Skip to Content
Perstack 0.0.1 is released πŸŽ‰
Operating ExpertsSkill Management

Skill Management

The Perstack runtime manages three types of skills through specialized Skill Managers. Each type has different initialization behavior and security implications.

Skill Types

TypeManager ClassPurposeConnection
MCPMcpSkillManagerExternal tools via MCP protocolstdio or SSE
InteractiveInteractiveSkillManagerUser input toolsNone (definitions only)
DelegateDelegateSkillManagerExpert-to-Expert callsNone (definitions only)

Architecture

                    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
                    β”‚  BaseSkillManager   β”‚  (abstract)
                    β”‚  ─────────────────  β”‚
                    β”‚  - init()           β”‚
                    β”‚  - close()          β”‚
                    β”‚  - getToolDefs()    β”‚
                    β”‚  - callTool()       β”‚
                    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                              β”‚
          β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
          β–Ό                   β–Ό                   β–Ό
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ McpSkillManager β”‚  β”‚ Interactive     β”‚  β”‚ Delegate        β”‚
β”‚                 β”‚  β”‚ SkillManager    β”‚  β”‚ SkillManager    β”‚
β”‚ - MCP stdio/SSE β”‚  β”‚ - User input    β”‚  β”‚ - Expert calls  β”‚
β”‚ - Tool executionβ”‚  β”‚   definitions   β”‚  β”‚   definitions   β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Initialization Flow

When an Expert starts, the runtime initializes skills in order:

1. MCP Skills
   └─ Create McpSkillManager for each MCP skill
   └─ Connect to MCP servers (stdio or SSE)
   └─ Fetch tool definitions from servers

2. Interactive Skills
   └─ Create InteractiveSkillManager for each
   └─ Parse tool definitions from config

3. Delegate Skills
   └─ Create DelegateSkillManager for each delegate
   └─ Generate tool definition for Expert call

If any skill fails to initialize, all previously initialized skills are cleaned up before the error is thrown.

MCP Skill Manager

The McpSkillManager handles communication with MCP servers.

Connection Types

stdio (recommended for local tools):

[experts."my-expert".skills."file-ops"]
type = "mcpStdioSkill"
command = "npx"
packageName = "@perstack/base"

SSE (for remote services):

[experts."my-expert".skills."remote-api"]
type = "mcpSseSkill"
endpoint = "https://api.example.com/mcp"

Tool Filtering

Control which tools are available to the Expert:

[experts."my-expert".skills."file-ops"]
type = "mcpStdioSkill"
command = "npx"
packageName = "@perstack/base"
pick = ["readFile", "writeFile"]  # Only these tools
omit = ["deleteFile"]             # Exclude these tools

Environment Variables

Only specified environment variables are passed to MCP servers:

[experts."my-expert".skills."db"]
type = "mcpStdioSkill"
command = "npx"
packageName = "@example/db-mcp"
requiredEnv = ["DATABASE_URL", "DB_PASSWORD"]

This prevents accidental exposure of sensitive environment variables.

Interactive Skill Manager

Interactive skills define tools that pause execution and wait for user input.

[experts."my-expert".skills."user-input"]
type = "interactiveSkill"
description = "Tools for user interaction"
 
[experts."my-expert".skills."user-input".tools.confirm]
name = "confirm"
description = "Ask user for confirmation"
inputJsonSchema = '{"type":"object","properties":{"message":{"type":"string"}}}'

When an interactive tool is called:

  1. The runtime emits a stopRunByInteractiveTool event
  2. Execution pauses with a checkpoint
  3. Your application collects user input
  4. Resume execution with the user’s response

Delegate Skill Manager

Delegate skills enable Expert-to-Expert calls.

[experts."orchestrator"]
delegates = ["researcher", "writer"]

Each delegate becomes a callable tool:

  • Tool name: Expert name (e.g., researcher)
  • Input: { query: string }
  • Execution: Spawns a sub-run of the delegated Expert

Lifecycle

Expert Start
    β”‚
    β–Ό
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ Initialize all  β”‚ ← Connect MCP servers, parse definitions
β”‚ Skill Managers  β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”˜
         β”‚
         β–Ό
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ Agent Loop      β”‚ ← Tools available for LLM to call
β”‚ (Steps 1..N)    β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”˜
         β”‚
         β–Ό
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ Close all       β”‚ ← Disconnect MCP servers
β”‚ Skill Managers  β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Security Considerations

Process Isolation

Each MCP server runs as a separate process:

  • Crashed servers don’t affect the runtime
  • Resource limits can be applied per-server
  • Clean shutdown on Expert completion

Minimal Privilege

Skills receive only what they need:

  • Environment: Only requiredEnv variables
  • Tools: Filtered by pick/omit
  • Filesystem: Limited by MCP server implementation

Connection Security

  • stdio: Local process, no network exposure
  • SSE: Use HTTPS for remote connections

For more on isolation, see Isolation by Design.

What’s Next

Isolation by DesignObserving