Qurator: wire in Platform MCP Server tools

[nl0]

Summary

Wires the Quilt Platform MCP Server into Qurator. Catalog users get the same ~25 platform tools (packages, search, S3, Athena, tabulator, get_resource) that external MCP clients see, with full lifecycle handling and a persistent status surface tied to the chat input.

What changes for users

The catalog's prior in-app catalog_global_getObject is reshaped into catalog_preview (single s3_uri input), and the platform server's read surface (platform__object_read, platform__s3_object_info, platform__package_browse, etc.) is added alongside it. Two read paths, two purposes:

• catalog_preview — for content the model needs to interpret. Returns thumbnail-resized images (via the /thumbnail API gateway, ≤1024×768), native Bedrock Document blocks for ≤500 KiB PDFs / Office docs, and language-tagged text. Use when the goal is summarize / describe / extract.
• platform__object_read — for raw bytes, scripting, or any case where the model doesn't need to interpret content. Returns text decoded UTF-8 (capped at 16 KiB) or base64-encoded binary.

A <reading-objects> guidance message is added to the prompt context: call platform__s3_object_info first to inspect ContentLength / ContentType, then pick the right tool from the metadata.

Trade-offs vs. the prior in-app tool

• Two read paths to choose from. The model now picks; the tool descriptions and the guidance message steer it. Risk: it picks the wrong one (e.g. raw-bytes a PDF instead of preview-rendering it). Mitigation: explicit when-to-use language on both tools, and the metadata-first guidance.
• catalog_preview is catalog-only. External MCP clients (non-catalog) only see the platform server, so they get platform__object_read but not the rich preview path. Native-document support on the platform server is a separate follow-up.
• >500 KiB documents still can't go through Bedrock natively. Same as before this PR. Not a new regression.
• Image formats outside the thumbnail lambda's coverage (jpg|jpeg|png|gif|webp|bmp|tiff|tif|czi) won't preview-resize and will fall through to the platform path. Same as before this PR.

Other UX changes

• Destructive tool calls execute without an in-chat confirmation step. Unchanged in mechanism from before, but the platform server's surface includes more mutating tools than the prior in-app surface (S3 puts, package create, tabulator set/rename), so the blast radius is wider. A confirmation UX using MCP's destructiveHint / readOnlyHint annotations is a separate follow-up.
• Connector status appears in the chat input's helper-text region (severity-tinted, with inline reconnect / continue-without / acknowledge actions). No persistent banner. Detail in the UI section below.

Architecture

Model/
├── Connectors/
│   ├── Connectors.ts       Backend interface, ConnectorState machine,
│   │                       lifecycle (manageConnector), service builder,
│   │                       contextContribution, React bridges
│   ├── Mcp.ts              MCP wire client + bearerPassthru adapter
│   ├── Connectors.spec.ts  30 lifecycle / service-primitive tests
│   ├── Mcp.spec.ts         15 wire-level tests
│   └── index.ts            barrel
└── Tool.ts                 (unchanged shape; Bedrock toolSpec built here)

A connector pairs a configuration (id, title, hint) with a Backend — the protocol contract (initialize, listTools, callTool, ping). The lifecycle (Connecting → Ready → Disconnected → Failed, heartbeat, reconnect budget) is generic in Backend; the platform-specific bits live in one factory call: Mcp.bearerPassthru({ url, getToken }). Adding a different backend (an OAuth-flavored MCP, an in-process tool source) is a new factory; the lifecycle doesn't move.

Per-connector lifecycle

Connecting ──success──→ Ready
Connecting ──failure──→ Failed{acked:false}
Ready ──health-flip───→ Disconnected{retrying:true}
Disconnected ──recovery→ Ready
Disconnected ──exhaust→ Failed{acked:false}
Failed ──user retry───→ Connecting
Failed{!acked} ──ack──→ Failed{acked:true}

• Heartbeat: ping every 30 s with a 5 s timeout. Two consecutive transport failures (from heartbeat or tool calls — they share a Health ref) flip the state to Disconnected. The threshold-crossing watcher subscribes to the SubscriptionRef stream so cross-source crossings fire immediately.
• Reconnect: probe-driven. While Disconnected, the lifecycle pings at escalating cadence (5 s → 10 s → 20 s → 30 s cap); each successful ping triggers a bootstrap (cap: 3 attempts). The whole window is bounded by an outer 60 s timeout so the loop can't stay disconnected forever.
• Read-only-tool retry-once: tools annotated readOnlyHint: true retry once on transport error before counting toward the threshold. Destructive / unannotated tools fail immediately.
• No silent degradation: when the budget is exhausted, the conversation gates on Failed{!acked} until the user clicks reconnect or "continue without". Failed{acked:true} is sticky — the connector reads as unavailable in the prompt and the LLM stops trying its tools.
• Force-reconnect from healthy states: connector.retry from Ready or Disconnected degrades health to threshold so the lifecycle naturally falls into the reconnect probe loop. From Failed it drains the controls queue. From Connecting it's a no-op (bootstrap is already in flight).
• Sole writer: each lifecycle fiber owns one SubscriptionRef<ConnectorState>. Aggregate predicates (isBlocked, awaitUnblocked, contextContribution) merge across all per-connector refs. Lifecycle fibers are scope-bound and interrupted on Assistant unmount.

Conversation integration

Two new state-machine elements:

• State.AwaitingConnector { events, timestamp, waiter } — only the waiter fiber handle, no per-connector snapshot.
• Action.ConnectorReady.

A small advanceFromEvents helper centralizes the gating decision at both entry points (Idle.Ask and ToolUse.ToolResult last-call):

1. Reads connectors.isBlocked synchronously (handlers don't observe asynchronously).
2. If blocked, forks connectors.awaitUnblocked; that fires ConnectorReady and the handler re-runs.
3. Otherwise forks the LLM request as before.

llmRequest folds connectors.contextContribution into the prompt context at request time. No React-side bridge.

Tool dispatch

Each connector tool's executor goes through connectors.byId[id].callTool(name, input):

1. Reads the connector's state — fast-fails with a Tool.fail text block if not Ready.
2. Fires the wire call. On a transport error from a readOnlyHint tool, the call is retried once.
3. Updates the shared Health ref on transport-level outcome (success → reset, failure → bump). Non-transport errors (server-side application errors, schema decode failures) don't disturb health.

Wire client (Mcp.ts)

• @effect/platform HttpClient over FetchHttpClient.layer. Cancellation via fiber interrupt aborts the underlying fetch.
• Eff.Schema decode at every response boundary; failures map to McpProtocolError.
• Tagged errors via _tag discriminator: McpAuthError, McpTransportError, McpProtocolError, McpRpcError. The connector layer maps these onto an abstract BackendError (Transport/Auth/Protocol/Application); the wire-level tag is preserved on cause for telemetry but the lifecycle and UI never speak MCP vocabulary.
• Methods: initialize + notifications/initialized, tools/list, tools/call, resources/read, ping.
• tools/list.inputSchema is forwarded to Bedrock as-is. Server is authoritative on its own schema's draft and structure; we don't reshape.
• SSE handling for FastMCP stateless_http=True mode (text/event-stream responses with a single message event).
• Trace-context propagation explicitly disabled on each request (HttpClient.withTracerPropagation(false)). Effect's HttpClient auto-injects W3C traceparent + Zipkin b3 headers from the active span; the platform MCP server's CORS allow-list rejects unknown headers (preflight returns 400 "Disallowed CORS headers"), and we don't have a tracing collector on the receiving end either.
• A small dedup in Tool.make lifts description out of the JSON schema body so Bedrock doesn't ship it twice (once on toolSpec.description, once in inputSchema.json.description). The MCP path already keeps these separate.

UI

The user-facing surface is the chat input's helper-text region. When all connectors are Ready, the helper falls back to the default disclaimer. When any connector is non-Ready, the helper-text region carries:

• <title>: connecting… / reconnecting… (warning, no actions — already auto-progressing)
• <title>: couldn't connect • reconnect • continue without (error)
• <title>: unavailable • reconnect (warning, input re-enabled — acked is sticky)

Aggregate severity picks the worst category across connectors. Inline actions use the existing MessageAction style (clickable span, opacity transition on hover).

The chat panel is otherwise empty at the top — there's no persistent banner. The prior banner pushed history down and competed with the absolute-positioned hamburger menu; consolidating into the helper-text region makes the "input is disabled because…" relationship spatial.

The DevTools panel exposes a per-connector subsection: heading (Connector: <title>), hint (muted), state line + inline reconnect/acknowledge actions, error detail row, and a live contextContribution preview that hides when nothing is contributable.

Auth

Mcp.bearerPassthru({ getToken }) is the 1st-party adapter — caller resolves the bearer on every call (the adapter never manages refresh, expiry, or session state). Catalog wires getToken to re-read the redux session token via a memoized selector, so token rotation is handled without explicit plumbing. A future Mcp.oauth(...) factory (or any other backend) would be a sibling, not a fork of the lifecycle.

Test plan

• ESLint / Prettier — clean.
• LSP workspace diagnostics — zero errors / warnings across all touched files.
• Vitest under Node 20 — 68 Assistant tests pass:
  • Mcp.spec.ts (17) — wire-level make() integration, content mapping, parseSseToJson.
  • Connectors.spec.ts (36) — state predicates, lifecycle transitions, retry/ack from Failed, callTool gating, transport-error → threshold-crossing, TestClock-driven heartbeat / probe-driven reconnect, read-only retry-once, layer-level service primitives + multi-connector aggregation, stale-control drain on Failed entry, autoload of reference-grade resources.
  • Conversation.spec.ts (8) — Idle / AwaitingConnector / Abort / Discard transitions, ToolUse → blocked → AwaitingConnector path, AwaitingConnector waiter freshness across cycles.
  • navigation.spec.ts (7) — unchanged; snapshot still valid.
• Manual verification on the qur dev stack (local catalog at :3000, deployed platform MCP server) — Ready, Disconnected → reconnect → Ready, Failed{!acked} → reconnect / continue-without, Failed{acked} unavailable; input gating; helper-text severity; DevTools panel.
• End-to-end smoke through 9 design job stories on the qur dev stack — list/count, search packages, object search, package browse, read text, read image, athena (databases + tables), destructive write, catalog link.
• catalog_preview end-to-end (local catalog → dev stack PMS) — model follows the metadata-first guidance: platform__search_objects → platform__s3_object_info → catalog_preview for an image; catalog_preview returns a metadata text block + Image content block; the model renders a description of the rendered image. Error fallback path also exercised (graceful text-block error when the thumbnail fetch fails).
• End-to-end on nightly post-merge — search/browse/read (incl. image and a PDF), one read-only and one destructive platform op, catalog_preview on text + image + small PDF.

Depends on

• The Quilt Platform MCP Server's CORS + HTTP entry-point release — already deployed to the qur dev stack.
• A deployment-side change that routes registry-<stack>.domain.com/mcp/platform/* and sets CORS_ORIGINS on the MCP task — open, dev-stack-deployed; auto-deploys to nightly on merge.

Greptile Summary

This PR wires the Quilt Platform MCP Server into Qurator, adding ~25 platform tools (packages, search, S3, Athena, tabulator) to the catalog's chat UI. It introduces a complete connector abstraction layer (Connectors.ts, Mcp.ts) with lifecycle state machine, heartbeat, probe-driven reconnect, and an AwaitingConnector conversation state that gates LLM turns when connectors are unresolved. The catalog_global_getObject tool is reshaped into catalog_preview with a two-path read strategy guided by a new system message.

Confidence Score: 4/5

PR is safe to merge; no P0/P1 findings. All P2 issues are accounting subtleties and documentation gaps that don't break any current code path.

No critical or blocking bugs found. The four P2 comments cover: a nuanced health-accounting difference for read-only retries, a missing WEBP case in the thumbnail format switch that causes a graceful text fallback rather than a crash, a documentation gap on why HTTP 5xx errors are not retry-eligible, and a frozen-URL note for the dev override. All lifecycle, state-machine, auth, and wire-protocol paths look correct.

catalog/app/components/Assistant/Model/GlobalContext/preview.ts (WEBP format switch), catalog/app/components/Assistant/Model/Connectors/Connectors.ts (retry/health accounting), catalog/app/components/Assistant/Model/Assistant.tsx (fiber-leak on aborted render)

Important Files Changed

Filename	Overview
catalog/app/components/Assistant/Model/Connectors/Connectors.ts	New file: full connector lifecycle (Connecting → Ready → Disconnected → Failed), heartbeat, probe-driven reconnect, callTool gating, health ref, React bridges. Well-structured; one minor retry-health accounting subtlety.
catalog/app/components/Assistant/Model/Connectors/Mcp.ts	New file: MCP wire client over Effect HttpClient; SSE parsing, error taxonomy, bearerPassthru adapter. Solid schema validation at every response boundary; tracerPropagation disabled to avoid CORS rejection.
catalog/app/components/Assistant/Model/Conversation.ts	Adds AwaitingConnector state + ConnectorReady action; centralizes gating in advanceFromEvents; merges connector contextContribution into every LLM prompt at request time.
catalog/app/components/Assistant/Model/Assistant.tsx	Wires platform connector config, allocates ConnectorsService via useConst with documented fiber-leak risk on aborted renders, provides it to ConversationActor layer.
catalog/app/components/Assistant/UI/Chat/Chat.tsx	Adds AwaitingConnectorState renderer, connector helper-text with severity coloring, per-connector state subscriptions via Actor.useState in a map (eslint suppressed, documented as stable).
catalog/app/components/Assistant/UI/Chat/DevTools.tsx	Adds ConnectorsPanel with per-connector state display, manual retry/ack actions, and live contextContribution preview. Effect stream cleanup is correct.
catalog/app/components/Assistant/Model/GlobalContext/preview.ts	Renames getObject → useCatalogPreview; adds single s3_uri input schema; keeps two-path read logic (image thumbnail vs. native Document block). Missing WEBP case in thumbnail format switch.
catalog/app/components/Assistant/UI/Chat/Input.tsx	Adds helperText/helperSeverity props; severity-tints FormHelperText via MUI JSS specificity trick. Clean change.
catalog/app/utils/Actor.ts	Implements the previously TODO'd actor listener interrupt on unmount; exports Actor interface. Correct use of useEffect cleanup.
catalog/app/containers/Auth/selectors.js	Adds token selector reading the bearer string directly; consistent with existing exp selector pattern; PFSCookieManager refactored to use it.

Sequence Diagram

sequenceDiagram
    participant UI as Chat UI
    participant Conv as ConversationActor
    participant CS as ConnectorsService
    participant LC as Lifecycle Fiber
    participant MCP as Platform MCP Server

    UI->>Conv: Action.Ask
    Conv->>CS: isBlocked
    alt blocked
        CS-->>Conv: true
        Conv->>CS: fork awaitUnblocked
        Conv-->>UI: State.AwaitingConnector
        LC-->>CS: connector flips Ready
        CS->>Conv: Action.ConnectorReady
    end
    Conv->>CS: contextContribution
    CS-->>Conv: tools + connector overview messages
    Conv->>MCP: LLM request via Bedrock
    MCP-->>Conv: LLMResponse with toolUses
    loop tool calls
        Conv->>CS: byId[connId].callTool
        CS->>LC: gate on Ready state
        LC->>MCP: POST bearer token
        MCP-->>LC: McpToolResult
        LC-->>Conv: Tool.Result
    end
    Conv->>MCP: LLM request with tool results
    MCP-->>Conv: final text response
    Conv-->>UI: State.Idle

Loading

Comments Outside Diff (1)

1. catalog/app/components/Assistant/UI/Chat/Chat.tsx, line 519-533 (link)

   Conditional Actor.useState calls violate the Rules of Hooks

   The comment acknowledges this but marks it safe because "connectors.byId is built once … and never re-keyed." That guarantee holds today, but the comment is the only guard. The ESLint rule is suppressed rather than satisfied. If connectors (the ConnectorsService) ever comes from a re-run of useConnectors (e.g., after a future hot-reload, StrictMode double-invoke, or a different connector list), the hook call-count will differ between renders and React will throw. Object.values(connectors.byId).map(c => Actor.useState(c.state)) is the concrete violation line.

   A safe alternative is to lift the per-connector subscription into its own small component (<ConnectorRow connector={c} />) so each hook call is unconditionally inside its own render, or to aggregate state via the existing useIsBlocked + a single merged stream hook, avoiding the per-connector useState calls at the Chat level entirely.

_{Reviews (6): Last reviewed commit: "Connectors.spec: restore precondition as..." | Re-trigger Greptile}

[codecov]

Codecov Report

❌ Patch coverage is 67.06282% with 194 lines in your changes missing coverage. Please review.
✅ Project coverage is 46.37%. Comparing base (cea497e) to head (34c862a).
⚠️ Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
...alog/app/components/Assistant/UI/Chat/DevTools.tsx	2.00%	45 Missing and 4 partials ⚠️
...g/app/components/Assistant/Model/Connectors/Mcp.ts	74.83%	37 Missing and 2 partials ⚠️
catalog/app/components/Assistant/UI/Chat/Chat.tsx	5.12%	31 Missing and 6 partials ⚠️
...talog/app/components/Assistant/Model/Assistant.tsx	11.53%	20 Missing and 3 partials ⚠️
...omponents/Assistant/Model/Connectors/Connectors.ts	92.57%	17 Missing and 2 partials ⚠️
...omponents/Assistant/Model/GlobalContext/preview.ts	13.33%	10 Missing and 3 partials ⚠️
...log/app/components/Assistant/Model/Conversation.ts	88.23%	4 Missing ⚠️
catalog/app/components/Assistant/UI/Chat/Input.tsx	25.00%	2 Missing and 1 partial ⚠️
...app/components/Assistant/UI/Chat/MessageAction.tsx	25.00%	3 Missing ⚠️
catalog/app/utils/Actor.ts	0.00%	3 Missing ⚠️
... and 1 more

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4840      +/-   ##
==========================================
+ Coverage   45.69%   46.37%   +0.68%     
==========================================
  Files         829      832       +3     
  Lines       33532    34097     +565     
  Branches     5698     5824     +126     
==========================================
+ Hits        15323    15814     +491     
- Misses      16212    16277      +65     
- Partials     1997     2006       +9     

Flag	Coverage Δ
api-python	93.14% <ø> (ø)
catalog	21.26% <67.06%> (+1.70%)	⬆️
lambda	96.63% <ø> (ø)
py-shared	98.18% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[nl0]

@greptileai have a look pls

[nl0]

Thanks @fiskus, @drernie, @sir-sigurd for the reviews. Here's the disposition.

Landing in this PR

• drernie's Qurator MCP: tighten retry and bootstrap failure handling #4864 — pulling in the retry/bootstrap fix (split transient from retryable; bound initial Connecting bootstrap; retry() from Connecting is a true no-op). Will square the lifecycle-synthesized retryable flag so it matches adaptError's explicit false.
• drernie's Docs: CHANGELOG + Qurator.md entries for #4840 #4865 — pulling in the CHANGELOG + Qurator.md docs, with the missing "acknowledge" control mentioned in the Connector Status section.
• fiskus inline (Input.tsx helper severity) — applying as a class-lookup, restructured so warning/error stack on top of the base hint class (specificity via &$hint).
• fiskus minor (Mcp.ts:421) — defensive ?.toLowerCase() on the content-type lookup.
• sir-sigurd Tier-1 Add the .pylintrc file #2 — useActorLayer listener fiber leak on unmount (mirror the cleanup pattern from Actor.useState).
• sir-sigurd Tier-1 Improve sessions #5 — JSON-RPC response id echo-validation in Mcp.ts rpc().

Explicitly skipping

• sir-sigurd Tier-1 Print out the server's error messages #8 (kill-switch / feature flag for the platform connector) — the platform connector is the integration layer between Qurator and the stack. Operating without a kill-switch is the intended posture; falling back to "Qurator drives the catalog only" isn't useful.

Deferred — tracked in qhq-5d0.16

Everything else from the three reviews is captured in the post-merge follow-up epic, with reviewer attribution and pointers to existing siblings (qhq-ekc perf, qhq-mfo destructive UX, qhq-5d0.5 scope leak, qhq-5d0.8 merge dup, qhq-5d0.10 PM truncation, qhq-5d0.1 PMS preview parity).

High-level groups deferred:

• Tier-1: READ_GUIDANCE conditional on connector readiness (SparkPackageStore #4), __ namespace guard (Add install unittests #6), tools/list pagination (Move session creation out of command functions. #7).
• Tier-2: Sentry breadcrumbs (Allow access to public packages without login #9), state-transition logs (limit to python < 3.6 #10), document.hidden heartbeat gate (Revert ineffective commit #11 → qhq-ekc), per-render memoization (quilt logout; pylint #12 → qhq-ekc), hooks-in-loop component split (Add commands for tags, versions, and logs. #13), a11y on action spans (Implement installs by hash, version, and tag. #14), 401/403 → McpAuthError (Fix the build test #16), Bedrock JSON-Schema sanity check (Fix a bug in store.py that skips a level navigating the contents tree #17), image/resource size cap (Readme #18).
• Tier-3: Backend interface vs transport split (Updating developer instructions and .gitignore for test coverage #19), Connectors.ts 944-line module split (Fix a bunch of lint problems #20), per-backend lifecycle constants (Make the login prompt more helpful #21), Disconnected note in overview (Update version for PyPI and README #22), bootstrap idempotency contract (Print messages before reading the file and saving the dataframe. #23), test gaps (Display pretty progress bars when building a package. #24), tool-ID hardcoding in guidance (Generate buildfile #25), resetHealth early-bail comment.

Greptile threads (the 04-21 P2 inline pair) are obsolete — both targeted PlatformMcpContext/client.ts which was deleted in the Connectors refactor (the rewrite uses @effect/platform/HttpClient + Eff.Schema envelope decoding).

[drernie]

LGTM

[nl0]

Status update — pushed 95f2148c..a8c6673f (10 commits ahead, all CI should re-run).

Landed

	Commit	Source
✅	ead37665 Merge #4864	drernie's retry/bootstrap fix
✅	296c6734 Merge #4865	drernie's CHANGELOG + Qurator.md docs
✅	208ace11 useActorLayer interrupts listener fiber on unmount	sir-sigurd Tier-1 #2
✅	db43b2e0 Mcp: content-type lowercase + JSON-RPC id echo + 401/403→Auth	fiskus minor + sir-sigurd Tier-1 #5 + Tier-2 #16
✅	6e231266 Connectors: race heartbeat + probe sleeps against page-activity wake	sir-sigurd Tier-2 #11 (pulled forward from qhq-ekc)
✅	a8c6673f Chat/Input: helper severity classes via lookup	fiskus inline

The wake-stream change is broader than originally planned for this session — it addresses the laptop-closed / tab-hidden case where browser timers freeze and the heartbeat sleep can fire arbitrarily late on resume, leaving Qurator gated for up to ~95s before reflecting reality. Now wakes immediately on visibilitychange→visible / online.

Tests

npm run test:only -- app/components/Assistant/ → 74 / 74 green (was 65 pre-session). Added: HTTP id-mismatch (Mcp.spec.ts), 401→Auth mapping (Mcp.spec.ts), wake-cancels-heartbeat (Connectors.spec.ts). Plus the 4 from #4864.

Still deferred → tracked in qhq-5d0.16

Updated the follow-up bead with done-marks on the items landed today. Notable remaining: Tier-1 #4 (READ_GUIDANCE conditional), Tier-2 #9-10 (Sentry/transition logs), #13-14 (a11y / hooks-in-loop), #17-18 (Bedrock schema sanity, image size cap), Tier-3 module restructure / test gaps. None are merge-blockers.

Greptile's two 04-21 inline P2s remain obsolete — they targeted the now-deleted PlatformMcpContext/client.ts.

[nl0]

Cleanup pass — pushed a8c6673f..5a97edc2 (2 commits).

d1a795a9 — strip internal design-doc anchors and bead refs from comments. They were author navigation hints into a private design doc; not useful for catalog contributors. Trimmed a few "narrate the code" comments in the same pass. -41 lines net, no behavior change.

5a97edc2 — multi-agent simplify pass:

• Mcp.ts adaptError: stop special-casing HTTP 401/403 in the connector adapter. The wire layer now raises McpAuthError directly on 401/403, so adaptError collapses back to a clean tag-table mapping. McpAuthError gains an optional detail field; existing "no session token" message preserved as the default.
• Extract pingOrTimeout helper — heartbeat and reconnect-probe shared the same ping → timeoutFail → either block.
• Add bumpHealth helper that caps consecutiveFailures at HEALTH_THRESHOLD + 1 and skips emission when nothing changed. Prevents a sustained outage from spamming subscribers every tick.
• Expose stateIsUnready(s) = s._tag !== 'Ready' predicate; replaces two raw _tag literals in Chat.tsx.
• Comment trims (~22 lines) across Connectors.ts, Mcp.ts, Tool.ts, Input.tsx, DevTools.tsx, Actor.ts.

Tests: 74/74 Assistant green throughout.

Skipped (per agent triage): wake-stream → Context.Tag (over-engineering for one ambient stream), contextContribution memoization + useIsBlocked dedupe + DevTools debounce (all qhq-ekc perf-hardening territory), connector-id constant extraction (cross-file, deferred), FetchHttpClient.layer lift-out (cost is negligible — layer is a static Layer.succeed).

[nl0]

@greptileai one more time pls

[nl0]

@greptileai reassess