Background
PR #495's MCP capability inference (McpCapabilityInference) is pattern-based — verb regexes against method names, field-name lookups for path-typed args. Conservative by design: if patterns match → emit FileWrite/FileDelete/FileMove so the structural-denial layer fires; if not → fall back to McpInvoke and the standard prompt.
The known limitation: a method named write_log(path=...) would be classified as FileWrite even if it's a logging API (false positive — user sees a "write to" prompt when they expected the MCP prompt).
In practice this should be rare — most MCP filesystem-style servers follow the snake/camel conventions the inference is tuned for, and non-filesystem methods rarely use the path field name for non-filesystem identifiers. But we don't know how rare until we ship and watch.
Plan
1 week post-merge of #495:
Acceptance
Context
Follow-up to PR #495 — "Known limitations" section flagged the heuristic as needing real-world validation.
Background
PR #495's MCP capability inference (
McpCapabilityInference) is pattern-based — verb regexes against method names, field-name lookups for path-typed args. Conservative by design: if patterns match → emitFileWrite/FileDelete/FileMoveso the structural-denial layer fires; if not → fall back toMcpInvokeand the standard prompt.The known limitation: a method named
write_log(path=...)would be classified asFileWriteeven if it's a logging API (false positive — user sees a "write to" prompt when they expected the MCP prompt).In practice this should be rare — most MCP filesystem-style servers follow the snake/camel conventions the inference is tuned for, and non-filesystem methods rarely use the
pathfield name for non-filesystem identifiers. But we don't know how rare until we ship and watch.Plan
1 week post-merge of #495:
~/.aceclaw/audit/*.jsonl) for@type=FileWrite/FileDelete/FileMoveentries wheretoolNamestarts withmcp__.Acceptance
Context
Follow-up to PR #495 — "Known limitations" section flagged the heuristic as needing real-world validation.