Skip to content

feat: add read-only agent-sudo topology view#117

Merged
Ram9199 merged 4 commits into
mainfrom
feat/topology-view
Jun 13, 2026
Merged

feat: add read-only agent-sudo topology view#117
Ram9199 merged 4 commits into
mainfrom
feat/topology-view

Conversation

@Ram9199

@Ram9199 Ram9199 commented Jun 13, 2026

Copy link
Copy Markdown
Member

Closes #112. Last in the founder-dogfood self-identity chain. Regroups inventory data into the view a confused user actually needs.

Goal: answer "What Agent_Sudo instances are guarding me right now?" and "What is not routed through Agent_Sudo?" — the exact questions from the original dogfood session.

What

agent-sudo topology (human view + --json), four flat sections:

1. CLI surfaces (your shell / terminal)
   agent-sudo  →  ~/.pyenv/versions/3.11.14   v0.5.6   (editable: /Volumes/Storage/Agent_Sudo)
   agent-sudo  →  ~/.pyenv/shims   (pyenv shim — resolves to the active pyenv version)
2. MCP clients (routed through Agent_Sudo)
   claude-desktop   v0.5.6   config/command/audit ...
   gemini / antigravity   v0.5.6   (→ ~/Developer engine)
3. Audit destinations
   ~/.agent-sudo/mcp-audit.jsonl              ←  claude-desktop
   ~/.agent-sudo/antigravity-mcp-audit.jsonl  ←  antigravity, gemini
4. Not routed through Agent_Sudo
   smithery   present, NOT configured to route through Agent_Sudo

On the dogfood machine this surfaces the original confusions directly: which copy the terminal uses, that Claude Desktop runs the /Volumes/Storage engine while Gemini/Antigravity run the ~/Developer engine, the two audit logs, and Smithery as present-but-not-routed.

Design constraints (all honored)

  • Reuse inventory data: built on build_inventory(); the only inventory change is an additive ConfigRecord.audit_log field (extracted from the client's --audit-log arg).
  • Read-only: no execution of discovered binaries, no auto-fix, no cleanup.
  • No generic framework / no graph / no daemon: four flat sections; the unrouted set is a tiny concrete registry (Smithery), with probes injectable for tests.

Tests / validation

  • New tests/test_topology.py (12 cases): CLI-surface ordering + shim flag, MCP client audit/editable-source join, audit-destination grouping, not-routed detection (present / absent / routed-name-excluded), formatter sections, audit-log arg extraction.
  • Full suite: 505 passed. ruff clean.
  • Docs: command_reference.md gains a topology entry + category-table row.

Ram9199 and others added 2 commits June 12, 2026 22:53
@Ram9199
feat: add read-only agent-sudo topology view
c63900a 
Answer 'what Agent_Sudo instances are guarding me right now, and what is not
routed through Agent_Sudo?' Four sections, regrouped from inventory data plus a
small presence probe:

1. CLI surfaces — the agent-sudo your shell resolves (install + version)
2. MCP clients — Claude Desktop / Gemini / Antigravity: config, command,
   version, and the audit log each writes to
3. Audit destinations — which clients share which audit log
4. Not routed — MCP tooling present but not wired through Agent_Sudo
   (Smithery is the motivating example)

Reuses build_inventory(); adds an additive ConfigRecord.audit_log field
(extracted from the client's --audit-log arg). Read-only: no execution of
discovered binaries, no auto-fix, no cleanup, no graph, no process monitor.
The unrouted-tool registry and probe paths are injectable for tests.

Closes #112
@github-actions
style: mechanical ruff format and lint fixes
f08a84e
@Ram9199 Ram9199 mentioned this pull request Jun 13, 2026
Closed
Ram9199 and others added 2 commits June 12, 2026 23:11
@Ram9199
fix: collapse pyenv shim into resolved install in topology CLI surfaces
ae63fee 
A shim only resolves to a version install; showing both as separate CLI rows
was a misleading duplicate. Collapse the shim into the pyenv-version install it
resolves to (marked via_shim), and only show a standalone shim when nothing
else is on PATH. Add tests for collapse and the shim-only fallback.
@github-actions
style: mechanical ruff format and lint fixes
9710493
@Ram9199

Ram9199 commented Jun 13, 2026

Copy link
Copy Markdown
Member Author

Verification pass (7 checks) — all pass; one improvement pushed.

  1. Read-only ✅ — fingerprinted ~/.agent-sudo, all client configs, codex toml before/after topology + topology --json: zero changes. From an empty cwd, topology writes nothing (the repo's ./.agent-sudo is pre-existing/git-ignored, not created here).
  2. CLI shim collapse ✅ — improved during this pass: the pyenv shim no longer renders as a second CLI row. It now collapses into the resolved pyenv-version install, marked [resolved via pyenv shim]. Standalone shim shown only when nothing else is on PATH. (commit ae63fee)
  3. MCP clients ✅ — every client carries config path, command path, version, and audit destination.
  4. Audit destinations ✅ — shared logs group correctly (gemini+antigravity); a config with no --audit-log does NOT invent a destination.
  5. Not-routed ✅ — Smithery detected as present + 'NOT configured to route through Agent_Sudo'; never claims it is protected/guarded by Agent_Sudo.
  6. --json == human ✅ — all four sections + the same client/audit facts present in JSON.
  7. Clean machine ✅ — no clients/installs degrades gracefully: empty sections, explicit '(no …)' lines, no crash.

Full suite: 506 passed. ruff clean.

@Ram9199 Ram9199 merged commit 854cdef into main Jun 13, 2026
@Ram9199 Ram9199 deleted the feat/topology-view branch June 13, 2026 06:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Topology view: CLI surfaces, MCP clients, audit locations, and not-routed tools

1 participant

@Ram9199