[mirror] feat: snapshot explore subagent tool entitlements

[yashwant86]

Mirror of upstream coder#24638 for benchmark. Do not merge.

---

Summary by MergeMonkey

• What's New:
  • Explore subagent chats now snapshot external MCP tool entitlements at spawn time, preventing runtime mutations from affecting the child's tool set.
  • Root Explore chats stay builtin-only at runtime; delegated Explore children inherit parent's MCP snapshot and can access web_search provider tool.
  • External MCP tools now pass through allowedExploreToolNames filter; workspace MCP tools remain excluded.
• Improvements:
  • SendMessage no longer mutates Explore subagent MCP server IDs after spawn; snapshot is immutable.
• Tidying Up:
  • Refactored subagent tool building to pass turn-state parent separately from parent chat for accurate snapshot resolution.
  • Added test helpers for MCP server config insertion and chat model config with custom options.

[bot-mergemonkey]

⚡ Risk Assessment — NEEDS-TESTING · ~45 min review

Focus areas: Explore MCP snapshot persistence and immutability · Root vs. delegated Explore tool filtering logic · SendMessage rejection of MCP updates for Explore chats · Test coverage for snapshot scenarios

Assessment: Explore subagent MCP snapshot entitlements require integration testing across spawn, runtime filtering, and immutability.

Walkthrough

When an Explore subagent is spawned, resolveExploreToolSnapshot captures the parent turn's effective MCP entitlements (filtered by plan mode and parent's own snapshot if Explore). This snapshot is persisted on the child chat's MCPServerIDs. At runtime, root Explore chats strip external MCP tools entirely; delegated Explore children use their persisted snapshot. SendMessage rejects MCP updates for Explore chats, keeping the snapshot immutable.

Changes

Files	Summary
Explore Subagent MCP Snapshot Entitlements coderd/x/chatd/chatd.go coderd/x/chatd/subagent.go coderd/x/chatd/subagent_catalog.go	Implements immutable MCP tool snapshot for Explore subagents. Spawn-time snapshot persists on child chat; SendMessage ignores MCP updates for Explore chats. Root Explore chats strip external MCP tools at runtime; delegated children inherit parent's snapshot. External MCP tools now allowed in allowedExploreToolNames; workspace tools remain excluded.
Provider Tool Filtering for Explore Chats coderd/x/chatd/chatd.go	Root Explore chats exclude all provider tools (web_search) at runtime. Delegated Explore children inherit web_search if model supports it; write-style provider tools blocked for all Explore chats.
Test Infrastructure and Coverage coderd/x/chatd/chatd_test.go coderd/x/chatd/chatd_internal_test.go coderd/x/chatd/subagent_internal_test.go	Added comprehensive tests for Explore MCP snapshot persistence, root Explore runtime filtering, and SendMessage immutability. Added test helpers for model config with call options and MCP server config insertion. Updated allowedExploreToolNames test to verify external MCP tool inclusion and workspace tool exclusion.
OpenAI Tool Serialization coderd/x/chatd/chattest/openai.go	Added optional Name field to OpenAITool struct for tools that serialize name at top level instead of nested in Function.

Sequence Diagram

sequenceDiagram
    participant User
    participant SpawnAgent as spawn_agent Tool
    participant ResolveSnapshot as resolveExploreToolSnapshot
    participant CreateChild as createChildSubagentChat
    participant RunChat as runChat
    participant AllowedTools as allowedExploreToolNames
    User->>SpawnAgent: Call with type=explore
    SpawnAgent->>ResolveSnapshot: Get parent turn's MCP snapshot
    ResolveSnapshot->>ResolveSnapshot: Filter by plan mode
    ResolveSnapshot->>ResolveSnapshot: If parent is Explore, narrow to parent.MCPServerIDs
    ResolveSnapshot-->>SpawnAgent: Return inheritedMCPServerIDs
    SpawnAgent->>CreateChild: Pass inheritedMCPServerIDs in options
    CreateChild->>CreateChild: Persist snapshot on child.MCPServerIDs
    CreateChild-->>User: Child chat created
    User->>RunChat: Process child chat turn
    RunChat->>RunChat: If root Explore, strip external MCP configs
    RunChat->>RunChat: If delegated Explore, use persisted snapshot
    RunChat->>AllowedTools: Build allowed tool names
    AllowedTools->>AllowedTools: Include external MCP tools (MCPToolIdentifier)
    AllowedTools->>AllowedTools: Exclude workspace MCP tools
    AllowedTools-->>RunChat: Return filtered tool names
    RunChat-->>User: Chat response with filtered tools

Loading

Dig Deeper With Commands

• /review <file-path> <function-optional>
• /chat <file-path> "<question>"
• /roast <file-path>

Runs only when explicitly triggered.