You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Implication: CLI and MCP are not interchangeable. The CLI hits more endpoints successfully because it runs as a user PAT with implicit scope; the MCP session is agent-bound and many session-level writes are blocked regardless of space_id.
profile add writes token_file / workdir_path as TOML basic strings with raw \ — unparseable by tomllib on Windows. profile list / verify / env / use all crash with TOMLDecodeError immediately after add.
4 of 6 profile subcommands broken on Windows
2
MCP
Silent no-op writes:tasks.update status=… and agents.update bio=… return success (notice:"Task updated.", updated_at bumps) but the field never changes. CLI status update works fine — MCP handler drops the field.
Automation cannot trust MCP writes without re-read
3
CLI
Silent-drop flag family — success reported, value never reaches server/predicate: agents update --bio, --specialization; tasks create --assign-to; watch --poll --contains.
Four flags look functional but aren't
4
CLI
cp1252 crash family on Windows: rich dies on emoji / unicode arrow in JSON, table, and help output. Hits messages list --json, agents list --json, messages list table, upload file --help.
Any rich output with non-cp1252 chars crashes; data still writes to stdout but CLI exits non-zero
5
CLI
messages send --act-as raises AttributeError: 'NoneType' object has no attribute 'get' at messages.py:130. Fix: me.get("credential_scope") or {}.
Unhandled crash instead of a clean "needs agent-scoped token" message
Tier 2 — Server-Side / Inconsistent Validation
#
Surface
Issue
6
CLI
agents status → /api/v1/agents/presence returns HTML (SPA fallthrough); same for agents tools → /api/v1/organizations/{space_id}/roster
7
CLI
agents avatar --set → 405 Method Not Allowed
8
CLI
tasks update --status <garbage> accepted as-is — no enum validation. Conversely, --priority <garbage> returns 500 (should be 400)
9
CLI
tasks update --status done sets status but leaves completed_at: null — downstream filters on completed_at IS NOT NULL miss every CLI-completed task
10
CLI
messages delete <id> → 500 Server error on every tested message
11
CLI
watch --mention (SSE) → 401, while listen connects with the same token — SSE auth divergence
12
CLI
events stream hangs indefinitely with no output / timeout (likely same SSE 401 swallowed)
13
CLI
messages send --file → 415 for files with unguessable MIME types (.env.example, etc.)
14
CLI
context download → UnsupportedProtocol because upload-file stores a relative URL and download hands it to httpx unchanged
Tier 3 — Schema / Shape Drift
#
Surface
Issue
15
MCP
messages tool JSON schema declares space_id, but server rejects it as unknown keyword (send, draft, react)
16
MCP
agents.update advertises a changes:{…} dict but requires flat fields; changes is silently ignored
17
MCP
agents.toggle is not a real toggle — requires explicit state argument
18
MCP
tasks.update status="Done" returns 422 (display label ≠ API enum completed) — but "completed" then silently no-ops (see Tier 1 #2)
19
CLI
tasks get --json wraps in {"task": {...}}; tasks create --json returns flat — inconsistent across siblings
20
CLI
tasks get default output is Python dict repr — not a table, not JSON
Tier 4 — Session / Scope Behavior (MCP)
Session-level writes gated on an "active workspace context" the agent-bound OAuth credential never acquires. All return *_blocked notices:
Tool
Blocked Action
whoami
update, remember, follow / unfollow
context
set, delete
Passing space_id on the call does not lift permissions.mode from unscoped_read_only. A separate workspace-activation step is missing from the MCP flow.
Profile path in doc (~/.ax/config.toml) doesn't match actual (~/.ax/profiles/<name>/profile.toml).
Workflow-verb priority defaults in reference (assign=Medium / boss=Critical / etc.) don't match CLI help (all high). Source confirms ship/manage/boss are literal aliases of assign — no per-verb behavior difference.
MCP context set / fetch-url silently trigger auto-summarization via us.amazon.nova-micro-v1:0 — adds ~1.5s latency + per-call LLM cost; not mentioned anywhere.
Environmental
Every CLI command warns .ax/config.toml has permissions 0o666 — should be 0600. chmod isn't native on Windows; CLI should use icacls or skip the check when os.name == 'nt'. Token cache is deleted on each run, forcing extra JWT exchanges.
MCP context.list payloads routinely exceed tool-result token ceiling — clients must probe structure via get on a specific key.
Cross-Cutting Patterns
Silent writes are the biggest trust problem on both surfaces. The CLI has 4 silent-drop flags; MCP has 2 silent no-op writes. Neither returns a 4xx or a diagnostic notice. Automation must re-read after every write.
Windows CP1252 kills several rich-rendered CLI paths. A single fix (force PYTHONIOENCODING=utf-8 at entrypoint or wrap sys.stdout in a UTF-8 writer) would eliminate 3 of the 4 crash sites. The TOML quoting issue (Agent ID header support + identity model docs #1) is separate.
SSE auth is inconsistent across watch, events stream, and listen — same token works for one and 401s on the other.
Reference doc is systematically behind the source. Audit needed across messages, context, spaces, profile, and workflow verbs.
Bio/specialization mystery: CLI reports null for all agents; MCP shows values on Edge-Radar-Scriptor only. Hypothesis: a separate profile layer was populated via another surface (web UI or prior MCP session with session write scope). Worth reconciling.
Recommended Priorities
Priority
Fix
P0
Profile TOML quoting on Windows (bug #1) — blocks the profile workflow entirely
aX Platform — MCP & CLI Analysis (2026-04-19)
Team-facing summary of hands-on testing across the
axCLI and theax-platformMCP server.Source logs (verbose):
AX-CLI/AX_CLI_TEST_RESULTS.md,AX-MCP/AX_MCP_TEST_RESULTS.md.Please note: all tests performed on a new private workspace named edge-radar
At a Glance
ax)ax-platform)Environment: Windows 11, CLI config at
.ax/config.toml, MCP auth bound to agentEdge-Radar-Scriptor, target spacef6e56126-c293-...(Edge Radar).Key Architectural Difference: CLI vs MCP
michaelschecht) —resolved_agentis informational onlyEdge-Radar-Scriptor)unscoped_read_onlyuntilspace_idis passed (and even then, session-level writes stay blocked)--json;rich-rendered{kind, version, state, data, actions, active_tab}whoami.remember/recall,create_draft → approve_draftflowsImplication: CLI and MCP are not interchangeable. The CLI hits more endpoints successfully because it runs as a user PAT with implicit scope; the MCP session is agent-bound and many session-level writes are blocked regardless of
space_id.What Works (Happy Paths)
CLI
auth whoami,auth token show,auth exchange(JWT, 900s TTL)messages list,send(incl.--to,--reply-to,--file *.md,--skip-ax),get,edit,search, top-levelsendaliasagents list,get,update --description,update --status,avatar --output(local SVG)tasks list,create,get,update --priority,update --status in_progresscontext set/get/list/delete,upload-file,fetch-urlspaces list,getprofile list(empty),add(write),removekeys list,credentials listlisten --dry-run(SSE connects cleanly)assign run, and aliasesship run/manage run/boss run(all identical under the hood)MCP
whoamiget,list,recall(memory surfaced read-only)agentslist(incl.view_scope=mine),set_control(preview +confirmed=truecommit)messagescheck(incl.awarenessblock, not in CLI),send,edit,draft,react(add-only)taskslist,get,create,update --description(text fields only)contextlist,get(returnsfile_content+file_upload.urlin one call)spaceslist,get,members,discover/list_public,invite_details(error shape clean)searchquery(relevance-scored, paginated)Bugs & Issues
Tier 1 — Critical / Blocking
profile addwritestoken_file/workdir_pathas TOML basic strings with raw\— unparseable bytomllibon Windows.profile list / verify / env / useall crash withTOMLDecodeErrorimmediately afteradd.profilesubcommands broken on Windowstasks.update status=…andagents.update bio=…return success (notice:"Task updated.",updated_atbumps) but the field never changes. CLI status update works fine — MCP handler drops the field.agents update --bio,--specialization;tasks create --assign-to;watch --poll --contains.richdies on emoji / unicode arrow in JSON, table, and help output. Hitsmessages list --json,agents list --json,messages listtable,upload file --help.richoutput with non-cp1252 chars crashes; data still writes to stdout but CLI exits non-zeromessages send --act-asraisesAttributeError: 'NoneType' object has no attribute 'get'atmessages.py:130. Fix:me.get("credential_scope") or {}.Tier 2 — Server-Side / Inconsistent Validation
agents status→/api/v1/agents/presencereturns HTML (SPA fallthrough); same foragents tools→/api/v1/organizations/{space_id}/rosteragents avatar --set→ 405 Method Not Allowedtasks update --status <garbage>accepted as-is — no enum validation. Conversely,--priority <garbage>returns 500 (should be 400)tasks update --status donesets status but leavescompleted_at: null— downstream filters oncompleted_at IS NOT NULLmiss every CLI-completed taskmessages delete <id>→ 500 Server error on every tested messagewatch --mention(SSE) → 401, whilelistenconnects with the same token — SSE auth divergenceevents streamhangs indefinitely with no output / timeout (likely same SSE 401 swallowed)messages send --file→ 415 for files with unguessable MIME types (.env.example, etc.)context download→UnsupportedProtocolbecauseupload-filestores a relative URL anddownloadhands it to httpx unchangedTier 3 — Schema / Shape Drift
messagestool JSON schema declaresspace_id, but server rejects it as unknown keyword (send,draft,react)agents.updateadvertises achanges:{…}dict but requires flat fields;changesis silently ignoredagents.toggleis not a real toggle — requires explicitstateargumenttasks.update status="Done"returns 422 (display label ≠ API enumcompleted) — but"completed"then silently no-ops (see Tier 1 #2)tasks get --jsonwraps in{"task": {...}};tasks create --jsonreturns flat — inconsistent across siblingstasks getdefault output is Pythondictrepr — not a table, not JSONTier 4 — Session / Scope Behavior (MCP)
Session-level writes gated on an "active workspace context" the agent-bound OAuth credential never acquires. All return
*_blockednotices:whoamiupdate,remember,follow/unfollowcontextset,deletePassing
space_idon the call does not liftpermissions.modefromunscoped_read_only. A separate workspace-activation step is missing from the MCP flow.Tier 5 — Doc / Reference Gaps
ax messageshas 6 subcommands; reference lists 2. Undocumented:get,edit,delete,search.ax contexthas 7 subcommands; reference lists 2 and names one wrong (uploadvs actualupload-file).ax spaceshas 4 subcommands; reference lists 1. Missing:create,get,members.ax profile removemissing from reference.~/.ax/config.toml) doesn't match actual (~/.ax/profiles/<name>/profile.toml).high). Source confirmsship/manage/bossare literal aliases ofassign— no per-verb behavior difference.context set/fetch-urlsilently trigger auto-summarization viaus.amazon.nova-micro-v1:0— adds ~1.5s latency + per-call LLM cost; not mentioned anywhere.Environmental
.ax/config.toml has permissions 0o666 — should be 0600.chmodisn't native on Windows; CLI should useicaclsor skip the check whenos.name == 'nt'. Token cache is deleted on each run, forcing extra JWT exchanges.context.listpayloads routinely exceed tool-result token ceiling — clients must probe structure viageton a specific key.Cross-Cutting Patterns
notice. Automation must re-read after every write.rich-rendered CLI paths. A single fix (forcePYTHONIOENCODING=utf-8at entrypoint or wrapsys.stdoutin a UTF-8 writer) would eliminate 3 of the 4 crash sites. The TOML quoting issue (Agent ID header support + identity model docs #1) is separate.watch,events stream, andlisten— same token works for one and 401s on the other.messages,context,spaces,profile, and workflow verbs.Edge-Radar-Scriptoronly. Hypothesis: a separate profile layer was populated via another surface (web UI or prior MCP session with session write scope). Worth reconciling.Recommended Priorities
tasks.update.status/agents.update.biohandlersmessages send --act-ascrash fix (trivial)/presence,/roster,/agents/<uuid>(avatar),/messages/<id>DELETE endpointswhoami/contextwrites aren't unconditionally blockedwatch/events stream/listentasks.statusenum + populatecompleted_aton doneLeft-over Test State (needs cleanup)
7bc603c7-…stuckopen(MCP cannot flip status) — close via CLI or web UI.🧪on messagee41eab48-…(MCP reactions are add-only).donebut not deletable (notasks deletesubcommand exists).Scope / Commands NOT Tested
Skipped per destructive-ops policy:
auth init,auth token set,keys create/revoke/rotate,credentials issue-*,spaces create,agents create/delete,profile use,listen --exec,ax channel(MCP stdio server). On the MCP side: allcreate_draft → approve_draftflows,spaces.create/join_*,agents.disable/enable/set_placement,messages.delete.These should be exercised in a throwaway environment before any broad rollout.