feat: service binding + switch layer — tasks first

[chitcommit]

Summary

Replace 8 direct HTTP calls to tasks.chitty.cc with serviceFetch() routing through SVC_TASKS service binding.

Before: tool dispatcher → requireServiceAuth("chittytask") → CHITTY_TASK_TOKEN → https://tasks.chitty.cc/api/v1/tasks → Bearer auth check
After: tool dispatcher → serviceFetch(env, "tasks", path) → env.SVC_TASKS.fetch() → direct Worker-to-Worker (no auth, no network)

New: service-switch.js

• serviceFetch(env, service, path, opts) — routes via binding or HTTP fallback
• getSwitch(env, service) — returns enable/disable/mode state
• KV-backed configuration with in-memory cache
• Kill switch support (disable services without redeploying)

Impact

• -148 lines of auth + HTTP boilerplate
• +39 lines of serviceFetch calls
• Eliminates CHITTY_TASK_TOKEN dependency
• First service migrated to binding pattern

Remaining (same pattern)

• ledger: 20 direct calls
• finance: 8 direct calls
• contextual: 2 direct calls
• id/mint: 2 direct calls

Generated with Claude Code

Summary by CodeRabbit

Release Notes

• Chores
  • Implemented service routing and configuration layer with dynamic enable/disable controls and proper error responses for unavailable services.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 424d5b94-475c-4def-8b70-196c6b735b15

📥 Commits

Reviewing files that changed from the base of the PR and between 51896ba and 786e785.

📒 Files selected for processing (3)

• src/lib/service-switch.js
• src/mcp/tool-dispatcher.js
• wrangler.jsonc

---

📝 Walkthrough

Walkthrough

A new service routing and kill-switch infrastructure layer is introduced via service-switch.js, which manages per-service configurations with KV-backed overrides and enforces routing decisions. Task tool handlers in tool-dispatcher.js are refactored to use the centralized serviceFetch() function instead of manual authentication and HTTP calls. Worker environment bindings are added to support the new routing layer.

Changes

Cohort / File(s)	Summary
Service Routing & Kill-Switch Infrastructure src/lib/service-switch.js	New module implementing service routing and kill-switch layer. Defines default per-service configurations, loads KV overrides with 60s TTL, exports getSwitch() to retrieve effective switch state, serviceFetch() to enforce switches and route via binding or HTTP with credential-based auth, and invalidateSwitchCache() to clear cache.
Tool Dispatcher Refactoring src/mcp/tool-dispatcher.js	Refactored all chitty_task_* tool handlers to use centralized serviceFetch() instead of manual fetch() and requireServiceAuth(). Removes duplicated JSON parsing logic and consolidates it post-routing. Preserves argument validation while delegating HTTP routing and authentication to service-switch layer.
Environment Configuration wrangler.jsonc	Added SVC_TASKS service binding to chittyagent-tasks service across dev, staging, and production environment blocks.

Sequence Diagram(s)

sequenceDiagram
    participant Handler as MCP Tool Handler
    participant Switch as Service Switch Layer
    participant Cache as In-Memory Cache
    participant KV as KV Store
    participant Cred as Credential Helper
    participant Route as Tasks Service<br/>(Binding or HTTP)

    Handler->>Switch: serviceFetch(env, "tasks", path, options)
    Switch->>Cache: Check cached switch config
    alt Cache Miss
        Cache-->>Switch: Miss
        Switch->>KV: Load service:switches
        KV-->>Switch: Config override (or error)
        Switch->>Cache: Store config + 60s TTL
    else Cache Hit
        Cache-->>Switch: Cached config
    end
    alt Switch Disabled
        Switch-->>Handler: 503 JSON error
    else Switch Enabled & Invalid Mode
        Switch-->>Handler: 500 JSON error
    else Valid Binding Mode
        Switch->>Route: Route via Cloudflare binding
        Route-->>Switch: Response
        Switch-->>Handler: Response
    else Valid HTTP Mode
        Switch->>Cred: Get service token
        Cred-->>Switch: Bearer token
        Switch->>Route: HTTP request + Authorization header
        Route-->>Switch: Response
        Switch-->>Handler: Response
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• fix: require service auth for Ledger/Contextual tools and harden error handling #39: Modifies requireServiceAuth() and token forwarding in task handlers; this PR replaces that manual pattern with the centralized serviceFetch() routing, creating a direct code-level interaction between the two changes.

Poem

🐰 A switch flips here, a route takes form,
KV caches keep us warm,
Tasks now leap through tunnels bright,
Bindings dance with tokens' light—
Service chaos tamed just right! ✨

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/service-bindings-tasks

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Migrates the MCP task tool dispatcher from direct tasks.chitty.cc HTTP calls to a Worker-to-Worker service binding (SVC_TASKS) via a new serviceFetch() switch layer, enabling kill-switch style routing without redeploys.

Changes:

• Add SVC_TASKS service binding to Wrangler envs.
• Refactor chitty_task_* tool handlers to call serviceFetch() and centralize response parsing.
• Introduce src/lib/service-switch.js to route via service binding / HTTP / disabled modes with KV-backed configuration + in-memory cache.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 9 comments.

File	Description
wrangler.jsonc	Adds SVC_TASKS service binding entries for dev/staging/production envs.
src/mcp/tool-dispatcher.js	Replaces tasks HTTP+auth boilerplate with serviceFetch() calls.
src/lib/service-switch.js	New routing + kill-switch layer with KV-backed switch config and caching.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

chitty_task_complete changes semantics: args.result ? { result: args.result } : {} will drop valid falsy results (e.g., empty string/0). Use an args.result !== undefined check to preserve the previous behavior.

Suggested change

	method: "POST", body: args.result ? { result: args.result } : {},
	method: "POST", body: args.result !== undefined ? { result: args.result } : {},

[Copilot]

The task tools were refactored to route through serviceFetch, but there are no tool-dispatcher tests covering these chitty_task_* paths (and they previously exercised real HTTP + auth logic). Add unit tests that stub env.SVC_TASKS.fetch (binding mode) and verify request paths/methods/bodies plus error handling (e.g., missing args).

[Copilot]

serviceFetch claims to “fall back to HTTP”, but if mode === "binding" and the binding is missing (or misnamed), the function currently returns a 500 “invalid switch mode: binding”. Either implement an actual fallback to HTTP when the binding isn’t present, or return a clearer 503 misconfiguration error (and adjust the docstring).

[Copilot]

In HTTP mode, token lookup uses getServiceToken(env, serviceName). For serviceName: "tasks" this maps to CHITTY_TASKS_TOKEN / services/tasks/service_token, but the repo’s secrets manifest documents CHITTY_TASK_TOKEN. Add an override/mapping (e.g., tasks→chittytask) or support tokenServiceName in the switch config so HTTP fallback won’t silently lose auth.

[Copilot]

New routing + kill-switch logic in service-switch.js isn’t covered by tests. Add unit tests for: disabled mode (503), binding mode (Request URL/path + headers/body), HTTP mode (Authorization header behavior), and cache invalidation.

[Copilot]

The SVC_TASKS service binding in the dev env is pinned to the downstream service’s production environment. If this isn’t intentional, dev traffic will hit production tasks data. Consider binding dev→dev (and staging→staging) or document why prod is required.

Suggested change

	"tail_consumers": [{ "service": "chittytrack" }]
	"services": [
	{ "binding": "SVC_TASKS", "service": "chittyagent-tasks", "environment": "production" }
	"tail_consumers": [{ "service": "chittytrack" }],
	"services": [
	{ "binding": "SVC_TASKS", "service": "chittyagent-tasks", "environment": "dev" }

[Copilot]

The SVC_TASKS service binding in the staging env is pinned to the downstream service’s production environment. If this isn’t intentional, staging traffic will hit production tasks data. Consider binding staging→staging or document why prod is required.

Suggested change

	"tail_consumers": [{ "service": "chittytrack" }]
	"services": [
	{ "binding": "SVC_TASKS", "service": "chittyagent-tasks", "environment": "production" }
	"tail_consumers": [{ "service": "chittytrack" }],
	"services": [
	{ "binding": "SVC_TASKS", "service": "chittyagent-tasks", "environment": "staging" }

[Copilot]

Comment says switches are read from SERVICE_SWITCHES KV, but the implementation reads service:switches from env.IDEMP_KV. Align the comment with the actual binding/key (or change the code to use a dedicated KV binding if that’s the intent).

[Copilot]

The in-memory switch cache is global to the module, not per env. In tests (and any multi-env runtime), this can leak switch state across different env objects and cause flaky behavior. Consider caching per-env (e.g., WeakMap<env, {value, ts}>) similar to credential-helper’s broker cache.