Skip to content

feat: add stakpak serve HTTP/SSE server command#518

Merged
kajogo777 merged 7 commits into
mainfrom
feature/serve-command
Feb 14, 2026
Merged

feat: add stakpak serve HTTP/SSE server command#518
kajogo777 merged 7 commits into
mainfrom
feature/serve-command

Conversation

@ahmedhesham6

Copy link
Copy Markdown
Collaborator

Description

Adds the stakpak serve subcommand that boots an HTTP/SSE server runtime, enabling programmatic access to the Stakpak agent via a REST API.

Changes Made

CLI surface (cli/src/commands/mod.rs)

  • Add Commands::Serve variant with flags: --bind, --auth-token, --show-token, --no-auth, --model, --auto-approve-all
  • Extract build_agent_client() from get_client() for reuse in the serve runtime
  • Wire MCP server/proxy/client initialization with stakai-native tool conversion
  • Implement bearer token auth with auto-generation and --no-auth for local dev
  • Add model resolution: catalog lookup → custom provider/id → fallback, with warnings on miss
  • Cooperative MCP tool refresh loop (30s interval) with watch-channel shutdown
  • Graceful shutdown: cancel running sessions, 5s drain deadline, MCP server/proxy cleanup
  • Exempt Serve from requires_auth() (manages its own auth)

New workspace crates

  • libs/agent-core (stakpak-agent-core) — Runtime primitives: agent run loop, approval FSM, stream assembler, context pipeline, checkpoint envelope, retry logic, tool executor and hook traits
  • libs/server (stakpak-server) — HTTP server: Axum router with public/protected route split, session manager state machine, session actor with multi-turn orchestration, SSE event log with replay, idempotency store, checkpoint persistence, OpenAPI generation (utoipa)

Workspace config (Cargo.toml, cli/Cargo.toml)

  • Register stakpak-agent-core and stakpak-server as workspace members and dependencies
  • Add axum dependency to CLI crate

Testing

  • All tests pass (cargo test --workspace — 173 CLI + 41 server + agent-core tests)
  • cargo fmt --check clean
  • cargo clippy --all-targets zero warnings
  • Tested on macOS

Breaking Changes

None — additive only. Existing commands are unchanged.

- Add Serve variant to Commands enum with bind, auth, model, and
  auto-approve flags
- Extract build_agent_client() from get_client() for reuse in serve
  runtime
- Wire MCP server/proxy/client initialization with stakai-native tools
- Implement bearer token auth with auto-generation and --no-auth for
  local dev
- Add model resolution with catalog lookup, custom provider/id, and
  fallback warnings
- Add cooperative MCP tool refresh loop (30s) with watch-channel
  shutdown
- Implement graceful shutdown: cancel running sessions, 5s drain
  deadline, MCP cleanup
- Register workspace crates stakpak-agent-core and stakpak-server
@ahmedhesham6 ahmedhesham6 self-assigned this Feb 10, 2026
Comment thread libs/agent-core/src/context.rs Outdated
Comment thread cli/src/commands/mod.rs
Comment thread libs/agent-core/src/compaction.rs
Comment thread libs/server/src/message_bridge.rs
Comment thread libs/server/src/session_manager.rs
Comment thread libs/server/src/state.rs
ahmedhesham6 and others added 4 commits February 12, 2026 22:24
…ToolApprovalPolicy

- Add ToolApprovalPolicy::with_defaults() as single source of truth for
  read-only vs mutating tool classification (9 auto-approve, 9 ask)
- Add with_overrides() builder for layering profile config on top
- Add strip_tool_prefix() in action_for() to fix MCP prefix mismatch
  (stakpak__view now correctly resolves to the 'view' policy)
- Rename AutoApprovePolicy -> ToolApprovalPolicy (no alias)
- Rename auto_approve field -> tool_approval on AgentConfig
- Rename auto_approve_policy -> tool_approval_policy on AppState
- Serve command now uses with_defaults() instead of falling back to
  None (which required approval for every tool including read-only)
- Add 9 unit tests for defaults, overrides, prefix stripping, edge cases
@kajogo777 kajogo777 merged commit 2ee6e40 into main Feb 14, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants