| commit | 4a055c57328b47ebf3b02530b2e9fb723108fde3 | [log] [tgz] |
|---|---|---|
| author | banksean <banksean@gmail.com> | Sat Jun 28 22:15:32 2025 +0000 |
| committer | banksean <banksean@gmail.com> | Sat Jun 28 22:17:30 2025 +0000 |
| tree | 3776a645f6d7a2471989496130ce02ed70e8cf78 | |
| parent | e59a2e151da777fba13a0978c00c16a1ee3b6122 [diff] |
sketch: fix MCP server connection error in -unsafe mode by setting SKETCH_PUB_KEY environment variable
Fix MCP server connection failure with 'no Public-Key' status 400 error when running sketch -unsafe with skaband integration, by properly setting the SKETCH_PUB_KEY environment variable for MCP authentication placeholder replacement.
Problems Solved:
MCP Authentication Failure:
- Running sketch -unsafe with skaband connection fails with 'MCP server connection failed: MCP server "sketchdev": failed to initialize MCP client: transport error: request failed with status 400: no Public-Key'
- setupAndRunAgent receives pubKey parameter from skaband login but doesn't set SKETCH_PUB_KEY environment variable
- MCP placeholder replacement in agent.go expects SKETCH_PUB_KEY environment variable to replace '_sketch_public_key_' placeholder
- Empty placeholder replacement results in missing Public-Key header in MCP requests
Authentication Flow Gap:
- Container mode sets SKETCH_PUB_KEY from environment in runInContainerMode
- Unsafe mode obtains pubKey from skabandclient.Login but doesn't propagate to environment
- setupAndRunAgent receives pubKey parameter but doesn't use it for environment variable setup
- MCP configuration uses '_sketch_public_key_' placeholder expecting environment variable replacement
Solution Implementation:
Environment Variable Setup:
- Added SKETCH_PUB_KEY environment variable setting in setupAndRunAgent when pubKey is provided
- Check for non-empty pubKey before setting environment variable to avoid overwriting existing values
- Environment variable set early in setupAndRunAgent before MCP server initialization
- Maintains consistent behavior between container and unsafe modes
Authentication Flow Completion:
- Container mode: SKETCH_PUB_KEY set from container environment → MCP placeholder replacement
- Unsafe mode: pubKey from skaband login → SKETCH_PUB_KEY environment variable → MCP placeholder replacement
- Both modes now have complete authentication flow for MCP server connections
- MCP requests include proper Public-Key header for skaband authentication
Implementation Details:
Code Changes:
- Added conditional os.Setenv('SKETCH_PUB_KEY', pubKey) in setupAndRunAgent
- Placement before working directory setup ensures early environment configuration
- Only sets environment variable when pubKey is non-empty string
- Preserves existing environment if pubKey is empty to avoid overwrites
Test Coverage:
- Added TestSetupAndRunAgent_SetsPubKeyEnvVar to verify environment variable setting
- Added TestSetupAndRunAgent_DoesNotSetEmptyPubKey to verify empty pubKey handling
- Tests verify environment variable setting and preservation behavior
- Comprehensive coverage of both positive and negative scenarios
Error Resolution:
- MCP server requests now include proper Public-Key header
- skaband /api/mcp endpoint receives authentication for session validation
- Eliminates 'no Public-Key' 400 status errors in unsafe mode
- Maintains existing container mode behavior without changes
Files Modified:
- sketch/cmd/sketch/main.go: Added SKETCH_PUB_KEY environment variable setting in setupAndRunAgent
- sketch/cmd/sketch/main_test.go: Added test coverage for pubKey environment variable behavior
The fix ensures consistent MCP server authentication across both container and unsafe execution modes by properly propagating the public key from skaband login to the MCP placeholder replacement system.
Co-Authored-By: sketch <hello@sketch.dev>
Change-ID: s2564fc63bdd663a0k
- .github/
- .vscode/
- bin/
- browser/
- claudetool/
- cmd/
- dockerimg/
- experiment/
- git_tools/
- httprr/
- llm/
- loop/
- mcp/
- skabandclient/
- skribe/
- termui/
- test/
- test_recipes/
- webui/
- .clabot
- .dockerignore
- .gitignore
- CONTRIBUTING.md
- dear_llm.md
- go.mod
- go.sum
- LICENSE
- README.md
- test_file.js
Sketch
Sketch is an agentic coding tool. It draws the 🦉
🚀 Overview
Sketch runs in your terminal, has a web UI, understands your code, and helps you get work done. To keep your environment pristine, sketch starts a docker container and outputs its work onto a branch in your host git repository.
Sketch helps with most programming environments, but Sketch has extra goodies for Go.
📋 Quick Start
go install sketch.dev/cmd/sketch@latest sketch
🔧 Requirements
Currently, Sketch runs on MacOS and Linux. It uses Docker for containers.
| Platform | Installation |
|---|---|
| MacOS | brew install colima (or Docker Desktop/Orbstack) |
| Linux | apt install docker.io (or equivalent for your distro) |
| WSL2 | Install Docker Desktop for Windows (docker entirely inside WSL2 is tricky) |
The sketch.dev service is used to provide access to an LLM service and give you a way to access the web UI from anywhere.
🤝 Community & Feedback
- Discord: Join our community at https://discord.gg/6w9qNRUDzS
- GitHub Issues: Submit feedback at https://github.com/boldsoftware/sketch/issues
📖 User Guide
Getting Started
Start Sketch by running sketch in a Git repository. It will open your browser to the Sketch chat interface, but you can also use the CLI interface. Use -open=false if you want to use just the CLI interface.
Ask Sketch about your codebase or ask it to implement a feature. It may take a little while for Sketch to do its work, so hit the bell (🔔) icon to enable browser notifications. We won't spam you or anything; it will notify you when the Sketch agent's turn is done, and there's something to look at.
How Sketch Works
When you start Sketch, it:
- Creates a Dockerfile
- Builds it
- Copies your repository into it
- Starts a Docker container with the "inside" Sketch running
This design lets you run multiple sketches in parallel since they each have their own sandbox. It also lets Sketch work without worry: it can trash its own container, but it can't trash your machine.
Sketch's agentic loop uses tool calls (mostly shell commands, but also a handful of other important tools) to allow the LLM to interact with your codebase.
Getting Your Git Changes Out
Sketch is trained to make Git commits. When those happen, they are automatically pushed to the git repository where you started sketch with branch names sketch/*.
Finding Sketch branches:
git branch -a --sort=creatordate | grep sketch/ | tail
The UI keeps track of the latest branch it pushed and displays it prominently. You can use standard Git workflows to pull those branches into your workspace:
git cherry-pick $(git merge-base origin/main sketch/foo)
or merge the branch
git merge sketch/foo
or reset to the branch
git reset --hard sketch/foo
Ie use the same workflows you would if you were pulling in a friend's Pull Request.
Advanced: You can ask Sketch to git fetch sketch-host and rebase onto another commit. This will also fetch where you started Sketch, and we do a bit of "git fetch refspec configuration" to make origin/main work as a git reference.
Don't be afraid of asking Sketch to help you rebase, merge/squash commits, rewrite commit messages, and so forth; it's good at it!
Reviewing Diffs
The diff view shows you changes since Sketch started. Leaving comments on lines adds them to the chat box, and, when you hit Send (at the bottom of the page), Sketch goes to work addressing your comments.
Connecting to Sketch's Container
You can interact directly with the container in three ways:
- Web UI Terminal: Use the "Terminal" tab in the UI
- SSH: Look at the startup logs or click the information icon to see a command like
ssh sketch-ilik-eske-tcha-lott. We have automatically configured your SSH configuration to make these special hostnames work. - Visual Studio Code: Look for a command line or magic link behind the information icon, or when Sketch starts up. This starts a new VSCode session "remoted into" the container. You can edit the code, use the terminal, review diffs, and so forth.
Using SSH (and/or VSCode) allows you to forward ports from the container to your machine. For example, if you want to start your development webserver, you can do something like this:
# Forward container port 8888 to local port 8000 ssh -L8000:localhost:8888 sketch-ilik-epor-tfor-ward go run ./cmd/server
This makes http://localhost:8000/ on your machine point to localhost:8888 inside the container.
Using Browser Tools
You can ask Sketch to browse a web page and take screenshots. There are tools both for taking screenshots and "reading images", the latter of which sends the image to the LLM. This functionality is handy if you're working on a web page and want to see what the in-progress change looks like.
❓ FAQ
"No space left on device"
Docker images, containers, and so forth tend to pile up. Ask Docker to prune unused images and containers:
docker system prune -a
🛠️ Development
See CONTRIBUTING.md for development guidelines.
📄 Open Source
Sketch is open source. It is right here in this repository! Have a look around and mod away.
If you want to run Sketch entirely without the sketch.dev service, you can set the flag -skaband-addr="" and then provide an ANTHROPIC_API_KEY environment variable. (More LLM services coming soon!)