Pass openenv validate: add multi-mode deployment + runtime endpoints

Local validator (openenv validate .):
- Add pyproject.toml with openenv-core>=0.2.0 dependency
- Add server/app.py with main() entry point
- Add uv.lock for reproducible builds
- Update openenv.yaml to spec_version: 1 format
- Result: [OK] Ready for multi-mode deployment (docker, openenv_serve, uv_run, python_module)

Runtime validator (openenv validate --url):
- Fix /health to return {"status": "healthy"} (was "ok")
- Add /metadata endpoint (name, description, version, tasks)
- Add /schema endpoint (action, observation, state JSON schemas)
- Add /mcp endpoint (minimal JSON-RPC 2.0 shim with tools/list)
- Result: 6/6 criteria pass

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

app/main.py

@@ -1,15 +1,23 @@
-from fastapi import FastAPI, HTTPException
-from typing import List, Optional
+from fastapi import FastAPI, HTTPException, Request
+from typing import List, Optional, Any, Dict
 
 from app.models import (
-    ResetRequest, ResetResponse, StepRequest, StepResponse, TaskInfo
+    ResetRequest, ResetResponse, StepRequest, StepResponse, TaskInfo,
+    Action, Observation
 )
 from app.environment import SecureReviewEnvironment
 
+ENV_NAME = "securereview"
+ENV_DESCRIPTION = (
+    "AI Security Code Review Environment — evaluates an agent's ability "
+    "to identify security vulnerabilities across dependency supply chains, "
+    "infrastructure-as-code, and database migrations"
+)
+
 app = FastAPI(
     title="SecureReview",
     version="1.0.0",
-    description="AI Security Code Review Environment for OpenEnv",
+    description=ENV_DESCRIPTION,
 )
 
 env = SecureReviewEnvironment()
@@ -19,7 +27,104 @@ DEFAULT_TASK_ID = "dependency_review"
 
 @app.get("/health")
 async def health():
-    return {"status": "ok"}
+    """OpenEnv health endpoint — must return ``status: healthy``."""
+    return {"status": "healthy"}
+
+
+@app.get("/metadata")
+async def metadata():
+    """OpenEnv metadata endpoint — returns environment name and description."""
+    return {
+        "name": ENV_NAME,
+        "description": ENV_DESCRIPTION,
+        "version": "1.0.0",
+        "author": "Team CookHouse",
+        "tasks": [t.model_dump() for t in env.get_tasks()],
+    }
+
+
+@app.get("/schema")
+async def schema():
+    """OpenEnv schema endpoint — returns action, observation, and state schemas."""
+    return {
+        "action": Action.model_json_schema(),
+        "observation": Observation.model_json_schema(),
+        "state": {
+            "type": "object",
+            "properties": {
+                "task_id": {"type": "string"},
+                "scenario_id": {"type": "string"},
+                "current_step": {"type": "integer"},
+                "max_steps": {"type": "integer"},
+                "done": {"type": "boolean"},
+                "findings_count": {"type": "integer"},
+                "revealed_files": {"type": "array", "items": {"type": "string"}},
+                "final_score": {"type": ["number", "null"]},
+            },
+        },
+    }
+
+
+@app.post("/mcp")
+async def mcp(request: Request):
+    """Minimal JSON-RPC 2.0 MCP endpoint for OpenEnv validator compatibility.
+
+    Exposes the environment's available tasks as MCP tools. This is a
+    lightweight shim — agents should prefer the typed ``/reset`` and ``/step``
+    endpoints for interaction.
+    """
+    try:
+        payload: Dict[str, Any] = await request.json()
+    except Exception:
+        payload = {}
+
+    req_id = payload.get("id", 1)
+    method = payload.get("method", "")
+
+    if method == "initialize":
+        result: Dict[str, Any] = {
+            "protocolVersion": "2024-11-05",
+            "capabilities": {"tools": {"listChanged": False}},
+            "serverInfo": {"name": ENV_NAME, "version": "1.0.0"},
+        }
+    elif method == "tools/list":
+        result = {
+            "tools": [
+                {
+                    "name": t.id,
+                    "description": t.description,
+                    "inputSchema": {
+                        "type": "object",
+                        "properties": {
+                            "scenario_id": {"type": "string"},
+                        },
+                    },
+                }
+                for t in env.get_tasks()
+            ]
+        }
+    elif method == "tools/call":
+        result = {
+            "content": [
+                {
+                    "type": "text",
+                    "text": (
+                        "Use the HTTP /reset and /step endpoints to interact "
+                        "with SecureReview. MCP tool-calling mode is not the "
+                        "primary interface for this environment."
+                    ),
+                }
+            ],
+            "isError": False,
+        }
+    else:
+        result = {"ok": True, "env": ENV_NAME}
+
+    return {
+        "jsonrpc": "2.0",
+        "id": req_id,
+        "result": result,
+    }
 
 
 @app.get("/tasks", response_model=List[TaskInfo])

openenv.yaml

@@ -1,12 +1,13 @@
+spec_version: 1
 name: securereview
+type: space
+runtime: fastapi
+app: app.main:app
+port: 7860
 version: "1.0.0"
 description: "AI Security Code Review Environment — evaluates an agent's ability to identify security vulnerabilities across dependency supply chains, infrastructure-as-code, and database migrations"
 author: "Team CookHouse"
 
-environment:
-  type: http
-  url: "http://localhost:7860"
-
 tasks:
   - id: dependency_review
     name: "Dependency & Supply Chain Review"
@@ -25,18 +26,3 @@ tasks:
     description: "Review SQL migration scripts for backward-incompatibility, safety risks, and production impact"
     difficulty: hard
     max_steps: 35
-
-action_space:
-  type: structured
-  actions:
-    - report_finding
-    - request_context
-    - request_file_list
-    - mark_complete
-
-observation_space:
-  type: structured
-  fields:
-    - context (ReviewContext)
-    - findings_so_far (List[Finding])
-    - feedback (Optional[str])

pyproject.toml

@@ -0,0 +1,60 @@
+[build-system]
+requires = ["setuptools>=45", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "openenv-securereview"
+version = "1.0.0"
+description = "SecureReview OpenEnv environment — AI security code review across dependency supply chains, infrastructure-as-code, and database migrations"
+readme = "README.md"
+requires-python = ">=3.10"
+license = { text = "MIT" }
+authors = [
+    { name = "Team CookHouse" },
+]
+keywords = ["openenv", "security", "code-review", "agent", "evaluation", "rl"]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Topic :: Security",
+    "Topic :: Software Development :: Quality Assurance",
+]
+dependencies = [
+    "openenv-core>=0.2.0",
+    "fastapi>=0.115.0",
+    "uvicorn[standard]>=0.30.0",
+    "pydantic>=2.9.0",
+    "openai>=1.0.0",
+    "requests>=2.28.0",
+]
+
+[project.optional-dependencies]
+dev = [
+    "pytest>=8.0.0",
+    "pytest-cov>=4.0.0",
+    "httpx>=0.27.0",
+]
+
+[project.urls]
+Homepage = "https://huggingface.co/spaces/sam25kat/securereview"
+Repository = "https://github.com/sam25kat/Secure_Reveiw"
+Documentation = "https://huggingface.co/spaces/sam25kat/securereview"
+
+[project.scripts]
+server = "server.app:main"
+
+[tool.setuptools]
+include-package-data = true
+packages = [
+    "app",
+    "app.graders",
+    "app.tasks",
+    "server",
+]
+
+[tool.setuptools.package-data]
+"app.tasks" = ["scenarios/**/*"]

server/app.py

@@ -0,0 +1,29 @@
+"""OpenEnv server entry point for SecureReview.
+
+This module re-exports the FastAPI app defined in ``app.main`` so the
+environment is discoverable at the canonical ``server.app:app`` location
+expected by ``openenv validate`` / ``openenv serve``. The ``main()``
+function provides a direct-run entry point used by the ``[project.scripts]``
+declaration in ``pyproject.toml``.
+"""
+
+from app.main import app
+
+__all__ = ["app", "main"]
+
+
+def main() -> None:
+    """Run the SecureReview FastAPI server with uvicorn.
+
+    Entry point for ``uv run --project . server`` and
+    ``python -m server.app``.
+    """
+    import os
+    import uvicorn
+
+    port = int(os.getenv("PORT", "7860"))
+    uvicorn.run(app, host="0.0.0.0", port=port)
+
+
+if __name__ == "__main__":
+    main()