extra environment variables for
+    #     the spawned process, merged over the inherited environment.
+    #     Frozen. Defaults to an empty hash.
+    StdioEntry = Data.define(:id, :command, :env) do
+      def initialize(id:, command:, env: {})
+        super(id: id, command: command, env: env.freeze)
+      end
+    end
 
     # One remote-HTTP MCP server's configuration: a unique id, the
     # endpoint URL, and optional headers (typically auth) sent on every

data/lib/pikuri/mcp/servers.rb

@@ -85,8 +85,8 @@ module Pikuri
   # MCP tools arrive with JSON Schema in their +input_schema+;
   # +RubyLLM::Tool.params(schema)+ accepts that shape directly. We
   # therefore synthesize +RubyLLM::Tool+ subclasses inside this class
-  # and feed them through {Agent#internal_add_tool} — no
-  # +Pikuri::Tool::Parameters+ in the middle. The strict-validation
+  # and feed them through {Pikuri::Agent::ExtensionContext#add_raw_tool}
+  # — no +Pikuri::Tool::Parameters+ in the middle. The strict-validation
   # contract pikuri commits to for native tools is intentionally not
   # extended to MCP tools in v1; MCP-side validation catches bad input,
   # and the provenance prefix + audit log are the compensating
@@ -186,15 +186,16 @@ module Pikuri
       @live_ids.empty?
     end
 
-    # Build the +mcp_connect+ tool bound to the given agent. The agent
-    # passes itself so the tool can call +agent.internal_add_tool+
+    # Build the +mcp_connect+ tool bound to the given agent, via its
+    # {Pikuri::Agent::ExtensionContext}. {Extension#bind} passes the
+    # context it received so the tool can call +ctx.add_raw_tool+
     # without a circular constructor dance. Each call returns a fresh
     # {Connect} with an empty activation set.
     #
-    # @param agent [Agent]
+    # @param ctx [Pikuri::Agent::ExtensionContext]
     # @return [Connect]
-    def build_mcp_connect_tool(agent)
-      Connect.new(servers: self, agent: agent)
+    def build_mcp_connect_tool(ctx)
+      Connect.new(servers: self, ctx: ctx)
     end
 
     # System-prompt block advertising every live MCP server to the LLM.
@@ -226,24 +227,25 @@ module Pikuri
       lines.join("\n")
     end
 
-    # Register every tool exposed by server +id+ into +agent+'s
-    # underlying +RubyLLM::Chat+. Public so {View#register_tools_with_agent}
-    # can delegate; intended caller is {Connect} via
-    # {Agent#internal_add_tool}. Doesn't track activation — that's
-    # {Connect}'s job (each agent's tool instance owns its own set).
+    # Register every tool exposed by server +id+ into an agent's
+    # underlying +RubyLLM::Chat+, through the agent's
+    # {Pikuri::Agent::ExtensionContext}. Public so
+    # {View#register_tools_with_agent} can delegate; intended caller
+    # is {Connect}. Doesn't track activation — that's {Connect}'s
+    # job (each agent's tool instance owns its own set).
     #
     # @param id [String] server id; must be in {#live_ids}.
-    # @param agent [Agent]
+    # @param ctx [Pikuri::Agent::ExtensionContext]
     # @return [Integer] number of tools registered.
     # @raise [ArgumentError] if +id+ isn't live.
-    def register_tools_with_agent(id, agent)
+    def register_tools_with_agent(id, ctx)
       raise ArgumentError, "MCP server #{id.inspect} is not live" unless @live_ids.include?(id)
 
       wrapper = @wrappers.fetch(id)
       tools = @tools_cache.fetch(id)
       tools.each do |mcp_tool|
         rb_tool = synthesize_ruby_llm_tool(server_id: id, wrapper: wrapper, mcp_tool: mcp_tool)
-        agent.internal_add_tool(rb_tool)
+        ctx.add_raw_tool(rb_tool)
       end
       tools.size
     end
@@ -470,7 +472,8 @@ module Pikuri
 
     # The +mcp_connect+ tool exposed to the LLM. Private inner class —
     # instantiated only by {Servers#build_mcp_connect_tool} (called
-    # from {Agent#initialize}), never by application code.
+    # from {Extension#bind} with the agent's
+    # {Pikuri::Agent::ExtensionContext}), never by application code.
     #
     # Tracks its own activation +Set+ so re-connecting an already-active
     # server returns a recoverable +"Error: ..."+ String (the LLM has
@@ -491,9 +494,9 @@ module Pikuri
 
       # @param servers [Servers] shared runtime this tool resolves
       #   ids against and registers tools through.
-      # @param agent [Agent] agent into whose chat the activated tools
-      #   are registered.
-      def initialize(servers:, agent:)
+      # @param ctx [Pikuri::Agent::ExtensionContext] context of the
+      #   agent into whose chat the activated tools are registered.
+      def initialize(servers:, ctx:)
         activated = Set.new
 
         super(
@@ -515,7 +518,7 @@ module Pikuri
               next "Error: server '#{id}' is already connected; its tools are in your toolset, call them directly."
             end
 
-            count = servers.register_tools_with_agent(id, agent)
+            count = servers.register_tools_with_agent(id, ctx)
             activated << id
             "Connected to MCP server '#{id}'. Added #{count} tool#{'s' if count != 1} to your toolset."
           }

data/lib/pikuri/mcp/synthesizer.rb

@@ -11,11 +11,12 @@ module Pikuri
     #
     # == Cancellation
     #
-    # +Cancellable::Cancelled+ raised from inside the +@thinker+
-    # propagates up through {#call} (it's specifically *not*
-    # caught by the +StandardError+ rescue) so a user's Ctrl+C
-    # during a boot-time synthesis pass aborts startup cleanly
-    # rather than being silently logged as a "synthesis failure."
+    # +Cancellable::Cancelled+ raised from inside the thinker (the
+    # {Thinker} pre-call check) propagates up through {#call} (it's
+    # specifically *not* caught by the +StandardError+ rescue) so a
+    # user's Ctrl+C during a boot-time synthesis pass aborts
+    # startup cleanly rather than being silently logged as a
+    # "synthesis failure."
     #
     # == Fail-soft on errors
     #
@@ -34,18 +35,43 @@ module Pikuri
       # initializer kwarg, so a bump invalidates every cached entry
       # from the previous prompt without anyone having to +rm+ the
       # cache directory.
-      PROMPT_VERSION = 1
+      # Version 2: the thinker gained a generic system prompt
+      # ({Thinker::SYSTEM_PROMPT}), changing the effective prompt
+      # for every entry.
+      PROMPT_VERSION = 2
 
-      # @param thinker [Proc] one-arg callable invoked as
-      #   +thinker.call(prompt)+ — typically a closure over
-      #   {Pikuri::Agent.think} that captures the agent's transport
-      #   and cancellable.
-      # @param cache [Cache, Cache::NULL] storage layer. Defaults to
-      #   {Cache::NULL} so tests can construct a synthesizer without
-      #   a real cache.
-      def initialize(thinker:, cache: Cache::NULL)
-        @thinker = thinker
-        @cache = cache
+      # The easy path is +Synthesizer.new(transport: ...)+ — the
+      # {Thinker} and the production on-disk {Cache} are built
+      # right here, so wiring one up needs nothing beyond the
+      # transport the host agent already has. +thinker:+ exists as
+      # the explicit override (a custom callable, a test fake) and
+      # is mutually exclusive with the transport path.
+      #
+      # @param transport [Pikuri::Agent::ChatTransport, nil] when
+      #   set, a {Thinker} is constructed from it (and
+      #   +cancellable:+); the synthesis passes run against this
+      #   model.
+      # @param cancellable [Pikuri::Agent::Control::Cancellable, nil]
+      #   forwarded to the constructed {Thinker} so a boot-time
+      #   Ctrl+C aborts the pass. Only meaningful on the
+      #   +transport:+ path.
+      # @param thinker [#call, nil] one-arg callable invoked as
+      #   +thinker.call(prompt)+, replacing the built-in {Thinker}.
+      # @param cache [Cache, Cache::NULL, nil] storage layer. When
+      #   +nil+ (the default): the +transport:+ path builds the
+      #   production on-disk {Cache} keyed on the transport's model
+      #   and {PROMPT_VERSION}; the +thinker:+ path falls back to
+      #   {Cache::NULL} (no persistence — the test default).
+      # @raise [ArgumentError] when neither or both of +transport:+
+      #   and +thinker:+ are given, or when +cancellable:+ is
+      #   combined with +thinker:+
+      def initialize(transport: nil, cancellable: nil, thinker: nil, cache: nil)
+        raise ArgumentError, 'pass exactly one of transport: or thinker:' if transport.nil? == thinker.nil?
+        raise ArgumentError, 'cancellable: only applies to the transport: path' if thinker && cancellable
+
+        @thinker = thinker || Thinker.new(transport: transport, cancellable: cancellable)
+        @cache = cache ||
+                 (transport ? Cache.new(model_id: transport.model, prompt_version: PROMPT_VERSION) : Cache::NULL)
       end
 
       # Produce the description for one server. Returns the cleaned

data/lib/pikuri/mcp/thinker.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+module Pikuri
+  module Mcp
+    # One-shot LLM pass for the MCP boot-time checks: {Synthesizer}
+    # (description summarization) and {Verifier} (injection check)
+    # call {#call} with a self-contained prompt and get the model's
+    # reply back as a plain String. Each call constructs a fresh
+    # tools-free {Pikuri::Agent}, runs the prompt as its single
+    # turn, and closes it — fresh per call deliberately, so
+    # per-server prompts don't accumulate in one shared chat
+    # history and cross-contaminate. The construction cost is noise
+    # next to the LLM round-trip, and {Cache} short-circuits before
+    # {#call} fires anyway.
+    #
+    # No listeners (boot passes are silent), no step limit (no
+    # tools are wired, so the model has nothing to tick).
+    #
+    # == Cancellation
+    #
+    # +cancellable+ is checked once before each call — the "gentle
+    # cancel" semantic: a flag flipped between calls raises
+    # promptly; the in-flight HTTP call itself is not interrupted.
+    # It is deliberately NOT passed into the one-shot agent:
+    # +Agent#run_loop+ resets its cancellable at the turn boundary,
+    # which would erase a pending Ctrl+C instead of honoring it
+    # (and a tools-free non-streaming turn has no check points
+    # anyway).
+    #
+    # == Failure
+    #
+    # Errors from the provider propagate to the caller verbatim —
+    # no recovery layer here. {Synthesizer} rescues at its level
+    # and falls back to a default; {Verifier} lets them bubble.
+    class Thinker
+      # System prompt for the one-shot agents. The real
+      # instructions (synthesis framing, verification rubric) live
+      # in the prompt {Synthesizer} / {Verifier} build and send as
+      # the user turn, so this stays generic.
+      SYSTEM_PROMPT =
+        'You are a one-shot analysis pass inside an agent boot sequence. ' \
+        'Follow the instructions in the user message exactly and reply ' \
+        'with only what they ask for — no preamble.'
+
+      # @param transport [Pikuri::Agent::ChatTransport] the
+      #   model-resolution triple every one-shot agent is
+      #   constructed with — typically the host agent's own, so
+      #   boot passes run against the same model.
+      # @param cancellable [Pikuri::Agent::Control::Cancellable, nil]
+      #   when set, checked before each {#call} so a boot-time
+      #   Ctrl+C aborts startup on the next pass.
+      # @raise [ArgumentError] when +transport+ is +nil+
+      def initialize(transport:, cancellable: nil)
+        raise ArgumentError, 'transport must not be nil' if transport.nil?
+
+        @transport = transport
+        @cancellable = cancellable
+      end
+
+      # Run one prompt through a fresh tools-free agent.
+      #
+      # @param prompt [String] self-contained instructions + data,
+      #   sent as the single user turn
+      # @return [String] the assistant's reply content (+""+ when
+      #   the provider produced no assistant message)
+      # @raise [Pikuri::Agent::Control::Cancellable::Cancelled]
+      #   when the +cancellable+ flag was tripped at the pre-call
+      #   check
+      def call(prompt)
+        @cancellable&.check!
+        agent = Pikuri::Agent.new(transport: @transport, system_prompt: SYSTEM_PROMPT)
+        begin
+          agent.run_loop(user_message: prompt)
+          agent.last_assistant_content.to_s
+        ensure
+          agent.close
+        end
+      end
+    end
+  end
+end

data/lib/pikuri/mcp/verifier.rb

@@ -62,7 +62,16 @@ module Pikuri
       # folds this into its key fingerprint so a prompt edit
       # invalidates every cached "OK" without anyone having to
       # +rm+ the cache directory.
-      PROMPT_VERSION = 1
+      # Version 2: the thinker gained a generic system prompt
+      # ({Thinker::SYSTEM_PROMPT}), changing the effective prompt
+      # for every entry.
+      PROMPT_VERSION = 2
+
+      # Where the production cache lives — a sibling of
+      # {Cache::DIR} so verification verdicts never collide with
+      # synthesized descriptions (same key fingerprint, different
+      # meaning).
+      CACHE_DIR = File.join(File.dirname(Cache::DIR), 'mcp_verifications')
 
       # Code points with no legitimate place in human-readable tool
       # documentation. Each range catches one category of "hide
@@ -86,16 +95,42 @@ module Pikuri
       # describes WHAT was found and WHERE.
       class InjectionDetected < StandardError; end
 
-      # @param thinker [Proc] one-arg callable invoked as
-      #   +thinker.call(prompt)+; same closure shape {Synthesizer}
-      #   uses.
-      # @param cache [Cache, Cache::NULL] cache for the LLM-pass
-      #   result. Defaults to {Cache::NULL} so tests can skip
-      #   disk persistence; production wiring in {Agent} uses a
-      #   real {Cache} pointing at a +mcp_verifications+ dir.
-      def initialize(thinker:, cache: Cache::NULL)
-        @thinker = thinker
-        @cache = cache
+      # The easy path is +Verifier.new(transport: ...)+ — the
+      # {Thinker} and the production on-disk {Cache} (under
+      # {CACHE_DIR}) are built right here. +thinker:+ exists as the
+      # explicit override (a custom callable, a test fake) and is
+      # mutually exclusive with the transport path. Same
+      # constructor shape as {Synthesizer}.
+      #
+      # @param transport [Pikuri::Agent::ChatTransport, nil] when
+      #   set, a {Thinker} is constructed from it (and
+      #   +cancellable:+); the verification passes run against this
+      #   model.
+      # @param cancellable [Pikuri::Agent::Control::Cancellable, nil]
+      #   forwarded to the constructed {Thinker} so a boot-time
+      #   Ctrl+C aborts the pass. Only meaningful on the
+      #   +transport:+ path.
+      # @param thinker [#call, nil] one-arg callable invoked as
+      #   +thinker.call(prompt)+, replacing the built-in {Thinker}.
+      # @param cache [Cache, Cache::NULL, nil] cache for the
+      #   LLM-pass result. When +nil+ (the default): the
+      #   +transport:+ path builds the production on-disk {Cache}
+      #   under {CACHE_DIR}; the +thinker:+ path falls back to
+      #   {Cache::NULL} (no persistence — the test default).
+      # @raise [ArgumentError] when neither or both of +transport:+
+      #   and +thinker:+ are given, or when +cancellable:+ is
+      #   combined with +thinker:+
+      def initialize(transport: nil, cancellable: nil, thinker: nil, cache: nil)
+        raise ArgumentError, 'pass exactly one of transport: or thinker:' if transport.nil? == thinker.nil?
+        raise ArgumentError, 'cancellable: only applies to the transport: path' if thinker && cancellable
+
+        @thinker = thinker || Thinker.new(transport: transport, cancellable: cancellable)
+        @cache = cache ||
+                 if transport
+                   Cache.new(model_id: transport.model, prompt_version: PROMPT_VERSION, dir: CACHE_DIR)
+                 else
+                   Cache::NULL
+                 end
       end
 
       # Verify the server's surface. Returns nothing on success;

data/lib/pikuri-mcp.rb

@@ -7,9 +7,9 @@ require 'pikuri-core'
 # +Pikuri::+ namespace alongside pikuri-core. After
 # +require 'pikuri-mcp'+, +Pikuri::Mcp::Registry+,
 # +Pikuri::Mcp::Servers+, +Pikuri::Mcp::Synthesizer+,
-# +Pikuri::Mcp::Verifier+, +Pikuri::Mcp::Cache+,
-# +Pikuri::Mcp::ClientWrapper+ and +Pikuri::Mcp::Extension+ are all
-# defined.
+# +Pikuri::Mcp::Verifier+, +Pikuri::Mcp::Thinker+,
+# +Pikuri::Mcp::Cache+, +Pikuri::Mcp::ClientWrapper+ and
+# +Pikuri::Mcp::Extension+ are all defined.
 #
 # Per-gem loader (not shared with pikuri-core's loader) so each gem
 # owns its own +lib/+ tree and the cooperation between gems is via

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: pikuri-mcp
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.0.7
 platform: ruby
 authors:
 - Martin Vysny
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-06-04 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pikuri-core
@@ -16,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.0.6
+        version: 0.0.7
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.0.6
+        version: 0.0.7
 - !ruby/object:Gem::Dependency
   name: mcp
   requirement: !ruby/object:Gem::Requirement
@@ -62,6 +61,7 @@ files:
 - lib/pikuri/mcp/registry.rb
 - lib/pikuri/mcp/servers.rb
 - lib/pikuri/mcp/synthesizer.rb
+- lib/pikuri/mcp/thinker.rb
 - lib/pikuri/mcp/verifier.rb
 - prompts/pikuri-openlibrary.txt
 homepage: https://codeberg.org/mvysny/pikuri
@@ -72,7 +72,6 @@ metadata:
   changelog_uri: https://codeberg.org/mvysny/pikuri/src/branch/master/CHANGELOG.md
   bug_tracker_uri: https://codeberg.org/mvysny/pikuri/issues
   rubygems_mfa_required: 'true'
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -87,8 +86,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.22
-signing_key:
+rubygems_version: 3.6.7
 specification_version: 4
 summary: Model Context Protocol (MCP) support for pikuri.
 test_files: []