blob: dfaba8ce892c188698d5de7107dae65ba559847e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
# phone_opus
`phone_opus` is a deliberately narrow MCP server for consultative Claude Code
calls.
It exposes one blocking domain tool:
- `consult`: run the system `claude` install in print mode, wait for the answer,
and return the response plus execution metadata
- by default, phone_opus reuses the remembered Claude context for the consulted `cwd`
- pass `fresh_context: true` to opt out and start a fresh Claude context for that `cwd`
- a fixed consult prefix is prepended before the caller-supplied prompt
- downstream failures still surface any reusable context handle for that `cwd`, so a post-reset retry can stick to the same session
The server keeps the public MCP session in a durable host, isolates the actual
Claude invocation in a disposable worker, and ships standard health and
telemetry surfaces:
- `health_snapshot`
- `telemetry_snapshot`
## Runtime posture
Each `consult` call runs Claude Code with:
- the system `claude` binary
- `--model claude-opus-4-6`
- `--effort max`
- a baked-in consult prefix telling Claude it is acting in read-only advisory mode for another model and should return a prioritized actionable report
- no configured MCP servers (`--strict-mcp-config --mcp-config '{"mcpServers":{}}'`)
- a read-only built-in toolset:
- `Bash,Read,Grep,Glob,LS,WebFetch`
- `--dangerously-skip-permissions`
- an external `systemd-run --user` sandbox instead of Claude's internal permission gate
- the filesystem stays globally read-only under `ProtectSystem=strict`
- `phone_opus` gives Claude a separate persistent home and XDG state under its own state root
- `/tmp` and `/var/tmp` stay writable
- when the consulted `cwd` sits inside a writable tree such as `/tmp/...`, that consulted tree is remounted read-only so Claude cannot accidentally edit the target repo
- successful consult outputs are mirrored to `/tmp/phone_opus-consults` as timestamped JSON files with a prompt-derived slug and light auto-pruning
- internet access remains available
## Development
Run the fast gate with:
```bash
python check.py
```
Run the server locally with:
```bash
cargo run -- mcp serve
```
|