@defai.digital/automatosx 12.3.0 → 12.3.1

package/README.md

@@ -12,7 +12,7 @@
 [![Ubuntu](https://img.shields.io/badge/Ubuntu-24.04-blue.svg)](https://ubuntu.com)
 [![License](https://img.shields.io/badge/license-Apache--2.0-yellow.svg)](LICENSE)
 
-**Status**: ✅ **Production Ready** | v12.3.0 | MCP Configuration Fix for ax-glm & ax-grok
+**Status**: ✅ **Production Ready** | v12.3.1 | MCP Resource Templates & Enhanced Server
 
 > 🎯 **What AutomatosX Does**: Adds 20+ specialized agents, persistent memory, workflow automation, and 80% cost savings to Claude Code/Codex - **without changing how you work**.
 

package/dist/index.js

@@ -6069,7 +6069,7 @@ var PRECOMPILED_CONFIG = {
     "enableFreeTierPrioritization": true,
     "enableWorkloadAwareRouting": true
   },
-  "version": "12.3.0"
+  "version": "12.3.1"
 };
 
 // src/core/config/schemas.ts
@@ -13264,7 +13264,8 @@ init_esm_shims();
 
 // src/mcp/types.ts
 init_esm_shims();
-var MCP_PROTOCOL_VERSION = "2024-11-05";
+var MCP_PROTOCOL_VERSION = "2024-12-05";
+var MCP_SUPPORTED_VERSIONS = ["2024-12-05", "2024-11-05"];
 
 // src/mcp/server.ts
 init_logger();
@@ -15063,6 +15064,13 @@ var Router = class {
       }
     }
   }
+  /**
+   * Get the number of configured providers.
+   * @returns Number of providers registered with this router
+   */
+  get providerCount() {
+    return this.providers.length;
+  }
   /**
    * Warm up provider availability caches immediately.
    * Phase 3 (v5.6.3): Eliminates cold-start latency on first request.
@@ -26250,7 +26258,11 @@ var McpClient = class _McpClient extends EventEmitter {
     const params = {
       protocolVersion: MCP_PROTOCOL_VERSION,
       capabilities: {
-        tools: {}
+        tools: {},
+        resources: {},
+        prompts: {},
+        resourceTemplates: {},
+        experimental: {}
       },
       clientInfo: {
         name: "automatosx",
@@ -28056,6 +28068,93 @@ var CodexEventNormalizer = class extends BaseEventNormalizer {
   }
 };
 
+// src/mcp/resource-templates.ts
+init_esm_shims();
+var AGENT_TEMPLATE_NAME = "agent_profile";
+var AGENT_URI_TEMPLATE = "agent/{agent}";
+var WORKSPACE_PRD_TEMPLATE_NAME = "workspace_prd_file";
+var WORKSPACE_PRD_URI_TEMPLATE = "workspace/prd/{path}";
+var WORKSPACE_TMP_TEMPLATE_NAME = "workspace_tmp_file";
+var WORKSPACE_TMP_URI_TEMPLATE = "workspace/tmp/{path}";
+var RESOURCE_TEMPLATES = [
+  {
+    name: AGENT_TEMPLATE_NAME,
+    uriTemplate: AGENT_URI_TEMPLATE,
+    description: "Render an AutomatosX agent profile by name",
+    mimeType: "text/markdown",
+    variableDefinitions: [
+      { name: "agent", description: "Agent name", required: true }
+    ]
+  },
+  {
+    name: WORKSPACE_PRD_TEMPLATE_NAME,
+    uriTemplate: WORKSPACE_PRD_URI_TEMPLATE,
+    description: "Read a PRD workspace file (automatosx/PRD)",
+    mimeType: "text/markdown",
+    variableDefinitions: [
+      { name: "path", description: "Relative path under automatosx/PRD", required: true }
+    ]
+  },
+  {
+    name: WORKSPACE_TMP_TEMPLATE_NAME,
+    uriTemplate: WORKSPACE_TMP_URI_TEMPLATE,
+    description: "Read a temporary workspace file (automatosx/tmp)",
+    mimeType: "text/markdown",
+    variableDefinitions: [
+      { name: "path", description: "Relative path under automatosx/tmp", required: true }
+    ]
+  }
+];
+function listResourceTemplates() {
+  return RESOURCE_TEMPLATES;
+}
+async function resolveResourceTemplate(uri, variables, profileLoader, workspaceManager) {
+  if (uri === AGENT_URI_TEMPLATE) {
+    const agent = variables?.agent;
+    if (!agent) {
+      throw new Error("Missing required variable: agent");
+    }
+    const profile = await profileLoader.loadProfile(agent);
+    const summary = [
+      `# ${agent}`,
+      profile.role ? `**Role:** ${profile.role}` : "",
+      profile.abilities?.length ? `**Abilities:** ${profile.abilities.join(", ")}` : "",
+      "",
+      profile.systemPrompt || "No system prompt defined."
+    ].filter(Boolean).join("\n");
+    return {
+      uri: `agent/${agent}`,
+      name: `Agent: ${agent}`,
+      description: `AutomatosX agent profile for ${agent}`,
+      mimeType: "text/markdown",
+      contents: [
+        { type: "text", text: summary },
+        { type: "application/json", json: profile }
+      ]
+    };
+  }
+  if (uri === WORKSPACE_PRD_URI_TEMPLATE || uri === WORKSPACE_TMP_URI_TEMPLATE) {
+    const path7 = variables?.path;
+    if (!path7) {
+      throw new Error("Missing required variable: path");
+    }
+    const isPrd = uri === WORKSPACE_PRD_URI_TEMPLATE;
+    const readFn = isPrd ? workspaceManager.readPRD.bind(workspaceManager) : workspaceManager.readTmp.bind(workspaceManager);
+    const content = await readFn(path7);
+    return {
+      uri: `${isPrd ? "prd" : "tmp"}/${path7}`,
+      name: `${isPrd ? "PRD" : "Tmp"}: ${path7}`,
+      description: `Workspace ${isPrd ? "PRD" : "tmp"} file`,
+      mimeType: "text/markdown",
+      contents: [
+        { type: "text", text: content },
+        { type: "application/json", json: { path: path7, content, workspace: isPrd ? "PRD" : "tmp" } }
+      ]
+    };
+  }
+  throw new Error(`Unknown resource template: ${uri}`);
+}
+
 // src/mcp/server.ts
 var CLIENT_PATTERNS = [
   [["claude"], "claude"],
@@ -28091,6 +28190,8 @@ var McpServer = class _McpServer {
   // Track client-initiated cancellations
   requestControllers = /* @__PURE__ */ new Map();
   // Abort long-running handlers
+  toolAllowlist;
+  authToken;
   // v10.5.0: MCP Session for Smart Routing
   session = null;
   // v10.6.0: MCP Client Pool for cross-provider execution
@@ -28099,6 +28200,7 @@ var McpServer = class _McpServer {
   eventBridge = null;
   streamingNotifier = null;
   enableStreamingNotifications = true;
+  negotiatedProtocolVersion = MCP_PROTOCOL_VERSION;
   // Shared services (initialized once per server)
   router;
   memoryManager;
@@ -28112,6 +28214,12 @@ var McpServer = class _McpServer {
     if (options.debug) {
       setLogLevel("debug");
     }
+    if (options.toolAllowlist?.length) {
+      this.toolAllowlist = new Set(options.toolAllowlist);
+    }
+    if (options.authToken) {
+      this.authToken = options.authToken;
+    }
     this.enableStreamingNotifications = options.enableStreamingNotifications ?? true;
     this.version = getVersion();
     this.ajv = new Ajv({ allErrors: true });
@@ -28121,6 +28229,24 @@ var McpServer = class _McpServer {
       streamingNotifications: this.enableStreamingNotifications
     });
   }
+  /** Determine if negotiated protocol is v2 */
+  isV2Protocol() {
+    return this.negotiatedProtocolVersion === MCP_SUPPORTED_VERSIONS[0];
+  }
+  /** Build capability set based on negotiated protocol */
+  buildCapabilities() {
+    const base = { tools: {} };
+    if (this.isV2Protocol()) {
+      return {
+        ...base,
+        resources: {},
+        prompts: {},
+        resourceTemplates: {},
+        experimental: {}
+      };
+    }
+    return base;
+  }
   /**
    * Get static tool schemas (no initialization required)
    * Returns tool schemas that can be provided during MCP handshake
@@ -28500,6 +28626,14 @@ Use this tool first to understand what AutomatosX offers.`,
           return await this.handleResourcesList(request, responseId);
         case "resources/read":
           return await this.handleResourceRead(request, responseId);
+        case "resources/templates/list":
+          return await this.handleResourceTemplatesList(request, responseId);
+        case "resources/templates/read":
+          return await this.handleResourceTemplateRead(request, responseId);
+        case "prompts/list":
+          return await this.handlePromptsList(request, responseId);
+        case "prompts/get":
+          return await this.handlePromptGet(request, responseId);
         case "$/cancelRequest":
           return this.handleCancelRequest(request, responseId);
         default:
@@ -28538,9 +28672,12 @@ Use this tool first to understand what AutomatosX offers.`,
       clientName: clientInfo.name,
       normalizedProvider: this.session.normalizedProvider
     });
+    const requestedProtocol = request.params?.protocolVersion;
+    const negotiated = MCP_SUPPORTED_VERSIONS.find((version) => version === requestedProtocol) ?? MCP_SUPPORTED_VERSIONS[0];
+    this.negotiatedProtocolVersion = negotiated;
     const response = {
-      protocolVersion: MCP_PROTOCOL_VERSION,
-      capabilities: { tools: {} },
+      protocolVersion: negotiated,
+      capabilities: this.buildCapabilities(),
       serverInfo: { name: "automatosx", version: this.version }
     };
     logger.info("[MCP Server] Initialize handshake complete (< 1ms)");
@@ -28554,7 +28691,11 @@ Use this tool first to understand what AutomatosX offers.`,
    */
   handleToolsList(_request, id) {
     logger.debug("[MCP Server] Tools list requested (static schemas)");
-    const tools = _McpServer.getStaticToolSchemas();
+    const tools = _McpServer.getStaticToolSchemas().map((schema) => ({
+      ...schema,
+      // If allowlist is set, hide tools not allowed
+      ...this.toolAllowlist && !this.toolAllowlist.has(schema.name) ? { hidden: true } : {}
+    }));
     return { jsonrpc: "2.0", id, result: { tools } };
   }
   /**
@@ -28571,6 +28712,81 @@ Use this tool first to understand what AutomatosX offers.`,
     }));
     return { jsonrpc: "2.0", id, result: { resources } };
   }
+  /**
+   * Handle resources/templates/list request (v2 capability)
+   */
+  async handleResourceTemplatesList(_request, id) {
+    if (!this.isV2Protocol()) {
+      return this.createErrorResponse(id, -32601 /* MethodNotFound */, "resources/templates/list is only available in MCP v2");
+    }
+    await this.ensureInitialized();
+    const resourceTemplates = listResourceTemplates();
+    return { jsonrpc: "2.0", id, result: { resourceTemplates } };
+  }
+  /**
+   * Handle prompts/list request (expose common starter prompts)
+   */
+  async handlePromptsList(_request, id) {
+    await this.ensureInitialized();
+    const prompts = [
+      {
+        name: "agent_context",
+        description: "Get agent context and system prompt for a given agent name",
+        arguments: [{ name: "agent", required: true, description: "Agent name" }]
+      },
+      {
+        name: "status",
+        description: "Get AutomatosX MCP status summary"
+      }
+    ];
+    return { jsonrpc: "2.0", id, result: { prompts } };
+  }
+  /**
+   * Handle prompts/get request
+   */
+  async handlePromptGet(request, id) {
+    await this.ensureInitialized();
+    const name = request.params?.name;
+    if (!name) {
+      return this.createErrorResponse(id, -32602 /* InvalidParams */, "Prompt name is required");
+    }
+    switch (name) {
+      case "agent_context": {
+        const agent = request.params?.arguments?.agent;
+        if (!agent) {
+          return this.createErrorResponse(id, -32602 /* InvalidParams */, "agent argument is required");
+        }
+        try {
+          const profile = await this.profileLoader.loadProfile(agent);
+          const content = [
+            { type: "text", text: `System prompt for ${agent}:
+${profile.systemPrompt || "No system prompt defined."}` },
+            { type: "application/json", json: profile }
+          ];
+          return { jsonrpc: "2.0", id, result: { prompt: { name, description: "Agent context", arguments: [{ name: "agent", required: true }] }, content } };
+        } catch (error) {
+          return this.createErrorResponse(id, -32603 /* InternalError */, `Failed to load agent: ${error.message}`);
+        }
+      }
+      case "status": {
+        const summary = {
+          version: this.version,
+          providerCount: this.router?.providerCount ?? 0,
+          streamingNotifications: this.enableStreamingNotifications
+        };
+        const content = [
+          { type: "text", text: `AutomatosX MCP status:
+Version: ${summary.version}
+Providers: ${summary.providerCount}
+Streaming: ${summary.streamingNotifications}` },
+          { type: "application/json", json: summary }
+        ];
+        return { jsonrpc: "2.0", id, result: { prompt: { name, description: "AutomatosX status" }, content } };
+      }
+      default:
+        return this.createErrorResponse(id, -32601 /* MethodNotFound */, `Prompt not found: ${name}`);
+    }
+  }
   /**
    * Handle resources/read request
    */
@@ -28599,6 +28815,30 @@ Use this tool first to understand what AutomatosX offers.`,
       return this.createErrorResponse(id, -32603 /* InternalError */, `Failed to read resource: ${error.message}`);
     }
   }
+  /**
+   * Handle resources/templates/read request (v2 capability)
+   */
+  async handleResourceTemplateRead(request, id) {
+    if (!this.isV2Protocol()) {
+      return this.createErrorResponse(id, -32601 /* MethodNotFound */, "resources/templates/read is only available in MCP v2");
+    }
+    await this.ensureInitialized();
+    const uri = request.params?.uri;
+    try {
+      if (!uri) {
+        return this.createErrorResponse(id, -32602 /* InvalidParams */, "Missing resource template URI");
+      }
+      const resolved = await resolveResourceTemplate(
+        uri,
+        request.params?.variables,
+        this.profileLoader,
+        this.workspaceManager
+      );
+      return { jsonrpc: "2.0", id, result: resolved };
+    } catch (error) {
+      return this.createErrorResponse(id, -32603 /* InternalError */, `Failed to read resource template: ${error.message}`);
+    }
+  }
   /**
    * Validate tool input against its JSON schema.
    * Returns null if valid, or error message string if invalid.
@@ -28673,6 +28913,16 @@ Use this tool first to understand what AutomatosX offers.`,
     const { name, arguments: args } = request.params;
     logger.info("[MCP Server] Tool call", { tool: name });
     const requestId = id ?? null;
+    if (this.toolAllowlist && !this.toolAllowlist.has(name)) {
+      return this.createErrorResponse(id, -32600 /* InvalidRequest */, `Tool not allowed: ${name}`);
+    }
+    const schema = this.toolSchemas.find((t) => t.name === name);
+    if (schema?.requiresAuth && this.authToken) {
+      const provided = args?.auth_token;
+      if (provided !== this.authToken) {
+        return this.createErrorResponse(id, -32600 /* InvalidRequest */, "Unauthorized: invalid auth token");
+      }
+    }
     const abortController = requestId !== null ? new AbortController() : null;
     if (requestId !== null && abortController) {
       this.requestControllers.set(requestId, abortController);

package/dist/mcp/index.js

@@ -4182,7 +4182,8 @@ function getVersion() {
 
 // src/mcp/types.ts
 init_esm_shims();
-var MCP_PROTOCOL_VERSION = "2024-11-05";
+var MCP_PROTOCOL_VERSION = "2024-12-05";
+var MCP_SUPPORTED_VERSIONS = ["2024-12-05", "2024-11-05"];
 
 // src/mcp/server.ts
 init_logger();
@@ -5363,7 +5364,7 @@ var PRECOMPILED_CONFIG = {
     "enableFreeTierPrioritization": true,
     "enableWorkloadAwareRouting": true
   },
-  "version": "12.3.0"
+  "version": "12.3.1"
 };
 
 // src/core/config/schemas.ts
@@ -8352,6 +8353,13 @@ var Router = class {
       }
     }
   }
+  /**
+   * Get the number of configured providers.
+   * @returns Number of providers registered with this router
+   */
+  get providerCount() {
+    return this.providers.length;
+  }
   /**
    * Warm up provider availability caches immediately.
    * Phase 3 (v5.6.3): Eliminates cold-start latency on first request.
@@ -20627,7 +20635,11 @@ var McpClient = class _McpClient extends EventEmitter {
     const params = {
       protocolVersion: MCP_PROTOCOL_VERSION,
       capabilities: {
-        tools: {}
+        tools: {},
+        resources: {},
+        prompts: {},
+        resourceTemplates: {},
+        experimental: {}
       },
       clientInfo: {
         name: "automatosx",
@@ -22433,6 +22445,93 @@ var CodexEventNormalizer = class extends BaseEventNormalizer {
   }
 };
 
+// src/mcp/resource-templates.ts
+init_esm_shims();
+var AGENT_TEMPLATE_NAME = "agent_profile";
+var AGENT_URI_TEMPLATE = "agent/{agent}";
+var WORKSPACE_PRD_TEMPLATE_NAME = "workspace_prd_file";
+var WORKSPACE_PRD_URI_TEMPLATE = "workspace/prd/{path}";
+var WORKSPACE_TMP_TEMPLATE_NAME = "workspace_tmp_file";
+var WORKSPACE_TMP_URI_TEMPLATE = "workspace/tmp/{path}";
+var RESOURCE_TEMPLATES = [
+  {
+    name: AGENT_TEMPLATE_NAME,
+    uriTemplate: AGENT_URI_TEMPLATE,
+    description: "Render an AutomatosX agent profile by name",
+    mimeType: "text/markdown",
+    variableDefinitions: [
+      { name: "agent", description: "Agent name", required: true }
+    ]
+  },
+  {
+    name: WORKSPACE_PRD_TEMPLATE_NAME,
+    uriTemplate: WORKSPACE_PRD_URI_TEMPLATE,
+    description: "Read a PRD workspace file (automatosx/PRD)",
+    mimeType: "text/markdown",
+    variableDefinitions: [
+      { name: "path", description: "Relative path under automatosx/PRD", required: true }
+    ]
+  },
+  {
+    name: WORKSPACE_TMP_TEMPLATE_NAME,
+    uriTemplate: WORKSPACE_TMP_URI_TEMPLATE,
+    description: "Read a temporary workspace file (automatosx/tmp)",
+    mimeType: "text/markdown",
+    variableDefinitions: [
+      { name: "path", description: "Relative path under automatosx/tmp", required: true }
+    ]
+  }
+];
+function listResourceTemplates() {
+  return RESOURCE_TEMPLATES;
+}
+async function resolveResourceTemplate(uri, variables, profileLoader, workspaceManager) {
+  if (uri === AGENT_URI_TEMPLATE) {
+    const agent = variables?.agent;
+    if (!agent) {
+      throw new Error("Missing required variable: agent");
+    }
+    const profile = await profileLoader.loadProfile(agent);
+    const summary = [
+      `# ${agent}`,
+      profile.role ? `**Role:** ${profile.role}` : "",
+      profile.abilities?.length ? `**Abilities:** ${profile.abilities.join(", ")}` : "",
+      "",
+      profile.systemPrompt || "No system prompt defined."
+    ].filter(Boolean).join("\n");
+    return {
+      uri: `agent/${agent}`,
+      name: `Agent: ${agent}`,
+      description: `AutomatosX agent profile for ${agent}`,
+      mimeType: "text/markdown",
+      contents: [
+        { type: "text", text: summary },
+        { type: "application/json", json: profile }
+      ]
+    };
+  }
+  if (uri === WORKSPACE_PRD_URI_TEMPLATE || uri === WORKSPACE_TMP_URI_TEMPLATE) {
+    const path7 = variables?.path;
+    if (!path7) {
+      throw new Error("Missing required variable: path");
+    }
+    const isPrd = uri === WORKSPACE_PRD_URI_TEMPLATE;
+    const readFn = isPrd ? workspaceManager.readPRD.bind(workspaceManager) : workspaceManager.readTmp.bind(workspaceManager);
+    const content = await readFn(path7);
+    return {
+      uri: `${isPrd ? "prd" : "tmp"}/${path7}`,
+      name: `${isPrd ? "PRD" : "Tmp"}: ${path7}`,
+      description: `Workspace ${isPrd ? "PRD" : "tmp"} file`,
+      mimeType: "text/markdown",
+      contents: [
+        { type: "text", text: content },
+        { type: "application/json", json: { path: path7, content, workspace: isPrd ? "PRD" : "tmp" } }
+      ]
+    };
+  }
+  throw new Error(`Unknown resource template: ${uri}`);
+}
+
 // src/mcp/server.ts
 var CLIENT_PATTERNS = [
   [["claude"], "claude"],
@@ -22468,6 +22567,8 @@ var McpServer = class _McpServer {
   // Track client-initiated cancellations
   requestControllers = /* @__PURE__ */ new Map();
   // Abort long-running handlers
+  toolAllowlist;
+  authToken;
   // v10.5.0: MCP Session for Smart Routing
   session = null;
   // v10.6.0: MCP Client Pool for cross-provider execution
@@ -22476,6 +22577,7 @@ var McpServer = class _McpServer {
   eventBridge = null;
   streamingNotifier = null;
   enableStreamingNotifications = true;
+  negotiatedProtocolVersion = MCP_PROTOCOL_VERSION;
   // Shared services (initialized once per server)
   router;
   memoryManager;
@@ -22489,6 +22591,12 @@ var McpServer = class _McpServer {
     if (options.debug) {
       setLogLevel("debug");
     }
+    if (options.toolAllowlist?.length) {
+      this.toolAllowlist = new Set(options.toolAllowlist);
+    }
+    if (options.authToken) {
+      this.authToken = options.authToken;
+    }
     this.enableStreamingNotifications = options.enableStreamingNotifications ?? true;
     this.version = getVersion();
     this.ajv = new Ajv({ allErrors: true });
@@ -22498,6 +22606,24 @@ var McpServer = class _McpServer {
       streamingNotifications: this.enableStreamingNotifications
     });
   }
+  /** Determine if negotiated protocol is v2 */
+  isV2Protocol() {
+    return this.negotiatedProtocolVersion === MCP_SUPPORTED_VERSIONS[0];
+  }
+  /** Build capability set based on negotiated protocol */
+  buildCapabilities() {
+    const base = { tools: {} };
+    if (this.isV2Protocol()) {
+      return {
+        ...base,
+        resources: {},
+        prompts: {},
+        resourceTemplates: {},
+        experimental: {}
+      };
+    }
+    return base;
+  }
   /**
    * Get static tool schemas (no initialization required)
    * Returns tool schemas that can be provided during MCP handshake
@@ -22877,6 +23003,14 @@ Use this tool first to understand what AutomatosX offers.`,
           return await this.handleResourcesList(request, responseId);
         case "resources/read":
           return await this.handleResourceRead(request, responseId);
+        case "resources/templates/list":
+          return await this.handleResourceTemplatesList(request, responseId);
+        case "resources/templates/read":
+          return await this.handleResourceTemplateRead(request, responseId);
+        case "prompts/list":
+          return await this.handlePromptsList(request, responseId);
+        case "prompts/get":
+          return await this.handlePromptGet(request, responseId);
         case "$/cancelRequest":
           return this.handleCancelRequest(request, responseId);
         default:
@@ -22915,9 +23049,12 @@ Use this tool first to understand what AutomatosX offers.`,
       clientName: clientInfo.name,
       normalizedProvider: this.session.normalizedProvider
     });
+    const requestedProtocol = request.params?.protocolVersion;
+    const negotiated = MCP_SUPPORTED_VERSIONS.find((version) => version === requestedProtocol) ?? MCP_SUPPORTED_VERSIONS[0];
+    this.negotiatedProtocolVersion = negotiated;
     const response = {
-      protocolVersion: MCP_PROTOCOL_VERSION,
-      capabilities: { tools: {} },
+      protocolVersion: negotiated,
+      capabilities: this.buildCapabilities(),
       serverInfo: { name: "automatosx", version: this.version }
     };
     logger.info("[MCP Server] Initialize handshake complete (< 1ms)");
@@ -22931,7 +23068,11 @@ Use this tool first to understand what AutomatosX offers.`,
    */
   handleToolsList(_request, id) {
     logger.debug("[MCP Server] Tools list requested (static schemas)");
-    const tools = _McpServer.getStaticToolSchemas();
+    const tools = _McpServer.getStaticToolSchemas().map((schema) => ({
+      ...schema,
+      // If allowlist is set, hide tools not allowed
+      ...this.toolAllowlist && !this.toolAllowlist.has(schema.name) ? { hidden: true } : {}
+    }));
     return { jsonrpc: "2.0", id, result: { tools } };
   }
   /**
@@ -22948,6 +23089,81 @@ Use this tool first to understand what AutomatosX offers.`,
     }));
     return { jsonrpc: "2.0", id, result: { resources } };
   }
+  /**
+   * Handle resources/templates/list request (v2 capability)
+   */
+  async handleResourceTemplatesList(_request, id) {
+    if (!this.isV2Protocol()) {
+      return this.createErrorResponse(id, -32601 /* MethodNotFound */, "resources/templates/list is only available in MCP v2");
+    }
+    await this.ensureInitialized();
+    const resourceTemplates = listResourceTemplates();
+    return { jsonrpc: "2.0", id, result: { resourceTemplates } };
+  }
+  /**
+   * Handle prompts/list request (expose common starter prompts)
+   */
+  async handlePromptsList(_request, id) {
+    await this.ensureInitialized();
+    const prompts = [
+      {
+        name: "agent_context",
+        description: "Get agent context and system prompt for a given agent name",
+        arguments: [{ name: "agent", required: true, description: "Agent name" }]
+      },
+      {
+        name: "status",
+        description: "Get AutomatosX MCP status summary"
+      }
+    ];
+    return { jsonrpc: "2.0", id, result: { prompts } };
+  }
+  /**
+   * Handle prompts/get request
+   */
+  async handlePromptGet(request, id) {
+    await this.ensureInitialized();
+    const name = request.params?.name;
+    if (!name) {
+      return this.createErrorResponse(id, -32602 /* InvalidParams */, "Prompt name is required");
+    }
+    switch (name) {
+      case "agent_context": {
+        const agent = request.params?.arguments?.agent;
+        if (!agent) {
+          return this.createErrorResponse(id, -32602 /* InvalidParams */, "agent argument is required");
+        }
+        try {
+          const profile = await this.profileLoader.loadProfile(agent);
+          const content = [
+            { type: "text", text: `System prompt for ${agent}:
+${profile.systemPrompt || "No system prompt defined."}` },
+            { type: "application/json", json: profile }
+          ];
+          return { jsonrpc: "2.0", id, result: { prompt: { name, description: "Agent context", arguments: [{ name: "agent", required: true }] }, content } };
+        } catch (error) {
+          return this.createErrorResponse(id, -32603 /* InternalError */, `Failed to load agent: ${error.message}`);
+        }
+      }
+      case "status": {
+        const summary = {
+          version: this.version,
+          providerCount: this.router?.providerCount ?? 0,
+          streamingNotifications: this.enableStreamingNotifications
+        };
+        const content = [
+          { type: "text", text: `AutomatosX MCP status:
+Version: ${summary.version}
+Providers: ${summary.providerCount}
+Streaming: ${summary.streamingNotifications}` },
+          { type: "application/json", json: summary }
+        ];
+        return { jsonrpc: "2.0", id, result: { prompt: { name, description: "AutomatosX status" }, content } };
+      }
+      default:
+        return this.createErrorResponse(id, -32601 /* MethodNotFound */, `Prompt not found: ${name}`);
+    }
+  }
   /**
    * Handle resources/read request
    */
@@ -22976,6 +23192,30 @@ Use this tool first to understand what AutomatosX offers.`,
       return this.createErrorResponse(id, -32603 /* InternalError */, `Failed to read resource: ${error.message}`);
     }
   }
+  /**
+   * Handle resources/templates/read request (v2 capability)
+   */
+  async handleResourceTemplateRead(request, id) {
+    if (!this.isV2Protocol()) {
+      return this.createErrorResponse(id, -32601 /* MethodNotFound */, "resources/templates/read is only available in MCP v2");
+    }
+    await this.ensureInitialized();
+    const uri = request.params?.uri;
+    try {
+      if (!uri) {
+        return this.createErrorResponse(id, -32602 /* InvalidParams */, "Missing resource template URI");
+      }
+      const resolved = await resolveResourceTemplate(
+        uri,
+        request.params?.variables,
+        this.profileLoader,
+        this.workspaceManager
+      );
+      return { jsonrpc: "2.0", id, result: resolved };
+    } catch (error) {
+      return this.createErrorResponse(id, -32603 /* InternalError */, `Failed to read resource template: ${error.message}`);
+    }
+  }
   /**
    * Validate tool input against its JSON schema.
    * Returns null if valid, or error message string if invalid.
@@ -23050,6 +23290,16 @@ Use this tool first to understand what AutomatosX offers.`,
     const { name, arguments: args2 } = request.params;
     logger.info("[MCP Server] Tool call", { tool: name });
     const requestId = id ?? null;
+    if (this.toolAllowlist && !this.toolAllowlist.has(name)) {
+      return this.createErrorResponse(id, -32600 /* InvalidRequest */, `Tool not allowed: ${name}`);
+    }
+    const schema = this.toolSchemas.find((t) => t.name === name);
+    if (schema?.requiresAuth && this.authToken) {
+      const provided = args2?.auth_token;
+      if (provided !== this.authToken) {
+        return this.createErrorResponse(id, -32600 /* InvalidRequest */, "Unauthorized: invalid auth token");
+      }
+    }
     const abortController = requestId !== null ? new AbortController() : null;
     if (requestId !== null && abortController) {
       this.requestControllers.set(requestId, abortController);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@defai.digital/automatosx",
-  "version": "12.3.0",
+  "version": "12.3.1",
   "description": "Provider-agnostic AI orchestration platform with 20+ specialized agents, persistent memory, and multi-provider routing for Claude Code, Gemini CLI, Codex CLI, GLM, and Grok",
   "type": "module",
   "publishConfig": {