Skip to content

feat(acp): update agent-client-protocol 0.10.2→0.10.3, schema 0.11.2→0.11.3#2423

Merged
bug-ops merged 1 commit intomainfrom
feat-acp-update-agent-client-p
Mar 30, 2026
Merged

feat(acp): update agent-client-protocol 0.10.2→0.10.3, schema 0.11.2→0.11.3#2423
bug-ops merged 1 commit intomainfrom
feat-acp-update-agent-client-p

Conversation

@bug-ops
Copy link
Copy Markdown
Owner

@bug-ops bug-ops commented Mar 30, 2026

Summary

  • Bump agent-client-protocol 0.10.2→0.10.3 (pulls agent-client-protocol-schema 0.11.3 transitively)
  • Add unstable-logout feature: no-op logout handler for vault-based stateless auth; auth.logout capability advertised in initialize()
  • Add unstable-elicitation feature gate (schema types exposed; no SDK methods wired in 0.10.3 — documented in README)
  • Fix discovery endpoint: protocol_version changed from hardcoded string "0.9" to acp::ProtocolVersion::LATEST (integer 1, correct ACP v1 wire format)
  • Fix Cargo feature antipattern in zeph-acp: unstable features now flow exclusively through [features] passthrough, not hardcoded in [dependencies]
  • Add integration tests for logout capability advertisement, logout handler response, and discovery protocol_version field
  • Fix tokio-tungstenite dev-dep missing features = ["connect"] (pre-existing compilation regression with --all-features)

Test plan

  • cargo +nightly fmt --check — pass
  • cargo clippy --workspace --features full -- -D warnings — pass (0 warnings)
  • cargo nextest run --config-file .github/nextest.toml --workspace --features full --lib --bins — 7262 passed (4 new tests added)
  • cargo check --all-features -p zeph-acp — pass
  • Security audit: no new advisories, no unsafe code, no unwrap in new code
  • unstable-logout disabled path compiles (trait has default impl)

Notes

  • protocol_version JSON type change ("0.9" string → 1 integer) is a breaking wire-format fix aligning with ACP v1 spec
  • session/list was already stable in zeph-acp — no code change needed, README updated
  • NES and additional_directories (schema 0.11.4) deferred; schema 0.11.3 is what 0.10.3 pins

Closes #2411

@bug-ops
feat(acp): update agent-client-protocol 0.10.2→0.10.3, schema 0.11.2→…
87df20f 
…0.11.3

- Bump agent-client-protocol to 0.10.3 (schema 0.11.3 transitive)
- Add unstable-logout capability: no-op handler for vault-based auth sessions,
  advertise auth.logout in initialize() capabilities
- Add unstable-elicitation feature gate (schema types only, no SDK methods in 0.10.3)
- Fix discovery endpoint: replace hardcoded "protocol_version": "0.9" string with
  acp::ProtocolVersion::LATEST (integer 1, correct ACP v1 wire format)
- Fix Cargo feature antipattern: unstable features now use [features] passthrough
  only, removing hardcoded activation from [dependencies]
- Add integration tests: logout capability advertisement, logout handler, discovery
  protocol_version field assertion
- Fix tokio-tungstenite dev-dep missing "connect" feature (pre-existing regression)

Closes #2411
@bug-ops bug-ops enabled auto-merge (squash) March 30, 2026 01:58
@github-actions github-actions bot added documentation Improvements or additions to documentation rust Rust code changes dependencies Dependency updates enhancement New feature or request size/M Medium PR (51-200 lines) labels Mar 30, 2026
@bug-ops bug-ops merged commit d987254 into main Mar 30, 2026
31 checks passed
@bug-ops bug-ops deleted the feat-acp-update-agent-client-p branch March 30, 2026 02:05
@bug-ops bug-ops mentioned this pull request Mar 30, 2026
Closed
bug-ops added a commit that referenced this pull request Mar 30, 2026
@bug-ops
fix(acp): populate authMethods, add /agent.json endpoint, eliminate I…
66d9573 
…PI duplication

- Populate InitializeResponse.auth_methods with [{type: agent, id: zeph}] using
  the typed builder; previously returned authMethods: [] which blocked ACP Registry
  inclusion (#2422)
- Serve GET /agent.json with agent identity manifest (id, name, version, description,
  distribution) for ACP Registry discovery; gated on discovery_enabled (#2422)
- Extract apply_three_class_classifier_with_cfg and apply_causal_analyzer_with_cfg
  helpers in agent_setup.rs; acp.rs now delegates instead of inlining construction
  eliminating the DRY gap from #2369 (#2370)
- discovery.rs already reflects ProtocolVersion::LATEST since PR #2423 (#2412)

Closes #2422, closes #2370
@bug-ops bug-ops mentioned this pull request Mar 30, 2026
Merged
4 tasks
bug-ops added a commit that referenced this pull request Mar 30, 2026
@bug-ops
fix(acp): populate authMethods, add /agent.json endpoint, eliminate I…
c793478 
…PI duplication (#2431)

- Populate InitializeResponse.auth_methods with [{type: agent, id: zeph}] using
  the typed builder; previously returned authMethods: [] which blocked ACP Registry
  inclusion (#2422)
- Serve GET /agent.json with agent identity manifest (id, name, version, description,
  distribution) for ACP Registry discovery; gated on discovery_enabled (#2422)
- Extract apply_three_class_classifier_with_cfg and apply_causal_analyzer_with_cfg
  helpers in agent_setup.rs; acp.rs now delegates instead of inlining construction
  eliminating the DRY gap from #2369 (#2370)
- discovery.rs already reflects ProtocolVersion::LATEST since PR #2423 (#2412)

Closes #2422, closes #2370
bug-ops added a commit that referenced this pull request Mar 30, 2026
@bug-ops
fix(security): extend MCP env var blocklist and fix audit logger sile…
75bc336 
…nt drop

Closes #2437, closes #2438.

- Extend `is_dangerous_env_var()` in `mcp_bridge.rs` to block PATH (path
  hijacking), HTTP_PROXY/HTTPS_PROXY/ALL_PROXY/NO_PROXY (proxy interception),
  BASH_ENV/ENV (shell startup injection), and PYTHONPATH/NODE_PATH/RUBYLIB
  (runtime module injection). These vars were not filtered by PR #2436.

- Replace silent `return` in `AuditLogger::log()` with
  `tracing::error!("audit entry serialization failed: {err}")` so
  serialization failures are observable in logs instead of silently dropped.

- Update and extend tests for both changes.

Note: #2412 was already resolved in PR #2423 (ProtocolVersion::LATEST in
discovery handler); CHANGELOG entry added only.
@bug-ops bug-ops mentioned this pull request Mar 30, 2026
Merged
4 tasks
bug-ops added a commit that referenced this pull request Mar 30, 2026
@bug-ops
fix(security): extend MCP env var blocklist and fix audit logger sile…
a8f6d01 
…nt drop (#2446)

Closes #2437, closes #2438.

- Extend `is_dangerous_env_var()` in `mcp_bridge.rs` to block PATH (path
  hijacking), HTTP_PROXY/HTTPS_PROXY/ALL_PROXY/NO_PROXY (proxy interception),
  BASH_ENV/ENV (shell startup injection), and PYTHONPATH/NODE_PATH/RUBYLIB
  (runtime module injection). These vars were not filtered by PR #2436.

- Replace silent `return` in `AuditLogger::log()` with
  `tracing::error!("audit entry serialization failed: {err}")` so
  serialization failures are observable in logs instead of silently dropped.

- Update and extend tests for both changes.

Note: #2412 was already resolved in PR #2423 (ProtocolVersion::LATEST in
discovery handler); CHANGELOG entry added only.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Dependency updates documentation Improvements or additions to documentation enhancement New feature or request rust Rust code changes size/M Medium PR (51-200 lines)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat(acp): update agent-client-protocol 0.10.2→0.10.3 + schema 0.11.2→0.11.4 — logout, elicitation, NES, stabilized session/list

1 participant

@bug-ops