@alfe.ai/gateway 0.0.49 → 0.1.1

package/dist/health.js

@@ -6,13 +6,15 @@ import { promisify } from "node:util";
 import { dirname, join } from "node:path";
 import { homedir } from "node:os";
 import pino from "pino";
-import { chmodSync, existsSync, readFileSync, unlinkSync } from "node:fs";
+import { chmodSync, existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from "node:fs";
 import { getEndpointFromToken, readConfig } from "@alfe.ai/config";
 import crypto from "crypto";
 import { parse } from "smol-toml";
 import WebSocket from "ws";
 import { createConnection, createServer } from "node:net";
-import { IntegrationManager, IntegrationManagerAdapter, OpenClawApplier } from "@alfe.ai/integrations";
+import { IntegrationManager, IntegrationManagerAdapter, McpApplier, OpenClawApplier } from "@alfe.ai/integrations";
+import { AgentApiClient } from "@alfe.ai/agent-api-client";
+import { Manager, McpBundler, defaultConnect } from "@alfe.ai/mcp-bundler";
 import stream, { Readable } from "stream";
 import util, { format } from "util";
 import http from "http";
@@ -90,6 +92,9 @@ const ID_PREFIXES = {
 	identityVerification: "ivf",
 	role: "role",
 	directGrant: "dgr",
+	oauthConnection: "con",
+	oauthConnectionRequest: "crq",
+	deviceCode: "dvc",
 	attachment: "att",
 	run: "run",
 	request: "req",
@@ -255,31 +260,41 @@ var AlfeApiClient = class {
 		this.getToken = options.getToken;
 		this.onAuthFailure = options.onAuthFailure;
 	}
-	/** Shared fetch logic — handles auth, 401, and network errors. */
-	async _fetch(path, options) {
+	/**
+	* Shared fetch logic — handles auth, 401, and network errors.
+	*
+	* `skipAuth` callers (public endpoints like OAuth device-code) opt out of
+	* the auth-header injection AND the synthetic 401 short-circuit. Without
+	* this opt-out, a CLI calling /auth/device-code (no token yet by design)
+	* would never reach the network — the `getToken: () => null` path would
+	* synthesize a 401 and fire onAuthFailure, breaking the entire flow.
+	*/
+	async _fetch(path, options, skipAuth = false) {
 		try {
-			const token = await this.getToken();
-			if (!token) {
-				this.onAuthFailure?.();
-				return {
-					ok: false,
-					result: {
-						ok: false,
-						error: "No auth token available",
-						status: 401
-					}
-				};
-			}
 			const url = `${this.apiBaseUrl}${path}`;
 			const headers = new Headers(options?.headers);
-			headers.set("Authorization", `Bearer ${token}`);
 			headers.set("Content-Type", "application/json");
 			headers.set("x-correlation-id", correlationId());
+			if (!skipAuth) {
+				const token = await this.getToken();
+				if (!token) {
+					this.onAuthFailure?.();
+					return {
+						ok: false,
+						result: {
+							ok: false,
+							error: "No auth token available",
+							status: 401
+						}
+					};
+				}
+				headers.set("Authorization", `Bearer ${token}`);
+			}
 			const res = await fetch(url, {
 				...options,
 				headers
 			});
-			if (res.status === 401) {
+			if (res.status === 401 && !skipAuth) {
 				this.onAuthFailure?.();
 				return {
 					ok: false,
@@ -327,6 +342,20 @@ var AlfeApiClient = class {
 		};
 	}
 	/**
+	* Make a request to a PUBLIC endpoint that does not require authentication.
+	* Skips both the Authorization header injection AND the onAuthFailure
+	* callback. Use for endpoints like /auth/device-code that the CLI hits
+	* before it has a token.
+	*/
+	async publicRequest(path, options) {
+		const result = await this._fetch(path, options, true);
+		if (!result.ok) return result.result;
+		return {
+			ok: true,
+			data: result.body.data
+		};
+	}
+	/**
 	* Make an authenticated request that returns the body directly (no envelope unwrap).
 	* Use for APIs that don't use the @auriclabs/api-core response format (e.g. gateway).
 	*/
@@ -368,6 +397,55 @@ var AuthService = class {
 	deleteToken(tokenId) {
 		return this.client.request(`${this.prefix}/tokens/${tokenId}`, { method: "DELETE" });
 	}
+	/**
+	* Start a device-code flow. Called by the CLI when the user runs
+	* `alfe login` and picks the browser path. The returned `device_code`
+	* is the CLI's bearer secret for polling /auth/device-token; the
+	* `user_code` is what the user types/sees on the dashboard.
+	*
+	* Uses `publicRequest` because the CLI has no token yet — the standard
+	* `request` path would short-circuit with a synthetic 401.
+	*/
+	startDeviceCode(input) {
+		return this.client.publicRequest(`${this.prefix}/device-code`, {
+			method: "POST",
+			body: JSON.stringify(input)
+		});
+	}
+	/**
+	* Poll for the minted API key. Public endpoint. Returns:
+	*   200 → { api_key, tenantId, tokenExpiresAt } (success — write to config)
+	*   428 → still pending (caller should sleep `interval` and retry)
+	*   429 → polling too fast; caller should back off
+	*   410 → device-code expired; user must run `alfe login` again
+	*   400 → already redeemed (security: do not retry)
+	*
+	* Surface the HTTP-status code via the standard ApiResult error shape
+	* so callers can branch.
+	*/
+	pollDeviceToken(deviceCode) {
+		return this.client.publicRequest(`${this.prefix}/device-token`, {
+			method: "POST",
+			body: JSON.stringify({ device_code: deviceCode })
+		});
+	}
+	/** Dashboard-side. Fetch the device fingerprint for an approval card. */
+	lookupDeviceCode(userCode) {
+		return this.client.request(`${this.prefix}/device-code/lookup`, {
+			method: "POST",
+			body: JSON.stringify({ user_code: userCode })
+		});
+	}
+	/** Dashboard-side. Approve the pending device-code; CLI's next poll gets the key. */
+	approveDeviceCode(input) {
+		return this.client.request(`${this.prefix}/device-code/approve`, {
+			method: "POST",
+			body: JSON.stringify({
+				user_code: input.userCode,
+				expiresIn: input.expiresIn
+			})
+		});
+	}
 	getOnboardingStatus() {
 		return this.client.request(`${this.prefix}/onboarding/status`);
 	}
@@ -421,6 +499,48 @@ var AuthService = class {
 			body: JSON.stringify({ seats })
 		});
 	}
+	listOrgMembers() {
+		return this.client.request(`${this.prefix}/org/members`);
+	}
+	patchOrgMember(userId, body) {
+		return this.client.request(`${this.prefix}/org/members/${encodeURIComponent(userId)}`, {
+			method: "PATCH",
+			body: JSON.stringify(body)
+		});
+	}
+	removeOrgMember(userId) {
+		return this.client.request(`${this.prefix}/org/members/${encodeURIComponent(userId)}`, { method: "DELETE" });
+	}
+	listOrgInvitations() {
+		return this.client.request(`${this.prefix}/org/invitations`);
+	}
+	createOrgInvitation(input) {
+		return this.client.request(`${this.prefix}/org/invitations`, {
+			method: "POST",
+			body: JSON.stringify(input)
+		});
+	}
+	revokeOrgInvitation(invitationId) {
+		return this.client.request(`${this.prefix}/org/invitations/${encodeURIComponent(invitationId)}`, { method: "DELETE" });
+	}
+	listOrgDomains() {
+		return this.client.request(`${this.prefix}/org/domains`);
+	}
+	createOrgDomain(input) {
+		return this.client.request(`${this.prefix}/org/domains`, {
+			method: "POST",
+			body: JSON.stringify(input)
+		});
+	}
+	deleteOrgDomain(domainId) {
+		return this.client.request(`${this.prefix}/org/domains/${encodeURIComponent(domainId)}`, { method: "DELETE" });
+	}
+	updateOrgSettings(input) {
+		return this.client.request(`${this.prefix}/org/settings`, {
+			method: "PATCH",
+			body: JSON.stringify(input)
+		});
+	}
 };
 //#endregion
 //#region ../../packages-internal/api-client/dist/services/integrations.js
@@ -536,12 +656,6 @@ var IntegrationsService = class {
 		const query = email ? `?email=${encodeURIComponent(email)}` : "";
 		return this.client.request(`/google/agents/${encodeURIComponent(agentId)}/account${query}`, { method: "DELETE" });
 	}
-	setDefaultGoogleAccount(agentId, email) {
-		return this.client.request(`/google/agents/${encodeURIComponent(agentId)}/account/default`, {
-			method: "PUT",
-			body: JSON.stringify({ email })
-		});
-	}
 	getAtlassianSites(agentId) {
 		return this.client.request(`/atlassian/agents/${encodeURIComponent(agentId)}/sites`);
 	}
@@ -4236,7 +4350,9 @@ enumValues({
 	Zhipu: "zhipu",
 	OpenRouter: "openrouter",
 	ElevenLabs: "elevenlabs",
-	Twilio: "twilio"
+	Twilio: "twilio",
+	ClaudeMax: "claude-max",
+	OpenAICodexMax: "openai-codex-max"
 });
 enumValues({
 	Month: "month",
@@ -4452,6 +4568,7 @@ const GoogleModel = {
 const GOOGLE_MODELS = enumValues(GoogleModel);
 const MiniMaxModel = {
 	M27: "MiniMax-M2.7",
+	M27HighSpeed: "MiniMax-M2.7-highspeed",
 	M25: "MiniMax-M2.5"
 };
 const MINIMAX_MODELS = enumValues(MiniMaxModel);
@@ -4491,8 +4608,8 @@ _enum(MISTRAL_MODELS);
 _enum(XAI_MODELS);
 _enum(ZHIPU_MODELS);
 string().min(1);
-AnthropicModel.Opus, AnthropicModel.Sonnet, AnthropicModel.Haiku, OpenAIModel.GPT4o, OpenAIModel.GPT4oMini, OpenAIModel.O3, OpenAIModel.GPT41, OpenAIModel.GPT41Mini, OpenAIModel.GPT41Nano, OpenAIModel.GPT54, OpenAIModel.GPT54Mini, OpenAIModel.GPT54Nano, OpenAIModel.GPT54Pro, OpenAIModel.GPT55, OpenAIModel.O3Mini, OpenAIModel.O4Mini, OpenAIModel.TextEmbedding3Small, DeepSeekModel.Chat, DeepSeekModel.Reasoner, DeepSeekModel.V4Flash, DeepSeekModel.V4Pro, GoogleModel.Gemini25Pro, GoogleModel.Gemini25Flash, GoogleModel.Gemini25FlashLite, GoogleModel.Gemini20Flash, MiniMaxModel.M27, MiniMaxModel.M25, MistralModel.Large, MistralModel.Small, MistralModel.Codestral, XAIModel.Grok4, XAIModel.Grok41Fast, ZhipuModel.GLM51, ZhipuModel.GLM51Air;
-AnthropicModel.Opus, AnthropicModel.Sonnet, AnthropicModel.Haiku, OpenAIModel.GPT4o, OpenAIModel.GPT4oMini, OpenAIModel.O3, OpenAIModel.GPT41, OpenAIModel.GPT41Mini, OpenAIModel.GPT41Nano, OpenAIModel.GPT54, OpenAIModel.GPT54Mini, OpenAIModel.GPT54Nano, OpenAIModel.GPT54Pro, OpenAIModel.GPT55, OpenAIModel.O3Mini, OpenAIModel.O4Mini, OpenAIModel.TextEmbedding3Small, DeepSeekModel.Chat, DeepSeekModel.Reasoner, DeepSeekModel.V4Flash, DeepSeekModel.V4Pro, GoogleModel.Gemini25Pro, GoogleModel.Gemini25Flash, GoogleModel.Gemini25FlashLite, GoogleModel.Gemini20Flash, MiniMaxModel.M27, MiniMaxModel.M25, MistralModel.Large, MistralModel.Small, MistralModel.Codestral, XAIModel.Grok4, XAIModel.Grok41Fast, ZhipuModel.GLM51, ZhipuModel.GLM51Air;
+AnthropicModel.Opus, AnthropicModel.Sonnet, AnthropicModel.Haiku, OpenAIModel.GPT4o, OpenAIModel.GPT4oMini, OpenAIModel.O3, OpenAIModel.GPT41, OpenAIModel.GPT41Mini, OpenAIModel.GPT41Nano, OpenAIModel.GPT54, OpenAIModel.GPT54Mini, OpenAIModel.GPT54Nano, OpenAIModel.GPT54Pro, OpenAIModel.GPT55, OpenAIModel.O3Mini, OpenAIModel.O4Mini, OpenAIModel.TextEmbedding3Small, DeepSeekModel.Chat, DeepSeekModel.Reasoner, DeepSeekModel.V4Flash, DeepSeekModel.V4Pro, GoogleModel.Gemini25Pro, GoogleModel.Gemini25Flash, GoogleModel.Gemini25FlashLite, GoogleModel.Gemini20Flash, MiniMaxModel.M27, MiniMaxModel.M27HighSpeed, MiniMaxModel.M25, MistralModel.Large, MistralModel.Small, MistralModel.Codestral, XAIModel.Grok4, XAIModel.Grok41Fast, ZhipuModel.GLM51, ZhipuModel.GLM51Air;
+AnthropicModel.Opus, AnthropicModel.Sonnet, AnthropicModel.Haiku, OpenAIModel.GPT4o, OpenAIModel.GPT4oMini, OpenAIModel.O3, OpenAIModel.GPT41, OpenAIModel.GPT41Mini, OpenAIModel.GPT41Nano, OpenAIModel.GPT54, OpenAIModel.GPT54Mini, OpenAIModel.GPT54Nano, OpenAIModel.GPT54Pro, OpenAIModel.GPT55, OpenAIModel.O3Mini, OpenAIModel.O4Mini, OpenAIModel.TextEmbedding3Small, DeepSeekModel.Chat, DeepSeekModel.Reasoner, DeepSeekModel.V4Flash, DeepSeekModel.V4Pro, GoogleModel.Gemini25Pro, GoogleModel.Gemini25Flash, GoogleModel.Gemini25FlashLite, GoogleModel.Gemini20Flash, MiniMaxModel.M27, MiniMaxModel.M27HighSpeed, MiniMaxModel.M25, MistralModel.Large, MistralModel.Small, MistralModel.Codestral, XAIModel.Grok4, XAIModel.Grok41Fast, ZhipuModel.GLM51, ZhipuModel.GLM51Air;
 enumValues({
 	PendingChallenge: "pending_challenge",
 	Creating: "creating",
@@ -4799,7 +4916,7 @@ async function loadDaemonConfig() {
 		orgId: identity.orgId,
 		runtime: identity.runtime,
 		runtimes,
-		autoStartRuntime: alfeConfig.auto_start_runtime ?? false
+		autoStartRuntime: alfeConfig.auto_start_runtime ?? true
 	};
 }
 /**
@@ -21659,7 +21776,7 @@ var CommandRegistry = class {
 *      the gateway when needed and uses `callerScopes: ["operator.admin"]`.
 *   3. Skip iteration if `pending.json` mtime hasn't changed (cheap fast path)
 */
-const execFileAsync$1 = promisify(execFile);
+const execFileAsync$2 = promisify(execFile);
 const APPROVE_TIMEOUT_MS = 1e4;
 function resolveStateDir(override) {
 	if (override) return override;
@@ -21757,7 +21874,7 @@ function startPairingApprovalPoller(opts) {
 	const stateDir = resolveStateDir(opts.stateDir);
 	const intervalMs = opts.intervalMs ?? 3e4;
 	const exec = opts.exec ?? (async (file, args, { timeout }) => {
-		const { stdout, stderr } = await execFileAsync$1(file, args, { timeout });
+		const { stdout, stderr } = await execFileAsync$2(file, args, { timeout });
 		return {
 			stdout,
 			stderr
@@ -21799,6 +21916,128 @@ function startPairingApprovalPoller(opts) {
 	};
 }
 //#endregion
+//#region src/openclaw-mcp-cleanup.ts
+/**
+* One-shot startup migration that drops stale `mcp.servers.*` entries
+* from openclaw.json on agents set up before the single-source-of-truth
+* refactor. Pre-cutover agents had two writers:
+*
+*   - The old `post_activate.mjs` hook wrote `mcp.servers.<integrationId>`
+*     directly (legacy style — e.g. QA Tester's `mcp.servers.atlassian`).
+*   - The bundler manager mirror-wrote `mcp.servers.<integrationId>-<serverId>`
+*     for entries it owned (newer style).
+*
+* Post-cutover the alfe store owns everything and the openclaw.json
+* mirror is gone. If the legacy entries linger they cause:
+*   1. claude-cli / codex-cli to native-spawn from openclaw.json AND the
+*      daemon's bundler to spawn from the store → two mcp-atlassian
+*      children, the second one likely missing credentials.
+*   2. The openclaw-mcp-bundler plugin's `hasNativeOpenclawMcpServers`
+*      check returns true (mcp.servers non-empty) → plugin no-ops on
+*      every backend → MiniMax-backed agents lose tools entirely.
+*
+* Strategy: on first daemon start after the upgrade, drop every key in
+* openclaw.json#mcp.servers that the alfe store ALSO holds (direct id
+* match) OR that maps to an alfe-store entry by integration owner
+* (catches the legacy `mcp.servers.<integrationId>` shape where the
+* new store uses `<integrationId>-<serverId>`). User-added private MCPs
+* (e.g. `mcp.servers.my-private-thing` with no matching alfe entry) are
+* preserved.
+*
+* Sentinel-gated at `~/.alfe/.openclaw-mirror-migrated` — runs exactly
+* once per agent.
+*/
+const execFileAsync$1 = promisify(execFile);
+const DEFAULT_SENTINEL_PATH = join(homedir(), ".alfe", ".openclaw-mirror-migrated");
+const defaultOpenclaw = {
+	async listServers() {
+		try {
+			const { stdout } = await execFileAsync$1("openclaw", [
+				"config",
+				"get",
+				"mcp.servers"
+			], { timeout: 1e4 });
+			const trimmed = stdout.trim();
+			if (!trimmed) return [];
+			const parsed = JSON.parse(trimmed);
+			if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) return [];
+			return Object.keys(parsed);
+		} catch (err) {
+			const message = err instanceof Error ? err.message : String(err);
+			if (/not\s+set|not\s+found|undefined|no such key/i.test(message)) return [];
+			throw err;
+		}
+	},
+	async unsetServer(key) {
+		await execFileAsync$1("openclaw", [
+			"config",
+			"unset",
+			`mcp.servers.${key}`
+		], { timeout: 1e4 });
+	}
+};
+/**
+* Run the cleanup. Idempotent — second call after the sentinel lands
+* returns immediately. Errors are caught and logged; the daemon must
+* not abort startup over a best-effort migration.
+*/
+async function runOpenclawMcpCleanup(opts) {
+	const sentinelPath = opts.sentinelPath ?? DEFAULT_SENTINEL_PATH;
+	const openclaw = opts.openclaw ?? defaultOpenclaw;
+	if (existsSync(sentinelPath)) {
+		opts.logger.debug({ sentinel: sentinelPath }, "openclaw.json mcp.servers cleanup already ran — skipping");
+		return;
+	}
+	let cleanupErr;
+	try {
+		const existing = await openclaw.listServers();
+		if (existing.length === 0) {
+			opts.logger.debug({}, "openclaw.json#mcp.servers is empty — nothing to clean up");
+			writeSentinel(sentinelPath);
+			return;
+		}
+		const stored = opts.manager.listServers();
+		const storeIds = new Set(stored.map((s) => s.id));
+		const integrationOwners = /* @__PURE__ */ new Set();
+		for (const s of stored) if (s.entry.owner.startsWith("integration:")) integrationOwners.add(s.entry.owner.slice(12));
+		const toUnset = [];
+		for (const key of existing) {
+			if (storeIds.has(key)) {
+				toUnset.push(key);
+				continue;
+			}
+			if (integrationOwners.has(key)) toUnset.push(key);
+		}
+		if (toUnset.length === 0) {
+			opts.logger.info({ existingKeys: existing }, "openclaw.json#mcp.servers has entries but none match alfe-managed integrations — preserving as user customizations");
+			writeSentinel(sentinelPath);
+			return;
+		}
+		for (const key of toUnset) try {
+			await openclaw.unsetServer(key);
+			opts.logger.info({ key }, "Cleaned up stale openclaw.json#mcp.servers entry");
+		} catch (err) {
+			opts.logger.warn({
+				key,
+				err: err instanceof Error ? err.message : String(err)
+			}, "Failed to unset stale mcp.servers entry — continuing");
+		}
+	} catch (err) {
+		cleanupErr = err;
+		opts.logger.warn({ err: err instanceof Error ? err.message : String(err) }, "openclaw.json#mcp.servers cleanup hit an error — leaving sentinel un-touched so next start retries");
+	}
+	if (cleanupErr === void 0) writeSentinel(sentinelPath);
+}
+function writeSentinel(path) {
+	try {
+		mkdirSync(dirname(path), { recursive: true });
+		writeFileSync(path, `${(/* @__PURE__ */ new Date()).toISOString()}\n`, {
+			encoding: "utf8",
+			mode: 384
+		});
+	} catch {}
+}
+//#endregion
 //#region src/daemon.ts
 /**
 * Alfe Gateway Daemon — main entry point.
@@ -21821,6 +22060,8 @@ let ipcServer = null;
 let commandQueue;
 let startedAt;
 let integrationManager;
+let mcpBundler = null;
+let mcpManagerRef = null;
 let aiProxyServer = null;
 let runtimeProcess = null;
 let aiProxyUrl = null;
@@ -21841,6 +22082,30 @@ let stopPairingApprovalPoller = null;
 *      (works when systemd runs the gateway binary directly, since
 *      the path is .../cli/node_modules/@alfe.ai/gateway/dist/...)
 */
+/**
+* Adapter from `AgentApiClient`'s per-provider methods to the
+* `CredentialsResolver` shape the MCP applier expects. Returns
+* `undefined` for unknown providers and on 404/network error so the
+* applier can skip registration silently (its documented contract).
+*/
+async function fetchProviderCredentials(agentApi, provider) {
+	const key = provider.toLowerCase();
+	try {
+		switch (key) {
+			case "atlassian": return await agentApi.getAtlassianCredentials();
+			case "github": return await agentApi.getGithubCredentials();
+			case "xero": return await agentApi.getXeroCredentials();
+			case "notion": return await agentApi.getNotionCredentials();
+			case "myob": return await agentApi.getMYOBCredentials();
+			case "google": return await agentApi.getGoogleCredentials();
+			default:
+				logger$1.warn({ provider }, "Unknown OAuth provider for requires_credentials — MCP server will be skipped");
+				return;
+		}
+	} catch {
+		return;
+	}
+}
 async function getCliVersion() {
 	if (process.env.ALFE_CLI_VERSION) return process.env.ALFE_CLI_VERSION;
 	try {
@@ -22056,8 +22321,44 @@ async function startDaemon() {
 		apiBaseUrl: config.apiEndpoint,
 		getToken: () => Promise.resolve(config.apiKey)
 	}));
+	const agentApi = new AgentApiClient({
+		apiKey: config.apiKey,
+		apiUrl: config.apiEndpoint
+	});
+	const mcpManager = new Manager({ logger: logger$1 });
+	mcpManagerRef = mcpManager;
+	mcpBundler = new McpBundler({
+		logger: logger$1,
+		idleTtlMs: 0
+	}, { connect: defaultConnect });
+	await mcpManager.loadIntoBundler(mcpBundler);
+	const warmBundler = (reason) => {
+		if (!mcpBundler) return;
+		mcpBundler.warmup().catch((err) => {
+			logger$1.warn({
+				err: err instanceof Error ? err.message : String(err),
+				reason
+			}, "MCP bundler warmup failed");
+		});
+	};
+	warmBundler("startup");
+	mcpManager.onChange(() => {
+		warmBundler("store change");
+	});
+	logger$1.info("MCP bundler attached to manager — warming children");
+	await runOpenclawMcpCleanup({
+		manager: mcpManager,
+		logger: logger$1
+	}).catch((err) => {
+		logger$1.warn({ err: err instanceof Error ? err.message : String(err) }, "openclaw.json mcp.servers cleanup threw — startup continues");
+	});
 	integrationManager = new IntegrationManager({
 		runtimeAppliers,
+		mcpApplier: new McpApplier({
+			manager: mcpManager,
+			credentials: { getCredentials: (provider) => fetchProviderCredentials(agentApi, provider) },
+			platform: { apiUrl: config.apiEndpoint }
+		}),
 		registryFetcher: async () => {
 			const result = await integrationsService.getRegistry();
 			if (!result.ok) throw new Error(result.error);
@@ -22091,6 +22392,7 @@ async function startDaemon() {
 	});
 	cloudClient.start();
 	logger$1.debug("Cloud client started");
+	if (!config.autoStartRuntime && config.runtime) logger$1.warn({ runtime: config.runtime }, "Runtime configured but auto_start_runtime=false — runtime will not be spawned; in-runtime plugins (chat/console/sync) will be offline until you start it manually");
 	if (config.autoStartRuntime && config.runtime) {
 		logger$1.debug({ runtime: config.runtime }, "Starting agent runtime...");
 		const runtimeCfg = config.runtimes[config.runtime];
@@ -22127,6 +22429,16 @@ async function startDaemon() {
 			await runtimeProcess.stop();
 			logger$1.debug("Runtime process stopped");
 		}
+		if (mcpBundler) {
+			logger$1.debug("Stopping MCP bundler...");
+			await mcpBundler.dispose();
+			mcpBundler = null;
+			logger$1.debug("MCP bundler stopped");
+		}
+		logger$1.debug("Stopping MCP bundler manager...");
+		await mcpManager.dispose();
+		mcpManagerRef = null;
+		logger$1.debug("MCP bundler manager stopped");
 		if (ipcServer) {
 			logger$1.debug("Stopping IPC server...");
 			await ipcServer.stop();
@@ -22444,6 +22756,11 @@ function handlePluginRequest(method, params, pluginId) {
 		case "status": return Promise.resolve(handleStatus());
 		case "integration.list": return Promise.resolve(handleIntegrationList());
 		case "integration.report": return Promise.resolve(handleIntegrationReport(params, pluginId));
+		case "mcp.list_tools": return Promise.resolve(handleMcpListTools(mcpBundler));
+		case "mcp.call_tool": return handleMcpCallTool(mcpBundler, params);
+		case "mcp.list_servers": return Promise.resolve(handleMcpListServers());
+		case "mcp.add_server": return handleMcpAddServer(params);
+		case "mcp.remove_server": return handleMcpRemoveServer(params);
 		default: return Promise.resolve({
 			ok: false,
 			error: {
@@ -22486,6 +22803,214 @@ function handleIntegrationList() {
 		payload: { integrations: integrationManager.list() }
 	};
 }
+/**
+* Return the daemon-hosted MCP bundler's current namespaced tool catalog.
+* Called by the openclaw-mcp-bundler plugin on every tool-factory invocation;
+* cheap (in-memory snapshot, no I/O).
+*/
+function handleMcpListTools(bundler) {
+	if (!bundler) return {
+		ok: false,
+		error: {
+			code: "MCP_BUNDLER_UNAVAILABLE",
+			message: "MCP bundler not initialized"
+		}
+	};
+	return {
+		ok: true,
+		payload: { tools: bundler.listTools() }
+	};
+}
+/**
+* Route a tool call to the appropriate MCP child via the daemon-hosted
+* bundler. `name` is the prefixed (`mcp__<server>__<tool>`) name; args is
+* the raw JSON object the LLM produced.
+*/
+/**
+* List every server entry in the alfe bundler store. Lets agents inspect
+* what they've already registered before adding a new one.
+*/
+function handleMcpListServers(manager = mcpManagerRef) {
+	if (!manager) return {
+		ok: false,
+		error: {
+			code: "MCP_MANAGER_UNAVAILABLE",
+			message: "MCP manager not initialized"
+		}
+	};
+	return {
+		ok: true,
+		payload: { servers: manager.listServers() }
+	};
+}
+/**
+* Register a new MCP server in the alfe bundler store on behalf of the
+* agent. Owned as `'manual'` so the agent can later remove it without
+* an expectedOwner conflict — matches what `alfe mcp add` does from the
+* CLI. The daemon's bundler will pick the change up via the manager's
+* store watcher and spawn the child on the next tool-factory call.
+*/
+async function handleMcpAddServer(params, manager = mcpManagerRef) {
+	if (!manager) return {
+		ok: false,
+		error: {
+			code: "MCP_MANAGER_UNAVAILABLE",
+			message: "MCP manager not initialized"
+		}
+	};
+	const p = params;
+	if (typeof p.id !== "string" || p.id.length === 0) return {
+		ok: false,
+		error: {
+			code: "INVALID_PARAMS",
+			message: "id is required (string)"
+		}
+	};
+	const config = buildServerConfig(p);
+	if (!config) return {
+		ok: false,
+		error: {
+			code: "INVALID_PARAMS",
+			message: "expected either { command, args?, env?, cwd? } for stdio or { url, transport, headers? } for remote"
+		}
+	};
+	try {
+		await manager.addServer(config, {
+			id: p.id,
+			owner: "manual"
+		});
+		return {
+			ok: true,
+			payload: { id: p.id }
+		};
+	} catch (err) {
+		const message = err instanceof Error ? err.message : String(err);
+		logger$1.warn({
+			id: p.id,
+			err: message
+		}, "mcp.add_server failed");
+		return {
+			ok: false,
+			error: {
+				code: "MCP_ADD_FAILED",
+				message
+			}
+		};
+	}
+}
+function buildServerConfig(p) {
+	if (typeof p.command === "string" && p.command.length > 0) {
+		const cfg = { command: p.command };
+		if (Array.isArray(p.args) && p.args.every((a) => typeof a === "string")) cfg.args = p.args;
+		if (p.env && typeof p.env === "object" && !Array.isArray(p.env)) {
+			const env = {};
+			for (const [k, v] of Object.entries(p.env)) if (typeof v === "string") env[k] = v;
+			cfg.env = env;
+		}
+		if (typeof p.cwd === "string") cfg.cwd = p.cwd;
+		return cfg;
+	}
+	if (typeof p.url === "string" && p.url.length > 0) {
+		const transport = p.transport === "streamable-http" ? "streamable-http" : "sse";
+		const cfg = {
+			url: p.url,
+			transport
+		};
+		if (p.headers && typeof p.headers === "object" && !Array.isArray(p.headers)) {
+			const headers = {};
+			for (const [k, v] of Object.entries(p.headers)) if (typeof v === "string") headers[k] = v;
+			cfg.headers = headers;
+		}
+		return cfg;
+	}
+	return null;
+}
+/**
+* Drop a server entry the agent previously registered. Restricted to
+* `manual`-owned entries so the agent can't accidentally clobber
+* integration-installed or CLI-installed servers (the daemon owns
+* those; the agent can ask the user to uninstall an integration via
+* the dashboard).
+*/
+async function handleMcpRemoveServer(params, manager = mcpManagerRef) {
+	if (!manager) return {
+		ok: false,
+		error: {
+			code: "MCP_MANAGER_UNAVAILABLE",
+			message: "MCP manager not initialized"
+		}
+	};
+	const { id } = params;
+	if (typeof id !== "string" || id.length === 0) return {
+		ok: false,
+		error: {
+			code: "INVALID_PARAMS",
+			message: "id is required (string)"
+		}
+	};
+	try {
+		return {
+			ok: true,
+			payload: { removed: await manager.removeServer(id, { expectedOwner: "manual" }) }
+		};
+	} catch (err) {
+		const message = err instanceof Error ? err.message : String(err);
+		if (message.includes("owned by")) return {
+			ok: false,
+			error: {
+				code: "MCP_OWNER_MISMATCH",
+				message
+			}
+		};
+		logger$1.warn({
+			id,
+			err: message
+		}, "mcp.remove_server failed");
+		return {
+			ok: false,
+			error: {
+				code: "MCP_REMOVE_FAILED",
+				message
+			}
+		};
+	}
+}
+async function handleMcpCallTool(bundler, params) {
+	if (!bundler) return {
+		ok: false,
+		error: {
+			code: "MCP_BUNDLER_UNAVAILABLE",
+			message: "MCP bundler not initialized"
+		}
+	};
+	const { name, args } = params;
+	if (typeof name !== "string" || name.length === 0) return {
+		ok: false,
+		error: {
+			code: "INVALID_PARAMS",
+			message: "name is required (string)"
+		}
+	};
+	try {
+		return {
+			ok: true,
+			payload: await bundler.callTool(name, args)
+		};
+	} catch (err) {
+		const message = err instanceof Error ? err.message : String(err);
+		logger$1.warn({
+			tool: name,
+			err: message
+		}, "mcp.call_tool failed");
+		return {
+			ok: false,
+			error: {
+				code: "MCP_CALL_FAILED",
+				message
+			}
+		};
+	}
+}
 function handleIntegrationReport(params, pluginId) {
 	const { name, status, detail } = params;
 	if (!name || !status) return {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@alfe.ai/gateway",
-  "version": "0.0.49",
+  "version": "0.1.1",
   "description": "Alfe local gateway daemon — persistent control plane for agent integrations",
   "type": "module",
   "bin": {
@@ -22,10 +22,12 @@
     "pino-roll": "^1.2.0",
     "smol-toml": ">=1.6.1",
     "ws": "^8.18.0",
-    "@alfe.ai/ai-proxy-local": "^0.0.9",
-    "@alfe.ai/config": "^0.0.8",
-    "@alfe.ai/integration-manifest": "^0.0.11",
-    "@alfe.ai/integrations": "^0.0.33"
+    "@alfe.ai/agent-api-client": "^0.1.4",
+    "@alfe.ai/ai-proxy-local": "^0.0.10",
+    "@alfe.ai/config": "^0.0.9",
+    "@alfe.ai/integration-manifest": "^0.1.0",
+    "@alfe.ai/integrations": "^0.1.1",
+    "@alfe.ai/mcp-bundler": "^0.1.1"
   },
   "license": "UNLICENSED",
   "scripts": {