chore(deps): Bump spin to 0.12.0 and migrate to spin::LazyLock

Merge origin/main and resolve the runtime Cargo.toml to keep spin at 0.12
alongside the rquickjs 0.12 bump from main. spin 0.12 deprecates
`spin::Lazy` in favour of `spin::LazyLock`; clippy runs with
`-D warnings` so update the static RUNTIME in validator.rs accordingly to
unblock the Lint & Test CI job. Regenerate the guest Cargo.lock.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com>

Author: simongdavies

.github/workflows/check-kvm-arm64.yml

@@ -0,0 +1,120 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+
+# Manual probe: confirm the Tart/Ubuntu KVM runner actually exposes nested
+# virtualization inside the guest VM.
+#
+# This mirrors the macOS virtualization probe in spirit: it checks the runner
+# identity, asserts the expected ARM64/Linux environment, and fails if /dev/kvm
+# or kvm-ok are not available.
+
+name: Check KVM ARM64 Runner
+
+on:
+  workflow_dispatch:
+  # Path-scoped so it only runs on PRs that touch this probe, not every PR.
+  pull_request:
+    paths:
+      - .github/workflows/check-kvm-arm64.yml
+
+permissions:
+  contents: read
+
+jobs:
+  check-kvm:
+    name: Inspect KVM on Tart ARM64 Linux runner
+    runs-on: [self-hosted, arm64, kvm, linux, ubuntu-24.04]
+
+    steps:
+      - name: Report runner identity
+        id: identity
+        run: |
+          os_name="$(uname -s)"
+          os_release="$(uname -r)"
+          arch="$(uname -m)"
+          kernel="$(uname -srv)"
+          cpu_brand="$(lscpu 2>/dev/null | awk -F: '/^Model name/ {print $2}' | xargs || true)"
+
+          echo "::group::Runner identity"
+          echo "OS:            ${os_name} ${os_release}"
+          echo "Architecture:  ${arch}"
+          echo "Kernel:        ${kernel}"
+          echo "CPU brand:     ${cpu_brand}"
+          echo "::endgroup::"
+
+          {
+            echo "os_name=${os_name}"
+            echo "os_release=${os_release}"
+            echo "arch=${arch}"
+            echo "cpu_brand=${cpu_brand}"
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Assert ARM64 Linux guest
+        run: |
+          arch="$(uname -m)"
+          if [ "$arch" != "aarch64" ] && [ "$arch" != "arm64" ]; then
+            echo "::error::Expected arm64/aarch64 runner, got '$arch'"
+            exit 1
+          fi
+          echo "Confirmed ARM64 Linux runner."
+
+      - name: Verify /dev/kvm is present and usable
+        id: kvm_device
+        run: |
+          if [ ! -e /dev/kvm ]; then
+            echo "::error::/dev/kvm is missing on this runner"
+            exit 1
+          fi
+
+          ls -l /dev/kvm
+          stat -c 'mode=%a owner=%U group=%G' /dev/kvm
+
+          if [ ! -r /dev/kvm ] || [ ! -w /dev/kvm ]; then
+            echo "::error::/dev/kvm exists but is not readable/writable by this user"
+            exit 1
+          fi
+
+          echo "kvm_present=true" >> "$GITHUB_OUTPUT"
+
+      - name: Verify kvm-ok is available and reports KVM
+        id: kvm_ok
+        run: |
+          if ! command -v kvm-ok >/dev/null 2>&1; then
+            echo "::error::kvm-ok not found on PATH"
+            exit 1
+          fi
+
+          echo "Found kvm-ok: $(command -v kvm-ok)"
+          set +e
+          kvm-ok
+          rc=$?
+          set -e
+
+          case "$rc" in
+            0)
+              echo "kvm_ok=true" >> "$GITHUB_OUTPUT"
+              echo "kvm_ok_status=ok" >> "$GITHUB_OUTPUT"
+              echo "KVM acceleration is available on this runner."
+              ;;
+            *)
+              echo "kvm_ok=false" >> "$GITHUB_OUTPUT"
+              echo "kvm_ok_status=failed-${rc}" >> "$GITHUB_OUTPUT"
+              echo "::error::kvm-ok failed with exit code $rc"
+              exit 1
+              ;;
+          esac
+
+      - name: Summary
+        if: always()
+        run: |
+          {
+            echo "### Tart KVM runner check"
+            echo ""
+            echo "| Property | Value |"
+            echo "| --- | --- |"
+            echo "| Runner label set | self-hosted, arm64, kvm, linux, ubuntu-24.04 |"
+            echo "| OS | ${{ steps.identity.outputs.os_name }} ${{ steps.identity.outputs.os_release }} |"
+            echo "| Architecture | ${{ steps.identity.outputs.arch }} |"
+            echo "| CPU | ${{ steps.identity.outputs.cpu_brand || 'unknown' }} |"
+            echo "| /dev/kvm present | ${{ steps.kvm_device.outputs.kvm_present || 'false' }} |"
+            echo "| kvm-ok verdict | ${{ steps.kvm_ok.outputs.kvm_ok || 'not-run' }} (${{ steps.kvm_ok.outputs.kvm_ok_status || 'n/a' }}) |"
+          } >> "$GITHUB_STEP_SUMMARY"

builtin-modules/tsconfig.json

@@ -13,7 +13,6 @@
     "noEmitOnError": true,
     "skipLibCheck": true,
     "typeRoots": ["src/types"],
-    "baseUrl": ".",
     "paths": {
       "ha:doc-core": ["./src/doc-core.ts"],
       "ha:ooxml-core": ["./src/ooxml-core.ts"],

package-lock.json

@@ -53,7 +53,7 @@
     "pngjs": "^7.0.0",
     "prettier": "^3.8.1",
     "tsx": "^4.0.0",
-    "typescript": "^5.8.0",
+    "typescript": "^6.0.3",
     "vitest": "^4.0.18"
   },
   "overrides": {

package.json

@@ -13,6 +13,7 @@
     "noEmitOnError": true,
     "skipLibCheck": true,
     "esModuleInterop": true,
+    "types": ["node"],
     "paths": {
       "../../src/plugin-system/schema-types.js": ["../plugin-schema-types.ts"]
     }

plugins/tsconfig.json

@@ -64,6 +64,7 @@ import {
 import { COMPLETION_STRINGS, renderHelp, renderTopicHelp } from "./commands.js";
 import { buildSystemMessage } from "./system-message.js";
 import { Spinner } from "./spinner.js";
+import { moduleInfoParameters } from "./module-info-schema.js";
 import { makeAuditProgressCallback } from "./audit-progress.js";
 import { createAgentState, type AgentState } from "./state.js";
 import {
@@ -1012,6 +1013,8 @@ const mcpWriteSafetyGate: WriteSafetyGate = async (
     ? C.err("⚠️  MCP DESTRUCTIVE operation")
     : C.warn("⚠️  MCP write operation");
 
+  spinner.stop();
+
   console.log();
   console.log(`  ${label}: ${C.label(serverName)}.${C.label(toolName)}`);
   if (argSummary) {
@@ -5350,31 +5353,7 @@ const moduleInfoTool = defineTool("module_info", {
     "  - signatures: true for full parameter details on ALL functions (useful for API discovery)",
     "  - compact: true for condensed cheat sheet (just function names + required params)",
   ].join("\n"),
-  parameters: {
-    type: "object",
-    properties: {
-      name: {
-        type: "string",
-        description: "Module name (e.g. 'str-bytes', 'pptx')",
-      },
-      functionName: {
-        type: ["string", "array"],
-        description:
-          "Optional: get info for specific function(s). Accepts single name, comma-separated list, or array (e.g. 'chartSlide' or 'chartSlide,heroSlide,table' or ['chartSlide', 'heroSlide'])",
-      },
-      signatures: {
-        type: "boolean",
-        description:
-          "Optional: return full parameter types and descriptions for ALL functions (better for API discovery)",
-      },
-      compact: {
-        type: "boolean",
-        description:
-          "Optional: return condensed one-liner per export (just names + required params, no descriptions)",
-      },
-    },
-    required: ["name"],
-  },
+  parameters: moduleInfoParameters,
   handler: async ({
     name,
     functionName,

src/agent/index.ts

@@ -98,7 +98,7 @@ export function createMCPPluginAdapter(
           // Write-safety gate: check tools that are not known or inferred
           // read-only. The guest VM is paused during this check, so it is
           // safe to prompt the user.
-          if (gate && !isReadOnlyMCPTool(tool)) {
+          if (gate && !isReadOnlyMCPTool(tool, toolArgs)) {
             const allowed = await gate(
               conn.name,
               tool.name,

src/agent/mcp/plugin-adapter.ts

@@ -127,15 +127,54 @@ export function selectMCPTools(
   };
 }
 
-export function isReadOnlyMCPTool(tool: MCPToolSchema): boolean {
+export function isReadOnlyMCPTool(
+  tool: MCPToolSchema,
+  args?: Record<string, unknown>,
+): boolean {
   if (tool.annotations?.readOnlyHint === true) return true;
   if (tool.annotations?.destructiveHint === true) return false;
 
   const name = normaliseToolName(tool.name);
   if (WRITE_TOOL_PREFIXES.some((prefix) => name.startsWith(prefix))) {
     return false;
   }
-  return READ_ONLY_TOOL_PREFIXES.some((prefix) => name.startsWith(prefix));
+  if (READ_ONLY_TOOL_PREFIXES.some((prefix) => name.startsWith(prefix))) {
+    return true;
+  }
+
+  const operationHint = inferReadOnlyFromArgs(args);
+  if (operationHint !== null) return operationHint;
+
+  return false;
+}
+
+function inferReadOnlyFromArgs(
+  args: Record<string, unknown> | undefined,
+): boolean | null {
+  if (!args || typeof args !== "object") return null;
+
+  const candidates = [
+    args.operation,
+    args.action,
+    args.command,
+    args.method,
+    args.kind,
+    args.type,
+  ];
+
+  for (const candidate of candidates) {
+    if (typeof candidate !== "string") continue;
+
+    const value = normaliseToolName(candidate);
+    if (WRITE_TOOL_PREFIXES.some((prefix) => value.startsWith(prefix))) {
+      return false;
+    }
+    if (READ_ONLY_TOOL_PREFIXES.some((prefix) => value.startsWith(prefix))) {
+      return true;
+    }
+  }
+
+  return null;
 }
 
 export function getMCPToolSafety(tool: MCPToolSchema): MCPToolInfo["safety"] {

src/agent/mcp/tool-utils.ts

@@ -0,0 +1,43 @@
+// Parameter schema for the `module_info` tool.
+//
+// Extracted into its own module so the exact JSON Schema object that ships to
+// the Copilot/CAPI backend can be imported and validated by tests without
+// booting the agent (src/agent/index.ts runs main() on import).
+//
+// IMPORTANT: `functionName` accepts either a single string or an array of
+// strings. This MUST be expressed with `anyOf` rather than
+// `type: ["string", "array"]`. The CAPI schema validator rejects a union
+// `type` that includes "array" unless an `items` schema is also present,
+// producing: 400 Invalid schema ... array schema missing items.
+
+/**
+ * JSON Schema for the `module_info` tool parameters.
+ *
+ * Kept as a plain JSON Schema object (not Zod) to mirror exactly what is sent
+ * to the backend.
+ */
+export const moduleInfoParameters = {
+  type: "object",
+  properties: {
+    name: {
+      type: "string",
+      description: "Module name (e.g. 'str-bytes', 'pptx')",
+    },
+    functionName: {
+      anyOf: [{ type: "string" }, { type: "array", items: { type: "string" } }],
+      description:
+        "Optional: get info for specific function(s). Accepts single name, comma-separated list, or array (e.g. 'chartSlide' or 'chartSlide,heroSlide,table' or ['chartSlide', 'heroSlide'])",
+    },
+    signatures: {
+      type: "boolean",
+      description:
+        "Optional: return full parameter types and descriptions for ALL functions (better for API discovery)",
+    },
+    compact: {
+      type: "boolean",
+      description:
+        "Optional: return condensed one-liner per export (just names + required params, no descriptions)",
+    },
+  },
+  required: ["name"],
+} as const;