feat(engine): config mutation API — cog_read/write/rollback_config + HTTP#14
Merged
chazmaniandinkle merged 1 commit intocogos-dev:mainfrom Apr 21, 2026
Merged
Conversation
…HTTP Implements the v1 Config Mutation API per Agent O's design (closes Agent F gap #5). Exposes kernel.yaml read + RFC 7396 merge-patch write + backup rollback over both MCP (three tools + one resource) and HTTP (GET / PATCH / POST /v1/config[/rollback]). Key decisions per spec: - RFC 7396 merge-patch semantics: missing keys preserved, explicit null deletes. Handler decodes raw JSON (preserves null-vs-absent distinction). - Pre-write validation against the merged state (not the patch alone). Invalid patches return violations without touching disk. - Atomic write via temp-file + rename. Dedicated package-scope helper in config_write.go; hook_working_memory.go's helper lives in package main and is unreachable from internal/engine, so we duplicate rather than promote. - Rotating .bak-<timestamp> backups, keep the most recent 10. - Pre-write refusal when the existing file is unparseable — LoadConfig's silent-swallow behaviour is preserved on read (not load-bearing) but we refuse to clobber corrupt YAML without an explicit rollback first. - Global writeConfigMu serializes concurrent writes; last-writer-wins. - v1 is write-to-disk + requires_restart: true. Reload-safety hint lives in the response's changed_fields so callers can reason about v1.5. - Authentication: none — kernel assumes a trusted localhost caller. 20 new tests (14 unit + 6 wire) cover: full/sparse/null/v3 patches, reload-safe hint, dry-run, validation rejection for port + heartbeat, atomic write, 10-deep backup rotation, corrupt-file refusal, concurrent writes, read+defaults, MCP roundtrip (read/write/rollback/resource), HTTP GET/PATCH success + validation-failure shapes. Tests pass with -race. No hot-reload, no auth — both are out-of-scope per design.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Config mutation surface — closes Agent F's #5 critical MCP blindspot. Claude-as-primary-UI can now read, patch, and roll back `kernel.yaml` via MCP or HTTP. Design spec produced by Agent O earlier this session.
What landed
Design highlights
Test plan
Not in scope
Design reference
Agent O's design CogDoc: `~/cog-workspace/.cog/mem/semantic/surveys/2026-04-21-consolidation/agent-O-config-mutation-design.cog.md`