feat: expose bundle instructions to LLM + add nb__read_resource tool (#3)#25
Open
mgoldsborough wants to merge 1 commit intomainfrom
Open
feat: expose bundle instructions to LLM + add nb__read_resource tool (#3)#25mgoldsborough wants to merge 1 commit intomainfrom
mgoldsborough wants to merge 1 commit intomainfrom
Conversation
) When a bundle's FastMCP server sets `instructions` pointing at a `skill://` resource (the idiomatic way to publish per-bundle usage guidance), the agent never saw either piece: - McpSource connected to the server but discarded the `initialize.instructions` field. - No system tool let the LLM read an MCP resource on demand; readResource() existed only for internal use. Result: the agent guessed parameter names, guessed units, looped 17+ failed tool calls per conversation on the Solar5 demo, and had no path to discover the correct workflow that the bundle author had published. Fix (two parts, independent but ship together): 1. Surface bundle instructions - McpSource captures client.getInstructions() after connect, exposes via getInstructions(). - Runtime.buildAppsList looks up the matching source by name in the workspace registry and includes `instructions` in the PromptAppInfo. - compose.formatAppsSection renders `<app-instructions>…</app-instructions>` with containment-tag escaping: any `</app-instructions>` in the payload is HTML-encoded so a malicious bundle author cannot close the tag early and inject a forged system section. 2. nb__read_resource system tool - Iterates the workspace registry's sources, calls readResource() on each that implements ResourceReader, returns the first resolved payload as text. - Output capped at 12_000 chars (same budget as the focused-app skill injection path) with a truncation marker. - Sources that throw are reported in the aggregated "not found" error, never swallowed silently. - Non-ResourceReader sources are skipped. Workspace-scoped via getRegistry() (routes through the existing request-scoped registry accessor), so isolation invariants are preserved.
This was referenced Apr 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two gaps caused the agent to repeatedly fail on bundles that publish their usage guidance via MCP:
The Solar5 demo showed the concrete symptom: 17+ failed tool calls per conversation guessing parameter names and units, even though the bundle author had published the correct workflow at `skill://solar5estrella/usage`.
Changes
1. Surface bundle `instructions` in the apps list
2. Add `nb__read_resource` system tool
Test plan
README updated to list `nb__read_resource` in the system tools table.
Closes #3