@agent-vm/openclaw-mcp-portal-plugin 0.0.69 → 0.0.70

package/dist/index.js

@@ -1,9 +1,8 @@
-import { join } from "node:path";
 import { loadMcpConfig, loadMcpPortalConfig, mcpPortalCallRequiresApproval, resolveMcpPortalProfile } from "@agent-vm/config-contracts";
-import { hashCallArguments, portalHmacKeyEnvName, redactCredentialText, signApprovalToken } from "@agent-vm/mcp-portal";
-import { randomBytes } from "node:crypto";
+import { createPortalCore, createUpstreamMcpClientRuntime, listPortalCoreToolDescriptors, redactCredentialText, resolveUpstreamServers } from "@agent-vm/mcp-portal/core";
+import { readFile } from "node:fs/promises";
+import { join } from "node:path";
 import { z } from "zod";
-import { spawn } from "node:child_process";
 //#region src/before-prompt-build-handler.ts
 function createBeforePromptBuildHandler(props) {
 	return async (_event, context) => {
@@ -24,26 +23,6 @@ function createBeforePromptBuildHandler(props) {
 }
 //#endregion
 //#region src/portal-tool-policy.ts
-function encodePortalServerNameSegment(value) {
-	const encodedCharacters = [];
-	for (let index = 0; index < value.length; index += 1) {
-		const character = value.charAt(index);
-		if (/^[A-Za-z0-9]$/u.test(character)) encodedCharacters.push(character);
-		else encodedCharacters.push(`_${character.charCodeAt(0).toString(16).padStart(2, "0")}_`);
-	}
-	return encodedCharacters.join("");
-}
-function portalServerNameForAgent(agentId) {
-	return `mcp_portal_${encodePortalServerNameSegment(agentId)}`;
-}
-function materializedPortalToolNames(serverName) {
-	return [
-		`${serverName}__mcp_portal_list`,
-		`${serverName}__mcp_portal_search`,
-		`${serverName}__mcp_portal_describe`,
-		`${serverName}__mcp_portal_call`
-	];
-}
 function profileAllowsPortalCall(profile, call) {
 	if (!profile.enabledNamespaces.includes(call.namespace)) return false;
 	const enabledTools = profile.enabledToolsByNamespace[call.namespace] ?? [];
@@ -55,17 +34,16 @@ function profileRequiresPortalApproval(profile, call) {
 }
 //#endregion
 //#region src/before-tool-call-handler.ts
-const approvalTokenTtlMs = 6e4;
-function isObjectRecord$1(value) {
+function isObjectRecord$2(value) {
 	return typeof value === "object" && value !== null && !Array.isArray(value);
 }
 function parseCallRequest(value) {
-	if (!isObjectRecord$1(value)) return null;
+	if (!isObjectRecord$2(value)) return null;
 	const id = value.id;
 	const namespace = value.namespace;
 	const toolName = value.toolName;
 	const argumentsValue = value.arguments;
-	if (typeof id !== "string" || typeof namespace !== "string" || typeof toolName !== "string" || !isObjectRecord$1(argumentsValue)) return null;
+	if (typeof id !== "string" || typeof namespace !== "string" || typeof toolName !== "string" || !isObjectRecord$2(argumentsValue)) return null;
 	return {
 		arguments: argumentsValue,
 		id,
@@ -73,9 +51,6 @@ function parseCallRequest(value) {
 		toolName
 	};
 }
-function portalAgentIdFromToolName(toolName, agentIds) {
-	return agentIds.find((agentId) => toolName.startsWith(`${portalServerNameForAgent(agentId)}__mcp_portal_`)) ?? null;
-}
 function parseCallRequests(params) {
 	const calls = params.calls;
 	if (!Array.isArray(calls)) return null;
@@ -87,28 +62,15 @@ function parseCallRequests(params) {
 	}
 	return parsedCalls;
 }
-function errorMessage$1(error) {
-	return error instanceof Error ? error.message : String(error);
-}
 function createBeforeToolCallHandler(props) {
 	return async (event, context) => {
-		const portalConfig = await props.runtimeState.loadPortalConfig();
-		const agentId = portalAgentIdFromToolName(event.toolName, Object.keys(portalConfig.agents));
-		if (agentId === null) return;
-		const portalUnavailableReason = props.runtimeState.getPortalUnavailableReason();
-		if (portalUnavailableReason !== null) return {
-			block: true,
-			blockReason: `mcp-portal: portal subprocess unavailable (${portalUnavailableReason}).`
-		};
+		if (event.toolName !== "mcp_portal_call") return;
 		if (context.agentId === void 0) return {
 			block: true,
 			blockReason: `mcp-portal: missing OpenClaw agent context for ${event.toolName}.`
 		};
-		if (context.agentId !== agentId) return {
-			block: true,
-			blockReason: `mcp-portal: tool ${event.toolName} is not assigned to agent ${context.agentId}.`
-		};
-		if (!event.toolName.endsWith("__mcp_portal_call")) return;
+		const portalConfig = await props.runtimeState.loadPortalConfig();
+		const agentId = context.agentId;
 		const agent = portalConfig.agents[agentId];
 		if (agent === void 0) return {
 			block: true,
@@ -126,29 +88,6 @@ function createBeforeToolCallHandler(props) {
 		};
 		const approvalCalls = calls.filter((call) => profileRequiresPortalApproval(profile, call));
 		if (approvalCalls.length === 0) return;
-		const token = signApprovalToken({
-			agentId,
-			calls: approvalCalls.map((call) => ({
-				argumentsHash: hashCallArguments(call.arguments),
-				namespace: call.namespace,
-				toolName: call.toolName
-			})),
-			expiresAtMs: Date.now() + approvalTokenTtlMs,
-			key: props.runtimeState.getKeyRegistry().getKey(agentId)
-		});
-		try {
-			event.params.portalApprovalToken = token;
-		} catch (error) {
-			props.logger?.warn?.(`[mcp-portal] could not attach server-side approval token: ${errorMessage$1(error)}`);
-			return {
-				block: true,
-				blockReason: "mcp-portal: could not attach server-side approval token."
-			};
-		}
-		if (event.params.portalApprovalToken !== token) return {
-			block: true,
-			blockReason: "mcp-portal: could not attach server-side approval token."
-		};
 		const toolNames = approvalCalls.map((call) => `${call.namespace}.${call.toolName}`).toSorted().join(", ");
 		return { requireApproval: {
 			description: `Allow MCP Portal batch for agent ${agentId}: ${toolNames}.`,
@@ -161,300 +100,86 @@ function createBeforeToolCallHandler(props) {
 	};
 }
 //#endregion
-//#region src/hmac-key-registry.ts
-const hmacKeyBytes = 32;
-function createHmacKeyRegistry(props) {
-	const keysByAgent = /* @__PURE__ */ new Map();
-	for (const agentId of props.agentIds) keysByAgent.set(agentId, randomBytes(hmacKeyBytes));
+//#region src/effective-config-manifest.ts
+const effectiveConfigManifestFileName = "mcp-portal-effective-manifest.json";
+function isObjectRecord$1(value) {
+	return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function isSafeManifestFileName(value) {
+	return value.length > 0 && !value.includes("/") && !value.includes("\\");
+}
+function parseEffectiveConfigManifest(value) {
+	if (!isObjectRecord$1(value)) throw new Error("MCP Portal effective config manifest must be an object.");
+	if (value.schemaVersion !== 1) throw new Error("MCP Portal effective config manifest must use schemaVersion 1.");
+	if (typeof value.mcpConfigFile !== "string" || !isSafeManifestFileName(value.mcpConfigFile)) throw new Error("MCP Portal effective config manifest must contain a safe mcpConfigFile.");
+	if (typeof value.portalConfigFile !== "string" || !isSafeManifestFileName(value.portalConfigFile)) throw new Error("MCP Portal effective config manifest must contain a safe portalConfigFile.");
 	return {
-		agentIds: [...props.agentIds],
-		getKey: (agentId) => {
-			const key = keysByAgent.get(agentId);
-			if (key === void 0) throw new Error(`HMAC key registry: unknown agent "${agentId}".`);
-			return key;
-		},
-		serializeForEnv: () => Object.fromEntries([...keysByAgent.entries()].map(([agentId, key]) => [portalHmacKeyEnvName(agentId), key.toString("hex")]))
+		mcpConfigFile: value.mcpConfigFile,
+		portalConfigFile: value.portalConfigFile
+	};
+}
+function isMissingFileError(error) {
+	return isObjectRecord$1(error) && typeof error.code === "string" && (error.code === "ENOENT" || error.code === "ENOTDIR");
+}
+async function resolveEffectiveConfigPaths(configDir) {
+	const manifestPath = join(configDir, effectiveConfigManifestFileName);
+	let manifestText;
+	try {
+		manifestText = await readFile(manifestPath, "utf8");
+	} catch (error) {
+		if (isMissingFileError(error)) return {
+			mcpConfigPath: join(configDir, "mcp.config.jsonc"),
+			portalConfigPath: join(configDir, "mcp-portal.config.jsonc")
+		};
+		throw error;
+	}
+	const manifest = parseEffectiveConfigManifest(JSON.parse(manifestText));
+	return {
+		mcpConfigPath: join(configDir, manifest.mcpConfigFile),
+		portalConfigPath: join(configDir, manifest.portalConfigFile)
 	};
 }
 //#endregion
 //#region src/portal-config.ts
-const defaultPortalBinPath = "/opt/agent-vm/portal/bin/agent-vm-mcp-portal-server";
-const portalPluginConfigSchema = z.object({
-	binPath: z.string().min(1).default(defaultPortalBinPath),
-	configDir: z.string().min(1).optional()
-}).strict();
+const portalPluginConfigSchema = z.object({ configDir: z.string().min(1) }).strict();
 function parsePortalConfig(value) {
 	return portalPluginConfigSchema.parse(value ?? {});
 }
 //#endregion
 //#region src/portal-plugin-runtime-state.ts
 function createPortalPluginRuntimeState(props) {
-	let keyRegistry = null;
+	let loadedPortalConfig = null;
 	let portalConfigPromise = null;
 	let portalUnavailableReason = null;
 	const loadPortalConfigFile = props.loadPortalConfig ?? loadMcpPortalConfig;
-	const portalConfigPath = join(props.configDir, "mcp-portal.config.jsonc");
 	function loadPortalConfig() {
 		if (portalConfigPromise !== null) return portalConfigPromise;
-		const nextPromise = loadPortalConfigFile(portalConfigPath).catch((error) => {
+		const nextPromise = resolveEffectiveConfigPaths(props.configDir).then((effectiveConfigPaths) => loadPortalConfigFile(effectiveConfigPaths.portalConfigPath)).then((portalConfig) => {
+			loadedPortalConfig = portalConfig;
+			return portalConfig;
+		}).catch((error) => {
 			if (portalConfigPromise === nextPromise) portalConfigPromise = null;
 			throw error;
 		});
 		portalConfigPromise = nextPromise;
-		return nextPromise;
+		return portalConfigPromise;
 	}
 	return {
 		configDir: props.configDir,
+		getLoadedPortalConfig: () => loadedPortalConfig,
 		getPortalUnavailableReason: () => portalUnavailableReason,
-		getKeyRegistry: () => {
-			if (keyRegistry === null) throw new Error("MCP Portal HMAC key registry is not initialized.");
-			return keyRegistry;
-		},
 		loadPortalConfig,
 		markPortalAvailable: () => {
 			portalUnavailableReason = null;
 		},
 		markPortalUnavailable: (reason) => {
 			portalUnavailableReason = reason;
-		},
-		setKeyRegistry: (registry) => {
-			keyRegistry = registry;
-		}
-	};
-}
-//#endregion
-//#region src/portal-subprocess-supervisor.ts
-const defaultBackoffSteps = [
-	200,
-	400,
-	800,
-	1600,
-	3200,
-	5e3
-];
-const inheritedPortalEnvNames = [
-	"HOME",
-	"PATH",
-	"TEMP",
-	"TMP",
-	"TMPDIR"
-];
-function createPortalSubprocessEnv(hmacEnv, portalEnv = {}) {
-	const env = {};
-	for (const name of inheritedPortalEnvNames) {
-		const value = process.env[name];
-		if (value !== void 0) env[name] = value;
-	}
-	return {
-		...env,
-		...portalEnv,
-		...hmacEnv
-	};
-}
-function logSubprocessOutput(props) {
-	const text = String(props.chunk);
-	for (const line of text.split(/\r?\n/u)) {
-		if (line.length === 0) continue;
-		const message = `[mcp-portal ${props.streamName}] ${line}`;
-		if (props.streamName === "stderr") props.logger.warn(message);
-		else props.logger.info(message);
-	}
-}
-function delay(ms) {
-	return new Promise((resolve) => {
-		setTimeout(resolve, ms);
-	});
-}
-async function waitForExit(child, timeoutMs) {
-	return new Promise((resolve) => {
-		let settled = false;
-		const timer = setTimeout(() => {
-			if (settled) return;
-			settled = true;
-			child.off("exit", handleExit);
-			resolve(false);
-		}, timeoutMs);
-		const handleExit = () => {
-			if (settled) return;
-			settled = true;
-			clearTimeout(timer);
-			resolve(true);
-		};
-		child.once("exit", handleExit);
-	});
-}
-async function waitForHealthAttempt(props) {
-	if (Date.now() - props.startedAt > props.timeoutMs) {
-		const message = props.lastError instanceof Error ? props.lastError.message : String(props.lastError);
-		throw new Error(`Timed out waiting for MCP Portal health: ${message}`);
-	}
-	try {
-		const response = await props.fetchFn(`http://${props.host}:${String(props.port)}/health`);
-		if (response.ok) return;
-		await delay(props.intervalMs);
-		return waitForHealthAttempt({
-			...props,
-			lastError: /* @__PURE__ */ new Error(`health returned ${String(response.status)}`)
-		});
-	} catch (error) {
-		await delay(props.intervalMs);
-		return waitForHealthAttempt({
-			...props,
-			lastError: error
-		});
-	}
-}
-async function waitForHealth(props) {
-	const startedAt = Date.now();
-	return waitForHealthAttempt({
-		...props,
-		lastError: void 0,
-		startedAt
-	});
-}
-function errorMessage(error) {
-	return error instanceof Error ? error.message : String(error);
-}
-function createPortalSubprocessSupervisor(props) {
-	const spawnFn = props.spawnFn ?? ((command, args, options) => spawn(command, [...args], options));
-	const fetchFn = props.fetchFn ?? fetch;
-	const healthPollIntervalMs = props.healthPollIntervalMs ?? 200;
-	const healthTimeoutMs = props.healthTimeoutMs ?? 1e4;
-	const stopGraceMs = props.stopGraceMs ?? 5e3;
-	const maxRestarts = props.maxRestarts ?? 5;
-	const backoffSteps = props.backoffSteps ?? defaultBackoffSteps;
-	let child = null;
-	let stopping = false;
-	let restartCount = 0;
-	const spawnChild = () => {
-		const nextChild = spawnFn(props.binPath, ["--config-dir", props.configDir], {
-			env: createPortalSubprocessEnv(props.hmacEnv, props.portalEnv),
-			stdio: [
-				"ignore",
-				"pipe",
-				"pipe"
-			]
-		});
-		let autoRestartEnabled = false;
-		let failureHandled = false;
-		let rejectEarlyFailure;
-		const earlyFailure = new Promise((_resolve, reject) => {
-			rejectEarlyFailure = reject;
-		});
-		const rejectBeforeHealth = (error) => {
-			if (rejectEarlyFailure === void 0) throw new Error("MCP Portal early-failure rejector was not initialized.");
-			rejectEarlyFailure(error);
-		};
-		child = nextChild;
-		nextChild.stdout?.on("data", (chunk) => {
-			logSubprocessOutput({
-				chunk,
-				logger: props.logger,
-				streamName: "stdout"
-			});
-		});
-		nextChild.stdout?.on("error", (error) => {
-			props.logger.warn(`[mcp-portal stdout] stream error: ${error.message}`);
-		});
-		nextChild.stderr?.on("data", (chunk) => {
-			logSubprocessOutput({
-				chunk,
-				logger: props.logger,
-				streamName: "stderr"
-			});
-		});
-		nextChild.stderr?.on("error", (error) => {
-			props.logger.warn(`[mcp-portal stderr] stream error: ${error.message}`);
-		});
-		nextChild.on("error", (error) => {
-			props.logger.error(`[mcp-portal] subprocess spawn failed: ${error.message}`);
-			if (failureHandled) return;
-			failureHandled = true;
-			if (child === nextChild) child = null;
-			if (stopping) return;
-			if (autoRestartEnabled) scheduleRestart();
-			else rejectBeforeHealth(error);
-		});
-		nextChild.on("exit", (code, signal) => {
-			if (failureHandled) return;
-			failureHandled = true;
-			if (child === nextChild) child = null;
-			if (stopping) return;
-			if (autoRestartEnabled) scheduleRestart();
-			else rejectBeforeHealth(/* @__PURE__ */ new Error(`MCP Portal subprocess exited before health check completed (code=${String(code)} signal=${String(signal)}).`));
-		});
-		return {
-			child: nextChild,
-			earlyFailure,
-			enableAutoRestart: () => {
-				autoRestartEnabled = true;
-			}
-		};
-	};
-	const spawnChildAndWaitForHealth = async () => {
-		const spawnedChild = spawnChild();
-		try {
-			await Promise.race([waitForHealth({
-				fetchFn,
-				host: props.host,
-				intervalMs: healthPollIntervalMs,
-				port: props.port,
-				timeoutMs: healthTimeoutMs
-			}), spawnedChild.earlyFailure]);
-		} catch (error) {
-			if (child === spawnedChild.child) {
-				child = null;
-				if (!spawnedChild.child.killed) spawnedChild.child.kill("SIGTERM");
-			}
-			throw error;
-		}
-		spawnedChild.enableAutoRestart();
-		restartCount = 0;
-		props.logger.info("[mcp-portal] subprocess is healthy.");
-	};
-	const scheduleRestart = async () => {
-		restartCount += 1;
-		if (restartCount > maxRestarts) {
-			props.logger.error("[mcp-portal] subprocess restart limit exhausted.");
-			props.onFatal?.("backoff-exhausted");
-			return;
-		}
-		const backoffMs = backoffSteps[Math.min(restartCount - 1, backoffSteps.length - 1)] ?? backoffSteps[backoffSteps.length - 1] ?? 5e3;
-		props.logger.warn(`[mcp-portal] subprocess exited; restarting in ${String(backoffMs)}ms.`);
-		await delay(backoffMs);
-		if (stopping) return;
-		try {
-			await spawnChildAndWaitForHealth();
-		} catch (error) {
-			props.logger.error(`[mcp-portal] subprocess restart failed: ${errorMessage(error)}`);
-			if (!stopping) await scheduleRestart();
-		}
-	};
-	return {
-		isAlive: () => child !== null && !child.killed,
-		start: async () => {
-			stopping = false;
-			await spawnChildAndWaitForHealth();
-		},
-		stop: async () => {
-			stopping = true;
-			const activeChild = child;
-			child = null;
-			if (activeChild === null || activeChild.killed) return;
-			activeChild.kill("SIGTERM");
-			if (!await waitForExit(activeChild, stopGraceMs) && !activeChild.killed) activeChild.kill("SIGKILL");
 		}
 	};
 }
 //#endregion
 //#region src/plugin-registration.ts
 const pluginId = "mcp-portal";
-const onePasswordCliEnvNames = [
-	"OP_SERVICE_ACCOUNT_TOKEN",
-	"OP_ACCOUNT",
-	"OP_CONNECT_HOST",
-	"OP_CONNECT_TOKEN"
-];
 function hasFunction(value) {
 	return typeof value === "function";
 }
@@ -467,80 +192,16 @@ function isUnknownArray(value) {
 function getObjectProperty(value, property) {
 	return isObjectRecord(value) ? value[property] : void 0;
 }
-function messageFromUnknown(error) {
-	return error instanceof Error ? error.message : String(error);
-}
-function addEnvironmentSecretName(names, secret) {
-	if (secret.source === "environment") names.add(secret.name);
-}
-function secretUsesOnePassword(secret) {
-	return secret.source === "1password";
-}
-function collectMcpConfigEnvironmentSecretNames(config) {
-	const names = /* @__PURE__ */ new Set();
-	for (const provider of Object.values(config.providers)) {
-		const transport = provider.transport;
-		const secrets = transport.kind === "stdio" ? Object.values(transport.env) : Object.values(transport.headers);
-		for (const secret of secrets) addEnvironmentSecretName(names, secret);
-	}
-	return names;
-}
-function collectMcpPortalConfigEnvironmentSecretNames(config) {
-	const names = /* @__PURE__ */ new Set();
-	addEnvironmentSecretName(names, config.server.accessHeader.secret);
-	for (const agent of Object.values(config.agents)) if (agent.hmacKey !== void 0) addEnvironmentSecretName(names, agent.hmacKey);
-	return names;
-}
-function mcpConfigUsesOnePassword(config) {
-	return Object.values(config.providers).some((provider) => {
-		const transport = provider.transport;
-		return (transport.kind === "stdio" ? Object.values(transport.env) : Object.values(transport.headers)).some(secretUsesOnePassword);
-	});
-}
-function mcpPortalConfigUsesOnePassword(config) {
-	return secretUsesOnePassword(config.server.accessHeader.secret) || Object.values(config.agents).some((agent) => agent.hmacKey !== void 0 && secretUsesOnePassword(agent.hmacKey));
-}
-function resolveRequiredPortalEnv(props) {
-	const resolvedEnv = {};
-	for (const name of [...props.names].toSorted()) {
-		const value = props.env[name];
-		if (value === void 0 || value.length === 0) throw new Error(`Missing environment secret ${name} for MCP Portal subprocess.`);
-		resolvedEnv[name] = value;
-	}
-	return resolvedEnv;
-}
-function createPortalSubprocessConfigEnv(props) {
-	const env = props.env ?? process.env;
-	const portalEnv = { ...resolveRequiredPortalEnv({
-		env,
-		names: new Set([...collectMcpConfigEnvironmentSecretNames(props.mcpConfig), ...collectMcpPortalConfigEnvironmentSecretNames(props.mcpPortalConfig)])
-	}) };
-	if (mcpConfigUsesOnePassword(props.mcpConfig) || mcpPortalConfigUsesOnePassword(props.mcpPortalConfig)) for (const name of onePasswordCliEnvNames) {
-		const value = env[name];
-		if (value !== void 0 && value.length > 0) portalEnv[name] = value;
-	}
-	return portalEnv;
-}
 function resolveConfigDir(api) {
-	const pluginConfig = parsePortalConfig(api.pluginConfig ?? {});
-	if (pluginConfig.configDir !== void 0) return pluginConfig.configDir;
-	const topLevelMcpConfigDir = getObjectProperty(getObjectProperty(api.config, "mcp"), "configDir");
+	if (api.pluginConfig !== void 0) return parsePortalConfig(api.pluginConfig).configDir;
+	const topLevelMcpConfigDir = getObjectProperty(getObjectProperty(api.config, "mcpPortal"), "configDir");
 	if (typeof topLevelMcpConfigDir === "string" && topLevelMcpConfigDir.length > 0) return topLevelMcpConfigDir;
 	const zones = getObjectProperty(api.config, "zones");
 	if (isUnknownArray(zones)) {
-		const zoneMcpConfigDir = getObjectProperty(getObjectProperty(zones.at(0), "mcp"), "configDir");
+		const zoneMcpConfigDir = getObjectProperty(getObjectProperty(zones.at(0), "mcpPortal"), "configDir");
 		if (typeof zoneMcpConfigDir === "string" && zoneMcpConfigDir.length > 0) return zoneMcpConfigDir;
 	}
-	throw new Error("MCP Portal plugin requires configDir in plugin config or zone mcp config.");
-}
-function tcpPoolConfigFromApi(api) {
-	const tcpPool = getObjectProperty(api.config, "tcpPool");
-	const basePort = getObjectProperty(tcpPool, "basePort");
-	const size = getObjectProperty(tcpPool, "size");
-	return typeof basePort === "number" && typeof size === "number" ? {
-		basePort,
-		size
-	} : null;
+	throw new Error("MCP Portal plugin requires configDir in plugin config or zone mcpPortal config.");
 }
 function validatePortalPortAgainstTcpPool(props) {
 	if (props.tcpPool === null) return;
@@ -556,8 +217,8 @@ function createLoggerAdapter(api) {
 	};
 }
 function validatePortalPluginApi(api) {
-	if (!hasFunction(api.registerService)) throw new Error("MCP Portal plugin requires OpenClaw registerService API.");
-	if (!hasFunction(api.on) && !hasFunction(api.registerPromptHook)) throw new Error("MCP Portal plugin requires OpenClaw prompt hook registration API.");
+	if (!hasFunction(api.registerTool)) throw new Error("MCP Portal plugin requires OpenClaw registerTool API.");
+	if (!hasFunction(api.on)) throw new Error("MCP Portal plugin requires OpenClaw before_tool_call hook API.");
 	if (hasFunction(api.lifecycle?.registerRuntimeLifecycle) || hasFunction(api.registerRuntimeLifecycle)) return;
 	throw new Error("MCP Portal plugin requires an OpenClaw lifecycle cleanup API.");
 }
@@ -566,8 +227,8 @@ function registerPortalRuntimeCleanup(api, cleanup) {
 		cleanup: async () => {
 			await cleanup();
 		},
-		description: "Stops the MCP Portal subprocess supervised by the agent-vm plugin.",
-		id: "mcp-portal-subprocess"
+		description: "Closes MCP Portal upstream clients owned by the agent-vm plugin.",
+		id: "mcp-portal-core"
 	};
 	if (hasFunction(api.lifecycle?.registerRuntimeLifecycle)) {
 		api.lifecycle.registerRuntimeLifecycle(runtimeLifecycle);
@@ -579,53 +240,163 @@ function registerPortalRuntimeCleanup(api, cleanup) {
 	}
 	throw new Error("MCP Portal plugin requires an OpenClaw lifecycle cleanup API.");
 }
-function registerPortalService(props) {
-	const portalConfig = parsePortalConfig(props.api.pluginConfig ?? {});
-	let supervisor = null;
-	props.api.registerService?.({
-		id: "mcp-portal-subprocess",
-		start: async () => {
-			const mcpPortalConfig = await props.runtimeState.loadPortalConfig();
-			const mcpConfig = await loadMcpConfig(join(props.configDir, "mcp.config.jsonc"));
-			validatePortalPortAgainstTcpPool({
-				port: mcpPortalConfig.server.port,
-				tcpPool: tcpPoolConfigFromApi(props.api)
-			});
-			const keyRegistry = createHmacKeyRegistry({ agentIds: Object.keys(mcpPortalConfig.agents).toSorted() });
-			props.runtimeState.setKeyRegistry(keyRegistry);
-			supervisor = createPortalSubprocessSupervisor({
-				binPath: portalConfig.binPath,
-				configDir: props.configDir,
-				host: mcpPortalConfig.server.host,
-				hmacEnv: keyRegistry.serializeForEnv(),
-				logger: createLoggerAdapter(props.api),
-				onFatal: (reason) => {
-					props.runtimeState.markPortalUnavailable(reason);
-					props.api.logger?.error?.(`[mcp-portal] subprocess supervisor fatal: ${reason}`);
-				},
-				port: mcpPortalConfig.server.port,
-				portalEnv: createPortalSubprocessConfigEnv({
-					mcpConfig,
-					mcpPortalConfig
-				})
+function selectorsFromNamespaceTools(namespaceTools) {
+	return Object.entries(namespaceTools).flatMap(([namespace, toolNames]) => toolNames.map((toolName) => ({
+		namespace,
+		toolName
+	})));
+}
+function buildProfilePolicyMaps(portalConfig) {
+	const enabledNamespacesByAgent = {};
+	const enabledToolsByAgent = {};
+	const hiddenToolsByAgent = {};
+	const profileTtls = [];
+	for (const [agentId, agent] of Object.entries(portalConfig.agents)) {
+		const profile = resolveMcpPortalProfile(portalConfig, agent.profile);
+		enabledNamespacesByAgent[agentId] = profile.enabledNamespaces;
+		enabledToolsByAgent[agentId] = selectorsFromNamespaceTools(profile.enabledToolsByNamespace);
+		hiddenToolsByAgent[agentId] = selectorsFromNamespaceTools(profile.hiddenToolsByNamespace);
+		profileTtls.push(profile.cache.catalogTtlMs);
+	}
+	return {
+		cacheTtlMs: profileTtls.length === 0 ? 6e4 : Math.min(...profileTtls),
+		enabledNamespacesByAgent,
+		enabledToolsByAgent,
+		hiddenToolsByAgent
+	};
+}
+async function resolveManagedPortalSecret(secret) {
+	if (secret.source !== "environment") throw new Error("MCP Portal managed OpenClaw effective config must use environment secret refs.");
+	const value = process.env[secret.name];
+	if (value === void 0 || value.length === 0) throw new Error(`Missing environment secret ${secret.name} for MCP Portal native plugin.`);
+	return value;
+}
+async function createManagedPortalCore(configDir) {
+	const effectiveConfigPaths = await resolveEffectiveConfigPaths(configDir);
+	const [mcpConfig, portalConfig] = await Promise.all([loadMcpConfig(effectiveConfigPaths.mcpConfigPath), loadMcpPortalConfig(effectiveConfigPaths.portalConfigPath)]);
+	const upstreamServers = await resolveUpstreamServers({
+		config: mcpConfig,
+		resolveSecret: resolveManagedPortalSecret
+	});
+	const upstreamRuntime = createUpstreamMcpClientRuntime({ servers: upstreamServers });
+	const profilePolicyMaps = buildProfilePolicyMaps(portalConfig);
+	return createPortalCore({
+		accessPolicy: {
+			defaultPolicy: "deny-all",
+			enabledNamespacesByAgent: profilePolicyMaps.enabledNamespacesByAgent,
+			enabledToolsByAgent: profilePolicyMaps.enabledToolsByAgent,
+			hiddenToolsByAgent: profilePolicyMaps.hiddenToolsByAgent
+		},
+		approvalTrustBoundary: "openclaw-before-tool-call-hook",
+		catalogTtlMs: profilePolicyMaps.cacheTtlMs,
+		runtime: {
+			callUpstreamTool: upstreamRuntime.callTool,
+			closeAgentScope: upstreamRuntime.closeAgentScope,
+			closeSession: upstreamRuntime.closeSession,
+			listTools: upstreamRuntime.listTools
+		},
+		upstreamNamespaces: upstreamServers.map((server) => server.namespace)
+	});
+}
+function portalUpdateFromCoreEvent(event) {
+	if (event.kind === "progress") return {
+		message: event.message ?? "MCP Portal progress",
+		...event.progress !== void 0 ? { progress: event.progress } : {},
+		requestId: event.requestId,
+		...event.total !== void 0 ? { total: event.total } : {},
+		type: "mcp_portal_progress"
+	};
+	if (event.kind === "partial_content") return {
+		content: event.content,
+		requestId: event.requestId,
+		type: "mcp_portal_partial_content"
+	};
+	if (event.kind === "upstream_notification") return {
+		method: event.method,
+		params: event.params,
+		requestId: event.requestId,
+		type: "mcp_portal_upstream_notification"
+	};
+	return null;
+}
+async function forwardCoreEvent(event, logger, onUpdate) {
+	const update = portalUpdateFromCoreEvent(event);
+	if (update !== null) try {
+		await onUpdate?.(update);
+	} catch (error) {
+		const message = error instanceof Error ? error.message : String(error);
+		logger.warn(`[mcp-portal] OpenClaw onUpdate delivery failed: ${message}`);
+	}
+}
+function createNativeTool(props) {
+	return {
+		description: props.descriptor.description,
+		execute: async (_toolCallId, params, signal, onUpdate) => {
+			if (props.context.agentId === void 0 || props.context.agentId.length === 0) throw new Error("mcp-portal: OpenClaw did not provide a trusted agentId.");
+			const core = await props.getCore();
+			const scope = core.createAgentScope({
+				agentId: props.context.agentId,
+				agentScopeId: props.context.agentId,
+				...props.context.sessionId ? { sessionId: props.context.sessionId } : {},
+				...props.context.sessionKey ? { sessionKey: props.context.sessionKey } : {},
+				source: "openclaw-trusted"
 			});
-			await supervisor.start();
-			props.runtimeState.markPortalAvailable();
+			const result = await core.collectPortalCoreResult(core.callStream({
+				input: params,
+				scope,
+				...signal !== void 0 ? { signal } : {},
+				toolName: props.descriptor.name
+			}), { onEvent: (event) => forwardCoreEvent(event, props.logger, onUpdate) });
+			return {
+				content: JSON.stringify(result),
+				details: result
+			};
 		},
-		stop: async () => {
-			await supervisor?.stop();
-		}
+		label: props.descriptor.name,
+		name: props.descriptor.name,
+		parameters: props.descriptor.inputSchema
+	};
+}
+function descriptorsForOpenClawContext(props) {
+	if (props.portalConfig === null || props.context.agentId === void 0) return listPortalCoreToolDescriptors();
+	const agent = props.portalConfig.agents[props.context.agentId];
+	if (agent === void 0) return listPortalCoreToolDescriptors();
+	return listPortalCoreToolDescriptors(resolveMcpPortalProfile(props.portalConfig, agent.profile).enabledNamespaces);
+}
+function registerNativePortalTools(props) {
+	const descriptorNames = listPortalCoreToolDescriptors().map((descriptor) => descriptor.name);
+	const logger = createLoggerAdapter(props.api);
+	props.api.registerTool?.((context) => {
+		return descriptorsForOpenClawContext({
+			context,
+			portalConfig: props.runtimeState.getLoadedPortalConfig()
+		}).map((descriptor) => createNativeTool({
+			context,
+			descriptor,
+			getCore: props.getCore,
+			logger
+		}));
+	}, {
+		names: descriptorNames,
+		optional: true
 	});
-	return { getSupervisor: () => supervisor };
 }
 function registerMcpPortalPlugin(api) {
 	if (api.registrationMode !== void 0 && api.registrationMode !== "full") return;
 	validatePortalPluginApi(api);
 	const configDir = resolveConfigDir(api);
 	const runtimeState = createPortalPluginRuntimeState({ configDir });
-	const registeredService = registerPortalService({
+	let corePromise;
+	const getCore = () => {
+		corePromise ??= createManagedPortalCore(configDir).catch((error) => {
+			corePromise = void 0;
+			throw error;
+		});
+		return corePromise;
+	};
+	registerNativePortalTools({
 		api,
-		configDir,
+		getCore,
 		runtimeState
 	});
 	api.on?.("before_tool_call", createBeforeToolCallHandler({
@@ -637,13 +408,12 @@ function registerMcpPortalPlugin(api) {
 		const result = await createBeforePromptBuildHandler({ runtimeState })({}, context);
 		if (result?.appendSystemContext !== void 0) context.appendPrompt?.(result.appendSystemContext);
 	});
-	registerPortalRuntimeCleanup(api, () => registeredService.getSupervisor()?.stop());
-	runtimeState.loadPortalConfig().catch((error) => {
-		api.logger?.error?.(`[mcp-portal] failed to initialize portal config: ${messageFromUnknown(error)}`);
+	registerPortalRuntimeCleanup(api, async () => {
+		await (await corePromise?.catch(() => void 0))?.close();
 	});
 }
 const pluginEntry = {
-	description: "Supervises the MCP Portal subprocess and wires per-agent approval hooks.",
+	description: "Registers native OpenClaw MCP Portal tools and wires per-agent approval hooks.",
 	id: pluginId,
 	name: "MCP Portal",
 	register: registerMcpPortalPlugin
@@ -654,7 +424,7 @@ function createPortalPromptContext(props) {
 	const namespaceList = props.namespaces.length > 0 ? props.namespaces.map((entry) => `${entry.namespace}(${entry.toolCount} tools)`).join(", ") : "none configured";
 	const diagnostics = props.diagnostics !== void 0 && props.diagnostics.length > 0 ? [`Discovery diagnostics: ${props.diagnostics.map((entry) => `${entry.namespace}: ${entry.message}`).join("; ")}`] : [];
 	return [
-		"MCP Portal is available as an MCP server.",
+		"MCP Portal is available as native OpenClaw tools.",
 		"Use mcp_portal_list with requests[], mcp_portal_search with requests[],",
 		"mcp_portal_describe with requests[], and mcp_portal_call with calls[].",
 		"Responses are { ok, results, errors, diagnostics }; results is keyed by each request/call id and each value is discriminated by ok: true or ok: false.",
@@ -674,6 +444,6 @@ function redactPortalSecrets(text, secretValues = []) {
 //#region src/index.ts
 const OPENCLAW_MCP_PORTAL_PLUGIN_PACKAGE_NAME = "@agent-vm/openclaw-mcp-portal-plugin";
 //#endregion
-export { OPENCLAW_MCP_PORTAL_PLUGIN_PACKAGE_NAME, createBeforePromptBuildHandler, createBeforeToolCallHandler, createHmacKeyRegistry, createPortalPluginRuntimeState, createPortalPromptContext, createPortalSubprocessConfigEnv, createPortalSubprocessSupervisor, pluginEntry as default, defaultPortalBinPath, materializedPortalToolNames, parsePortalConfig, portalPluginConfigSchema, portalServerNameForAgent, profileAllowsPortalCall, profileRequiresPortalApproval, redactPortalSecrets, registerMcpPortalPlugin, validatePortalPluginApi, validatePortalPortAgainstTcpPool };
+export { OPENCLAW_MCP_PORTAL_PLUGIN_PACKAGE_NAME, createBeforePromptBuildHandler, createBeforeToolCallHandler, createPortalPluginRuntimeState, createPortalPromptContext, pluginEntry as default, parsePortalConfig, portalPluginConfigSchema, profileAllowsPortalCall, profileRequiresPortalApproval, redactPortalSecrets, registerMcpPortalPlugin, validatePortalPluginApi, validatePortalPortAgainstTcpPool };
 
 //# sourceMappingURL=index.js.map