everruns-runtime 0.10.0

Public in-process runtime for embedding Everruns harnesses
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172

//! End-to-end MCP wiring through the real in-process runtime
//! (specs/runtime-mcp.md D4): a session's scoped MCP server is discovered at
//! `tools/list`, its tool appears to the (scripted) LLM, and the resulting
//! `mcp_*` tool call is routed back out as `tools/call`.
//!
//! A fake `EgressService` returns canned MCP responses so the test is offline.
//! A public IP-literal URL passes the runtime's DNS-pinned SSRF validation
//! without resolving (and the fake egress never actually connects).

use async_trait::async_trait;
use everruns_core::llm_driver_registry::DriverRegistry;
use everruns_core::llmsim_driver::LlmSimConfig;
use everruns_core::{
    CapabilityRegistry, EgressRequest, EgressResponse, EgressResult, EgressService,
    EgressStreamResponse, LlmProviderType, ModelWithProvider, PlatformDefinition, ScopedMcpServer,
    ScopedMcpServers, ToolCall,
};
use everruns_runtime::{AgentBuilder, HarnessBuilder, InProcessRuntimeBuilder, SessionBuilder};
use serde_json::{Value, json};
use std::sync::{Arc, Mutex};

/// A public, non-blocked IP literal: passes SSRF validation without DNS and is
/// never actually connected to because egress is faked.
const FAKE_URL: &str = "http://8.8.8.8/mcp";

#[derive(Default)]
struct McpTraffic {
    tools_list_calls: usize,
    tools_call_names: Vec<String>,
}

/// Fake egress that answers MCP JSON-RPC requests from canned data and records
/// what it was asked to do.
struct FakeMcpEgress {
    traffic: Arc<Mutex<McpTraffic>>,
}

#[async_trait]
impl EgressService for FakeMcpEgress {
    async fn send(&self, request: EgressRequest) -> EgressResult<EgressResponse> {
        let body: Value = serde_json::from_slice(&request.body).unwrap_or(Value::Null);
        let method = body.get("method").and_then(Value::as_str).unwrap_or("");

        let result = match method {
            "tools/list" => {
                self.traffic.lock().unwrap().tools_list_calls += 1;
                json!({
                    "jsonrpc": "2.0",
                    "id": 1,
                    "result": { "tools": [{
                        "name": "echo",
                        "description": "Echo a message",
                        "inputSchema": { "type": "object", "properties": { "message": { "type": "string" } } }
                    }]}
                })
            }
            "tools/call" => {
                let name = body
                    .get("params")
                    .and_then(|p| p.get("name"))
                    .and_then(Value::as_str)
                    .unwrap_or("")
                    .to_string();
                self.traffic.lock().unwrap().tools_call_names.push(name);
                json!({
                    "jsonrpc": "2.0",
                    "id": 1,
                    "result": { "content": [{ "type": "text", "text": "mcp-says-hi" }], "isError": false }
                })
            }
            other => {
                json!({ "jsonrpc": "2.0", "id": 1, "error": { "code": -32601, "message": format!("unexpected method: {other}") } })
            }
        };

        Ok(EgressResponse {
            status: 200,
            headers: Default::default(),
            body: serde_json::to_vec(&result).unwrap(),
        })
    }

    async fn send_stream(&self, _request: EgressRequest) -> EgressResult<EgressStreamResponse> {
        unimplemented!("not used by MCP transport")
    }
}

fn scoped_servers() -> ScopedMcpServers {
    let mut servers = ScopedMcpServers::default();
    servers.insert(
        "docs".to_string(),
        ScopedMcpServer {
            url: FAKE_URL.to_string(),
            ..Default::default()
        },
    );
    servers
}

fn platform_with_egress(traffic: Arc<Mutex<McpTraffic>>) -> PlatformDefinition {
    PlatformDefinition::builder()
        .capability_registry(CapabilityRegistry::with_builtins())
        .driver_registry(DriverRegistry::new())
        .egress_service(Arc::new(FakeMcpEgress { traffic }))
        .build()
}

#[tokio::test]
async fn runtime_discovers_and_executes_scoped_mcp_tool() {
    let traffic = Arc::new(Mutex::new(McpTraffic::default()));
    let seed = 808u128;
    let harness_id = everruns_core::HarnessId::from_seed(seed);
    let agent_id = everruns_core::AgentId::from_seed(seed);
    let session_id = everruns_core::SessionId::from_seed(seed);

    let mcp_tool_call = ToolCall {
        id: "call_1".to_string(),
        name: "mcp_docs__echo".to_string(),
        arguments: json!({ "message": "hi" }),
    };

    let runtime = InProcessRuntimeBuilder::new()
        .platform_definition(platform_with_egress(traffic.clone()))
        .llm_sim(
            LlmSimConfig::fixed("Calling the docs MCP tool.")
                .with_tool_call_sequence(vec![vec![mcp_tool_call], vec![]]),
        )
        .default_model(ModelWithProvider {
            model: "llmsim-model".into(),
            provider_type: LlmProviderType::LlmSim,
            api_key: Some("fake-key".into()),
            base_url: None,
        })
        .harness(
            HarnessBuilder::new("mcp", "You are an MCP test assistant.")
                .id(harness_id)
                .build(),
        )
        .agent(
            AgentBuilder::new("mcp-agent", "Use the MCP tools provided.")
                .id(agent_id)
                .max_iterations(8)
                .build(),
        )
        .session(
            SessionBuilder::new(harness_id)
                .id(session_id)
                .agent(agent_id)
                .mcp_servers(scoped_servers())
                .build(),
        )
        .build()
        .await
        .expect("runtime builds");

    let result = runtime
        .run_text_turn(session_id, "Use the docs MCP echo tool.")
        .await
        .expect("turn runs");
    assert!(result.success, "turn should succeed");

    let traffic = traffic.lock().unwrap();
    assert!(
        traffic.tools_list_calls >= 1,
        "scoped MCP server should be discovered via tools/list"
    );
    assert_eq!(
        traffic.tools_call_names,
        vec!["echo".to_string()],
        "the mcp_docs__echo call should be routed out as a tools/call for 'echo'"
    );
}