pluribus-context 0.3.27 → 0.3.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -63,6 +63,22 @@ Public trace:
|
|
|
63
63
|
|
|
64
64
|
- `examples/context-input-evidence/subagent-context-budget-otel-trace.json`
|
|
65
65
|
|
|
66
|
+
## Per-agent MCP injection
|
|
67
|
+
|
|
68
|
+
Role-specific subagents may need different MCP surfaces: a testing agent might need `testing` and `github`, while deployment, analytics, email, or browser servers should stay outside that boot context. The receipt should prove the policy boundary before the first task:
|
|
69
|
+
|
|
70
|
+
- role/session id for the subagent without raw instructions;
|
|
71
|
+
- available server count/hash for the role;
|
|
72
|
+
- excluded server count/hash before boot;
|
|
73
|
+
- loaded vs deferred tool-definition counts;
|
|
74
|
+
- startup token bucket after the policy was applied; and
|
|
75
|
+
- an explicit audit gap that this proves injection scope, not semantic tool quality.
|
|
76
|
+
|
|
77
|
+
Minimal events:
|
|
78
|
+
|
|
79
|
+
- `subagent.mcp_policy.applied`
|
|
80
|
+
- `subagent.context_boot.evaluated`
|
|
81
|
+
|
|
66
82
|
## Delegation boundary
|
|
67
83
|
|
|
68
84
|
A subagent can save parent context at boot and still lose the benefit if raw child output is pasted back into the parent. The receipt should prove:
|
|
@@ -146,7 +162,8 @@ Instead of “why is my subagent bad?”, ask for a receipt or debug JSON that c
|
|
|
146
162
|
2. How many were loaded into the parent?
|
|
147
163
|
3. How many were loaded into the subagent?
|
|
148
164
|
4. How many were suppressed/deferred?
|
|
149
|
-
5.
|
|
150
|
-
6.
|
|
165
|
+
5. For a subagent, which MCP servers were allowed and which were excluded before boot?
|
|
166
|
+
6. What token bucket remained before the first tool call?
|
|
167
|
+
7. Did raw child output return to the parent, or only a bounded summary?
|
|
151
168
|
|
|
152
169
|
That is the narrow wedge for Pluribus: context-budget evidence across agent boundaries, not another memory store or tool router.
|
|
@@ -13,7 +13,7 @@ It is intentionally markdown-only so it can be copied into a local skills direct
|
|
|
13
13
|
Ask an agent or harness using the skill to emit a receipt for one workflow and verify these constraints:
|
|
14
14
|
|
|
15
15
|
```bash
|
|
16
|
-
grep -E 'mcp\.tool_index\.loaded|context\.skill\.registry\.index\.loaded|subagent\.delegation\.requested' receipt.jsonl
|
|
16
|
+
grep -E 'mcp\.tool_index\.loaded|context\.skill\.registry\.index\.loaded|subagent\.mcp_policy\.applied|subagent\.delegation\.requested' receipt.jsonl
|
|
17
17
|
grep -E 'raw_(schema|query|args|result|output)_copied":false|raw.*CopiedToReceipt":false' receipt.jsonl
|
|
18
18
|
```
|
|
19
19
|
|
|
@@ -59,6 +59,24 @@ Minimal event names:
|
|
|
59
59
|
- `context.input.loaded`
|
|
60
60
|
- `context.input.candidate_suppressed`
|
|
61
61
|
|
|
62
|
+
## Per-agent MCP injection smoke
|
|
63
|
+
|
|
64
|
+
For role-specific subagents or per-agent MCP configs, prove the policy boundary before debugging model quality:
|
|
65
|
+
|
|
66
|
+
- which subagent role/session requested tools;
|
|
67
|
+
- which MCP servers were available to that role;
|
|
68
|
+
- which servers were explicitly excluded before boot;
|
|
69
|
+
- whether startup loaded full schemas or only a compact index;
|
|
70
|
+
- how many tool definitions stayed deferred/suppressed; and
|
|
71
|
+
- the startup token bucket after policy was applied.
|
|
72
|
+
|
|
73
|
+
Minimal JSONL event names:
|
|
74
|
+
|
|
75
|
+
```jsonl
|
|
76
|
+
{"event":"subagent.mcp_policy.applied","subagent_role":"testing","available_server_count":2,"available_servers_hash":"sha256:...","excluded_server_count":5,"excluded_servers_hash":"sha256:...","policy_source":"role_config","raw_server_names_copied":false}
|
|
77
|
+
{"event":"subagent.context_boot.evaluated","subagent_role":"testing","loaded_tool_definition_count":0,"deferred_tool_definition_count":48,"startup_token_bucket":"50k_75k","raw_schema_copied":false,"audit_gap":"proves injection boundary, not tool relevance"}
|
|
78
|
+
```
|
|
79
|
+
|
|
62
80
|
## Subagent / manager boundary smoke
|
|
63
81
|
|
|
64
82
|
For subagents, manager agents, or child workers, answer:
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "pluribus-context",
|
|
3
|
-
"version": "0.3.
|
|
3
|
+
"version": "0.3.28",
|
|
4
4
|
"description": "AI context and rules sync CLI for Claude.md, Claude Code, Cursor, and Copilot instructions, with privacy-safe context receipts that prove what memory, tools, skills, compactions, and security findings crossed agent boundaries without logging raw content.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"homepage": "https://github.com/caioribeiroclw-pixel/pluribus#readme",
|
package/src/utils/version.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export const VERSION = '0.3.
|
|
1
|
+
export const VERSION = '0.3.28'
|