Skip to content

docs: add mcp whitelist, maxturn, and halt/warn hook patterns#14

Merged
heraldstack merged 2 commits into
mainfrom
docs/efficiency-patterns
Apr 11, 2026
Merged

docs: add mcp whitelist, maxturn, and halt/warn hook patterns#14
heraldstack merged 2 commits into
mainfrom
docs/efficiency-patterns

Conversation

@heraldstack

Copy link
Copy Markdown
Owner

summary

three canonical patterns promoted from the cross-harness efficiency pass (2026-04-11). all three were applied across shannon, ux-testing, and chrome-extension before being written up here.

patterns added

  • mcp-server-whitelist-pattern.md — explicit mcpServers declaration; mcpServers:[] for REST-only agents; audit script; disallowedTools cleanup note; harness application table
  • max-turns-bounded-tasks-pattern.md — maxTurns calibration by task type; bounded vs open-ended distinction; kiro format difference noted; applied agents table
  • hook-governance-pattern.md — section 4 added: SessionStart halt/warn pattern with two-tier systemMessage/stderr behavior, service tier table, applied repos table

risen alignment

  • role: pattern author promoting applied harness lessons to canonical library
  • instructions: document each pattern as problem → solution → implementation → where applied
  • steps: write mcp-server-whitelist-pattern.md, write max-turns-bounded-tasks-pattern.md, append halt/warn section to hook-governance-pattern.md, commit
  • expectation: three patterns readable standalone, consistent with existing pattern doc structure
  • narrowing: docs/patterns/ only — no agent definitions, no scripts, no specs touched

attribution

  • bryanchasko attribution recorded
  • heraldstack attribution recorded

signal promotion linkage (if applicable)

  • source url:
  • promotion decision:
  • state label: state/in-progress
  • project fields updated:

checks

  • docs-schema-validate
  • issue-state-label-gate
  • attribution-gate
  • risen-contract-gate

three new canonical patterns from the cross-harness efficiency pass
(2026-04-11). applied across shannon, ux-testing, and chrome-extension
before being promoted to the canonical library.

- mcp-server-whitelist-pattern.md: explicit mcpServers declaration,
  mcpServers:[] for REST-only agents, audit script, harness table
- max-turns-bounded-tasks-pattern.md: maxTurns calibration by task type,
  kiro vs claude code format differences, applied agents table
- hook-governance-pattern.md: adds section 4 — SessionStart halt/warn
  pattern with two-tier systemMessage/stderr behavior, applied table

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 63f39759c4

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".


### agents that legitimately need the full session set

leave the field absent — but document why. add a comment or a note in the agent's `## mcp` section explaining that full server inheritance is intentional. this makes the omission a deliberate choice rather than an oversight.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Clarify full-session MCP exception to avoid implicit inheritance

This section tells readers to leave mcpServers absent for some agents, which directly conflicts with the file’s core rule (“declare an explicit, minimal mcpServers block” and “never inherit … by omission”). In practice, that ambiguity can cause teams to reintroduce implicit full-session inheritance for ordinary agents and miss it during audits, defeating the safety/token-reduction objective of this pattern.

Useful? React with 👍 / 👎.

Comment on lines +174 to +175
**purpose:** surface critical infrastructure failures as hard blocks or amber warnings at session open, before the agent attempts any tool call that depends on those services.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Do not label SessionStart notices as hard halts

The new guidance describes this behavior as a “hard block,” but the provided implementation only emits systemMessage JSON and never exits non-zero; later text also says stdout is injected into context before turn one. That means sessions continue even when critical services are down, so operators relying on this as an enforced halt can still run tasks against unavailable infrastructure.

Useful? React with 👍 / 👎.

@heraldstack heraldstack merged commit 0fe94c8 into main Apr 11, 2026
4 checks passed
@heraldstack heraldstack deleted the docs/efficiency-patterns branch April 11, 2026 20:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant