feat(mcp): gate duplicate read tools behind MCP_READ_TOOLS (native-first retrieval)#73
Merged
Merged
Conversation
…rst retrieval) Filesystem-capable agents (e.g. the Hermes daemon) over-relied on the MCP content-read tools that merely duplicate direct file access, funnelling reactive exploration through narrower, capped tool contracts and undercutting the reason an agent was chosen over RAG: free file access. Gate the seven content-read tools (get_soul, search_index, read_wiki, grep_vault, read_note, read_raw, vault_overview) behind a new MCP_READ_TOOLS env var (default false). Graph tools (related_notes, expand_graph) and all write tools stay registered. Clients without filesystem access to the vault set MCP_READ_TOOLS=true to restore the read tools. The flag threads through Run / NewServer / registerTools and RegisteredTools(readTools), and through cmd (loadConfig, the in-process server, AGENTS.md generation, and the standalone `mcp` subcommand) so the auto-generated AGENTS.md tool list always matches the live tool surface. The template's "optional accelerators" guidance now tells agents to trust the live Available MCP Tools list and read files directly when a tool is absent. See docs/adr/023-native-first-retrieval-read-tool-gating.md. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Filesystem-capable agents (e.g. the Hermes daemon, which mounts the vault) were over-relying on the MCP content-read tools that merely duplicate direct file access. That funnels reactive exploration through narrower, capped tool contracts (
grep_vaultis substring-only, ≤20 results) and undercuts the reason an agent was chosen over RAG: free file access.This gates the seven duplicate content-read tools behind a new
MCP_READ_TOOLSenv var (defaultfalse), so the existing AGENTS.md guidance ("read directly") is enforced, not just suggested.get_soul,search_index,read_wiki,grep_vault,read_note,read_raw,vault_overviewrelated_notes,expand_graph(need the SQLite edge index — not reconstructable from a single file read) and all writesadd_bookmark,add_note,update_wiki,delete_pageMCP_READ_TOOLS=trueto restore the read tools — no client is permanently broken.The flag threads through
Run/NewServer/registerToolsandRegisteredTools(readTools), pluscmd(loadConfig, the in-process server, AGENTS.md generation, and the standalonemcpsubcommand), so the auto-generated AGENTS.md tool list always matches the live tool surface. The template's "optional accelerators" section now tells agents to trust the live Available MCP Tools list and read files directly when a named tool is absent.Citation/source-attribution behaviour is unaffected — native reads expose each wiki page's
source:frontmatter and*Source: [title](url)*footer, which AGENTS.md already requires agents to cite.Why a flag (reversible experiment)
Native-first retrieval trades purpose-built guardrails for raw flexibility; whether it beats MCP-read retrieval depends on the agent's navigation competence — an empirical question. The flag enables an A/B comparison (citation rate, recall, wasted reads) per deployment.
ADR:
docs/adr/023-native-first-retrieval-read-tool-gating.mdTest plan
cmdtest:MCP_READ_TOOLSparsing (unset/empty/garbage → off;true/1→ on).mcpservertests:RegisteredTools(false)excludes the 7 read tools and includes always-on;RegisteredTools(true)includes all; live server omits read tools whenreadTools=false; existingRegisteredToolsMatchesServernow runs for both flag states.🤖 Generated with Claude Code